package org.gridgain.internal.rbac.users;

import java.util.Collection;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.Executor;
import java.util.function.Consumer;
import java.util.function.Function;
import org.gridgain.internal.rbac.authorization.Authorizer;
import org.gridgain.internal.rbac.password.PasswordEncoderRegistry;
import org.gridgain.internal.rbac.password.PasswordEncoding;
import org.gridgain.internal.rbac.privileges.Action;
import org.gridgain.internal.rbac.privileges.Privilege;
import org.gridgain.internal.rbac.privileges.Selector;
import org.gridgain.internal.rbac.users.exception.SystemUserModificationException;
import org.gridgain.internal.rbac.users.exception.UserAlreadyExistsException;
import org.gridgain.internal.rbac.users.exception.UserNotFoundException;
import org.gridgain.internal.rbac.users.exception.UserUpdateException;
import org.gridgain.internal.security.context.Authentication;

/* loaded from: input_file:org/gridgain/internal/rbac/users/UserManagementImpl.class */
public class UserManagementImpl implements UserManagement {
    private final UserStore userStore;
    private final Authorizer authorizer;
    private final PasswordEncoderRegistry passwordEncoderRegistry;

    public UserManagementImpl(Executor executor, UserStore userStore, Authorizer authorizer) {
        this.userStore = userStore;
        this.authorizer = authorizer;
        this.passwordEncoderRegistry = PasswordEncoderRegistry.createDefaultRegistry(executor);
    }

    @Override // org.gridgain.internal.rbac.users.UserManagement
    public CompletableFuture<Void> createAsync(User user) {
        return this.authorizer.authorizeThenCompose(Action.CREATE_USER, () -> {
            String username = user.username();
            checkSystemUserModification(username, "System user can not be created.");
            return encodePlainTextPasswordOfUser(user).thenCompose(user2 -> {
                return this.userStore.putIfNotExists(username, (String) user2);
            }).thenAccept((Consumer<? super U>) operationResult -> {
                switch (operationResult) {
                    case SUCCESS:
                        return;
                    case USER_EXISTS:
                        throw new UserAlreadyExistsException(username);
                    default:
                        throw new IllegalStateException("Unexpected operation result: " + operationResult);
                }
            });
        });
    }

    @Override // org.gridgain.internal.rbac.users.UserManagement
    public CompletableFuture<Void> dropByUsernameAsync(String str) {
        return this.authorizer.authorizeThenCompose(Action.DROP_USER, () -> {
            checkSystemUserModification(str, "System user can not be removed.");
            return this.userStore.removeIfExists(str).thenAccept(operationResult -> {
                switch (operationResult) {
                    case SUCCESS:
                        return;
                    case USER_NOT_FOUND:
                        throw new UserNotFoundException(str);
                    default:
                        throw new IllegalStateException("Unexpected operation result: " + operationResult);
                }
            });
        });
    }

    @Override // org.gridgain.internal.rbac.users.UserManagement
    public CompletableFuture<User> findByUsernameAsync(String str) {
        return this.authorizer.authorizeThenCompose(Privilege.builder().action(Action.READ_USER).selector(Selector.user(str)).build(), () -> {
            return this.userStore.get(str).thenApply(user -> {
                if (user == null) {
                    throw new UserNotFoundException(str);
                }
                return user;
            });
        });
    }

    @Override // org.gridgain.internal.rbac.users.UserManagement
    public CompletableFuture<Collection<User>> findAllAsync() {
        Authorizer authorizer = this.authorizer;
        Action action = Action.READ_USER;
        UserStore userStore = this.userStore;
        Objects.requireNonNull(userStore);
        return authorizer.authorizeThenCompose(action, userStore::getAll);
    }

    @Override // org.gridgain.internal.rbac.users.UserManagement
    public CompletableFuture<Void> updateAsync(String str, User user) {
        if (!str.equals(user.username())) {
            return CompletableFuture.failedFuture(new UserUpdateException("Changing username is not allowed"));
        }
        return this.authorizer.authorizeThenCompose(Privilege.builder().action(Action.EDIT_USER).selector(Selector.user(str)).build(), () -> {
            checkSystemUserModification(str, "System user can not be modified.");
            return encodePlainTextPasswordOfUser(user).thenCompose(user2 -> {
                return this.userStore.updateIfExists(str, modifyUserFunction(user2));
            }).thenAccept((Consumer<? super U>) operationResult -> {
                switch (operationResult) {
                    case SUCCESS:
                        return;
                    case USER_NOT_FOUND:
                        throw new UserNotFoundException(str);
                    default:
                        throw new IllegalStateException("Unexpected operation result: " + operationResult);
                }
            });
        });
    }

    private static void checkSystemUserModification(String str, String str2) {
        if (str.equalsIgnoreCase(Authentication.SYSTEM_USER)) {
            throw new SystemUserModificationException(str2);
        }
    }

    private static Function<User, User> modifyUserFunction(User user) {
        return user2 -> {
            return User.builderFrom(user2).username(user.username()).password(user.password()).passwordEncoding(user.passwordEncoding()).build();
        };
    }

    private CompletableFuture<User> encodePlainTextPasswordOfUser(User user) {
        if (user.passwordEncoding() != PasswordEncoding.PLAIN) {
            return CompletableFuture.completedFuture(user);
        }
        PasswordEncoding passwordEncoding = PasswordEncoding.getDefault();
        return this.passwordEncoderRegistry.passwordEncoder(passwordEncoding).encodeAsync(user.password()).thenApply(str -> {
            return User.builderFrom(user).passwordEncoding(passwordEncoding).password(str).build();
        });
    }
}
