package com.hazelcast.webmonitor.security.spi.impl.builtin;

import com.hazelcast.webmonitor.configreplacer.SystemProperties;
import com.hazelcast.webmonitor.controller.exception.NoUserFoundApiException;
import com.hazelcast.webmonitor.model.sql.UserCredentialsModel;
import com.hazelcast.webmonitor.repositories.sql.ScriptDAO;
import com.hazelcast.webmonitor.repositories.sql.UserCredentialsDAO;
import com.hazelcast.webmonitor.repositories.sql.UserDAO;
import com.hazelcast.webmonitor.security.spi.SecurityConfigApiException;
import com.hazelcast.webmonitor.security.spi.SecurityConfigParameter;
import com.hazelcast.webmonitor.security.spi.SecurityProvider;
import com.hazelcast.webmonitor.security.spi.UserManagementProvider;
import com.hazelcast.webmonitor.security.spi.impl.builtin.PasswordStrengthChecker;
import com.hazelcast.webmonitor.service.AuthTokenManager;
import com.hazelcast.webmonitor.utils.CryptoUtils;
import com.hazelcast.webmonitor.utils.StringUtil;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.jdbi.v3.core.Jdbi;
import org.opensaml.soap.wssecurity.Password;
import org.opensaml.soap.wssecurity.Username;
import org.springframework.security.authentication.AuthenticationProvider;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/com/hazelcast/webmonitor/security/spi/impl/builtin/DefaultSecurityProvider.class
 */
/* loaded from: input_file:com/hazelcast/webmonitor/security/spi/impl/builtin/DefaultSecurityProvider.class */
public class DefaultSecurityProvider implements SecurityProvider, UserManagementProvider {
    private static final String USERNAME_NON_ALPHANUMERIC_WARNING = "Username may only contain alpha-numeric characters, underscores and dashes.";
    private static final String DICTIONARY_PATH = "hazelcast.mc.security.dictionary.path";
    private static final String DICTIONARY_MIN_WORD_LENGTH = "hazelcast.mc.security.dictionary.minWordLength";
    private static final int DICTIONARY_DEFAULT_MIN_WORD_LENGTH = 3;
    private final PasswordStrengthChecker passwordStrengthChecker;
    private final Jdbi jdbi;
    private final UserDAO userDAO;
    private final UserCredentialsDAO userCredentialsDAO;
    private final ScriptDAO scriptDAO;
    private final DefaultAuthenticationProvider authenticationProvider;

    public DefaultSecurityProvider(Jdbi jdbi, UserDAO userDAO, UserCredentialsDAO userCredentialsDAO, ScriptDAO scriptDAO) {
        this(jdbi, userDAO, userCredentialsDAO, scriptDAO, null);
    }

    public DefaultSecurityProvider(Jdbi jdbi, UserDAO userDAO, UserCredentialsDAO userCredentialsDAO, ScriptDAO scriptDAO, AuthTokenManager authTokenManager) {
        this.jdbi = jdbi;
        this.userDAO = userDAO;
        this.userCredentialsDAO = userCredentialsDAO;
        this.scriptDAO = scriptDAO;
        this.authenticationProvider = new DefaultAuthenticationProvider(userCredentialsDAO, authTokenManager);
        String property = SystemProperties.getProperty(DICTIONARY_PATH);
        if (property != null) {
            this.passwordStrengthChecker = new PasswordStrengthChecker(property, SystemProperties.getInteger(DICTIONARY_MIN_WORD_LENGTH, 3));
        } else {
            this.passwordStrengthChecker = new PasswordStrengthChecker();
        }
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public String getName() {
        return "Default";
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public List<SecurityConfigParameter> getConfigParameters() {
        return Arrays.asList(SecurityConfigParameter.stringParam("username", Username.ELEMENT_LOCAL_NAME), SecurityConfigParameter.secretParam("password", Password.ELEMENT_LOCAL_NAME), SecurityConfigParameter.secretParam("confirmPassword", "Confirm Password"));
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public void saveConfig(Map<String, String> map) {
        createUser(map.get("username"), map.get("password"), SecurityProvider.ADMIN_AUTHORITY.getAuthority());
    }

    @Override // com.hazelcast.webmonitor.security.spi.SecurityProvider
    public AuthenticationProvider getAuthenticationProvider() {
        return this.authenticationProvider;
    }

    @Override // com.hazelcast.webmonitor.security.spi.UserManagementProvider
    public List<String> getUsernames() {
        return this.userCredentialsDAO.getUsernames();
    }

    @Override // com.hazelcast.webmonitor.security.spi.UserManagementProvider
    public Optional<UserCredentialsModel> getUser(String str) {
        return this.userCredentialsDAO.findByUsername(str);
    }

    @Override // com.hazelcast.webmonitor.security.spi.UserManagementProvider
    public void deleteUser(String str) {
        this.jdbi.useTransaction(handle -> {
            this.scriptDAO.deleteByUsernameTx(handle, str);
            this.userCredentialsDAO.deleteTx(handle, str);
            this.userDAO.deleteTx(handle, str);
        });
    }

    @Override // com.hazelcast.webmonitor.security.spi.UserManagementProvider
    public void changePassword(String str, String str2) {
        UserCredentialsModel orElseThrow = this.userCredentialsDAO.findByUsername(str).orElseThrow(() -> {
            return new NoUserFoundApiException(str);
        });
        orElseThrow.setPassword(CryptoUtils.generatePasswordHash(str, str2));
        checkPasswordComplexity(str, str2);
        this.userCredentialsDAO.update(orElseThrow);
    }

    @Override // com.hazelcast.webmonitor.security.spi.UserManagementProvider
    public void updateUser(String str, String str2) {
        UserCredentialsModel orElseThrow = this.userCredentialsDAO.findByUsername(str).orElseThrow(() -> {
            return new NoUserFoundApiException(str);
        });
        orElseThrow.setRole(str2);
        this.userCredentialsDAO.update(orElseThrow);
    }

    @Override // com.hazelcast.webmonitor.security.spi.UserManagementProvider
    public void createUser(String str, String str2, String str3) {
        if (StringUtil.isNullOrEmptyAfterTrim(str) || StringUtil.isNullOrEmptyAfterTrim(str2)) {
            throw new SecurityConfigApiException("All fields must be filled.");
        }
        if (!StringUtil.isAlphanumericWithDashAndUnderscore(str)) {
            throw new SecurityConfigApiException(USERNAME_NON_ALPHANUMERIC_WARNING);
        }
        if (this.userCredentialsDAO.findByUsername(str).isPresent()) {
            throw new SecurityConfigApiException("User account with the provided username already exists.");
        }
        checkPasswordComplexity(str, str2);
        this.jdbi.useTransaction(handle -> {
            this.userDAO.insertTx(handle, str);
            this.userCredentialsDAO.insertTx(handle, new UserCredentialsModel(str, str2, str3));
        });
    }

    private void checkPasswordComplexity(String str, String str2) {
        EnumSet<PasswordStrengthChecker.Violation> check = this.passwordStrengthChecker.check(str, str2);
        if (!check.isEmpty()) {
            throw new SecurityConfigApiException((String) check.stream().map(violation -> {
                return violation.message;
            }).collect(Collectors.joining("\n")));
        }
    }
}
