package org.eclipse.hono.deviceregistry.service.credentials;

import io.opentracing.Span;
import io.vertx.core.Future;
import io.vertx.core.Vertx;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.eclipse.hono.auth.HonoPasswordEncoder;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.client.ServiceInvocationException;
import org.eclipse.hono.deviceregistry.service.device.DeviceKey;
import org.eclipse.hono.deviceregistry.service.tenant.NoopTenantInformationService;
import org.eclipse.hono.deviceregistry.service.tenant.TenantInformationService;
import org.eclipse.hono.deviceregistry.service.tenant.TenantKey;
import org.eclipse.hono.deviceregistry.util.DeviceRegistryUtils;
import org.eclipse.hono.service.management.OperationResult;
import org.eclipse.hono.service.management.credentials.CommonCredential;
import org.eclipse.hono.service.management.credentials.CredentialsManagementService;
import org.eclipse.hono.service.management.credentials.PasswordCredential;
import org.eclipse.hono.util.Futures;
import org.eclipse.hono.util.Strings;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/eclipse/hono/deviceregistry/service/credentials/AbstractCredentialsManagementService.class */
public abstract class AbstractCredentialsManagementService implements CredentialsManagementService {
    protected TenantInformationService tenantInformationService = new NoopTenantInformationService();
    protected final Vertx vertx;
    private final HonoPasswordEncoder passwordEncoder;
    private final int maxBcryptCostFactor;
    private final Set<String> hashAlgorithmsWhitelist;

    public AbstractCredentialsManagementService(Vertx vertx, HonoPasswordEncoder honoPasswordEncoder, int i, Set<String> set) {
        this.vertx = (Vertx) Objects.requireNonNull(vertx);
        this.passwordEncoder = (HonoPasswordEncoder) Objects.requireNonNull(honoPasswordEncoder);
        this.maxBcryptCostFactor = i;
        this.hashAlgorithmsWhitelist = set != null ? set : Collections.emptySet();
    }

    @Autowired(required = false)
    public void setTenantInformationService(TenantInformationService tenantInformationService) {
        this.tenantInformationService = (TenantInformationService) Objects.requireNonNull(tenantInformationService);
    }

    protected abstract Future<OperationResult<Void>> processUpdateCredentials(DeviceKey deviceKey, List<CommonCredential> list, Optional<String> optional, Span span);

    protected abstract Future<OperationResult<List<CommonCredential>>> processReadCredentials(DeviceKey deviceKey, Span span);

    @Override // org.eclipse.hono.service.management.credentials.CredentialsManagementService
    public final Future<OperationResult<Void>> updateCredentials(String str, String str2, List<CommonCredential> list, Optional<String> optional, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(list);
        Objects.requireNonNull(optional);
        Objects.requireNonNull(span);
        return this.tenantInformationService.tenantExists(str, span).compose(result -> {
            return result.isError() ? Future.failedFuture(ServiceInvocationException.create(str, result.getStatus(), "tenant does not exist", (Throwable) null)) : verifyAndEncodePasswords(list).compose(list2 -> {
                return processUpdateCredentials(DeviceKey.from((TenantKey) result.getPayload(), str2), list2, optional, span);
            });
        }).recover(th -> {
            return DeviceRegistryUtils.mapError(th, str);
        });
    }

    @Override // org.eclipse.hono.service.management.credentials.CredentialsManagementService
    public final Future<OperationResult<List<CommonCredential>>> readCredentials(String str, String str2, Span span) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(span);
        return this.tenantInformationService.tenantExists(str, span).compose(result -> {
            return result.isError() ? Future.failedFuture(ServiceInvocationException.create(str, result.getStatus(), "tenant does not exist", (Throwable) null)) : processReadCredentials(DeviceKey.from((TenantKey) result.getPayload(), str2), span);
        }).map(operationResult -> {
            if (operationResult != null && operationResult.getPayload() != 0) {
                ((List) operationResult.getPayload()).forEach((v0) -> {
                    v0.stripPrivateInfo();
                });
            }
            return operationResult;
        }).recover(th -> {
            return DeviceRegistryUtils.mapError(th, str);
        });
    }

    private Future<List<CommonCredential>> verifyAndEncodePasswords(List<CommonCredential> list) {
        return DeviceRegistryUtils.assertTypeAndAuthIdUniqueness(list).compose(obj -> {
            if (isEncodingOfSecretsRequired(list)) {
                return Futures.executeBlocking(this.vertx, () -> {
                    return checkCredentials(list);
                });
            }
            try {
                return Future.succeededFuture(checkCredentials(list));
            } catch (IllegalStateException e) {
                return Future.failedFuture(new ClientErrorException(400, e.getMessage()));
            }
        });
    }

    private static boolean isEncodingOfSecretsRequired(List<CommonCredential> list) {
        Stream<CommonCredential> stream = list.stream();
        Class<PasswordCredential> cls = PasswordCredential.class;
        Objects.requireNonNull(PasswordCredential.class);
        Stream<CommonCredential> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<PasswordCredential> cls2 = PasswordCredential.class;
        Objects.requireNonNull(PasswordCredential.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).flatMap(passwordCredential -> {
            return passwordCredential.getSecrets().stream();
        }).anyMatch(passwordSecret -> {
            return !Strings.isNullOrEmpty(passwordSecret.getPasswordPlain());
        });
    }

    protected List<CommonCredential> checkCredentials(List<CommonCredential> list) {
        Iterator<CommonCredential> it = list.iterator();
        while (it.hasNext()) {
            DeviceRegistryUtils.checkCredential(it.next(), this.passwordEncoder, this.hashAlgorithmsWhitelist, this.maxBcryptCostFactor);
        }
        return list;
    }
}
