package software.netcore.unimus.aaa.impl.component;

import lombok.NonNull;
import net.unimus.common.lang.Identity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import software.netcore.common.domain.error.data.ErrorMessage;
import software.netcore.common.domain.error.operation.OperationResult;
import software.netcore.unimus.aaa.impl.account.database.SystemAccountDatabaseService;
import software.netcore.unimus.aaa.spi.account.data.SystemAccount;
import software.netcore.unimus.common.domain.UnimusErrorType;

@Component
/* loaded from: input_file:WEB-INF/lib/unimus-application-aaa-impl-3.30.0-STAGE.jar:software/netcore/unimus/aaa/impl/component/PasswordMigrator.class */
public class PasswordMigrator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PasswordMigrator.class);
    private final PasswordEncoder argon2PasswordEncoder = new Argon2PasswordEncoder();
    private final PasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();

    @NonNull
    private final SystemAccountDatabaseService systemAccountDatabaseService;

    public OperationResult<Void> migrate(@NonNull SystemAccount systemAccount, @NonNull String str) {
        if (systemAccount == null) {
            throw new NullPointerException("account is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("password is marked non-null but is null");
        }
        log.debug("[migrate] account = '{}', password '{}' characters long", systemAccount, Integer.valueOf(str.length()));
        if (systemAccount.isPasswordMigrated()) {
            log.debug("Password already migrated");
            return OperationResult.ofSuccess();
        }
        log.trace("Detected account requiring password migration from bCrypt to argon2, '{}'", systemAccount);
        if (this.bCryptPasswordEncoder.matches(str, systemAccount.getPassword()) && str.length() == Integer.parseInt(systemAccount.getPasswordLength())) {
            return this.systemAccountDatabaseService.migratePassword(Identity.of(systemAccount.getId()), this.argon2PasswordEncoder.encode(str));
        }
        log.trace("Password or password length does not match with stored bCrypt hash. Authentication failed");
        return OperationResult.ofFailure(ErrorMessage.of(UnimusErrorType.ACCOUNT_PASSWORD_NOT_MATCH_STORED_HASH));
    }

    public PasswordMigrator(@NonNull SystemAccountDatabaseService systemAccountDatabaseService) {
        if (systemAccountDatabaseService == null) {
            throw new NullPointerException("systemAccountDatabaseService is marked non-null but is null");
        }
        this.systemAccountDatabaseService = systemAccountDatabaseService;
    }
}
