package de.gsi.acc.remote.user;

import de.gsi.acc.remote.BasicRestRoles;
import de.gsi.acc.remote.RestServer;
import io.javalin.core.security.Role;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.jetbrains.annotations.NotNull;
import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gsi/acc/remote/user/RestUserHandlerImpl.class */
public class RestUserHandlerImpl implements RestUserHandler {
    private static final String REST_USER_PASSWORD_STORE = "restUserPasswordStore";
    private final Object usersLock = new Object();
    private List<RestUser> users = Collections.emptyList();
    private static final Logger LOGGER = LoggerFactory.getLogger(RestUserHandlerImpl.class);
    private static final String REST_USER_PASSWORD_FILE = getUserPasswordStore();

    @Override // de.gsi.acc.remote.user.RestUserHandler
    public boolean authenticate(@NotNull String str, @NotNull String str2) {
        synchronized (this.usersLock) {
            RestUser userByUsername = getUserByUsername(str);
            if (userByUsername == null) {
                return false;
            }
            return BCrypt.hashpw(str2, userByUsername.salt).equals(userByUsername.hashedPassword);
        }
    }

    @Override // de.gsi.acc.remote.user.RestUserHandler
    public Iterable<String> getAllUserNames() {
        Iterable<String> iterable;
        synchronized (this.usersLock) {
            if (this.users.isEmpty()) {
                readPasswordFile();
            }
            iterable = (Iterable) this.users.stream().map(restUser -> {
                return restUser.userName;
            }).collect(Collectors.toList());
        }
        return iterable;
    }

    @Override // de.gsi.acc.remote.user.RestUserHandler
    public RestUser getUserByUsername(String str) {
        RestUser orElse;
        synchronized (this.usersLock) {
            if (this.users.isEmpty()) {
                readPasswordFile();
            }
            orElse = this.users.stream().filter(restUser -> {
                return restUser.userName.equals(str);
            }).findFirst().orElse(null);
        }
        return orElse;
    }

    @Override // de.gsi.acc.remote.user.RestUserHandler
    public Set<Role> getUserRolesByUsername(String str) {
        synchronized (this.usersLock) {
            if (this.users.isEmpty()) {
                readPasswordFile();
            }
            Optional<RestUser> findFirst = this.users.stream().filter(restUser -> {
                return restUser.userName.equals(str);
            }).findFirst();
            if (findFirst.isPresent()) {
                return findFirst.get().getRoles();
            }
            return Collections.singleton(BasicRestRoles.NULL);
        }
    }

    public void readPasswordFile() {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.atDebug().log("readPasswordFile called");
        }
        synchronized (this.usersLock) {
            try {
                BufferedReader bufferedReader = REST_USER_PASSWORD_FILE == null ? new BufferedReader(new InputStreamReader(RestServer.class.getResourceAsStream("/DefaultRestUserPasswords.pwd"), StandardCharsets.UTF_8)) : Files.newBufferedReader(Paths.get(new File(REST_USER_PASSWORD_FILE).getPath(), new String[0]), StandardCharsets.UTF_8);
                try {
                    ArrayList arrayList = new ArrayList(10);
                    int i = 0;
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        } else if (!readLine.startsWith("#")) {
                            i++;
                            parsePasswordLine(arrayList, readLine, i);
                        }
                    }
                    this.users = Collections.unmodifiableList(arrayList);
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.atDebug().log("PasswordFile successfully read");
                    }
                    if (bufferedReader != null) {
                        bufferedReader.close();
                    }
                } catch (Throwable th) {
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException e) {
                LOGGER.atError().setCause(e).addArgument(REST_USER_PASSWORD_FILE).log("could not read rest user passwords to '{}'");
            }
        }
    }

    @Override // de.gsi.acc.remote.user.RestUserHandler
    public boolean setPassword(@NotNull String str, @NotNull String str2, @NotNull String str3) {
        if (REST_USER_PASSWORD_FILE == null) {
            LOGGER.atWarn().log("cannot set password for default user password store");
            return false;
        }
        synchronized (this.usersLock) {
            if (!authenticate(str, str2)) {
                return false;
            }
            String gensalt = BCrypt.gensalt();
            String hashpw = BCrypt.hashpw(str3, gensalt);
            RestUser userByUsername = getUserByUsername(str);
            if (userByUsername == null) {
                return false;
            }
            userByUsername.salt = gensalt;
            userByUsername.hashedPassword = hashpw;
            writePasswordFile();
            return true;
        }
    }

    public void writePasswordFile() {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.atDebug().log("updatePasswordFile called");
        }
        if (REST_USER_PASSWORD_FILE == null) {
            LOGGER.atWarn().log("cannot write password for default user password store");
            return;
        }
        synchronized (this.usersLock) {
            File file = new File(REST_USER_PASSWORD_FILE);
            try {
                if (file.createNewFile()) {
                    LOGGER.atInfo().addArgument(REST_USER_PASSWORD_FILE).log("needed to create new password file '{}'");
                }
                try {
                    BufferedWriter newBufferedWriter = Files.newBufferedWriter(Paths.get(file.getPath(), new String[0]), StandardCharsets.UTF_8, new OpenOption[0]);
                    try {
                        StringBuilder sb = new StringBuilder();
                        for (RestUser restUser : this.users) {
                            sb.delete(0, sb.length());
                            sb.append(restUser.userName).append(':').append(restUser.salt).append(':').append(restUser.hashedPassword).append(':');
                            sb.append(BasicRestRoles.getRoles(restUser.getRoles())).append(':');
                            newBufferedWriter.write(sb.toString());
                            newBufferedWriter.newLine();
                        }
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.atDebug().log("PasswordFile successfully updated");
                        }
                        if (newBufferedWriter != null) {
                            newBufferedWriter.close();
                        }
                    } catch (Throwable th) {
                        if (newBufferedWriter != null) {
                            try {
                                newBufferedWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (IOException e) {
                    LOGGER.atError().setCause(e).addArgument(REST_USER_PASSWORD_FILE).log("could not store rest user passwords to '{}'");
                }
            } catch (IOException | SecurityException e2) {
                LOGGER.atError().setCause(e2).addArgument(REST_USER_PASSWORD_FILE).log("could not create user passwords file '{}'");
            }
        }
    }

    private void parsePasswordLine(List<RestUser> list, String str, int i) {
        try {
            String[] split = str.split(":");
            if (split.length < 4) {
                LOGGER.atWarn().addArgument(Integer.valueOf(split.length)).addArgument(Integer.valueOf(i)).addArgument(str).log("insufficient arguments ({} < 4)- parsing line {}: '{}'");
            } else {
                list.add(new RestUser(split[0], split[1], split[2], BasicRestRoles.getRoles(split[3])));
            }
        } catch (Exception e) {
            LOGGER.atWarn().setCause(e).addArgument(Integer.valueOf(i)).addArgument(str).log("could not parse line {}: '{}'");
        }
    }

    private static String getUserPasswordStore() {
        String property = System.getProperty(REST_USER_PASSWORD_STORE);
        if (property == null) {
            LOGGER.atWarn().log("using internal UserPasswordStore -- PLEASE CHANGE FOR PRODUCTION -- THIS IS UNSAFE PRACTICE");
        }
        return property;
    }
}
