package net.unit8.bouncr.api.service;

import enkan.util.ThreadingUtils;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import javax.persistence.CacheStoreMode;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import kotowari.restful.data.Problem;
import net.unit8.bouncr.api.boundary.PasswordCredentialCreateRequest;
import net.unit8.bouncr.api.boundary.PasswordCredentialUpdateRequest;
import net.unit8.bouncr.component.config.PasswordPolicy;
import net.unit8.bouncr.entity.PasswordCredential;
import net.unit8.bouncr.util.PasswordUtils;

/* loaded from: input_file:net/unit8/bouncr/api/service/PasswordPolicyService.class */
public class PasswordPolicyService {
    private EntityManager em;
    private PasswordPolicy policy;

    public PasswordPolicyService(PasswordPolicy passwordPolicy, EntityManager entityManager) {
        this.em = entityManager;
        this.policy = passwordPolicy;
    }

    protected Problem.Violation conformPolicy(String str) {
        int intValue = ((Integer) ThreadingUtils.some(str, (v0) -> {
            return v0.length();
        }).orElse(0)).intValue();
        return intValue > this.policy.getMaxLength() ? new Problem.Violation("passwrod", "must be less than " + this.policy.getMaxLength() + " characters") : intValue < this.policy.getMinLength() ? new Problem.Violation("passwrod", "must be greater than " + this.policy.getMinLength() + " characters") : (Problem.Violation) Optional.ofNullable(this.policy.getPattern()).filter(pattern -> {
            return !pattern.matcher(str).matches();
        }).map(pattern2 -> {
            return new Problem.Violation("password", "doesn't match pattern");
        }).orElse(null);
    }

    public Problem.Violation validateCreatePassword(PasswordCredentialCreateRequest passwordCredentialCreateRequest) {
        return conformPolicy(passwordCredentialCreateRequest.getPassword());
    }

    public Problem.Violation validateUpdatePassword(PasswordCredentialUpdateRequest passwordCredentialUpdateRequest) {
        if (Objects.equals(passwordCredentialUpdateRequest.getNewPassword(), passwordCredentialUpdateRequest.getOldPassword())) {
            return new Problem.Violation("new_password", "is the same as the old password");
        }
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(PasswordCredential.class);
        createQuery.where(criteriaBuilder.equal(createQuery.from(PasswordCredential.class).join("user").get("account"), passwordCredentialUpdateRequest.getAccount()));
        PasswordCredential passwordCredential = (PasswordCredential) this.em.createQuery(createQuery).setHint("javax.persistence.cache.storeMode", CacheStoreMode.REFRESH).getResultStream().findAny().orElse(null);
        if (passwordCredential != null && Arrays.equals(passwordCredential.getPassword(), PasswordUtils.pbkdf2(passwordCredentialUpdateRequest.getOldPassword(), passwordCredential.getSalt(), 100))) {
            return conformPolicy(passwordCredentialUpdateRequest.getNewPassword());
        }
        return new Problem.Violation("old_password", "does not match current password");
    }
}
