package com.alfaariss.oa.authentication.password;

import com.alfaariss.oa.DetailedUserException;
import com.alfaariss.oa.OAException;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.UserException;
import com.alfaariss.oa.api.attribute.ISessionAttributes;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.idmapper.IIDMapper;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.crypto.CryptoException;
import com.alfaariss.oa.engine.core.crypto.CryptoManager;
import com.alfaariss.oa.engine.core.user.factory.IUserFactory;
import com.alfaariss.oa.sso.authentication.service.IServiceAuthenticationMethod;
import com.alfaariss.oa.sso.authentication.web.IWebAuthenticationMethod;
import com.alfaariss.oa.util.logging.UserEventLogItem;
import java.io.IOException;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.List;
import java.util.Vector;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/authentication/password/PasswordAuthenticationMethod.class */
public class PasswordAuthenticationMethod implements IWebAuthenticationMethod, IServiceAuthenticationMethod {
    protected IPasswordHandler _oPasswordHandler;
    protected IIDMapper _idMapper;
    private static final String AUTHORITY_NAME = "PasswordAuthenticationMethod_";
    private static final String HASCAPTCHA = "hasCaptcha";
    private static final String CAPTCHA = "captcha";
    private static final String PASSWORD = "password";
    private static final String CAPTCHA_HASH = "captcha_hash";
    private static final String DEFAULT_JSP_PASSWORD = "/ui/sso/authn/password/password.jsp";
    private String _sTemplate;
    private String _sMethodID;
    private String _sFriendlyName;
    private int _iAllowedTries;
    private IConfigurationManager _configurationManager;
    private IUserFactory _oUserFactory;
    private Engine _oEngine;
    private boolean _bCaptchaEnabled;
    private CryptoManager _CryptoManager;
    private final Log _logger = LogFactory.getLog(PasswordAuthenticationMethod.class);
    private final Log _eventLogger = LogFactory.getLog("com.alfaariss.oa.EventLogger");
    private boolean _bEnabled = false;

    public void start(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        try {
            if (element == null || iConfigurationManager == null) {
                this._logger.error("No configuration supplied");
                throw new OAException(17);
            }
            this._configurationManager = iConfigurationManager;
            this._oEngine = Engine.getInstance();
            this._CryptoManager = this._oEngine.getCryptoManager();
            if (this._CryptoManager == null) {
                this._logger.error("No crypto manager available");
                throw new OAException(2);
            }
            this._oUserFactory = this._oEngine.getUserFactory();
            if (this._oUserFactory == null || !this._oUserFactory.isEnabled()) {
                this._logger.error("User Factory is disabled");
                throw new OAException(2);
            }
            this._sMethodID = this._configurationManager.getParam(element, "id");
            if (this._sMethodID == null || this._sMethodID.equals("")) {
                this._logger.error("No 'id' found in 'method' section in configuration");
                throw new OAException(17);
            }
            this._sFriendlyName = this._configurationManager.getParam(element, "friendlyname");
            if (this._sFriendlyName == null || this._sFriendlyName.equals("")) {
                this._logger.error("No 'friendlyname' parameter found in configuration");
                throw new OAException(17);
            }
            String param = this._configurationManager.getParam(element, "enabled");
            if (param == null) {
                this._bEnabled = true;
            } else if (param.equalsIgnoreCase("TRUE")) {
                this._bEnabled = true;
            } else if (!param.equalsIgnoreCase("FALSE")) {
                this._logger.error("Unknown value in 'enabled' configuration item: " + param);
                throw new OAException(17);
            }
            if (this._bEnabled) {
                this._bCaptchaEnabled = false;
                String param2 = this._configurationManager.getParam(element, CAPTCHA);
                if (param2 != null) {
                    if (param2.equalsIgnoreCase("TRUE")) {
                        this._bCaptchaEnabled = true;
                    } else if (!param2.equalsIgnoreCase("FALSE")) {
