package org.restheart.security.authenticators;

import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.PathNotFoundException;
import com.jayway.jsonpath.Predicate;
import org.bson.BsonString;
import org.bson.BsonValue;
import org.mindrot.jbcrypt.BCrypt;
import org.restheart.configuration.ConfigurationException;
import org.restheart.exchange.MongoRequest;
import org.restheart.exchange.MongoResponse;
import org.restheart.plugins.Inject;
import org.restheart.plugins.InterceptPoint;
import org.restheart.plugins.MongoInterceptor;
import org.restheart.plugins.OnInit;
import org.restheart.plugins.PluginRecord;
import org.restheart.plugins.PluginsRegistry;
import org.restheart.plugins.RegisterPlugin;
import org.restheart.utils.BsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RegisterPlugin(name = "userPwdHasher", description = "automatically hashes the user password", interceptPoint = InterceptPoint.REQUEST_AFTER_AUTH, requiresContent = true)
/* loaded from: input_file:org/restheart/security/authenticators/UserPwdHasher.class */
public class UserPwdHasher implements MongoInterceptor {
    static final Logger LOGGER = LoggerFactory.getLogger(UserPwdHasher.class);
    private String usersDb;
    private String usersCollection;
    private String propNamePassword;
    private Integer complexity;
    private boolean enabled = false;

    @Inject("registry")
    private PluginsRegistry registry;

    @OnInit
    public void init() {
        try {
            PluginRecord authenticator = this.registry.getAuthenticator("mongoRealmAuthenticator");
            if (authenticator == null || !authenticator.isEnabled()) {
                this.enabled = false;
                return;
            }
            MongoRealmAuthenticator pluginRecord = authenticator.getInstance();
            if (!pluginRecord.isBcryptHashedPassword()) {
                this.enabled = false;
                return;
            }
            this.usersDb = pluginRecord.getUsersDb();
            this.usersCollection = pluginRecord.getUsersCollection();
            this.propNamePassword = pluginRecord.getPropPassword();
            this.complexity = pluginRecord.getBcryptComplexity();
            if (this.usersDb != null && this.usersCollection != null && this.propNamePassword != null && this.complexity != null) {
                this.enabled = true;
            } else {
                LOGGER.error("Wrong configuration of mongoRealmAuthenticator! Password field of users documents is not automatically entcrypted: {usersDb: {}, usersCollection: {}, propNamePassword: {}, complexity: {}})", new Object[]{this.usersDb, this.usersCollection, this.propNamePassword, this.complexity});
                this.enabled = false;
            }
        } catch (ConfigurationException e) {
            this.enabled = false;
        }
    }

    public void handle(MongoRequest mongoRequest, MongoResponse mongoResponse) throws Exception {
        BsonValue bsonValue = (BsonValue) mongoRequest.getContent();
        if (bsonValue == null) {
            return;
        }
        if (bsonValue.isArray() && mongoRequest.isPost()) {
            JsonArray jsonArray = (JsonArray) JsonPath.read(BsonUtils.toJson(bsonValue), "$.[*].".concat(this.propNamePassword), new Predicate[0]);
            int[] iArr = {0};
            jsonArray.forEach(jsonElement -> {
                if (jsonElement != null && jsonElement.isJsonPrimitive() && jsonElement.getAsJsonPrimitive().isString()) {
                    bsonValue.asArray().get(iArr[0]).asDocument().put(this.propNamePassword, new BsonString(BCrypt.hashpw(jsonElement.getAsJsonPrimitive().getAsString(), BCrypt.gensalt(this.complexity.intValue()))));
                }
                iArr[0] = iArr[0] + 1;
            });
        } else if (bsonValue.isDocument()) {
            try {
                JsonElement jsonElement2 = (JsonElement) JsonPath.read(BsonUtils.toJson(bsonValue), "$.".concat(this.propNamePassword), new Predicate[0]);
                if (jsonElement2 != null && jsonElement2.isJsonPrimitive() && jsonElement2.getAsJsonPrimitive().isString()) {
                    bsonValue.asDocument().put(this.propNamePassword, new BsonString(BCrypt.hashpw(jsonElement2.getAsJsonPrimitive().getAsString(), BCrypt.gensalt(this.complexity.intValue()))));
                }
            } catch (PathNotFoundException e) {
            }
        }
    }

    public boolean resolve(MongoRequest mongoRequest, MongoResponse mongoResponse) {
        return this.enabled && mongoRequest.isHandledBy("mongo") && mongoRequest.isWriteDocument() && mongoRequest.isContentTypeJson() && this.usersDb.equalsIgnoreCase(mongoRequest.getDBName()) && this.usersCollection.equalsIgnoreCase(mongoRequest.getCollectionName());
    }
}
