package org.restheart.security.authenticators;

import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.PathNotFoundException;
import com.jayway.jsonpath.Predicate;
import com.nulabinc.zxcvbn.Feedback;
import com.nulabinc.zxcvbn.Strength;
import com.nulabinc.zxcvbn.Zxcvbn;
import java.util.List;
import java.util.Spliterators;
import java.util.stream.StreamSupport;
import org.bson.BsonValue;
import org.restheart.configuration.ConfigurationException;
import org.restheart.exchange.MongoRequest;
import org.restheart.exchange.MongoResponse;
import org.restheart.plugins.Inject;
import org.restheart.plugins.InterceptPoint;
import org.restheart.plugins.MongoInterceptor;
import org.restheart.plugins.OnInit;
import org.restheart.plugins.PluginRecord;
import org.restheart.plugins.PluginsRegistry;
import org.restheart.plugins.RegisterPlugin;
import org.restheart.utils.BsonUtils;
import org.restheart.utils.HttpStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RegisterPlugin(name = "userPwdStrengthEnforcer", description = "enforce strong password for mongoRealmAuthenticator", interceptPoint = InterceptPoint.REQUEST_AFTER_AUTH, enabledByDefault = true, priority = Integer.MIN_VALUE)
/* loaded from: input_file:org/restheart/security/authenticators/UserPwdStrengthEnforcer.class */
public class UserPwdStrengthEnforcer implements MongoInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(UserPwdStrengthEnforcer.class);
    private static Zxcvbn zxcvbn = new Zxcvbn();
    private String usersDb;
    private String usersCollection;
    private String propNamePassword;
    private Integer minimumPasswordStrength;
    private boolean enabled = false;

    @Inject("registry")
    private PluginsRegistry registry;

    @OnInit
    public void init() {
        try {
            PluginRecord authenticator = this.registry.getAuthenticator("mongoRealmAuthenticator");
            if (authenticator == null || !authenticator.isEnabled()) {
                this.enabled = false;
                return;
            }
            MongoRealmAuthenticator pluginRecord = authenticator.getInstance();
            if (!pluginRecord.isEnforceMinimumPasswordStrenght()) {
                this.enabled = false;
                return;
            }
            this.usersDb = pluginRecord.getUsersDb();
            this.usersCollection = pluginRecord.getUsersCollection();
            this.propNamePassword = pluginRecord.getPropPassword();
            this.minimumPasswordStrength = pluginRecord.getMinimumPasswordStrength();
            if (this.usersDb != null && this.usersCollection != null && this.propNamePassword != null && this.minimumPasswordStrength != null) {
                this.enabled = true;
            } else {
                LOGGER.error("Wrong configuration of mongoRealmAuthenticator! Password field of users documents is not automatically checked for password strenght: {usersDb: {}, usersCollection: {}, propNamePassword: {}, minimumPasswordStrength: {}})", new Object[]{this.usersDb, this.usersCollection, this.propNamePassword, this.minimumPasswordStrength});
                this.enabled = false;
            }
        } catch (ConfigurationException e) {
            this.enabled = false;
        }
    }

    public void handle(MongoRequest mongoRequest, MongoResponse mongoResponse) throws Exception {
        BsonValue content = mongoRequest.getContent();
        if (content == null) {
            return;
        }
        if (content.isArray() && mongoRequest.isPost()) {
            JsonArray jsonArray = (JsonArray) JsonPath.read(BsonUtils.toJson(content), "$.[*].".concat(this.propNamePassword), new Predicate[0]);
            int[] iArr = {0};
            StreamSupport.stream(Spliterators.spliteratorUnknownSize(jsonArray.iterator(), 0), false).takeWhile(jsonElement -> {
                return !mongoResponse.isInError();
            }).forEach(jsonElement2 -> {
                if (jsonElement2 != null && jsonElement2.isJsonPrimitive() && jsonElement2.getAsJsonPrimitive().isString()) {
                    Strength measure = zxcvbn.measure(jsonElement2.getAsJsonPrimitive().getAsString());
                    if (measure.getScore() < this.minimumPasswordStrength.intValue()) {
                        reject(mongoResponse, measure.getFeedback(), Integer.valueOf(iArr[0]));
                    }
                }
                iArr[0] = iArr[0] + 1;
            });
        } else if (content.isDocument()) {
            try {
                JsonElement jsonElement3 = (JsonElement) JsonPath.read(BsonUtils.toJson(content), "$.".concat(this.propNamePassword), new Predicate[0]);
                if (jsonElement3 != null && jsonElement3.isJsonPrimitive() && jsonElement3.getAsJsonPrimitive().isString()) {
                    Strength measure = zxcvbn.measure(jsonElement3.getAsJsonPrimitive().getAsString());
                    if (measure.getScore() < this.minimumPasswordStrength.intValue()) {
                        reject(mongoResponse, measure.getFeedback());
                    }
                }
            } catch (PathNotFoundException e) {
            }
        }
    }

    private void reject(MongoResponse mongoResponse, Feedback feedback) {
        reject(mongoResponse, feedback, null);
    }

    private void reject(MongoResponse mongoResponse, Feedback feedback, Integer num) {
        BsonUtils.DocumentBuilder put = BsonUtils.document().put("message", num == null ? "Password is too weak" : "Password is too weak in user document at index " + num).put("http status code", 406).put("http status description", HttpStatus.getStatusText(406));
        String warning = feedback.getWarning();
        if (warning != null && !warning.isEmpty()) {
            put.put("warning", warning);
        }
        List suggestions = feedback.getSuggestions();
        if (suggestions != null && !suggestions.isEmpty()) {
            BsonUtils.ArrayBuilder array = BsonUtils.array();
            suggestions.stream().forEach(str -> {
                array.add(new String[]{str.toString()});
            });
            put.put("suggestions", array);
        }
        mongoResponse.setContent(put);
        mongoResponse.setStatusCode(406);
        mongoResponse.setInError(true);
    }

    public boolean resolve(MongoRequest mongoRequest, MongoResponse mongoResponse) {
        return this.enabled && mongoRequest.isHandledBy("mongo") && mongoRequest.isWriteDocument() && mongoRequest.isContentTypeJson() && this.usersDb.equalsIgnoreCase(mongoRequest.getDBName()) && this.usersCollection.equalsIgnoreCase(mongoRequest.getCollectionName());
    }
}
