package io.gravitee.am.service.impl;

import io.gravitee.am.model.PasswordHistory;
import io.gravitee.am.model.PasswordPolicy;
import io.gravitee.am.model.ReferenceType;
import io.gravitee.am.model.User;
import io.gravitee.am.repository.management.api.PasswordHistoryRepository;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.authentication.crypto.password.PasswordEncoder;
import io.gravitee.am.service.exception.PasswordHistoryException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.UserAuditBuilder;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import jakarta.inject.Named;
import java.util.Comparator;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/service/impl/PasswordHistoryService.class */
public class PasswordHistoryService {
    private static final Logger LOGGER = LoggerFactory.getLogger(PasswordHistoryService.class);
    private final PasswordHistoryRepository repository;
    private final AuditService auditService;
    private final PasswordEncoder passwordEncoder;

    @Autowired
    public PasswordHistoryService(@Lazy PasswordHistoryRepository passwordHistoryRepository, AuditService auditService, @Named("argon2IdEncoder") PasswordEncoder passwordEncoder) {
        this.repository = passwordHistoryRepository;
        this.auditService = auditService;
        this.passwordEncoder = passwordEncoder;
    }

    public Maybe<PasswordHistory> addPasswordToHistory(ReferenceType referenceType, String str, User user, String str2, io.gravitee.am.identityprovider.api.User user2, PasswordPolicy passwordPolicy) {
        LOGGER.debug("Adding password history entry for user {}", user);
        if (str2 != null && passwordPolicy != null && !Objects.isNull(passwordPolicy.getPasswordHistoryEnabled()) && !Boolean.FALSE.equals(passwordPolicy.getPasswordHistoryEnabled())) {
            return this.repository.findUserHistory(referenceType, str, user.getId()).toList().flatMap(list -> {
                if (passwordAlreadyUsed(str2, list)) {
                    return Single.error(() -> {
                        return PasswordHistoryException.passwordAlreadyInHistory(passwordPolicy);
                    });
                }
                if (list.size() < passwordPolicy.getOldPasswords().shortValue()) {
                    return this.repository.create(getPasswordHistory(referenceType, str, user, str2));
                }
                list.sort(Comparator.comparing((v0) -> {
                    return v0.getCreatedAt();
                }));
                return this.repository.delete(((PasswordHistory) list.get(0)).getId()).andThen(this.repository.create(getPasswordHistory(referenceType, str, user, str2)));
            }).doOnSuccess(passwordHistory -> {
                this.auditService.report(((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).user(user).principal(user2)).type("PASSWORD_HISTORY_CREATED"));
            }).doOnError(th -> {
                this.auditService.report(((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).user(user).principal(user2)).type("PASSWORD_HISTORY_CREATED")).throwable(th));
            }).toMaybe();
        }
        LOGGER.debug("Password history not added for user {} due to null password or settings, or because paswword history is disabled.", user.getUsername());
        return Maybe.empty();
    }

    public Single<Boolean> passwordAlreadyUsed(ReferenceType referenceType, String str, String str2, String str3, PasswordPolicy passwordPolicy) {
        LOGGER.debug("Checking password history for user {}", str2);
        return (passwordPolicy == null || Objects.isNull(passwordPolicy.getPasswordHistoryEnabled()) || Boolean.FALSE.equals(passwordPolicy.getPasswordHistoryEnabled())) ? Single.just(false) : this.repository.findUserHistory(referenceType, str, str2).toList().flatMap(list -> {
            return Single.just(Boolean.valueOf(passwordAlreadyUsed(str3, list)));
        });
    }

    public Flowable<PasswordHistory> findUserHistory(ReferenceType referenceType, String str, String str2) {
        return this.repository.findUserHistory(referenceType, str, str2);
    }

    public Flowable<PasswordHistory> findByReference(ReferenceType referenceType, String str) {
        LOGGER.debug("Find password histories by reference id {} and reference type {}", str, referenceType);
        return this.repository.findByReference(referenceType, str).onErrorResumeNext(th -> {
            LOGGER.error("Error finding password histories by reference id {} and reference type {}", new Object[]{str, referenceType, th});
            return Flowable.error(new TechnicalManagementException(String.format("Error finding password histories by reference id %s and reference type %s", str, referenceType), th));
        });
    }

    public Completable deleteByReference(ReferenceType referenceType, String str) {
        return this.repository.deleteByReference(referenceType, str);
    }

    public Completable deleteByUser(String str) {
        return this.repository.deleteByUserId(str);
    }

    private boolean passwordAlreadyUsed(String str, List<PasswordHistory> list) {
        return list.stream().anyMatch(passwordHistory -> {
            return this.passwordEncoder.matches(str, passwordHistory.getPassword());
        });
    }

    private PasswordHistory getPasswordHistory(ReferenceType referenceType, String str, User user, CharSequence charSequence) {
        PasswordHistory passwordHistory = new PasswordHistory();
        passwordHistory.setUserId(user.getId());
        passwordHistory.setPassword(this.passwordEncoder.encode(charSequence));
        passwordHistory.setCreatedAt(new Date());
        passwordHistory.setReferenceType(referenceType);
        passwordHistory.setReferenceId(str);
        return passwordHistory;
    }
}
