package org.eclipse.hono.service.credentials;

import io.opentracing.noop.NoopSpan;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonObject;
import java.util.Objects;
import java.util.Optional;
import org.eclipse.hono.auth.BCryptHelper;
import org.eclipse.hono.auth.HonoPasswordEncoder;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.util.CredentialsConstants;
import org.eclipse.hono.util.CredentialsObject;
import org.eclipse.hono.util.CredentialsResult;
import org.eclipse.hono.util.EventBusMessage;

/* loaded from: input_file:org/eclipse/hono/service/credentials/CompleteBaseCredentialsService.class */
public abstract class CompleteBaseCredentialsService<T> extends BaseCredentialsService<T> implements CompleteCredentialsService {
    private static final int DEFAULT_MAX_BCRYPT_ITERATIONS = 10;
    private HonoPasswordEncoder pwdEncoder;

    /* renamed from: org.eclipse.hono.service.credentials.CompleteBaseCredentialsService$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/hono/service/credentials/CompleteBaseCredentialsService$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$hono$util$CredentialsConstants$CredentialsAction = new int[CredentialsConstants.CredentialsAction.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$hono$util$CredentialsConstants$CredentialsAction[CredentialsConstants.CredentialsAction.get.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$hono$util$CredentialsConstants$CredentialsAction[CredentialsConstants.CredentialsAction.add.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$hono$util$CredentialsConstants$CredentialsAction[CredentialsConstants.CredentialsAction.update.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$eclipse$hono$util$CredentialsConstants$CredentialsAction[CredentialsConstants.CredentialsAction.remove.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    protected CompleteBaseCredentialsService(HonoPasswordEncoder honoPasswordEncoder) {
        this.pwdEncoder = (HonoPasswordEncoder) Objects.requireNonNull(honoPasswordEncoder);
    }

    @Override // org.eclipse.hono.service.credentials.BaseCredentialsService, org.eclipse.hono.service.EventBusService
    public final Future<EventBusMessage> processRequest(EventBusMessage eventBusMessage) {
        Objects.requireNonNull(eventBusMessage);
        switch (AnonymousClass1.$SwitchMap$org$eclipse$hono$util$CredentialsConstants$CredentialsAction[CredentialsConstants.CredentialsAction.from(eventBusMessage.getOperation()).ordinal()]) {
            case 1:
                return processGetRequest(eventBusMessage);
            case 2:
                return processAddRequest(eventBusMessage);
            case 3:
                return processUpdateRequest(eventBusMessage);
            case 4:
                return processRemoveRequest(eventBusMessage);
            default:
                return processCustomCredentialsMessage(eventBusMessage);
        }
    }

    private Future<EventBusMessage> processAddRequest(EventBusMessage eventBusMessage) {
        String tenant = eventBusMessage.getTenant();
        CredentialsObject credentialsObject = (CredentialsObject) Optional.ofNullable(eventBusMessage.getJsonPayload()).map(jsonObject -> {
            return (CredentialsObject) jsonObject.mapTo(CredentialsObject.class);
        }).orElse(null);
        return tenant == null ? Future.failedFuture(new ClientErrorException(400, "missing tenant ID")) : credentialsObject == null ? Future.failedFuture(new ClientErrorException(400, "missing payload")) : hashPlainPasswords(credentialsObject).compose(credentialsObject2 -> {
            return doAdd(eventBusMessage, tenant, credentialsObject2);
        });
    }

    private Future<EventBusMessage> doAdd(EventBusMessage eventBusMessage, String str, CredentialsObject credentialsObject) {
        try {
            credentialsObject.checkValidity(this::checkSecret);
            Future future = Future.future();
            add(str, JsonObject.mapFrom(credentialsObject), future.completer());
            return future.map(credentialsResult -> {
                return eventBusMessage.getResponse(credentialsResult.getStatus()).setDeviceId(credentialsObject.getDeviceId()).setCacheDirective(credentialsResult.getCacheDirective());
            });
        } catch (IllegalStateException e) {
            return Future.failedFuture(new ClientErrorException(400, e.getMessage()));
        }
    }

    private Future<EventBusMessage> processUpdateRequest(EventBusMessage eventBusMessage) {
        String tenant = eventBusMessage.getTenant();
        CredentialsObject credentialsObject = (CredentialsObject) Optional.ofNullable(eventBusMessage.getJsonPayload()).map(jsonObject -> {
            return (CredentialsObject) jsonObject.mapTo(CredentialsObject.class);
        }).orElse(null);
        return tenant == null ? Future.failedFuture(new ClientErrorException(400, "missing tenant ID")) : credentialsObject == null ? Future.failedFuture(new ClientErrorException(400, "missing payload")) : hashPlainPasswords(credentialsObject).compose(credentialsObject2 -> {
            return doUpdate(eventBusMessage, tenant, credentialsObject2);
        });
    }

    private Future<EventBusMessage> doUpdate(EventBusMessage eventBusMessage, String str, CredentialsObject credentialsObject) {
        try {
            credentialsObject.checkValidity(this::checkSecret);
            Future future = Future.future();
            update(str, JsonObject.mapFrom(credentialsObject), future.completer());
            return future.map(credentialsResult -> {
                return eventBusMessage.getResponse(credentialsResult.getStatus()).setDeviceId(credentialsObject.getDeviceId()).setCacheDirective(credentialsResult.getCacheDirective());
            });
        } catch (IllegalStateException e) {
            return Future.failedFuture(new ClientErrorException(400, e.getMessage()));
        }
    }

