package com.networknt.oauth.auth;

import com.networknt.config.JsonMapper;
import com.networknt.db.provider.DbProvider;
import com.networknt.db.provider.DbProviderConfig;
import com.networknt.monad.Failure;
import com.networknt.monad.Result;
import com.networknt.monad.Success;
import com.networknt.oauth.security.LightPasswordCredential;
import com.networknt.service.SingletonServiceFactory;
import com.networknt.status.Status;
import com.networknt.utility.Constants;
import com.networknt.utility.HashUtil;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import net.lightapi.portal.db.PortalDbProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/networknt/oauth/auth/LightDbAuthenticator.class */
public class LightDbAuthenticator extends AuthenticatorBase<LightDbAuth> {
    private static final String ERROR_VALIDATE_PASSWORD = "ERR11616";
    private static final String USER_NOT_FOUND_BY_EMAIL = "ERR11607";
    private static final String WRONG_LOGIN_PASSWORD = "ERR11612";
    private static final String EMAIL_NOT_CONFIRMED = "ERR11610";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) LightDbAuthenticator.class);
    static PortalDbProvider dbProvider = (PortalDbProvider) SingletonServiceFactory.getBean(DbProvider.class);

    public LightDbAuthenticator() {
        if (logger.isInfoEnabled()) {
            logger.info("LightDbAuthenticator is constructed.");
        }
    }

    @Override // com.networknt.oauth.auth.Authenticator
    public Account authenticate(final String str, Credential credential) {
        char[] password = ((LightPasswordCredential) credential).getPassword();
        final Result<String> loginUserByEmail = dbProvider.loginUserByEmail(str);
        if (!loginUserByEmail.isSuccess()) {
            return new Account() { // from class: com.networknt.oauth.auth.LightDbAuthenticator.3
                private final Principal principal = () -> {
                    return "error";
                };

                @Override // io.undertow.security.idm.Account
                public Principal getPrincipal() {
                    return this.principal;
                }

                @Override // io.undertow.security.idm.Account
                public Set<String> getRoles() {
                    HashSet hashSet = new HashSet();
                    hashSet.add(loginUserByEmail.getError().toString());
                    return hashSet;
                }
            };
        }
        final String result = loginUserByEmail.getResult();
        final Result<String> validatePassword = validatePassword(password, JsonMapper.string2Map(result), str);
        return validatePassword.isSuccess() ? new Account() { // from class: com.networknt.oauth.auth.LightDbAuthenticator.1
            private final Set<String> roles;
            private final Principal principal;

            {
                this.roles = LightPortalAuthenticator.stringToSet(result);
                String str2 = str;
                this.principal = () -> {
                    return str2;
                };
            }

            @Override // io.undertow.security.idm.Account
            public Principal getPrincipal() {
                return this.principal;
            }

            @Override // io.undertow.security.idm.Account
            public Set<String> getRoles() {
                return this.roles;
            }
        } : new Account() { // from class: com.networknt.oauth.auth.LightDbAuthenticator.2
            private final Principal principal = () -> {
                return "error";
            };

            @Override // io.undertow.security.idm.Account
            public Principal getPrincipal() {
                return this.principal;
            }

            @Override // io.undertow.security.idm.Account
            public Set<String> getRoles() {
                HashSet hashSet = new HashSet();
                hashSet.add(validatePassword.getError().toString());
                return hashSet;
            }
        };
    }

    private Result<String> validatePassword(char[] cArr, Map<String, Object> map, String str) {
        try {
            if (!HashUtil.validatePassword(cArr, (String) map.get(DbProviderConfig.PASSWORD))) {
                return Failure.of(new Status(WRONG_LOGIN_PASSWORD, str));
            }
            if (!((Boolean) map.get("verified")).booleanValue()) {
                return Failure.of(new Status(EMAIL_NOT_CONFIRMED, str));
            }
            HashMap hashMap = new HashMap();
            hashMap.put("id", str);
            hashMap.put(Constants.ROLES, (String) map.get(Constants.ROLES));
            return Success.of(JsonMapper.toJson(hashMap));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            return Failure.of(new Status(ERROR_VALIDATE_PASSWORD, str));
        }
    }
}
