package io.graphenee.security.impl;

import io.graphenee.core.exception.ChangePasswordFailedException;
import io.graphenee.core.model.BeanFault;
import io.graphenee.core.model.api.GxDataService;
import io.graphenee.core.model.bean.GxNamespaceBean;
import io.graphenee.core.model.bean.GxPasswordPolicyBean;
import io.graphenee.core.model.bean.GxUserAccountBean;
import io.graphenee.core.model.entity.GxNamespace;
import io.graphenee.core.model.entity.GxPasswordHistory;
import io.graphenee.core.model.entity.GxPasswordPolicy;
import io.graphenee.core.model.entity.GxUserAccount;
import io.graphenee.core.model.jpa.repository.GxNamespaceRepository;
import io.graphenee.core.model.jpa.repository.GxPasswordHistoryRepository;
import io.graphenee.core.model.jpa.repository.GxPasswordPolicyRepository;
import io.graphenee.core.model.jpa.repository.GxUserAccountRepository;
import io.graphenee.core.util.CryptoUtil;
import io.graphenee.core.util.TRCalendarUtil;
import io.graphenee.security.GrapheneeSecurityConfiguration;
import io.graphenee.security.api.GxPasswordPolicyDataService;
import java.sql.Timestamp;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional
@ConditionalOnClass({GrapheneeSecurityConfiguration.class})
@Service
/* loaded from: input_file:io/graphenee/security/impl/GxPasswordPolicyDataServiceImpl.class */
public class GxPasswordPolicyDataServiceImpl implements GxPasswordPolicyDataService {

    @Autowired
    GxPasswordPolicyRepository gxPasswordPolicyRepo;

    @Autowired
    GxNamespaceRepository gxNamespaceRepo;

    @Autowired
    GxUserAccountRepository userAccountRepo;

    @Autowired
    GxPasswordHistoryRepository passwordHistoryRepo;

    @Autowired
    GxDataService gxDataService;
    Pattern pattern;
    Matcher matcher;

    private Boolean findPasswordAlreadyUsed(GxNamespaceBean gxNamespaceBean, String str, String str2, int i) {
        if (i > 0) {
            String createPasswordHash = CryptoUtil.createPasswordHash(str2);
            List<GxPasswordHistory> findAllByGxUserAccountOidOrderByPasswordDateDesc = this.passwordHistoryRepo.findAllByGxUserAccountOidOrderByPasswordDateDesc(this.gxDataService.findUserAccountByUsernameAndNamespace(str, gxNamespaceBean).getOid());
            for (int i2 = 0; i2 < findAllByGxUserAccountOidOrderByPasswordDateDesc.size() && i2 < i; i2++) {
                if (findAllByGxUserAccountOidOrderByPasswordDateDesc.get(i2).getHashedPassword().equals(createPasswordHash)) {
                    return true;
                }
            }
        }
        return false;
    }

    private Boolean findMinLengthExist(String str, int i) {
        return Boolean.valueOf(str.length() >= i);
    }

    private Boolean findMaxUsernameExist(String str, String str2, int i) {
        this.pattern = Pattern.compile("[^.]{" + (i + 1) + "}");
        this.matcher = this.pattern.matcher(str2);
        int i2 = 0;
        do {
            int i3 = i2;
            i2++;
            if (!this.matcher.find(i3)) {
                return true;
            }
        } while (!str.contains(this.matcher.group()));
        return false;
    }

    private Boolean findMinUpperCaseCharExist(String str, int i) {
        if (i == 0) {
            return true;
        }
        this.pattern = Pattern.compile("[A-Z]");
        this.matcher = this.pattern.matcher(str);
        while (this.matcher.find()) {
            i--;
            if (i == 0) {
                return true;
            }
        }
        return false;
    }

    private Boolean findMinLowerCaseCharExist(String str, int i) {
        if (i == 0) {
            return true;
        }
        this.pattern = Pattern.compile("[a-z]");
        this.matcher = this.pattern.matcher(str);
        while (this.matcher.find()) {
            i--;
            if (i == 0) {
                return true;
            }
        }
        return false;
    }

