package blackboard.platform.security.authentication;

import blackboard.data.user.User;
import blackboard.persist.Id;
import blackboard.persist.PersistenceException;
import blackboard.persist.user.UserDbLoader;
import blackboard.platform.context.ContextManagerFactory;
import blackboard.platform.context.impl.ContextImpl;
import blackboard.platform.integration.IntegrationException;
import blackboard.platform.integration.PasswordChangeForcedException;
import blackboard.platform.integration.PasswordChangeRequiredException;
import blackboard.platform.integration.UserLmsIntegration;
import blackboard.platform.integration.launch.InternalLaunchHelper;
import blackboard.platform.integration.launch.LaunchHandler;
import blackboard.platform.integration.provider.AuthenticationProvider;
import blackboard.platform.integration.provider.NavigationProvider;
import blackboard.platform.integration.service.LmsProviderFactory;
import blackboard.platform.integration.service.UserIntegrationManagerExFactory;
import blackboard.platform.integration.service.UserIntegrationManagerFactory;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.security.authentication.servlet.LoginBrokerServletConstants;
import blackboard.platform.session.CookieUtil;
import blackboard.util.Base64Codec;
import blackboard.util.CsvExporter;
import blackboard.util.StringUtil;
import blackboard.util.UrlUtil;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/security/authentication/IntegrationAuthenticationModule.class */
public class IntegrationAuthenticationModule extends BaseAuthenticationModule {
    protected static final String AUTH_TYPE = "integration";
    private static final String PASSWORD_AUTHENTICATION = "pass_auth";
    private static final String STATE_PARM = "integration-state";
    private static final String URL_PARAM = "url";

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public String doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbAuthenticationFailedException, BbCredentialsNotFoundException {
        String authenticate = authenticate(httpServletRequest, getDoAuthenticateParams(httpServletRequest), "ISO-8859-1");
        if (authenticate == null) {
            authenticate = authenticate(httpServletRequest, getSecondaryDoAuthenticateParams(httpServletRequest), CsvExporter.UTF16LE);
            if (authenticate == null) {
                throw new InvalidCredentialsException(getBundle().getString("auth.impl.invalid.credentials"));
            }
        }
        return authenticate;
    }

    private String authenticate(HttpServletRequest httpServletRequest, Map<String, String> map, String str) throws BbAuthenticationFailedException, InvalidCredentialsException, BbCredentialsNotFoundException {
        if (map == null) {
            throw new BbCredentialsNotFoundException();
        }
        try {
            String str2 = map.get("user_id");
            String str3 = map.get(LoginBrokerServletConstants.ENCODED_PASSWORD_PARAM);
            User loadByUserName = UserDbLoader.Default.getInstance().loadByUserName(str2);
            if (null == loadByUserName) {
                throw new InvalidCredentialsException(getBundle().getString("auth.impl.general.error"));
            }
            Id usersHighestPriorityLmsIntegrationId = UserIntegrationManagerExFactory.getInstance().getUsersHighestPriorityLmsIntegrationId(loadByUserName.getId());
            try {
                if (LmsProviderFactory.getAuthenticationProvider(usersHighestPriorityLmsIntegrationId).login(loadByUserName.getId(), decodeBase64(str3, str))) {
                    return str2;
                }
                return null;
            } catch (PasswordChangeRequiredException e) {
                boolean z = false;
                if (e instanceof PasswordChangeForcedException) {
                    z = true;
                }
                try {
                    addChangePasswordAttributes(httpServletRequest, usersHighestPriorityLmsIntegrationId, loadByUserName, z);
                } catch (Exception e2) {
                    this._logger.logError("Error in addChangePasswordAttributes: ", e2);
                }
                throw new BbAuthenticationFailedException(e.getMessage(), null);
            }
        } catch (PersistenceException e3) {
            this._logger.logDebug("Error processing authentication request: ", e3);
            throw new BbAuthenticationFailedException(getBundle().getString("auth.impl.general.error"), e3);
        }
    }

