package org.lamsfoundation.lams.security;

import java.io.IOException;
import java.security.Principal;
import java.security.acl.Group;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.themes.Theme;
import org.lamsfoundation.lams.themes.dto.ThemeDTO;
import org.lamsfoundation.lams.themes.service.IThemeService;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
import org.lamsfoundation.lams.usermanagement.service.LdapService;
import org.lamsfoundation.lams.util.Configuration;
import org.lamsfoundation.lams.util.ConfigurationKeys;
import org.lamsfoundation.lams.web.session.SessionManager;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/lamsfoundation/lams/security/UniversalLoginModule.class */
public class UniversalLoginModule implements LoginModule {
    private Subject subject;
    private CallbackHandler callbackHandler;
    private boolean loginOK;
    private Principal identity;
    private char[] credential;
    private static String dsJndiName;
    private static DatabaseAuthenticator databaseAuthenticator;
    private static IThemeService themeService;
    private static IUserManagementService userManagementService;
    private static final long INTERNAL_AUTHENTICATION_TIMEOUT = 10000;
    private static final String ROLES_QUERY = "SELECT DISTINCT r.name,'Roles' FROM lams_user u LEFT OUTER JOIN lams_user_organisation uo USING(user_id) LEFT OUTER JOIN lams_user_organisation_role urr USING(user_organisation_id) LEFT OUTER JOIN lams_role r USING (role_id) WHERE u.login=?";
    private static Logger log = Logger.getLogger(UniversalLoginModule.class);
    private static final Map<String, Long> internalAuthenticationTokens = new TreeMap();

    public boolean commit() throws LoginException {
        if (!this.loginOK) {
            return false;
        }
        Set<Principal> principals = this.subject.getPrincipals();
        principals.add(this.identity);
        for (Group group : getRoleSets()) {
            Group createGroup = createGroup(group.getName(), principals);
            Enumeration<? extends Principal> members = group.members();
            while (members.hasMoreElements()) {
                createGroup.addMember(members.nextElement());
            }
        }
        log.info("User logged in: " + getUserName());
        return true;
    }

    public boolean abort() throws LoginException {
        log.info("Abort log in for user: " + getUserName());
        return true;
    }

    public boolean logout() throws LoginException {
        log.info("User logged out: " + getUserName());
        this.subject.getPrincipals().remove(this.identity);
        return true;
    }

    private Group createGroup(String str, Set<Principal> set) {
        Group group = null;
        Iterator<Principal> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Principal next = it.next();
            if (next instanceof Group) {
                Group group2 = (Group) next;
                if (group2.getName().equals(str)) {
                    group = group2;
                    break;
                }
            }
        }
        if (group == null) {
            group = new SimpleGroup(str);
            set.add(group);
        }
        return group;
    }

    public boolean login() throws LoginException {
        this.loginOK = false;
        String[] usernameAndPassword = getUsernameAndPassword();
        String str = usernameAndPassword[0];
        String str2 = usernameAndPassword[1];
        log.info("Authenticate user: " + str);
        if (this.identity == null) {
            try {
                this.identity = new SimplePrincipal(str);
                if (!validatePassword(str2)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Bad password for user: " + str);
                    }
                    throw new FailedLoginException("Incorrect password");
                }
            } catch (Exception e) {
                throw new LoginException("Failed to create principal: " + e.getMessage());
            }
        }
        this.loginOK = true;
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("User authenticated: " + this.identity);
        return true;
    }

    private String getUserName() {
        if (this.identity == null) {
            return null;
        }
        return this.identity.getName();
    }

    private String[] getUsernameAndPassword() throws LoginException {
        if (this.callbackHandler == null) {
            throw new LoginException("No CallbackHandler available to collect authentication information");
        }
        Callback nameCallback = new NameCallback("User name: ", "guest");
        PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
        String str = null;
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            String name = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            if (password != null) {
                this.credential = new char[password.length];
                System.arraycopy(password, 0, this.credential, 0, password.length);
                passwordCallback.clearPassword();
                str = new String(this.credential);
            }
            return new String[]{name, str};
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException("CallbackHandler does not support: " + e2.getCallback());
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        if (dsJndiName == null) {
            dsJndiName = (String) map2.get("dsJndiName");
        }
    }

