package blackboard.platform.security.authentication;

import blackboard.data.user.User;
import blackboard.persist.KeyNotFoundException;
import blackboard.persist.PersistenceException;
import blackboard.persist.user.UserDbLoader;
import blackboard.persist.user.UserDbLoaderEx;
import blackboard.platform.api.PublicAPI;
import blackboard.platform.config.ConfigurationService;
import blackboard.platform.context.ContextManagerFactory;
import blackboard.platform.customlogin.CustomLoginPageManager;
import blackboard.platform.intl.BbResourceBundle;
import blackboard.platform.log.LogService;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.security.SecurityDbUtil;
import blackboard.platform.security.SecurityUtil;
import blackboard.platform.security.algorithm.CryptoAlgorithmManager;
import blackboard.platform.security.authentication.servlet.LoginBrokerServletConstants;
import blackboard.platform.security.authentication.validators.PasswordValidator;
import blackboard.platform.security.authentication.validators.PasswordValidatorFactory;
import blackboard.platform.session.BbSessionManagerServiceFactory;
import blackboard.util.CsvExporter;
import blackboard.util.PlatformUtil;
import blackboard.util.StringUtil;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@PublicAPI
/* loaded from: input_file:blackboard/platform/security/authentication/BaseAuthenticationModule.class */
public class BaseAuthenticationModule implements HttpAuthModule {
    public static final String IMPL_CLASS_KEY = "impl";
    private static final String LDAP_AUTH_TYPE = "ldap";
    private static final String RDBMS_AUTH_TYPE = "rdbms";
    private static String AUTH_TYPE_DISPLAY_STR = null;
    public static final String USE_CHALLENGE_KEY = "use_challenge";
    private static final String[] RDBMS_PROP_KEYS = {"impl", USE_CHALLENGE_KEY};
    protected HttpAuthConfig _config = null;
    protected LogService _logger = LogServiceFactory.getInstance();

    /* loaded from: input_file:blackboard/platform/security/authentication/BaseAuthenticationModule$ValidationSucceeded.class */
    public static class ValidationSucceeded {
        boolean convertPassword;
        String decodedPassword;

        public ValidationSucceeded(boolean z, String str) {
            this.convertPassword = z;
            this.decodedPassword = str;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("convertPassword=").append(this.convertPassword);
            sb.append("; decodedPassword=").append(this.decodedPassword);
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BbResourceBundle getBundle() {
        return SecurityUtil.getBundle();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setAuthTypeDisplayStr(String str) {
        AUTH_TYPE_DISPLAY_STR = str;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public void init(ConfigurationService configurationService) {
        try {
            RDBMSAuthUtil.init(configurationService);
            setAuthTypeDisplayStr(HttpAuthConfig.getDisplayAuthType(getAuthType()));
            validateConfig();
        } catch (Exception e) {
            this._logger.logError("Error in initializing authentication module for auth. type=" + AUTH_TYPE_DISPLAY_STR, e);
        }
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public void setConfig(HttpAuthConfig httpAuthConfig) {
        this._config = httpAuthConfig;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateConfig() throws BbInsufficientArgs {
        if (this._config == null) {
            throw new BbInsufficientArgs(getBundle().getString("auth.impl.no.config"));
        }
        String configErrs = getConfigErrs();
        if (StringUtil.notEmpty(configErrs)) {
            String authType = getAuthType();
            String installedAuthType = HttpAuthConfig.getInstalledAuthType();
            if (StringUtil.notEmpty(authType) && authType.equals(installedAuthType)) {
                throw new BbInsufficientArgs(configErrs);
            }
            this._logger.logDebug("Error loading authentication properties: " + configErrs);
        }
    }

    protected String getConfigErrs() {
        StringBuilder sb = new StringBuilder("Errors loading auth. configuration properties: ");
        Map<String, String> propObjLoadErrs = this._config.getPropObjLoadErrs();
        Set<String> keySet = propObjLoadErrs.keySet();
        int i = 0;
        if (propObjLoadErrs.size() > 0) {
            for (String str : keySet) {
                i++;
                sb.append("Error loading ");
                sb.append(str).append(" : ");
                sb.append(propObjLoadErrs.get(str));
                sb.append(PlatformUtil.EOL());
            }
        }
        String subConfigErrs = getSubConfigErrs();
        if (subConfigErrs != null) {
            sb.append(subConfigErrs);
        }
        if (i > 0 || subConfigErrs != null) {
            return sb.toString();
        }
        return null;
    }

