package org.lamsfoundation.lams.web;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.List;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.login.FailedLoginException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.sql.DataSource;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.integration.ExtCourseClassMap;
import org.lamsfoundation.lams.integration.ExtServerOrgMap;
import org.lamsfoundation.lams.integration.ExtUserUseridMap;
import org.lamsfoundation.lams.integration.UserInfoFetchException;
import org.lamsfoundation.lams.integration.security.AuthenticationException;
import org.lamsfoundation.lams.integration.security.Authenticator;
import org.lamsfoundation.lams.integration.service.IntegrationService;
import org.lamsfoundation.lams.integration.util.LoginRequestDispatcher;
import org.lamsfoundation.lams.usermanagement.Organisation;
import org.lamsfoundation.lams.usermanagement.Role;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.UserOrganisation;
import org.lamsfoundation.lams.usermanagement.UserOrganisationRole;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/lamsfoundation/lams/web/LoginRequestServlet.class */
public class LoginRequestServlet extends HttpServlet {
    private static Logger log = Logger.getLogger(LoginRequestServlet.class);
    private static IntegrationService integrationService = null;
    private static final String JNDI_DATASOURCE = "java:/jdbc/lams-ds";
    private static final String PASSWORD_QUERY = "select password from lams_user where login=?";

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpSession session = httpServletRequest.getSession(true);
        String parameter = httpServletRequest.getParameter("uid");
        String parameter2 = httpServletRequest.getParameter("sid");
        String parameter3 = httpServletRequest.getParameter("courseid");
        String parameter4 = httpServletRequest.getParameter("ts");
        String parameter5 = httpServletRequest.getParameter("hash");
        String parameter6 = httpServletRequest.getParameter("method");
        String parameter7 = httpServletRequest.getParameter("country");
        String parameter8 = httpServletRequest.getParameter("lang");
        if (parameter == null || parameter6 == null || parameter2 == null || parameter4 == null || parameter5 == null || parameter3 == null) {
            httpServletResponse.sendError(400, "Login Failed - login parameters missing");
            return;
        }
        ExtServerOrgMap extServerOrgMap = getService().getExtServerOrgMap(parameter2);
        try {
            ExtUserUseridMap extUserUseridMap = getService().getExtUserUseridMap(extServerOrgMap, parameter);
            Authenticator.authenticate(extServerOrgMap, parameter4, parameter, parameter6, parameter5);
            ExtCourseClassMap extCourseClassMap = getService().getExtCourseClassMap(extServerOrgMap, extUserUseridMap, parameter3, parameter7, parameter8);
            User user = extUserUseridMap.getUser();
            String login = user.getLogin();
            String str = (String) session.getAttribute("extUser");
            if (str != null && str.equals(login)) {
                String requestURL = LoginRequestDispatcher.getRequestURL(httpServletRequest);
                log.debug("redirect url - " + requestURL);
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(requestURL));
                return;
            }
            if (str != null && !str.equals(login)) {
                session.invalidate();
                session = httpServletRequest.getSession(true);
            } else if (httpServletRequest.getRemoteUser() != null && str == null) {
                session.invalidate();
                session = httpServletRequest.getSession(true);
            }
            Organisation organisation = extCourseClassMap.getOrganisation();
            IUserManagementService service = integrationService.getService();
            UserOrganisation userOrganisation = service.getUserOrganisation(user.getUserId(), organisation.getOrganisationId());
            Integer[] numArr = {Role.ROLE_AUTHOR, Role.ROLE_GROUP_MANAGER, Role.ROLE_LEARNER};
            HashMap hashMap = new HashMap();
            hashMap.put("userOrganisation.userOrganisationId", userOrganisation.getUserOrganisationId());
            for (Integer num : numArr) {
                hashMap.put("role.roleId", num);
                List findByProperties = service.findByProperties(UserOrganisationRole.class, hashMap);
                if (findByProperties == null || findByProperties.size() == 0) {
                    service.save(new UserOrganisationRole(userOrganisation, (Role) service.findById(Role.class, num)));
                }
            }
            log.debug("Session Id - " + session.getId());
            String userPassword = getUserPassword(extUserUseridMap.getUser().getLogin());
            session.setAttribute("extUser", login);
            session.setAttribute("user", user.getUserDTO());
            httpServletResponse.sendRedirect("j_security_check?j_username=" + login + "&j_password=" + userPassword);
        } catch (NamingException e) {
            httpServletResponse.sendError(500, e.getMessage());
        } catch (SQLException e2) {
            httpServletResponse.sendError(500, e2.getMessage());
        } catch (UserInfoFetchException e3) {
            httpServletResponse.sendError(502, "Login Failed - failed to fetch user info from the third party server");
        } catch (FailedLoginException e4) {
            httpServletResponse.sendError(401, "Login Failed - user was not found");
        } catch (AuthenticationException e5) {
            httpServletResponse.sendError(401, "Login Failed - authentication error");
        }
    }

    private String getUserPassword(String str) throws FailedLoginException, NamingException, SQLException {
        Connection connection = null;
        try {
            Connection connection2 = ((DataSource) new InitialContext().lookup(JNDI_DATASOURCE)).getConnection();
            PreparedStatement prepareStatement = connection2.prepareStatement(PASSWORD_QUERY);
            prepareStatement.setString(1, str);
            ResultSet executeQuery = prepareStatement.executeQuery();
            if (!executeQuery.next()) {
                throw new FailedLoginException("invalid username");
            }
            String string = executeQuery.getString(1);
            executeQuery.close();
            if (connection2 != null && !connection2.isClosed()) {
                connection2.close();
            }
            return string;
        } catch (Throwable th) {
            if (0 != 0 && !connection.isClosed()) {
                connection.close();
            }
            throw th;
        }
    }

    private IntegrationService getService() {
        if (integrationService == null) {
            integrationService = (IntegrationService) WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext()).getBean("integrationService");
        }
        return integrationService;
    }
}