                        this._logger.error("Unknown value in 'captcha' configuration item: " + param2);
                        throw new OAException(17);
                    }
                }
                this._logger.info(this._bCaptchaEnabled ? "Captcha is enabled" : "Captcha is not enabled");
                this._sTemplate = DEFAULT_JSP_PASSWORD;
                Element section = this._configurationManager.getSection(element, "template");
                if (section == null) {
                    this._logger.warn("No optional 'template' section found in 'method' section with id: " + this._sMethodID + ", using default");
                } else {
                    this._sTemplate = this._configurationManager.getParam(section, "path");
                    if (this._sTemplate == null || this._sTemplate.equals("")) {
                        this._logger.error("No 'path' attribute found in 'template' section within 'method' with id: " + this._sMethodID);
                        throw new OAException(17);
                    }
                }
                this._logger.info("Using JSP: " + this._sTemplate);
                String param3 = this._configurationManager.getParam(element, "retries");
                if (param3 == null || param3.equals("")) {
                    this._logger.error("No 'retries' found in 'method' section with id: " + this._sMethodID);
                    throw new OAException(17);
                }
                try {
                    this._iAllowedTries = Integer.parseInt(param3);
                    if (this._iAllowedTries < 0) {
                        this._logger.error("Invalid 'retries' item found in 'method' section with id: " + this._sMethodID);
                        throw new OAException(17);
                    }
                    if (this._iAllowedTries >= 0) {
                        this._iAllowedTries++;
                    }
                    Element section2 = this._configurationManager.getSection(element, "password_handler");
                    if (section2 == null) {
                        this._logger.error("No 'password_handler' section found in 'method' section with id: " + this._sMethodID);
                        throw new OAException(17);
                    }
                    String param4 = this._configurationManager.getParam(section2, "class");
                    if (param4 == null || param4.equals("")) {
                        this._logger.error("No class found for password_handler");
                        throw new OAException(17);
                    }
                    try {
                        try {
                            this._oPasswordHandler = (IPasswordHandler) Class.forName(param4).newInstance();
                            this._oPasswordHandler.start(this._configurationManager, section2);
                            if (this._logger.isDebugEnabled()) {
                                StringBuffer stringBuffer = new StringBuffer(this._sMethodID);
                                stringBuffer.append(" handler '");
                                stringBuffer.append(param4).append("' started");
                                this._logger.debug(stringBuffer.toString());
                            }
                            Element section3 = this._configurationManager.getSection(element, "idmapper");
                            if (section3 != null) {
                                this._idMapper = createMapper(section3);
                            }
                        } catch (Exception e) {
                            this._logger.error("Could not instantiate password handler: " + param4, e);
                            throw new OAException(17);
                        }
                    } catch (Exception e2) {
                        this._logger.error("Could not find password handler class: " + param4, e2);
                        throw new OAException(17);
                    }
                } catch (NumberFormatException e3) {
                    this._logger.error("Invalid 'retries' item found in 'method' section with id: " + this._sMethodID, e3);
                    throw new OAException(17);
                }
            }
        } catch (OAException e4) {
            this._logger.error("Error during start of Password authentication method");
            throw e4;
        } catch (Exception e5) {
            this._logger.fatal("Internal error during start of Password authentication method", e5);
            throw new OAException(1);
        }
    }

