package com.hypersocket.auth;

import com.hypersocket.json.input.FormTemplate;
import com.hypersocket.local.LocalUser;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.realm.Principal;
import com.hypersocket.realm.RealmProvider;
import com.hypersocket.realm.RealmService;
import com.hypersocket.resource.ResourceException;
import com.hypersocket.util.ArrayValueHashMap;
import java.io.Closeable;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/hypersocket/auth/ChangePasswordAuthenticationStep.class */
public class ChangePasswordAuthenticationStep implements PostAuthenticationStep {
    public static final String RESOURCE_KEY = "changePassword";
    private static final String HAVE_I_BEEN_PWNED_FLAGGED_CHANGED = "hibp.forceChangePassword";
    private static final String HAVE_I_BEEN_PWNED_USER_PASSWORD_HASH = "hibp.userPasswordHash";
    private static final String HAVE_I_BEEN_PWNED_USER_PASSWORD_HASH_SALT = "hibp.userPasswordHashSalt";
    private static final String HAVE_I_BEEN_PWNED_USER_PASSWORD_RESULT = "hibp.userPasswordResult";

    @Autowired
    private RealmService realmService;

    @Autowired
    private AuthenticationService authenticationService;

    @PostConstruct
    private void postConstruct() {
        this.authenticationService.registerPostAuthenticationStep(this);
    }

    @Override // com.hypersocket.auth.PostAuthenticationStep
    public boolean requiresProcessing(AuthenticationState authenticationState) {
        if (authenticationState.hasEnvironmentVariable(HAVE_I_BEEN_PWNED_FLAGGED_CHANGED) && ((Boolean) authenticationState.getEnvironmentVariable(HAVE_I_BEEN_PWNED_FLAGGED_CHANGED)).booleanValue()) {
            return true;
        }
        return AuthenticationServiceImpl.AUTHENTICATION_SCHEME_USER_LOGIN_RESOURCE_KEY.equals(authenticationState.getScheme().getResourceKey()) && this.realmService.requiresPasswordChange(authenticationState.getPrincipal(), authenticationState.getRealm());
    }

    @Override // com.hypersocket.auth.PostAuthenticationStep
    public String getResourceKey() {
        return RESOURCE_KEY;
    }

    @Override // com.hypersocket.auth.PostAuthenticationStep
    public AuthenticatorResult process(AuthenticationState authenticationState, Map<String, String[]> map) throws AccessDeniedException {
        String str = (String) ArrayValueHashMap.getSingle(map, "password");
        String str2 = (String) ArrayValueHashMap.getSingle(map, ChangePasswordTemplate.CONFIRM_PASSWORD_FIELD);
        if (str == null || str.trim().equals("")) {
            if (authenticationState.hasEnvironmentVariable(HAVE_I_BEEN_PWNED_FLAGGED_CHANGED) && ((Boolean) authenticationState.getEnvironmentVariable(HAVE_I_BEEN_PWNED_FLAGGED_CHANGED)).booleanValue()) {
                authenticationState.setLastErrorMsg("error.haveIBeenPwnedChangePassword");
                authenticationState.setLastErrorIsResourceKey(true);
                return AuthenticatorResult.INSUFFICIENT_DATA;
            }
            authenticationState.setLastErrorMsg("error.emptyPassword");
            authenticationState.setLastErrorIsResourceKey(true);
            return AuthenticatorResult.INSUFFICIENT_DATA;
        }
        if (!str.equals(str2)) {
            authenticationState.setLastErrorMsg("error.passwordsMustMatch");
            authenticationState.setLastErrorIsResourceKey(true);
            return AuthenticatorResult.INSUFFICIENT_DATA;
        }
        try {
            Closeable tryAs = this.authenticationService.tryAs(authenticationState.getPrincipal());
            try {
                doPasswordChange(authenticationState, str);
                authenticationState.addParameter("password", str);
                resetHIBPState(authenticationState);
                AuthenticatorResult authenticatorResult = AuthenticatorResult.AUTHENTICATION_SUCCESS;
                if (tryAs != null) {
                    tryAs.close();
                }
                return authenticatorResult;
            } finally {
            }
        } catch (Throwable th) {
            authenticationState.setLastErrorMsg(th.getMessage());
            authenticationState.setLastErrorIsResourceKey(false);
            return AuthenticatorResult.AUTHENTICATION_FAILURE_DISPLAY_ERROR;
        }
    }

    protected void doPasswordChange(AuthenticationState authenticationState, String str) throws AccessDeniedException, ResourceException {
        if (authenticationState.hasParameter("password")) {
            this.realmService.changePassword(authenticationState.getPrincipal(), authenticationState.getParameter("password"), str);
        } else {
            this.realmService.setPassword(authenticationState.getPrincipal(), str, isForceChangeRequired(authenticationState), isAdministrative(authenticationState));
        }
    }

    protected boolean isForceChangeRequired(AuthenticationState authenticationState) {
        return false;
    }

    protected boolean isAdministrative(AuthenticationState authenticationState) {
        return false;
    }

    @Override // com.hypersocket.auth.PostAuthenticationStep
    public FormTemplate createTemplate(AuthenticationState authenticationState) {
        return new ChangePasswordTemplate(authenticationState, "changePassword.text", authenticationState.getLastErrorMsg(), authenticationState.getLastErrorIsResourceKey());
    }

    @Override // com.hypersocket.auth.PostAuthenticationStep
    public int getOrderPriority() {
        return 0;
    }

    @Override // com.hypersocket.auth.PostAuthenticationStep
    public boolean requiresUserInput(AuthenticationState authenticationState) {
        return true;
    }

    @Override // com.hypersocket.auth.PostAuthenticationStep
    public boolean requiresSession(AuthenticationState authenticationState) {
        return false;
    }

    private void resetHIBPState(AuthenticationState authenticationState) throws ResourceException {
        HashMap hashMap = new HashMap();
        hashMap.put(HAVE_I_BEEN_PWNED_USER_PASSWORD_HASH, null);
        hashMap.put(HAVE_I_BEEN_PWNED_USER_PASSWORD_HASH_SALT, null);
        hashMap.put(HAVE_I_BEEN_PWNED_USER_PASSWORD_RESULT, null);
        getProviderForPrincipal(authenticationState.getPrincipal()).updateUserProperties(authenticationState.getPrincipal(), hashMap);
        authenticationState.removeEnvironmentVariable(HAVE_I_BEEN_PWNED_FLAGGED_CHANGED);
    }

    private RealmProvider getProviderForPrincipal(Principal principal) {
        return ((principal instanceof LocalUser) || (principal instanceof FakePrincipal) || principal.isFake()) ? this.realmService.getLocalProvider() : this.realmService.getProviderForRealm(principal.getRealm());
    }
}