    protected String getSubConfigErrs() {
        ArrayList<HttpAuthConfig> subConfigs;
        if (null == this._config || null == (subConfigs = this._config.getSubConfigs()) || subConfigs.size() == 0) {
            return null;
        }
        int i = 0;
        StringBuilder sb = new StringBuilder();
        Iterator<HttpAuthConfig> it = subConfigs.iterator();
        while (it.hasNext()) {
            i++;
            StringBuilder sb2 = null;
            Map<String, String> propObjLoadErrs = it.next().getPropObjLoadErrs();
            if (propObjLoadErrs.size() > 0) {
                sb.append(PlatformUtil.EOL());
                sb2 = new StringBuilder("SERVER #");
                sb2.append(i);
                sb2.append(" : Errors loading auth. configuration properties: ");
                for (Map.Entry<String, String> entry : propObjLoadErrs.entrySet()) {
                    sb2.append("Error loading ");
                    sb2.append(entry.getKey()).append(" : ");
                    sb2.append(entry.getValue());
                    sb2.append(PlatformUtil.EOL());
                }
            }
            if (sb2 != null) {
                sb.append((CharSequence) sb2);
                sb.append(PlatformUtil.EOL());
            }
        }
        if (sb.length() > 0) {
            return sb.toString();
        }
        return null;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public String[] getPropKeys() {
        return RDBMS_PROP_KEYS;
    }

    public boolean isExternalAuth() {
        return false;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public String doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        String doSecondaryAuthenticate;
        Map<String, String> doAuthenticateParams = getDoAuthenticateParams(httpServletRequest);
        if (doAuthenticateParams == null) {
            throw new BbCredentialsNotFoundException();
        }
        try {
            doSecondaryAuthenticate = doAuthenticate(doAuthenticateParams, new SessionStub(httpServletRequest), getUseChallenge(), false);
        } catch (BbAuthenticationFailedException e) {
            if (e.getCause() instanceof KeyNotFoundException) {
                throw e;
            }
            doSecondaryAuthenticate = doSecondaryAuthenticate(httpServletRequest);
            if (null == doSecondaryAuthenticate) {
                throw e;
            }
        } catch (BbSecurityException e2) {
            doSecondaryAuthenticate = doSecondaryAuthenticate(httpServletRequest);
            if (null == doSecondaryAuthenticate) {
                throw e2;
            }
        } catch (InvalidAccountStateException e3) {
            throw e3;
        }
        return doSecondaryAuthenticate;
    }

    private String doSecondaryAuthenticate(HttpServletRequest httpServletRequest) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        String authType = getAuthType();
        if (!RDBMS_AUTH_TYPE.equals(authType) && !LDAP_AUTH_TYPE.equals(authType)) {
            return null;
        }
        return doAuthenticate(getSecondaryDoAuthenticateParams(httpServletRequest), new SessionStub(httpServletRequest), getUseChallenge(), true);
    }

    protected String doAuthenticate(Map<String, String> map, SessionStub sessionStub, boolean z) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        return doAuthenticate(map, sessionStub, z, false);
    }

    protected String doAuthenticate(Map<String, String> map, SessionStub sessionStub, boolean z, boolean z2) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        if (null == map) {
            throw new BbCredentialsNotFoundException();
        }
        String str = map.get("user_id");
        String str2 = map.get(LoginBrokerServletConstants.ENCODED_PASSWORD_PARAM);
        if (StringUtil.isEmpty(str) || StringUtil.isEmpty(str2)) {
            throw new BbCredentialsNotFoundException();
        }
        return authenticate(str, str2, sessionStub, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getDoAuthenticateParams(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("user_id");
        if (parameter == null || parameter.length() == 0) {
            return null;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("user_id", parameter);
        String parameter2 = httpServletRequest.getParameter(LoginBrokerServletConstants.ENCODED_PASSWORD_PARAM);
        if (parameter2 == null || parameter2.length() == 0) {
            return null;
        }
        hashtable.put(LoginBrokerServletConstants.ENCODED_PASSWORD_PARAM, parameter2);
        return hashtable;
    }

    protected Map<String, String> getSecondaryDoAuthenticateParams(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("user_id");
        if (parameter == null || parameter.length() == 0) {
            return null;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("user_id", parameter);
        String parameter2 = httpServletRequest.getParameter(LoginBrokerServletConstants.ENCODED_PASSWORD_UNICODE_PARAM);
        if (parameter2 == null || parameter2.length() == 0) {
            return null;
        }
        hashtable.put(LoginBrokerServletConstants.ENCODED_PASSWORD_PARAM, parameter2);
        return hashtable;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public void requestAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException {
        assertRequestAuthenticate();
        try {
            httpServletRequest.getRequestDispatcher(getRequestAuthenticateUri(httpServletRequest, httpServletResponse)).forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            this._logger.logDebug(getBundle().getString("auth.impl.forwarding.failure"), e);
            throw new BbSecurityException(getBundle().getString("auth.impl.forwarding.failure"), httpServletRequest);
        }
    }