    private Boolean findMinNumbersExist(String str, int i) {
        if (i == 0) {
            return true;
        }
        this.pattern = Pattern.compile("[\\d]");
        this.matcher = this.pattern.matcher(str);
        while (this.matcher.find()) {
            i--;
            if (i == 0) {
                return true;
            }
        }
        return false;
    }

    private Boolean findMinSpecialCharExist(String str, int i) {
        if (i == 0) {
            return true;
        }
        this.pattern = Pattern.compile("[!$#&^|~?%]");
        this.matcher = this.pattern.matcher(str);
        while (this.matcher.find()) {
            i--;
            if (i == 0) {
                return true;
            }
        }
        return false;
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public Boolean findPasswordIsValid(String str, String str2, String str3) {
        GxNamespaceBean findNamespace = this.gxDataService.findNamespace(str);
        GxPasswordPolicy findOneByGxNamespaceNamespaceAndIsActiveTrue = this.gxPasswordPolicyRepo.findOneByGxNamespaceNamespaceAndIsActiveTrue(str);
        return findMinLengthExist(str3, findOneByGxNamespaceNamespaceAndIsActiveTrue.getMinLength().intValue()).booleanValue() && (!findOneByGxNamespaceNamespaceAndIsActiveTrue.getIsUserUsernameAllowed().booleanValue() || findMaxUsernameExist(str2, str3, findOneByGxNamespaceNamespaceAndIsActiveTrue.getMaxAllowedMatchingUserName().intValue()).booleanValue()) && findMinUpperCaseCharExist(str3, findOneByGxNamespaceNamespaceAndIsActiveTrue.getMinUppercase().intValue()).booleanValue() && findMinLowerCaseCharExist(str3, findOneByGxNamespaceNamespaceAndIsActiveTrue.getMinLowercase().intValue()).booleanValue() && findMinNumbersExist(str3, findOneByGxNamespaceNamespaceAndIsActiveTrue.getMinNumbers().intValue()).booleanValue() && findMinSpecialCharExist(str3, findOneByGxNamespaceNamespaceAndIsActiveTrue.getMinSpecialCharacters().intValue()).booleanValue() && findPasswordAlreadyUsed(findNamespace, str2, str3, findOneByGxNamespaceNamespaceAndIsActiveTrue.getMaxHistory().intValue()).booleanValue();
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public void assertPasswordPolicy(String str, String str2, String str3) throws AssertionError {
        assertPasswordPolicy(findPasswordPolicyByNamespace(str), str2, str3);
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public void assertPasswordPolicy(GxPasswordPolicyBean gxPasswordPolicyBean, String str, String str2) throws AssertionError {
        if (gxPasswordPolicyBean != null && gxPasswordPolicyBean.getIsActive().booleanValue()) {
            if (!findMinLengthExist(str2, gxPasswordPolicyBean.getMinLength().intValue()).booleanValue()) {
                throw new AssertionError("Password must be minimum of " + gxPasswordPolicyBean.getMinLength() + " characters.");
            }
            if (gxPasswordPolicyBean.getIsUserUsernameAllowed().booleanValue() && !findMaxUsernameExist(str, str2, gxPasswordPolicyBean.getMaxAllowedMatchingUserName().intValue()).booleanValue()) {
                throw new AssertionError("Password must not contain " + gxPasswordPolicyBean.getMaxAllowedMatchingUserName() + " or more consecutive characters from username.");
            }
            if (!findMinUpperCaseCharExist(str2, gxPasswordPolicyBean.getMinUppercase().intValue()).booleanValue()) {
                throw new AssertionError("Password must contain at least " + gxPasswordPolicyBean.getMinUppercase() + " upper case letter(s).");
            }
            if (!findMinLowerCaseCharExist(str2, gxPasswordPolicyBean.getMinLowercase().intValue()).booleanValue()) {
                throw new AssertionError("Password must contain at least " + gxPasswordPolicyBean.getMinLowercase() + " lower case letter(s).");
            }
            if (!findMinNumbersExist(str2, gxPasswordPolicyBean.getMinNumbers().intValue()).booleanValue()) {
                throw new AssertionError("Password must contain at least " + gxPasswordPolicyBean.getMinNumbers() + " digit(s).");
            }
            if (!findMinSpecialCharExist(str2, gxPasswordPolicyBean.getMinSpecialCharacters().intValue()).booleanValue()) {
                throw new AssertionError("Password must contain at least " + gxPasswordPolicyBean.getMinUppercase() + " special character(s).");
            }
            if (findPasswordAlreadyUsed(gxPasswordPolicyBean.getGxNamespaceBeanFault().getBean(), str, str2, gxPasswordPolicyBean.getMaxHistory().intValue()).booleanValue()) {
                throw new AssertionError("Password has already been used, set a different password.");
            }
        }
    }

