package net.bluemind.user.service.internal;

import io.vertx.core.json.JsonObject;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.ServerSideServiceProvider;
import net.bluemind.hornetq.client.MQ;
import net.bluemind.lib.vertx.VertxPlatform;
import net.bluemind.user.api.ChangePassword;
import net.bluemind.user.api.IPasswordUpdater;
import net.bluemind.user.api.User;
import net.bluemind.user.persistence.security.HashAlgorithm;
import net.bluemind.user.persistence.security.HashFactory;
import net.bluemind.user.service.IInCoreUser;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:net/bluemind/user/service/internal/DatabasePasswordUpdater.class */
public class DatabasePasswordUpdater implements IPasswordUpdater {
    public boolean update(SecurityContext securityContext, String str, ItemValue<User> itemValue, ChangePassword changePassword) throws ServerFault {
        if (StringUtils.isBlank(changePassword.currentPassword)) {
            setPassword(securityContext, str, itemValue, changePassword.newPassword);
            return true;
        }
        changePassword(securityContext, str, itemValue, changePassword.currentPassword, changePassword.newPassword);
        return true;
    }

    private void changePassword(SecurityContext securityContext, String str, ItemValue<User> itemValue, String str2, String str3) throws ServerFault {
        UserService userService = (UserService) ServerSideServiceProvider.getProvider(securityContext).instance(IInCoreUser.class, new String[]{str});
        userService.passwordValidator.validate(str3);
        if (Boolean.FALSE.equals(Boolean.valueOf(userService.checkPassword(itemValue, str2)))) {
            throw new ServerFault("Invalid password for user: " + itemValue.uid, ErrorCode.AUTHENTICATION_FAIL);
        }
        userService.setPassword(itemValue.uid, HashFactory.getDefault().create(str3), true);
        new UserEventProducer(str, VertxPlatform.eventBus()).passwordUpdated(itemValue.uid);
        MQ.getProducer("bm.core.session").send(new JsonObject().put("latd", ((User) itemValue.value).login + "@" + str).put("operation", "pwchange"));
    }

    private void setPassword(SecurityContext securityContext, String str, ItemValue<User> itemValue, String str2) throws ServerFault {
        UserService userService = (UserService) ServerSideServiceProvider.getProvider(securityContext).instance(IInCoreUser.class, new String[]{str});
        userService.passwordValidator.validate(str2);
        try {
            if (securityContext.getOrigin().equals("keycloak") && Boolean.TRUE.equals(Boolean.valueOf(userService.checkPassword(itemValue, str2)))) {
                throw new ServerFault("New password must not be the current one", ErrorCode.OLD_PASSWORD_SAME_AS_NEW);
            }
        } catch (IllegalArgumentException unused) {
        }
        if (HashFactory.algorithm(str2) != HashAlgorithm.UNKNOWN) {
            userService.setPassword(itemValue.uid, str2, true);
        } else {
            userService.setPassword(itemValue.uid, HashFactory.getDefault().create(str2), true);
        }
        new UserEventProducer(str, VertxPlatform.eventBus()).passwordUpdated(itemValue.uid);
        MQ.getProducer("bm.core.session").send(new JsonObject().put("latd", ((User) itemValue.value).login + "@" + str).put("operation", "pwchange"));
    }
}