    public void restart(Element element) throws OAException {
        synchronized (this) {
            stop();
            start(this._configurationManager, element);
        }
    }

    public String getID() {
        return this._sMethodID;
    }

    public boolean isEnabled() {
        return this._bEnabled;
    }

    public String getFriendlyName() {
        return this._sFriendlyName;
    }

    public String getAuthority() {
        return AUTHORITY_NAME + this._sMethodID;
    }

    public UserEvent authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession) throws OAException {
        UserEvent event;
        String id;
        int i = this._iAllowedTries;
        String str = null;
        try {
            ISessionAttributes attributes = iSession.getAttributes();
            Integer num = (Integer) attributes.get(PasswordAuthenticationMethod.class, this._sMethodID + "retries");
            if (num == null) {
                IUser user = iSession.getUser();
                if (user == null) {
                    String forcedUserID = iSession.getForcedUserID();
                    if (forcedUserID != null) {
                        IUser user2 = this._oUserFactory.getUser(forcedUserID);
                        if (user2 == null) {
                            throw new UserException(UserEvent.AUTHN_METHOD_NOT_SUPPORTED);
                        }
                        if (!user2.isEnabled()) {
                            throw new UserException(UserEvent.USER_DISABLED);
                        }
                        if (!user2.isAuthenticationRegistered(this._sMethodID)) {
                            throw new UserException(UserEvent.AUTHN_METHOD_NOT_REGISTERED);
                        }
                        iSession.setUser(user2);
                    }
                } else if (!user.isAuthenticationRegistered(this._sMethodID)) {
                    throw new UserException(UserEvent.AUTHN_METHOD_NOT_REGISTERED);
                }
                forwardUser(httpServletRequest, httpServletResponse, iSession, i, true, new Vector());
                event = UserEvent.AUTHN_METHOD_IN_PROGRESS;
            } else {
                num.intValue();
                Vector vector = new Vector();
                String str2 = null;
                if (this._bCaptchaEnabled) {
                    str2 = httpServletRequest.getParameter(CAPTCHA);
                    if (str2 == null || str2.trim().length() <= 0) {
                        vector.add(Warnings.NO_CAPTCHA_SUPPLIED);
                    }
                }
                IUser user3 = iSession.getUser();
                if (user3 == null) {
                    str = httpServletRequest.getParameter("user_id");
                    if (str == null || str.equals("")) {
                        vector.add(Warnings.NO_USERNAME_SUPPLIED);
                    } else {
                        user3 = this._oUserFactory.getUser(str);
                    }
                }
                String parameter = httpServletRequest.getParameter(PASSWORD);
                if (parameter == null || parameter.trim().equalsIgnoreCase("")) {
                    vector.add(Warnings.NO_PASSWORD_SUPPLIED);
                }
                if (!vector.isEmpty()) {
                    throw new DetailedUserException(UserEvent.AUTHN_METHOD_IN_PROGRESS, vector);
                }
                if (this._bCaptchaEnabled) {
                    try {
                        Class<?> cls = Class.forName("com.alfaariss.oa.helper.captcha.engine.CaptchaEngine");
                        if (!verifyCaptcha(str2, (byte[]) attributes.get(cls, CAPTCHA_HASH))) {
                            throw new DetailedUserException(UserEvent.AUTHN_METHOD_IN_PROGRESS, Warnings.INVALID_CAPTCHA_SUPPLIED);
                        }
                        attributes.remove(cls, CAPTCHA_HASH);
                    } catch (ClassNotFoundException e) {
                        this._logger.error("Captcha enabled, but 'com.alfaariss.oa.helper.captcha.engine.CaptchaEngine' is not available", e);
                        throw new OAException(1);
                    }
                }
                if (str != null && user3 == null) {
                    throw new DetailedUserException(UserEvent.AUTHN_METHOD_IN_PROGRESS, Warnings.NO_SUCH_USER_FOUND);
                }
                if (this._idMapper != null) {
                    id = this._idMapper.map(user3.getID());
                    if (id == null) {
                        throw new UserException(UserEvent.AUTHN_METHOD_FAILED);
                    }
                } else {
                    id = user3.getID();
                }
                if (!this._oPasswordHandler.authenticate(id, parameter)) {
                    throw new DetailedUserException(UserEvent.AUTHN_METHOD_IN_PROGRESS, Warnings.INVALID_CREDENTIALS_SUPPLIED);
                }
                if (str != null) {
                    if (!user3.isEnabled()) {
                        throw new UserException(UserEvent.USER_DISABLED);
                    }
                    if (!user3.isAuthenticationRegistered(this._sMethodID)) {
                        throw new UserException(UserEvent.AUTHN_METHOD_NOT_REGISTERED);
                    }
                }
                iSession.setUser(user3);
                this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.AUTHN_METHOD_SUCCESSFUL, this, (String) null));
                event = UserEvent.AUTHN_METHOD_SUCCESSFUL;
            }
        } catch (Exception e2) {
            if (iSession != null) {
                this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.INTERNAL_ERROR, this, e2.getMessage()));
            } else {
                this._eventLogger.info(new UserEventLogItem((String) null, (String) null, (SessionState) null, UserEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, e2.getMessage()));
            }
            this._logger.fatal("Unexpected runtime error occured: ", e2);
            throw new OAException(1);
        } catch (DetailedUserException e3) {
            if (i <= 0) {
                this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.AUTHN_METHOD_FAILED, this, e3.getDetails().toString()));
                event = UserEvent.AUTHN_METHOD_FAILED;
            } else {
                forwardUser(httpServletRequest, httpServletResponse, iSession, i, true, e3.getDetails());
                event = e3.getEvent();
            }
        } catch (UserException e4) {
            event = e4.getEvent();
            this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), e4.getEvent(), this, (String) null));
        } catch (OAException e5) {
            this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.INTERNAL_ERROR, this, (String) null));
            throw e5;
        }
        return event;
    }