    private GxNamespaceBean makeNamespaceBean(GxNamespace gxNamespace) {
        GxNamespaceBean gxNamespaceBean = new GxNamespaceBean();
        gxNamespaceBean.setOid(gxNamespace.getOid());
        gxNamespaceBean.setNamespace(gxNamespace.getNamespace());
        gxNamespaceBean.setNamespaceDescription(gxNamespace.getNamespaceDescription());
        gxNamespaceBean.setIsActive(gxNamespace.getIsActive());
        gxNamespaceBean.setIsProtected(gxNamespace.getIsProtected());
        return gxNamespaceBean;
    }

    private GxPasswordPolicyBean makePasswordPolicyBean(GxPasswordPolicy gxPasswordPolicy) {
        GxPasswordPolicyBean gxPasswordPolicyBean = new GxPasswordPolicyBean();
        gxPasswordPolicyBean.setOid(gxPasswordPolicy.getOid());
        gxPasswordPolicyBean.setMaxHistory(gxPasswordPolicy.getMaxHistory());
        gxPasswordPolicyBean.setMaxAge(gxPasswordPolicy.getMaxAge());
        gxPasswordPolicyBean.setMinLength(gxPasswordPolicy.getMinLength());
        gxPasswordPolicyBean.setIsUserUsernameAllowed(gxPasswordPolicy.getIsUserUsernameAllowed());
        gxPasswordPolicyBean.setMaxAllowedMatchingUserName(gxPasswordPolicy.getMaxAllowedMatchingUserName());
        gxPasswordPolicyBean.setMinUppercase(gxPasswordPolicy.getMinUppercase());
        gxPasswordPolicyBean.setMinLowercase(gxPasswordPolicy.getMinLowercase());
        gxPasswordPolicyBean.setMinNumbers(gxPasswordPolicy.getMinNumbers());
        gxPasswordPolicyBean.setMinSpecialCharacters(gxPasswordPolicy.getMinSpecialCharacters());
        gxPasswordPolicyBean.setIsActive(gxPasswordPolicy.getIsActive());
        gxPasswordPolicyBean.setPasswordPolicyName(gxPasswordPolicy.getPasswordPolicyName());
        gxPasswordPolicyBean.setGxNamespaceBeanFault(BeanFault.beanFault(gxPasswordPolicy.getGxNamespace().getOid(), (Function<Integer, T>) num -> {
            return makeNamespaceBean(this.gxNamespaceRepo.findOne(num));
        }));
        return gxPasswordPolicyBean;
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public List<GxPasswordPolicyBean> findAllPasswordPolicyByNamespace(GxNamespaceBean gxNamespaceBean) {
        return (List) this.gxPasswordPolicyRepo.findAllByGxNamespaceNamespace(gxNamespaceBean.getNamespace()).stream().map(this::makePasswordPolicyBean).collect(Collectors.toList());
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public GxPasswordPolicyBean findPasswordPolicyByNamespace(GxNamespaceBean gxNamespaceBean) {
        return findPasswordPolicyByNamespace(gxNamespaceBean.getNamespace());
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public GxPasswordPolicyBean findPasswordPolicyByNamespace(String str) {
        GxPasswordPolicy findOneByGxNamespaceNamespace = this.gxPasswordPolicyRepo.findOneByGxNamespaceNamespace(str);
        if (findOneByGxNamespaceNamespace == null) {
            return null;
        }
        return makePasswordPolicyBean(findOneByGxNamespaceNamespace);
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public GxPasswordPolicyBean createOrUpdate(GxPasswordPolicyBean gxPasswordPolicyBean) {
        gxPasswordPolicyBean.setOid(((GxPasswordPolicy) this.gxPasswordPolicyRepo.save(toEntity(gxPasswordPolicyBean.getOid() == null ? new GxPasswordPolicy() : this.gxPasswordPolicyRepo.findOne(gxPasswordPolicyBean.getOid()), gxPasswordPolicyBean))).getOid());
        return gxPasswordPolicyBean;
    }

