package blackboard.platform.security.authentication;

import blackboard.data.ValidationException;
import blackboard.data.user.User;
import blackboard.db.CIConstants;
import blackboard.persist.KeyNotFoundException;
import blackboard.persist.PersistenceException;
import blackboard.persist.user.UserDbLoader;
import blackboard.persist.user.UserDbPersister;
import blackboard.platform.BbServiceManager;
import blackboard.platform.config.ConfigurationService;
import blackboard.platform.intl.BbResourceBundle;
import blackboard.platform.log.LogService;
import blackboard.platform.security.SecurityDbUtil;
import blackboard.platform.security.SecurityUtil;
import blackboard.platform.security.authentication.servlet.LoginBrokerServlet;
import blackboard.platform.session.BbSessionManagerServiceFactory;
import blackboard.util.Base64Codec;
import blackboard.util.FileUtil;
import blackboard.util.StringUtil;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/security/authentication/BaseAuthenticationModule.class */
public class BaseAuthenticationModule implements HttpAuthModule {
    private static final String RDBMS_AUTH_TYPE = "rdbms";
    private static final String GUEST_USER_NAME = "guest";
    public static final String IMPL_CLASS_KEY = "impl";
    public static final String USE_CHALLENGE_KEY = "use_challenge";
    protected LogService _logger;
    protected HttpAuthConfig _config = null;
    protected static String _authTypeDisplayStr = null;
    private static final String[] RDBMS_PROP_KEYS = {"impl", "use_challenge"};

    /* JADX INFO: Access modifiers changed from: protected */
    public BbResourceBundle getBundle() {
        return SecurityUtil.getBundle();
    }

    public BaseAuthenticationModule() {
        this._logger = null;
        try {
            this._logger = BbServiceManager.getLogService();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public void init(ConfigurationService configurationService) {
        try {
            RDBMSAuthUtil.init(configurationService);
            _authTypeDisplayStr = HttpAuthConfig.getDisplayAuthType(getAuthType());
            validateConfig();
        } catch (Exception e) {
            this._logger.logError("Error in initializing authentication module for auth. type=" + _authTypeDisplayStr, e);
        }
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public void setConfig(HttpAuthConfig httpAuthConfig) {
        this._config = httpAuthConfig;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateConfig() throws BbInsufficientArgs {
        if (this._config == null) {
            throw new BbInsufficientArgs(getBundle().getString("auth.impl.no.config"));
        }
        String configErrs = getConfigErrs();
        if (StringUtil.notEmpty(configErrs)) {
            String authType = getAuthType();
            String installedAuthType = HttpAuthConfig.getInstalledAuthType();
            if (StringUtil.notEmpty(authType) && authType.equals(installedAuthType)) {
                throw new BbInsufficientArgs(configErrs);
            }
            this._logger.logDebug("Error loading authentication properties: " + configErrs);
        }
    }

    protected String getConfigErrs() {
        StringBuffer stringBuffer = new StringBuffer("Errors loading auth. configuration properties: ");
        Map<String, String> propObjLoadErrs = this._config.getPropObjLoadErrs();
        Set<String> keySet = propObjLoadErrs.keySet();
        int i = 0;
        if (propObjLoadErrs.size() > 0) {
            String property = System.getProperty("line.separator");
            for (String str : keySet) {
                i++;
                stringBuffer.append("Error loading " + str + " : " + propObjLoadErrs.get(str) + property);
            }
        }
        String subConfigErrs = getSubConfigErrs();
        if (subConfigErrs != null) {
            stringBuffer.append(subConfigErrs);
        }
        if (i > 0 || subConfigErrs != null) {
            return stringBuffer.toString();
        }
        return null;
    }

    protected String getSubConfigErrs() {
        StringBuffer stringBuffer = new StringBuffer();
        String property = System.getProperty("line.separator");
        boolean z = this._config != null;
        ArrayList<HttpAuthConfig> subConfigs = this._config.getSubConfigs();
        if ((!z || !(subConfigs != null)) || subConfigs.size() <= 0) {
            return null;
        }
        int i = 0;
        Iterator<HttpAuthConfig> it = subConfigs.iterator();
        while (it.hasNext()) {
            i++;
            StringBuffer stringBuffer2 = null;
            Map<String, String> propObjLoadErrs = it.next().getPropObjLoadErrs();
            Set<String> keySet = propObjLoadErrs.keySet();
            if (propObjLoadErrs.size() > 0) {
                stringBuffer.append(property);
                stringBuffer2 = new StringBuffer("SERVER #" + i + " : Errors loading auth. configuration properties: ");
                for (String str : keySet) {
                    stringBuffer2.append("Error loading " + str + " : " + propObjLoadErrs.get(str) + property);
                }
            }
            if (stringBuffer2 != null) {
                stringBuffer.append(stringBuffer2);
                stringBuffer.append(property);
            }
        }
        if (stringBuffer.length() > 0) {
            return stringBuffer.toString();
        }
        return null;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public String[] getPropKeys() {
        return RDBMS_PROP_KEYS;
    }