    public UserEvent authenticate(String str, byte[] bArr) throws OAException {
        try {
            IUser user = this._oUserFactory.getUser(str);
            if (user == null) {
                throw new UserException(UserEvent.USER_UNKNOWN);
            }
            if (!user.isEnabled()) {
                throw new UserException(UserEvent.USER_DISABLED);
            }
            if (!user.isAuthenticationRegistered(this._sMethodID)) {
                throw new UserException(UserEvent.AUTHN_METHOD_NOT_REGISTERED);
            }
            if (!this._oPasswordHandler.authenticate(user.getID(), new String(bArr, IPasswordHandler.CHARSET))) {
                throw new UserException(UserEvent.AUTHN_METHOD_FAILED);
            }
            this._eventLogger.info(new UserEventLogItem((String) null, (String) null, (SessionState) null, UserEvent.AUTHN_METHOD_SUCCESSFUL, str, (String) null, (String) null, this, (String) null));
            return UserEvent.AUTHN_METHOD_SUCCESSFUL;
        } catch (UserException e) {
            UserEvent event = e.getEvent();
            this._eventLogger.info(new UserEventLogItem((String) null, (String) null, (SessionState) null, event, str, (String) null, (String) null, this, (String) null));
            return event;
        } catch (Exception e2) {
            this._logger.fatal("Unexpected internal error occured", e2);
            this._eventLogger.info(new UserEventLogItem((String) null, (String) null, (SessionState) null, UserEvent.INTERNAL_ERROR, str, (String) null, (String) null, this, (String) null));
            throw new OAException(1);
        } catch (OAException e3) {
            this._logger.warn("Unexpected error occured", e3);
            this._eventLogger.info(new UserEventLogItem((String) null, (String) null, (SessionState) null, UserEvent.INTERNAL_ERROR, str, (String) null, (String) null, this, (String) null));
            throw e3;
        }
    }

    public void stop() {
        this._bEnabled = false;
        if (this._oPasswordHandler != null) {
            this._oPasswordHandler.stop();
            this._oPasswordHandler = null;
        }
        this._sTemplate = null;
        this._sMethodID = null;
        this._sFriendlyName = null;
        this._oUserFactory = null;
        this._bCaptchaEnabled = false;
        this._CryptoManager = null;
        this._oEngine = null;
        this._iAllowedTries = 0;
    }

    private void forwardUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ISession iSession, int i, boolean z, List<Enum> list) throws OAException {
        if (i == 1) {
            try {
                if (this._iAllowedTries != 1) {
                    list.add(Warnings.ONE_RETRY_LEFT);
                }
            } catch (ServletException e) {
                this._logger.warn("Servlet exception occured while forwarding", e);
                throw new OAException(1);
            } catch (IOException e2) {
                this._logger.warn("IO exception occured while forwarding", e2);
                throw new OAException(1);
            }
        }
        httpServletRequest.setAttribute("asid", iSession);
        httpServletRequest.setAttribute("sessionLocale", iSession.getLocale());
        httpServletRequest.setAttribute(HASCAPTCHA, Boolean.valueOf(this._bCaptchaEnabled));
        if (z) {
            i--;
        }
        iSession.getAttributes().put(PasswordAuthenticationMethod.class, this._sMethodID + "retries", Integer.valueOf(i));
        iSession.persist();
        this._eventLogger.info(new UserEventLogItem(iSession, httpServletRequest.getRemoteAddr(), UserEvent.AUTHN_METHOD_IN_PROGRESS, this, list.toString()));
        httpServletRequest.setAttribute("details", list);
        httpServletRequest.setAttribute("methodFriendlyName", this._sFriendlyName);
        httpServletRequest.setAttribute("serverInfo", this._oEngine.getServer());
        IUser user = iSession.getUser();
        if (user != null) {
            httpServletRequest.setAttribute("user_id", user.getID());
        }
        RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(this._sTemplate);
        if (requestDispatcher != null) {
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        }
    }

    private boolean verifyCaptcha(String str, byte[] bArr) throws OAException {
        try {
            MessageDigest messageDigest = this._CryptoManager.getMessageDigest();
            messageDigest.update(str.getBytes(IPasswordHandler.CHARSET));
            return Arrays.equals(bArr, messageDigest.digest());
        } catch (CryptoException e) {
            this._logger.warn("Unable to generate digest from captcha text", e);
            throw new OAException(1);
        } catch (Exception e2) {
            this._logger.warn("Unexpected error occured while generating digest", e2);
            throw new OAException(1);
        }
    }

    private IIDMapper createMapper(Element element) throws OAException {
        try {
            String param = this._configurationManager.getParam(element, "class");
            if (param == null) {
                this._logger.error("No 'class' parameter found in 'idmapper' section in configuration");
                throw new OAException(17);
            }
            try {
                try {
                    IIDMapper iIDMapper = (IIDMapper) Class.forName(param).newInstance();
                    iIDMapper.start(this._configurationManager, element);
                    return iIDMapper;
                } catch (Exception e) {
                    this._logger.error("Could not create an 'IIDMapper' instance of the configured 'class': " + param, e);
                    throw new OAException(17);
                }
            } catch (Exception e2) {
                this._logger.error("No 'class' found with name: " + param, e2);
                throw new OAException(17);
            }
        } catch (OAException e3) {
            throw e3;
        } catch (Exception e4) {
            this._logger.fatal("Internal error during creation of id mapper", e4);
            throw new OAException(1);
        }
    }
}