    private GxPasswordPolicy toEntity(GxPasswordPolicy gxPasswordPolicy, GxPasswordPolicyBean gxPasswordPolicyBean) {
        gxPasswordPolicy.setMaxHistory(gxPasswordPolicyBean.getMaxHistory());
        gxPasswordPolicy.setMaxAge(gxPasswordPolicyBean.getMaxAge());
        gxPasswordPolicy.setMinLength(gxPasswordPolicyBean.getMinLength());
        gxPasswordPolicy.setIsUserUsernameAllowed(gxPasswordPolicyBean.getIsUserUsernameAllowed());
        gxPasswordPolicy.setMaxAllowedMatchingUserName(gxPasswordPolicyBean.getMaxAllowedMatchingUserName());
        gxPasswordPolicy.setMinUppercase(gxPasswordPolicyBean.getMinUppercase());
        gxPasswordPolicy.setMinLowercase(gxPasswordPolicyBean.getMinLowercase());
        gxPasswordPolicy.setMinNumbers(gxPasswordPolicyBean.getMinNumbers());
        gxPasswordPolicy.setMinSpecialCharacters(gxPasswordPolicyBean.getMinSpecialCharacters());
        gxPasswordPolicy.setIsActive(gxPasswordPolicyBean.getIsActive());
        gxPasswordPolicy.setPasswordPolicyName(gxPasswordPolicyBean.getPasswordPolicyName());
        if (gxPasswordPolicyBean.getGxNamespaceBeanFault() != null) {
            gxPasswordPolicy.setGxNamespace(this.gxNamespaceRepo.findOne(gxPasswordPolicyBean.getGxNamespaceBeanFault().getOid()));
        }
        return gxPasswordPolicy;
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public void delete(GxPasswordPolicyBean gxPasswordPolicyBean) {
        this.gxPasswordPolicyRepo.deleteById(gxPasswordPolicyBean.getOid());
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public void changePassword(String str, String str2, String str3, String str4) throws ChangePasswordFailedException {
        GxNamespaceBean findNamespace = this.gxDataService.findNamespace(str);
        GxUserAccountBean findUserAccountByUsernamePasswordAndNamespace = this.gxDataService.findUserAccountByUsernamePasswordAndNamespace(str2, str3, findNamespace);
        if (findUserAccountByUsernamePasswordAndNamespace == null) {
            throw new ChangePasswordFailedException("Current password did not match.");
        }
        GxPasswordPolicyBean findPasswordPolicyByNamespace = findPasswordPolicyByNamespace(str);
        if (findPasswordPolicyByNamespace == null) {
            findPasswordPolicyByNamespace = findPasswordPolicyByNamespace(this.gxDataService.findSystemNamespace());
        }
        if (findPasswordPolicyByNamespace == null || !findPasswordPolicyByNamespace.getIsActive().booleanValue()) {
            GxUserAccount findByUsernameAndGxNamespaceOid = this.userAccountRepo.findByUsernameAndGxNamespaceOid(str2, findNamespace.getOid());
            String createPasswordHash = CryptoUtil.createPasswordHash(str4);
            findByUsernameAndGxNamespaceOid.setIsPasswordChangeRequired(false);
            findByUsernameAndGxNamespaceOid.setPassword(createPasswordHash);
            this.userAccountRepo.save(findByUsernameAndGxNamespaceOid);
            return;
        }
        try {
            assertPasswordPolicy(str, str2, str4);
            Integer maxHistory = findPasswordPolicyByNamespace.getMaxHistory();
            String createPasswordHash2 = CryptoUtil.createPasswordHash(str4);
            GxUserAccount findByUsername = this.userAccountRepo.findByUsername(str2);
            if (maxHistory.intValue() > 0) {
                if (findByUsername.getPassword().equals(createPasswordHash2)) {
                    throw new ChangePasswordFailedException("Password has already been used before.");
                }
                if (maxHistory.intValue() > 1) {
                    List<GxPasswordHistory> findAllByGxUserAccountOidOrderByPasswordDateDesc = this.passwordHistoryRepo.findAllByGxUserAccountOidOrderByPasswordDateDesc(findUserAccountByUsernamePasswordAndNamespace.getOid());
                    Iterator<GxPasswordHistory> it = findAllByGxUserAccountOidOrderByPasswordDateDesc.iterator();
                    while (it.hasNext()) {
                        if (it.next().getHashedPassword().equals(createPasswordHash2)) {
                            throw new ChangePasswordFailedException("Password has already been used before.");
                        }
                    }
                    if (findAllByGxUserAccountOidOrderByPasswordDateDesc.size() > 0 && findAllByGxUserAccountOidOrderByPasswordDateDesc.size() == maxHistory.intValue() - 1) {
                        this.passwordHistoryRepo.delete(findAllByGxUserAccountOidOrderByPasswordDateDesc.get(findAllByGxUserAccountOidOrderByPasswordDateDesc.size() - 1));
                    }
                    GxPasswordHistory gxPasswordHistory = new GxPasswordHistory();
                    gxPasswordHistory.setGxUserAccount(findByUsername);
                    gxPasswordHistory.setHashedPassword(findByUsername.getPassword());
                    gxPasswordHistory.setPasswordDate(new Timestamp(System.currentTimeMillis()));
                    this.passwordHistoryRepo.save(gxPasswordHistory);
                }
            }
            findByUsername.setIsPasswordChangeRequired(false);
            findByUsername.setPassword(createPasswordHash2);
            this.userAccountRepo.save(findByUsername);
        } catch (AssertionError e) {
            throw new ChangePasswordFailedException(e.getMessage());
        }
    }