    private void addChangePasswordAttributes(HttpServletRequest httpServletRequest, Id id, User user, boolean z) throws Exception {
        httpServletRequest.setAttribute(STATE_PARM, PASSWORD_AUTHENTICATION);
        AuthenticationProvider authenticationProvider = LmsProviderFactory.getAuthenticationProvider(id);
        NavigationProvider navigationProvider = LmsProviderFactory.getNavigationProvider(id);
        Id id2 = user.getId();
        ((ContextImpl) ContextManagerFactory.getInstance().getContext()).setUser(user);
        String calculateFullUrl = UrlUtil.calculateFullUrl(httpServletRequest.getServerName(), UrlUtil.isLoginSSL(), "webapps/login?action=logout");
        UserLmsIntegration userLmsIntegrationByUserId = UserIntegrationManagerFactory.getInstance().getUserLmsIntegrationByUserId(id, id2);
        if (null == userLmsIntegrationByUserId) {
            throw new IntegrationException("Could not find user");
        }
        httpServletRequest.setAttribute("url", InternalLaunchHelper.getInstance().getUrl(LaunchHandler.Type.Url, id, z ? navigationProvider.getUserForcedChangePassword(userLmsIntegrationByUserId, calculateFullUrl) : navigationProvider.getUserChangeExpiredPassword(userLmsIntegrationByUserId, calculateFullUrl)));
        authenticationProvider.flushCachedCredentials(id2);
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public void requestAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException {
        if (!StringUtil.isEqual((String) httpServletRequest.getAttribute(STATE_PARM), PASSWORD_AUTHENTICATION)) {
            super.requestAuthenticate(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            associateUserWithSession(httpServletRequest, httpServletResponse);
            httpServletResponse.sendRedirect((String) httpServletRequest.getAttribute("url"));
        } catch (Exception e) {
            LogServiceFactory.getInstance().logDebug("Unexpected error", e);
        }
    }

    private void associateUserWithSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, BbCredentialsNotFoundException {
        Map<String, String> doAuthenticateParams = getDoAuthenticateParams(httpServletRequest);
        if (doAuthenticateParams == null) {
            throw new BbCredentialsNotFoundException();
        }
        establishSession(httpServletRequest, httpServletResponse, doAuthenticateParams.get("user_id"));
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Id userId = ContextManagerFactory.getInstance().getContext().getUserId();
        try {
            List<Id> allIntegrationIdsByUserId = UserIntegrationManagerExFactory.getInstance().getAllIntegrationIdsByUserId(userId, true);
            if (null == allIntegrationIdsByUserId) {
                return;
            }
            Iterator<Id> it = allIntegrationIdsByUserId.iterator();
            while (it.hasNext()) {
                logoutFromIntegration(httpServletResponse, userId, it.next());
            }
            Iterator<Id> it2 = allIntegrationIdsByUserId.iterator();
            while (it2.hasNext()) {
                clearIntegrationCache(httpServletRequest, httpServletResponse, it2.next());
            }
            CookieUtil.removeCookie(httpServletRequest, httpServletResponse, "active_integration");
        } catch (Exception e) {
            this._logger.logDebug("Error processing authentication request: ", e);
        }
    }

    private void clearIntegrationCache(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Id id) {
        CookieUtil.removeCookie(httpServletRequest, httpServletResponse, id.getExternalString());
    }

    private void logoutFromIntegration(HttpServletResponse httpServletResponse, Id id, Id id2) {
        AuthenticationProvider authenticationProvider = LmsProviderFactory.getAuthenticationProvider(id2);
        Set<Cookie> cookies = authenticationProvider.getCookies(id, "");
        if (null != cookies) {
            for (Cookie cookie : cookies) {
                Cookie cookie2 = new Cookie(cookie.getName(), "");
                cookie2.setDomain(cookie.getDomain());
                cookie2.setComment(cookie.getComment());
                cookie2.setPath(cookie.getPath());
                cookie2.setSecure(cookie.getSecure());
                cookie2.setVersion(cookie.getVersion());
                cookie2.setMaxAge(0);
                httpServletResponse.addCookie(cookie2);
            }
        }
        authenticationProvider.logout(id);
    }

    @Override // blackboard.platform.security.authentication.BaseAuthenticationModule, blackboard.platform.security.authentication.HttpAuthModule
    public String getAuthType() {
        return "integration";
    }

    private String decodeBase64(String str, String str2) {
        String str3;
        try {
            str3 = Base64Codec.decode(str, str2);
        } catch (Exception e) {
            str3 = "";
        }
        return str3;
    }
}
