package org.thingsboard.server.service.security.system;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.ArrayList;
import java.util.concurrent.TimeUnit;
import javax.annotation.Resource;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import org.thingsboard.server.common.data.AdminSettings;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.security.UserCredentials;
import org.thingsboard.server.dao.exception.DataValidationException;
import org.thingsboard.server.dao.settings.AdminSettingsService;
import org.thingsboard.server.dao.user.UserService;
import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
import org.thingsboard.server.service.security.model.SecuritySettings;
import org.thingsboard.server.service.security.model.UserPasswordPolicy;

@Service
/* loaded from: input_file:org/thingsboard/server/service/security/system/DefaultSystemSecurityService.class */
public class DefaultSystemSecurityService implements SystemSecurityService {
    private static final Logger log = LoggerFactory.getLogger(DefaultSystemSecurityService.class);
    private static final ObjectMapper objectMapper = new ObjectMapper();

    @Autowired
    private AdminSettingsService adminSettingsService;

    @Autowired
    private BCryptPasswordEncoder encoder;

    @Autowired
    private UserService userService;

    @Resource
    private SystemSecurityService self;

    @Override // org.thingsboard.server.service.security.system.SystemSecurityService
    @Cacheable(cacheNames = {"securitySettings"}, key = "'securitySettings'")
    public SecuritySettings getSecuritySettings(TenantId tenantId) {
        SecuritySettings securitySettings;
        AdminSettings findAdminSettingsByKey = this.adminSettingsService.findAdminSettingsByKey(tenantId, "securitySettings");
        if (findAdminSettingsByKey != null) {
            try {
                securitySettings = (SecuritySettings) objectMapper.treeToValue(findAdminSettingsByKey.getJsonValue(), SecuritySettings.class);
            } catch (Exception e) {
                throw new RuntimeException("Failed to load security settings!", e);
            }
        } else {
            securitySettings = new SecuritySettings();
            securitySettings.setPasswordPolicy(new UserPasswordPolicy());
            securitySettings.getPasswordPolicy().setMinimumLength(6);
        }
        return securitySettings;
    }

    @Override // org.thingsboard.server.service.security.system.SystemSecurityService
    @CacheEvict(cacheNames = {"securitySettings"}, key = "'securitySettings'")
    public SecuritySettings saveSecuritySettings(TenantId tenantId, SecuritySettings securitySettings) {
        AdminSettings findAdminSettingsByKey = this.adminSettingsService.findAdminSettingsByKey(tenantId, "securitySettings");
        if (findAdminSettingsByKey == null) {
            findAdminSettingsByKey = new AdminSettings();
            findAdminSettingsByKey.setKey("securitySettings");
        }
        findAdminSettingsByKey.setJsonValue(objectMapper.valueToTree(securitySettings));
        try {
            return (SecuritySettings) objectMapper.treeToValue(this.adminSettingsService.saveAdminSettings(tenantId, findAdminSettingsByKey).getJsonValue(), SecuritySettings.class);
        } catch (Exception e) {
            throw new RuntimeException("Failed to load security settings!", e);
        }
    }

    @Override // org.thingsboard.server.service.security.system.SystemSecurityService
    public void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String str) throws AuthenticationException {
        if (!this.encoder.matches(str, userCredentials.getPassword())) {
            throw new BadCredentialsException("Authentication Failed. Username or Password not valid.");
        }
        if (!userCredentials.isEnabled()) {
            throw new DisabledException("User is not active");
        }
        if (isPositiveInteger(this.self.getSecuritySettings(tenantId).getPasswordPolicy().getPasswordExpirationPeriodDays()) && userCredentials.getCreatedTime() + TimeUnit.DAYS.toMillis(r0.getPasswordPolicy().getPasswordExpirationPeriodDays().intValue()) < System.currentTimeMillis()) {
            throw new UserPasswordExpiredException("User password expired!", this.userService.requestExpiredPasswordReset(tenantId, userCredentials.getId()).getResetToken());
        }
    }

    @Override // org.thingsboard.server.service.security.system.SystemSecurityService
    public void validatePassword(TenantId tenantId, String str) throws DataValidationException {
        UserPasswordPolicy passwordPolicy = this.self.getSecuritySettings(tenantId).getPasswordPolicy();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new LengthRule(passwordPolicy.getMinimumLength().intValue(), Integer.MAX_VALUE));
        if (isPositiveInteger(passwordPolicy.getMinimumUppercaseLetters())) {
            arrayList.add(new CharacterRule(EnglishCharacterData.UpperCase, passwordPolicy.getMinimumUppercaseLetters().intValue()));
        }
        if (isPositiveInteger(passwordPolicy.getMinimumLowercaseLetters())) {
            arrayList.add(new CharacterRule(EnglishCharacterData.LowerCase, passwordPolicy.getMinimumLowercaseLetters().intValue()));
        }
        if (isPositiveInteger(passwordPolicy.getMinimumDigits())) {
            arrayList.add(new CharacterRule(EnglishCharacterData.Digit, passwordPolicy.getMinimumDigits().intValue()));
        }
        if (isPositiveInteger(passwordPolicy.getMinimumSpecialCharacters())) {
            arrayList.add(new CharacterRule(EnglishCharacterData.Special, passwordPolicy.getMinimumSpecialCharacters().intValue()));
        }
        PasswordValidator passwordValidator = new PasswordValidator(arrayList);
        RuleResult validate = passwordValidator.validate(new PasswordData(str));
        if (!validate.isValid()) {
            throw new DataValidationException(String.join("\n", passwordValidator.getMessages(validate)));
        }
    }

    private static boolean isPositiveInteger(Integer num) {
        return num != null && num.intValue() > 0;
    }
}
