package org.minijax.security;

import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Objects;
import java.util.UUID;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.CookieParam;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;
import org.mindrot.jbcrypt.BCrypt;
import org.minijax.db.BaseEntity;
import org.minijax.security.SecurityUser;
import org.minijax.util.IdUtils;

@Provider
@RequestScoped
/* loaded from: input_file:org/minijax/security/Security.class */
public class Security<T extends SecurityUser> implements SecurityContext {
    public static final int MINIMUM_PASSWORD_LENGTH = 8;
    public static final String COOKIE_NAME = "a";
    private static final String COOKIE_PATH = "/";
    private static final String COOKIE_DOMAIN = "";
    private static final int COOKIE_MAX_AGE = 31536000;
    private final Class<SecurityUser> userClass;
    private final SecurityDao dao;
    private final String authorization;
    private final String cookie;
    private final UserSession session = initUser();
    private final SecurityUser user;

    @Inject
    public Security(SecurityDao securityDao, @Context Configuration configuration, @HeaderParam("Authorization") String str, @CookieParam("a") String str2) {
        this.userClass = (Class) configuration.getProperty("org.minijax.security.userClass");
        this.dao = securityDao;
        this.authorization = str;
        this.cookie = str2;
        this.user = this.session != null ? this.session.getUser() : null;
    }

    public Class<SecurityUser> getUserClass() {
        return this.userClass;
    }

    /* renamed from: getUserPrincipal, reason: merged with bridge method [inline-methods] */
    public T m6getUserPrincipal() {
        return (T) this.user;
    }

    public boolean isLoggedIn() {
        return m6getUserPrincipal() != null;
    }

    public void requireLogin() {
        if (!isLoggedIn()) {
            throw new NotAuthorizedException(Response.status(Response.Status.UNAUTHORIZED).build());
        }
    }

    private void requireCookieSession() {
        if (this.session.getId() == null) {
            throw new ForbiddenException();
        }
    }

    public String getSessionToken() {
        requireLogin();
        requireCookieSession();
        return this.session.getId().toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateSession(String str) {
        if (!Objects.equals(str, getSessionToken())) {
            throw new BadRequestException("Invalid session ID");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public LoginResult login(String str, String str2) {
        SecurityUser findUserByEmail = this.dao.findUserByEmail(this.userClass, str);
        return findUserByEmail == null ? LoginResult.NOT_FOUND : findUserByEmail.getPasswordHash() == null ? LoginResult.INVALID : !BCrypt.checkpw(str2, findUserByEmail.getPasswordHash()) ? LoginResult.INCORRECT : new LoginResult(loginAs(findUserByEmail));
    }

    public NewCookie loginAs(SecurityUser securityUser) {
        BaseEntity userSession = new UserSession();
        userSession.setUser(securityUser);
        this.dao.create(userSession);
        return createCookie(userSession.getId().toString(), COOKIE_MAX_AGE);
    }

    public NewCookie logout() {
        if (this.session != null) {
            this.dao.purge(this.session);
        }
        return createCookie(COOKIE_DOMAIN, 0);
    }

    public ChangePasswordResult changePassword(String str, String str2, String str3) {
        requireLogin();
        if (this.user.getPasswordHash() == null) {
            return ChangePasswordResult.INVALID;
        }
        if (!BCrypt.checkpw(str, this.user.getPasswordHash())) {
            return ChangePasswordResult.INCORRECT;
        }
        if (!str2.equals(str3)) {
            return ChangePasswordResult.MISMATCH;
        }
        if (str2.length() < 8) {
            return ChangePasswordResult.TOO_SHORT;
        }
        this.user.setPassword(str2);
        this.dao.update(this.user);
        return ChangePasswordResult.SUCCESS;
    }

    public String forgotPassword(SecurityUser securityUser) {
        BaseEntity passwordChangeRequest = new PasswordChangeRequest();
        passwordChangeRequest.setCode(UUID.randomUUID().toString());
        passwordChangeRequest.setUser(securityUser);
        this.dao.create(passwordChangeRequest);
        return passwordChangeRequest.getCode();
    }

    public ResetPasswordResult resetPassword(String str, String str2, String str3) {
        BaseEntity findPasswordChangeRequest = this.dao.findPasswordChangeRequest(str);
        if (findPasswordChangeRequest == null) {
            return ResetPasswordResult.NOT_FOUND;
        }
        if (Instant.now().isAfter(findPasswordChangeRequest.getCreatedDateTime().plus(24L, (TemporalUnit) ChronoUnit.HOURS))) {
            return ResetPasswordResult.EXPIRED;
        }
        if (!str2.equals(str3)) {
            return ResetPasswordResult.MISMATCH;
        }
        if (str2.length() < 8) {
            return ResetPasswordResult.TOO_SHORT;
        }
        BaseEntity baseEntity = (SecurityUser) this.dao.read(this.userClass, findPasswordChangeRequest.getUserId());
        if (baseEntity == null) {
            return ResetPasswordResult.NOT_FOUND;
        }
        baseEntity.setPassword(str2);
        this.dao.update(baseEntity);
        this.dao.purge(findPasswordChangeRequest);
        return new ResetPasswordResult(loginAs(baseEntity));
    }

    private UserSession initUser() {
        UserSession tryGetApiUser = tryGetApiUser();
        if (tryGetApiUser != null) {
            return tryGetApiUser;
        }
        UserSession trySessionCookie = trySessionCookie();
        if (trySessionCookie != null) {
            return trySessionCookie;
        }
        return null;
    }

    private UserSession tryGetApiUser() {
        ApiKey findApiKeyByValue;
        SecurityUser read;
        String username = AuthUtils.getUsername(this.authorization);
        if (username == null || (findApiKeyByValue = this.dao.findApiKeyByValue(username)) == null || findApiKeyByValue.getDeletedDateTime() != null || (read = this.dao.read(this.userClass, findApiKeyByValue.getUserId())) == null) {
            return null;
        }
        UserSession userSession = new UserSession();
        userSession.setId(null);
        userSession.setUser(read);
        return userSession;
    }

    private UserSession trySessionCookie() {
        UUID tryParse;
        UserSession read;
        SecurityUser securityUser;
        if (this.cookie == null || (tryParse = IdUtils.tryParse(this.cookie)) == null || (read = this.dao.read(UserSession.class, tryParse)) == null || (securityUser = (SecurityUser) this.dao.read(this.userClass, read.getUserId())) == null) {
            return null;
        }
        read.setUser(securityUser);
        return read;
    }

    private NewCookie createCookie(String str, int i) {
        return new NewCookie(COOKIE_NAME, str, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_DOMAIN, i, false, true);
    }

    public boolean isUserInRole(String str) {
        return this.user != null && this.user.hasRole(str);
    }

    public boolean isSecure() {
        return true;
    }

    public String getAuthenticationScheme() {
        if (this.session == null) {
            return null;
        }
        return this.session.getId() == null ? "BASIC" : "FORM";
    }
}