    protected void assertRequestAuthenticate() throws BbSecurityException {
        if (this._config == null) {
            throw new BbSecurityException(getBundle().getString("auth.impl.no.config"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRequestAuthenticateUri(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SecurityException, FileNotFoundException, PersistenceException {
        return CustomLoginPageManager.Factory.getInstance().getLoginPageUrl(httpServletRequest.getServerName(), ContextManagerFactory.getInstance().getContext().getUserId());
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException {
        new SessionStub(httpServletRequest).disassociateCurrentSessionAndUser();
    }

    protected String authenticate(String str, String str2, SessionStub sessionStub, boolean z) throws BbAuthenticationFailedException, BbSecurityException {
        return authenticate(str, str2, sessionStub, z, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String authenticate(String str, String str2, SessionStub sessionStub, boolean z, boolean z2) throws BbAuthenticationFailedException, BbSecurityException {
        ValidationSucceeded validatePassword;
        if (str.equalsIgnoreCase("guest")) {
            return str;
        }
        User userByName = getUserByName(str);
        if (null == userByName) {
            throw new InvalidCredentialsException(getBundle().getString("auth.impl.invalid.credentials"));
        }
        try {
            validatePassword = validatePassword(str2, userByName.getPassword(), z, sessionStub);
        } catch (Exception e) {
            try {
                userByName = UserDbLoaderEx.Default.getInstance().loadByUserNameFromDB(str);
                if (null == userByName) {
                    throw new InvalidCredentialsException(getBundle().getString("auth.impl.invalid.credentials"));
                }
                try {
                    validatePassword = validatePassword(str2, userByName.getPassword(), z, sessionStub);
                } catch (Exception e2) {
                    this._logger.logError("Error in authenticate1: ", e);
                    this._logger.logError("Error in authenticate2: ", e2);
                    throw e2;
                }
            } catch (PersistenceException e3) {
                this._logger.logDebug("Error processing authentication request: ", e3);
                throw new BbAuthenticationFailedException(getBundle().getString("auth.impl.general.error"), e3);
            }
        }
        if (validatePassword.convertPassword && StringUtil.notEmpty(validatePassword.decodedPassword)) {
            try {
                CryptoAlgorithmManager.resaveCredentialsIfNecessary(userByName, new String(validatePassword.decodedPassword.getBytes(CsvExporter.UTF16LE)));
            } catch (UnsupportedEncodingException e4) {
                throw new InvalidCredentialsException(e4);
            }
        }
        return str;
    }

    protected ValidationSucceeded validatePassword(String str, String str2, boolean z, SessionStub sessionStub) throws BbAuthenticationFailedException {
        PasswordValidator validator = PasswordValidatorFactory.getValidator(str, str2, z, sessionStub);
        if (null == validator) {
            throw new InvalidCredentialsException(getBundle().getString("auth.impl.general.error"));
        }
        if (validator.validate()) {
            return new ValidationSucceeded(validator.shouldPasswordBeResaved(), validator.getDecodedPassword());
        }
        throw new InvalidCredentialsException(getBundle().getString("auth.impl.invalid.credentials"));
    }

    private User getUserByName(String str) throws BbAuthenticationFailedException {
        try {
            return UserDbLoader.Default.getInstance().loadByUserName(str);
        } catch (PersistenceException e) {
            this._logger.logDebug("Error processing authentication request: ", e);
            throw new BbAuthenticationFailedException(getBundle().getString("auth.impl.general.error"), e);
        }
    }

    public boolean getCreateAccountAllowed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return SecurityDbUtil.getCreateAccountAllowed();
    }

    public boolean getUseChallenge() {
        if (this._config == null) {
            throw new RuntimeException(getBundle().getString("auth.impl.no.config"));
        }
        return this._config.getUseChallenge();
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public String getAuthType() {
        return RDBMS_AUTH_TYPE;
    }

    public static String getDefaultAuthType() {
        return RDBMS_AUTH_TYPE;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public boolean suppressFirstLoadError(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("user_id") == null && httpServletRequest.getParameter(LoginBrokerServletConstants.ONE_TIME_TOKEN_PARAM) == null;
    }

    protected void setGlobalKeys(HttpServletRequest httpServletRequest) throws PersistenceException {
    }

    public final void establishSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws BbSecurityException {
        try {
            BbSessionManagerServiceFactory.getInstance().safeGetSession(httpServletRequest, httpServletResponse);
            User loadByUserName = UserDbLoader.Default.getInstance().loadByUserName(str);
            HttpAuthManager.recreateSession(httpServletRequest, httpServletResponse);
            HttpAuthManager.requestValidation(loadByUserName, httpServletRequest);
        } catch (Exception e) {
            throw new BbSecurityException("Failed to establish session for user: " + str, e);
        }
    }
}