    private Future<EventBusMessage> processRemoveRequest(EventBusMessage eventBusMessage) {
        String tenant = eventBusMessage.getTenant();
        JsonObject jsonPayload = eventBusMessage.getJsonPayload();
        if (tenant == null || jsonPayload == null) {
            return Future.failedFuture(new ClientErrorException(400));
        }
        String str = (String) getTypesafeValueForField(String.class, jsonPayload, "type");
        String str2 = (String) getTypesafeValueForField(String.class, jsonPayload, "auth-id");
        String str3 = (String) getTypesafeValueForField(String.class, jsonPayload, "device-id");
        if (str == null) {
            this.log.debug("remove credentials request does not contain mandatory type parameter");
            return Future.failedFuture(new ClientErrorException(400));
        }
        if (!str.equals("*") && str2 != null) {
            this.log.debug("removing specific credentials [tenant: {}, type: {}, auth-id: {}]", new Object[]{tenant, str, str2});
            Future future = Future.future();
            remove(tenant, str, str2, future.completer());
            return future.map(credentialsResult -> {
                return eventBusMessage.getResponse(credentialsResult.getStatus()).setCacheDirective(credentialsResult.getCacheDirective());
            });
        }
        if (str3 == null || !str.equals("*")) {
            this.log.debug("remove credentials request contains invalid search criteria [type: {}, device-id: {}, auth-id: {}]", new Object[]{str, str3, str2});
            return Future.failedFuture(new ClientErrorException(400));
        }
        this.log.debug("removing all credentials for device [tenant: {}, device-id: {}]", tenant, str3);
        Future future2 = Future.future();
        removeAll(tenant, str3, future2.completer());
        return future2.map(credentialsResult2 -> {
            return eventBusMessage.getResponse(credentialsResult2.getStatus()).setDeviceId(str3).setCacheDirective(credentialsResult2.getCacheDirective());
        });
    }

    @Override // org.eclipse.hono.service.credentials.CompleteCredentialsService
    public final void getAll(String str, String str2, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        getAll(str, str2, NoopSpan.INSTANCE, handler);
    }

    @Override // org.eclipse.hono.service.credentials.CompleteCredentialsService
    public void add(String str, JsonObject jsonObject, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        handleUnimplementedOperation(handler);
    }

    @Override // org.eclipse.hono.service.credentials.CompleteCredentialsService
    public void update(String str, JsonObject jsonObject, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        handleUnimplementedOperation(handler);
    }

    @Override // org.eclipse.hono.service.credentials.CompleteCredentialsService
    public void remove(String str, String str2, String str3, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        handleUnimplementedOperation(handler);
    }

    @Override // org.eclipse.hono.service.credentials.CompleteCredentialsService
    public void removeAll(String str, String str2, Handler<AsyncResult<CredentialsResult<JsonObject>>> handler) {
        handleUnimplementedOperation(handler);
    }

    private void checkSecret(String str, JsonObject jsonObject) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -558916037:
                if (str.equals("hashed-password")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String hashFunction = CredentialsConstants.getHashFunction(jsonObject);
                boolean z2 = -1;
                switch (hashFunction.hashCode()) {
                    case -1394365876:
                        if (hashFunction.equals("bcrypt")) {
                            z2 = false;
                            break;
                        }
                        break;
                }
                switch (z2) {
                    case false:
                        verifyBcryptPasswordHash(CredentialsConstants.getPasswordHash(jsonObject));
                        return;
                    default:
                        return;
                }
            default:
                return;
        }
    }

    protected int getMaxBcryptIterations() {
        return DEFAULT_MAX_BCRYPT_ITERATIONS;
    }

    protected final Future<CredentialsObject> hashPlainPasswords(CredentialsObject credentialsObject) {
        Future<CredentialsObject> future = Future.future();
        if ("hashed-password".equals(credentialsObject.getType())) {
            getVertx().executeBlocking(future2 -> {
                this.log.debug("hashing password on vert.x worker thread [{}]", Thread.currentThread().getName());
                credentialsObject.getSecrets().forEach(obj -> {
                    hashPwdAndUpdateSecret((JsonObject) obj);
                });
                future2.complete(credentialsObject);
            }, future);
        } else {
            future.complete(credentialsObject);
        }
        return future;
    }

    private JsonObject hashPwdAndUpdateSecret(JsonObject jsonObject) {
        String str = (String) Optional.ofNullable(jsonObject.remove("pwd-plain")).map(obj -> {
            return obj instanceof String ? (String) obj : "";
        }).orElse("");
        if (str.isEmpty()) {
            return jsonObject;
        }
        jsonObject.mergeIn(this.pwdEncoder.encode(str));
        return jsonObject;
    }

    protected void verifyBcryptPasswordHash(String str) {
        Objects.requireNonNull(str);
        if (BCryptHelper.getIterations(str) > getMaxBcryptIterations()) {
            throw new IllegalStateException("password hash uses too many iterations, max is " + getMaxBcryptIterations());
        }
    }
}