    public boolean isExternalAuth() {
        return false;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public boolean isAuthenticated(HttpServletRequest httpServletRequest) throws BbSecurityException {
        return true;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public String doAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        String doSecondaryAuthenticate;
        Map<String, String> doAuthenticateParams = getDoAuthenticateParams(httpServletRequest);
        if (doAuthenticateParams == null) {
            throw new BbCredentialsNotFoundException();
        }
        try {
            doSecondaryAuthenticate = doAuthenticate(doAuthenticateParams, new SessionStub(httpServletRequest), getUseChallenge());
        } catch (BbAuthenticationFailedException e) {
            if (e.getCause() instanceof KeyNotFoundException) {
                throw e;
            }
            doSecondaryAuthenticate = doSecondaryAuthenticate(httpServletRequest, httpServletResponse);
            if (null == doSecondaryAuthenticate) {
                throw e;
            }
        } catch (BbSecurityException e2) {
            doSecondaryAuthenticate = doSecondaryAuthenticate(httpServletRequest, httpServletResponse);
            if (null == doSecondaryAuthenticate) {
                throw e2;
            }
        } catch (InvalidAccountStateException e3) {
            throw e3;
        }
        return doSecondaryAuthenticate;
    }

    private String doSecondaryAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        String str = null;
        if (RDBMS_AUTH_TYPE.equals(getAuthType())) {
            str = doAuthenticate(getSecondaryDoAuthenticateParams(httpServletRequest), new SessionStub(httpServletRequest), getUseChallenge());
        }
        return str;
    }

    protected String doAuthenticate(Map map, SessionStub sessionStub, boolean z) throws BbSecurityException, BbAuthenticationFailedException, BbCredentialsNotFoundException {
        if (map == null) {
            throw new BbCredentialsNotFoundException();
        }
        String str = (String) map.get("user_id");
        String str2 = (String) map.get(LoginBrokerServlet.ENCODED_PASSWORD_PARAM);
        if (StringUtil.isEmpty(str) || StringUtil.isEmpty(str2)) {
            throw new BbCredentialsNotFoundException();
        }
        return authenticate(str, str2, sessionStub, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getDoAuthenticateParams(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("user_id");
        if (parameter == null || parameter.length() == 0) {
            return null;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("user_id", parameter);
        String parameter2 = httpServletRequest.getParameter(LoginBrokerServlet.ENCODED_PASSWORD_PARAM);
        if (parameter2 == null || parameter2.length() == 0) {
            return null;
        }
        hashtable.put(LoginBrokerServlet.ENCODED_PASSWORD_PARAM, parameter2);
        return hashtable;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getSecondaryDoAuthenticateParams(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("user_id");
        if (parameter == null || parameter.length() == 0) {
            return null;
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("user_id", parameter);
        String parameter2 = httpServletRequest.getParameter(LoginBrokerServlet.ENCODED_PASSWORD_UNICODE_PARAM);
        if (parameter2 == null || parameter2.length() == 0) {
            return null;
        }
        hashtable.put(LoginBrokerServlet.ENCODED_PASSWORD_PARAM, parameter2);
        return hashtable;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public void requestAuthenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException {
        assertRequestAuthenticate();
        try {
            httpServletRequest.getRequestDispatcher(getRequestAuthenticateUri(httpServletRequest, httpServletResponse)).forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            this._logger.logDebug(getBundle().getString("auth.impl.forwarding.failure"), e);
            throw new BbSecurityException(getBundle().getString("auth.impl.forwarding.failure"), httpServletRequest);
        }
    }

