package org.lamsfoundation.lams.security;

import java.security.Principal;
import java.security.acl.Group;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.usermanagement.AuthenticationMethod;
import org.lamsfoundation.lams.usermanagement.AuthenticationMethodParameter;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.service.UserManagementService;
import org.lamsfoundation.lams.web.session.SessionManager;
import org.lamsfoundation.lams.web.util.HttpSessionManager;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/lamsfoundation/lams/security/UniversalLoginModule.class */
public class UniversalLoginModule extends UsernamePasswordLoginModule {
    private static Logger log = Logger.getLogger(UniversalLoginModule.class);
    private static final String USE_OBJECT_CREDENTIAL_OPT = "useObjectCredential";
    private static final String PRINCIPAL_DN_PREFIX_OPT = "principalDNPrefix";
    private static final String PRINCIPAL_DN_SUFFIX_OPT = "principalDNSuffix";
    private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
    private static final String USER_ROLES_CTX_DN_ATTRIBUTE_ID_OPT = "userRolesCtxDNAttributeName";
    private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
    private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
    private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
    private static final String ROLE_ATTRIBUTE_IS_DN_OPT = "roleAttributeIsDN";
    private static final String ROLE_NAME_ATTRIBUTE_ID_OPT = "roleNameAttributeID";
    private transient SimpleGroup userRoles = new SimpleGroup("Roles");
    protected String dsJndiName;
    protected String rolesQuery;
    protected String propertyFilePath;

    @Override // org.lamsfoundation.lams.security.UsernamePasswordLoginModule, org.lamsfoundation.lams.security.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.propertyFilePath = (String) map2.get("authenticationPropertyFile");
        AuthenticationMethodConfigurer.setConfigFilePath(this.propertyFilePath);
    }

    @Override // org.lamsfoundation.lams.security.UsernamePasswordLoginModule
    protected boolean validatePassword(String str, String str2) {
        boolean z = false;
        if (str != null) {
            if (str.length() == 0) {
                return false;
            }
            log.debug("===> validatePassword() called: " + str + " : " + str2);
            try {
                String username = getUsername();
                User userByLogin = ((UserManagementService) WebApplicationContextUtils.getWebApplicationContext(HttpSessionManager.getInstance().getServletContext()).getBean("userManagementServiceTarget")).getUserByLogin(username);
                log.debug("===> authenticating user: " + username);
                if (userByLogin == null) {
                    return false;
                }
                try {
                    AuthenticationMethod authenticationMethod = userByLogin.getAuthenticationMethod();
                    AuthenticationMethodConfigurer.configure(authenticationMethod);
                    this.dsJndiName = authenticationMethod.getParameterByName("dsJndiName").getValue();
                    this.rolesQuery = authenticationMethod.getParameterByName("rolesQuery").getValue();
                    List authenticationMethodParameters = authenticationMethod.getAuthenticationMethodParameters();
                    for (int i = 0; i < authenticationMethodParameters.size(); i++) {
                        AuthenticationMethodParameter authenticationMethodParameter = (AuthenticationMethodParameter) authenticationMethodParameters.get(i);
                        log.debug("===>" + authenticationMethodParameter.getName() + " = " + authenticationMethodParameter.getValue());
                    }
                    String description = authenticationMethod.getAuthenticationMethodType().getDescription();
                    log.debug("===> authentication type :" + description);
                    if ("LDAP".equals(description)) {
                        z = new LDAPAuthenticator(authenticationMethod).authenticate(username, str);
                        log.debug("===> LDAP :: user:" + username + ":" + str + " authenticated! ");
                    } else if ("LAMS".equals(description)) {
                        z = new DatabaseAuthenticator(authenticationMethod).authenticate(username, str);
                        log.debug("===> LAMS:: user:" + username + ":" + str + " authenticated! ");
                    } else {
                        if (!"WEB_AUTH".equals(description)) {
                            log.debug("Unexpected authentication type!");
                            return false;
                        }
                        log.debug("===> WEBAUTH: " + username + " type: " + description);
                        WebAuthAuthenticator webAuthAuthenticator = new WebAuthAuthenticator();
                        log.debug("===> webauth authenticator is:" + webAuthAuthenticator);
                        z = webAuthAuthenticator.authenticate(username, str);
                        log.debug("===> WEBAUTH :: user:" + username + ":" + str + " authenticated! ");
                    }
                    if (z) {
                        SessionManager.getSession().setAttribute("user", userByLogin.getUserDTO());
                    }
                } catch (Exception e) {
                    log.debug("===>Exception : " + e);
                    return false;
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                log.debug("===> exception: " + e2);
            }
        }
        return z;
    }