    private boolean validatePassword(String str) {
        UserDTO userDTO;
        ThemeDTO theme;
        LdapService ldapService;
        WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(SessionManager.getServletContext());
        if (userManagementService == null) {
            userManagementService = (IUserManagementService) webApplicationContext.getBean("userManagementService");
            themeService = (IThemeService) webApplicationContext.getBean("themeService");
        }
        if (SessionManager.getSession() != null && userManagementService.isUserSysAdmin()) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Authenticated sysadmin");
            return true;
        }
        String userName = getUserName();
        if (StringUtils.isBlank(str)) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Entered password is blank for user: " + userName);
            return false;
        }
        if (str.startsWith("#LAMS")) {
            if (log.isDebugEnabled()) {
                log.debug("Authenticating internally user: " + userName);
            }
            Long l = internalAuthenticationTokens.get(str);
            internalAuthenticationTokens.remove(str);
            return l != null && System.currentTimeMillis() - l.longValue() < INTERNAL_AUTHENTICATION_TIMEOUT;
        }
        boolean z = false;
        try {
            User userByLogin = userManagementService.getUserByLogin(userName);
            if (userByLogin == null) {
                if (!Configuration.getAsBoolean(ConfigurationKeys.LDAP_PROVISIONING_ENABLED)) {
                    return false;
                }
                try {
                    ldapService = (LdapService) webApplicationContext.getBean("ldapService");
                } catch (NoSuchBeanDefinitionException e) {
                    log.warn("No ldapService bean found, trying another method to fetch it.", e);
                    ldapService = (LdapService) new ClassPathXmlApplicationContext("org/lamsfoundation/lams/usermanagement/ldapContext.xml").getBean("ldapService");
                }
                if (log.isDebugEnabled()) {
                    log.debug("LDAP provisioning is enabled, checking user " + userName + " against LDAP server.");
                }
                LDAPAuthenticator lDAPAuthenticator = new LDAPAuthenticator(userManagementService);
                z = lDAPAuthenticator.authenticate(userName, str);
                if (!z) {
                    return false;
                }
                log.info("Creating new user using LDAP: " + userName);
                if (!ldapService.createLDAPUser(lDAPAuthenticator.getAttrs())) {
                    log.error("Could not create new user for LDAP user: " + userName);
                    return false;
                }
                userByLogin = userManagementService.getUserByLogin(userName);
                if (!ldapService.addLDAPUser(lDAPAuthenticator.getAttrs(), userByLogin.getUserId())) {
                    log.error("Could not add LDAP user " + userName + " to organisation.");
                }
            }
            if (!z) {
                String description = userByLogin.getAuthenticationMethod().getAuthenticationMethodType().getDescription();
                if ("LDAP".equals(description)) {
                    z = new LDAPAuthenticator(userManagementService).authenticate(userName, str);
                    userByLogin = userManagementService.getUserByLogin(userName);
                } else {
                    if (!"LAMS".equals(description)) {
                        log.error("Unexpected authentication type: " + description);
                        return false;
                    }
                    if (databaseAuthenticator == null) {
                        databaseAuthenticator = new DatabaseAuthenticator(dsJndiName);
                    }
                    z = databaseAuthenticator.authenticate(userName, str);
                }
            }
            if (userByLogin.getDisabledFlag().booleanValue()) {
                log.debug("User is disabled: " + userByLogin.getLogin());
                return false;
            }
            if (z && (theme = (userDTO = userByLogin.getUserDTO()).getTheme()) != null) {
                boolean z2 = false;
                Iterator it = themeService.getAllThemes().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (theme.getId().equals(((Theme) it.next()).getThemeId())) {
                        z2 = true;
                        break;
                    }
                }
                if (!z2) {
                    userDTO.setTheme(new ThemeDTO(themeService.getDefaultTheme()));
                }
            }
            return z;
        } catch (Exception e2) {
            log.error("Error while validating password", e2);
            return false;
        }
    }

    private Group[] getRoleSets() throws LoginException {
        String userName = getUserName();
        HashMap hashMap = new HashMap();
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                Connection connection2 = ((DataSource) new InitialContext().lookup(dsJndiName)).getConnection();
                PreparedStatement prepareStatement = connection2.prepareStatement(ROLES_QUERY);
                prepareStatement.setString(1, userName);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    throw new FailedLoginException("No matching user name found in roles: " + userName);
                }
                ArrayList arrayList = new ArrayList();
                do {
                    String string = executeQuery.getString(1);
                    String string2 = executeQuery.getString(2);
                    if (string2 == null || string2.length() == 0) {
                        string2 = "Roles";
                    }
                    Group group = (Group) hashMap.get(string2);
                    if (group == null) {
                        group = new SimpleGroup(string2);
                        hashMap.put(string2, group);
                    }
                    if (string == null) {
                        try {
                            string = "LEARNER";
                            log.info("Found no roles for user: " + userName + ", assigning: " + string);
                        } catch (Exception e) {
                            log.info("Failed to create principal: " + string + " for user: " + userName, e);
                        }
                    }
                    SimplePrincipal simplePrincipal = new SimplePrincipal(string);
                    if (!arrayList.contains(string)) {
                        log.info("Assign user: " + userName + " to role " + simplePrincipal.getName());
                        group.addMember(simplePrincipal);
                        arrayList.add(string);
                    }
                    if (string.equals("SYSADMIN")) {
                        SimplePrincipal simplePrincipal2 = new SimplePrincipal("AUTHOR");
                        log.info("Found role " + string);
                        if (!arrayList.contains("AUTHOR")) {
                            log.info("Assign user: " + userName + " to role AUTHOR");
                            group.addMember(simplePrincipal2);
                            arrayList.add("AUTHOR");
                        }
                    }
                } while (executeQuery.next());
                if (executeQuery != null) {
                    try {
                        executeQuery.close();
                    } catch (SQLException e2) {
                        log.error(e2);
                    }
                }
                if (prepareStatement != null) {
                    try {
                        prepareStatement.close();
                    } catch (SQLException e3) {
                        log.error(e3);
                    }
                }
                if (connection2 != null) {
                    try {
                        connection2.close();
                    } catch (Exception e4) {
                        log.error(e4);
                    }
                }
                Group[] groupArr = new Group[hashMap.size()];
                hashMap.values().toArray(groupArr);
                return groupArr;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        resultSet.close();
                    } catch (SQLException e5) {
                        log.error(e5);
                    }
                }
                if (0 != 0) {
                    try {
                        preparedStatement.close();
                    } catch (SQLException e6) {
                        log.error(e6);
                    }
                }
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Exception e7) {
                        log.error(e7);
                    }
                }
                throw th;
            }
        } catch (NamingException e8) {
            throw new LoginException(e8.toString(true));
        } catch (SQLException e9) {
            throw new LoginException(e9.toString());
        }
    }

    public static void setAuthenticationToken(String str) {
        internalAuthenticationTokens.put(str, Long.valueOf(System.currentTimeMillis()));
    }
}