    protected void assertRequestAuthenticate() throws BbSecurityException {
        if (this._config == null) {
            throw new BbSecurityException(getBundle().getString("auth.impl.no.config"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRequestAuthenticateUri(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SecurityException, FileNotFoundException, PersistenceException {
        return "/" + HttpAuthUtil.getViLoginUri();
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException {
        new SessionStub(httpServletRequest).disassociateCurrentSessionAndUser();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String authenticate(String str, String str2, SessionStub sessionStub, boolean z) throws BbAuthenticationFailedException, BbSecurityException {
        boolean validatePassword;
        if (str.equalsIgnoreCase("guest")) {
            return str;
        }
        try {
            UserDbLoader userDbLoader = (UserDbLoader) BbServiceManager.getPersistenceService().getDbPersistenceManager().getLoader(UserDbLoader.TYPE);
            UserDbPersister userDbPersister = (UserDbPersister) BbServiceManager.getPersistenceService().getDbPersistenceManager().getPersister(UserDbPersister.TYPE);
            User loadByUserName = userDbLoader.loadByUserName(str);
            if (null == loadByUserName) {
                throw new InvalidCredentialsException(getBundle().getString("auth.impl.invalid.credentials"));
            }
            String password = loadByUserName.getPassword();
            boolean z2 = password.indexOf("$") != -1;
            if (z && !z2) {
                String loadChallengeToken = RDBMSAuthUtil.loadChallengeToken(sessionStub.getSessionId());
                if (!StringUtil.notEmpty(loadChallengeToken)) {
                    this._logger.logDebug("Error processing authentication request: challenge token is empty or null");
                    throw new BbAuthenticationFailedException(getBundle().getString("auth.impl.invalid.request"));
                }
                validatePassword = validateResponse(password, loadChallengeToken, str2);
            } else if (z2) {
                String decode = Base64Codec.decode(str2);
                validatePassword = validateOldStyle(decode, password);
                if (!validatePassword) {
                    throw new OldPasswordException();
                }
                loadByUserName.setPassword(RDBMSAuthUtil.getHashValue(decode));
                userDbPersister.persist(loadByUserName);
            } else {
                validatePassword = validatePassword(Base64Codec.decode(str2, FileUtil.UTF_16LE), password);
                if (!validatePassword) {
                    validatePassword = validatePassword(Base64Codec.decode(str2, FileUtil.ISO_8859_1), password, FileUtil.ISO_8859_1);
                }
                if (!validatePassword) {
                    validatePassword = validatePassword(Base64Codec.decode(str2, FileUtil.ISO_8859_1), password, FileUtil.UTF_16LE);
                }
            }
            if (validatePassword) {
                return str;
            }
            throw new InvalidCredentialsException(getBundle().getString("auth.impl.general.error"));
        } catch (ValidationException e) {
            this._logger.logDebug("Error processing authentication request: ", e);
            throw new BbSecurityException(getBundle().getString("auth.impl.general.error"));
        } catch (PersistenceException e2) {
            this._logger.logDebug("Error processing authentication request: ", e2);
            throw new BbAuthenticationFailedException(getBundle().getString("auth.impl.general.error"), e2);
        }
    }

    private boolean validatePassword(String str, String str2) {
        return RDBMSAuthUtil.getHashValue(str).equalsIgnoreCase(str2);
    }

    private boolean validatePassword(String str, String str2, String str3) {
        return SecurityUtil.getHashValue(str, str3).equalsIgnoreCase(str2);
    }

    private boolean validateResponse(String str, String str2, String str3) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        stringBuffer.append(str2);
        if (RDBMSAuthUtil.getHashValue(stringBuffer.toString()).equalsIgnoreCase(str3)) {
            return true;
        }
        return SecurityUtil.getHashValue(stringBuffer.toString(), FileUtil.ISO_8859_1).equalsIgnoreCase(str3);
    }

    private boolean validateOldStyle(String str, String str2) {
        return UnixMD5Crypt.crypt(str, str2).equalsIgnoreCase(str2);
    }

    public boolean getCreateAccountAllowed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return SecurityDbUtil.getCreateAccountAllowed(httpServletRequest, httpServletResponse);
    }

    public boolean getUseChallenge() {
        if (this._config == null) {
            throw new RuntimeException(getBundle().getString("auth.impl.no.config"));
        }
        return this._config.getUseChallenge();
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public String getAuthType() {
        return RDBMS_AUTH_TYPE;
    }

    public static String getDefaultAuthType() {
        return RDBMS_AUTH_TYPE;
    }

    @Override // blackboard.platform.security.authentication.HttpAuthModule
    public boolean suppressFirstLoadError(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("user_id") == null && httpServletRequest.getParameter(CIConstants.TKN_CHALLENGE) == null;
    }

    protected void setGlobalKeys(HttpServletRequest httpServletRequest) throws PersistenceException {
    }

    public final void establishSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws BbSecurityException {
        try {
            BbSessionManagerServiceFactory.getInstance().safeGetSession(httpServletRequest, httpServletResponse);
            HttpAuthManager.requestValidation(((UserDbLoader) BbServiceManager.getPersistenceService().getDbPersistenceManager().getLoader(UserDbLoader.TYPE)).loadByUserName(str), httpServletRequest);
        } catch (Exception e) {
            throw new BbSecurityException("establishSession failed:" + str, e);
        }
    }
}