    @Override // org.lamsfoundation.lams.security.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        String username = getUsername();
        Connection connection = null;
        HashMap hashMap = new HashMap();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                try {
                    DataSource dataSource = (DataSource) new InitialContext().lookup(this.dsJndiName);
                    log.debug("===> getRoleSets() called: " + this.dsJndiName + ":" + this.rolesQuery);
                    Connection connection2 = dataSource.getConnection();
                    PreparedStatement prepareStatement = connection2.prepareStatement(this.rolesQuery);
                    try {
                        prepareStatement.setString(1, username);
                    } catch (ArrayIndexOutOfBoundsException e) {
                    }
                    ResultSet executeQuery = prepareStatement.executeQuery();
                    if (!executeQuery.next()) {
                        if (getUnauthenticatedIdentity() == null) {
                            throw new FailedLoginException("No matching username found in Roles");
                        }
                        Group[] groupArr = {new SimpleGroup("Roles")};
                        if (executeQuery != null) {
                            try {
                                executeQuery.close();
                            } catch (SQLException e2) {
                            }
                        }
                        if (prepareStatement != null) {
                            try {
                                prepareStatement.close();
                            } catch (SQLException e3) {
                            }
                        }
                        if (connection2 != null) {
                            try {
                                connection2.close();
                            } catch (Exception e4) {
                            }
                        }
                        return groupArr;
                    }
                    do {
                        String string = executeQuery.getString(1);
                        String string2 = executeQuery.getString(2);
                        if (string2 == null || string2.length() == 0) {
                            string2 = "Roles";
                        }
                        Group group = (Group) hashMap.get(string2);
                        if (group == null) {
                            group = new SimpleGroup(string2);
                            hashMap.put(string2, group);
                        }
                        try {
                            Principal createIdentity = super.createIdentity(string);
                            log.info("Assign user to role " + string);
                            group.addMember(createIdentity);
                        } catch (Exception e5) {
                            log.debug("Failed to create principal: " + string, e5);
                        }
                    } while (executeQuery.next());
                    if (executeQuery != null) {
                        try {
                            executeQuery.close();
                        } catch (SQLException e6) {
                        }
                    }
                    if (prepareStatement != null) {
                        try {
                            prepareStatement.close();
                        } catch (SQLException e7) {
                        }
                    }
                    if (connection2 != null) {
                        try {
                            connection2.close();
                        } catch (Exception e8) {
                        }
                    }
                    Group[] groupArr2 = new Group[hashMap.size()];
                    hashMap.values().toArray(groupArr2);
                    return groupArr2;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            resultSet.close();
                        } catch (SQLException e9) {
                        }
                    }
                    if (0 != 0) {
                        try {
                            preparedStatement.close();
                        } catch (SQLException e10) {
                        }
                    }
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Exception e11) {
                        }
                    }
                    throw th;
                }
            } catch (NamingException e12) {
                throw new LoginException(e12.toString(true));
            }
        } catch (SQLException e13) {
            this.log.error("SQL failure", e13);
            throw new LoginException(e13.toString());
        }
    }

    @Override // org.lamsfoundation.lams.security.UsernamePasswordLoginModule
    protected String getUsersPassword() throws LoginException {
        return "";
    }
}