    @Override // io.graphenee.security.api.GxPasswordPolicyDataService
    public Boolean isPasswordExpired(String str, GxUserAccountBean gxUserAccountBean) {
        GxPasswordPolicyBean findPasswordPolicyByNamespace = findPasswordPolicyByNamespace(str);
        if (findPasswordPolicyByNamespace == null) {
            findPasswordPolicyByNamespace = findPasswordPolicyByNamespace(this.gxDataService.findSystemNamespace());
        }
        if (findPasswordPolicyByNamespace == null) {
            return false;
        }
        List<GxPasswordHistory> findAllByGxUserAccountOidOrderByPasswordDateDesc = this.passwordHistoryRepo.findAllByGxUserAccountOidOrderByPasswordDateDesc(gxUserAccountBean.getOid());
        Timestamp currentTimeStamp = TRCalendarUtil.getCurrentTimeStamp();
        Long l = 0L;
        GxPasswordHistory gxPasswordHistory = (findAllByGxUserAccountOidOrderByPasswordDateDesc == null || findAllByGxUserAccountOidOrderByPasswordDateDesc.isEmpty()) ? null : findAllByGxUserAccountOidOrderByPasswordDateDesc.get(0);
        if (gxPasswordHistory != null && gxPasswordHistory.getPasswordDate() != null) {
            l = Long.valueOf(TRCalendarUtil.daysBetween(gxPasswordHistory.getPasswordDate(), currentTimeStamp));
        } else if (gxUserAccountBean.getAccountActivationDate() != null) {
            l = Long.valueOf(TRCalendarUtil.daysBetween(gxUserAccountBean.getAccountActivationDate(), currentTimeStamp));
        }
        return Boolean.valueOf(l.longValue() != 0 && l.longValue() > ((long) findPasswordPolicyByNamespace.getMaxAge().intValue()));
    }
}
