package eu.smesec.cysec.platform.core.auth.strategies;

import ch.qos.logback.classic.ClassicConstants;
import eu.smesec.cysec.platform.bridge.execptions.CacheException;
import eu.smesec.cysec.platform.bridge.execptions.LockedExpetion;
import eu.smesec.cysec.platform.bridge.generated.Locks;
import eu.smesec.cysec.platform.bridge.generated.User;
import eu.smesec.cysec.platform.core.auth.CryptPasswordStorage;
import eu.smesec.cysec.platform.core.cache.CacheAbstractionLayer;
import eu.smesec.cysec.platform.core.config.Config;
import java.lang.reflect.Method;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.logging.Level;
import java.util.stream.Stream;
import javax.annotation.security.RolesAllowed;
import javax.servlet.ServletContext;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.core.MultivaluedMap;

/* loaded from: input_file:WEB-INF/classes/eu/smesec/cysec/platform/core/auth/strategies/AbstractUserAuthStrategy.class */
public abstract class AbstractUserAuthStrategy extends AbstractAuthStrategy {
    public AbstractUserAuthStrategy(CacheAbstractionLayer cacheAbstractionLayer, Config config, ServletContext servletContext, boolean z) {
        super(cacheAbstractionLayer, config, servletContext, z);
    }

    @Override // eu.smesec.cysec.platform.core.auth.strategies.AbstractAuthStrategy
    public boolean authenticate(MultivaluedMap<String, String> multivaluedMap, Method method) throws CacheException, ClientErrorException {
        String[] extractCredentials = extractCredentials(multivaluedMap);
        if (extractCredentials == null) {
            this.logger.log(Level.WARNING, "invalid credentials");
            throw new BadRequestException("invalid credentials");
        }
        String str = extractCredentials[0];
        String str2 = extractCredentials[1];
        User userByEmail = str2.contains("@") ? this.cal.getUserByEmail(str, str2) : this.cal.getUserByName(str, str2);
        if (userByEmail == null) {
            throw new BadRequestException("User " + str2 + " not found in comapny " + str);
        }
        Locks lock = userByEmail.getLock();
        if (lock == null) {
            lock = Locks.NONE;
            userByEmail.setLock(lock);
            this.cal.updateUser(str, userByEmail);
        }
        if (lock.equals(Locks.LOCKED) || lock.equals(Locks.PENDING)) {
            throw new LockedExpetion(str2, lock);
        }
        if (method.isAnnotationPresent(RolesAllowed.class)) {
            HashSet hashSet = new HashSet(Arrays.asList(((RolesAllowed) method.getAnnotation(RolesAllowed.class)).value()));
            Stream<String> stream = userByEmail.getRole().stream();
            Objects.requireNonNull(hashSet);
            if (stream.noneMatch((v1) -> {
                return r1.contains(v1);
            })) {
                throw new ForbiddenException("user " + str2 + " does not have one of the required roles [" + String.join(" ", hashSet) + "]");
            }
        }
        String str3 = extractCredentials[2];
        if (!isProxyAuth() && !checkPassword(userByEmail, str3)) {
            this.logger.log(Level.WARNING, "password does not match for user " + str2);
            return false;
        }
        String str4 = extractCredentials[3];
        if (str4 == null) {
            str4 = userByEmail.getLocale();
            if (str4 == null) {
                str4 = "en";
            }
        }
        this.context.setAttribute("company", str);
        this.context.setAttribute(ClassicConstants.USER_MDC_KEY, userByEmail.getUsername());
        this.context.setAttribute("locale", str4);
        return true;
    }

    private boolean checkPassword(User user, String str) {
        try {
            return new CryptPasswordStorage(user.getPassword()).verify(str);
        } catch (NoSuchAlgorithmException e) {
            this.logger.log(Level.SEVERE, "no algorithm used", (Throwable) e);
            return false;
        }
    }

    protected abstract String[] extractCredentials(MultivaluedMap<String, String> multivaluedMap) throws CacheException, ClientErrorException;
}
