package org.lamsfoundation.lams.security;

import java.security.Principal;
import java.security.acl.Group;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;
import org.apache.log4j.Logger;
import org.lamsfoundation.lams.themes.Theme;
import org.lamsfoundation.lams.themes.dto.CSSThemeBriefDTO;
import org.lamsfoundation.lams.themes.service.IThemeService;
import org.lamsfoundation.lams.themes.web.ThemeConstants;
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
import org.lamsfoundation.lams.usermanagement.service.LdapService;
import org.lamsfoundation.lams.usermanagement.service.UserManagementService;
import org.lamsfoundation.lams.util.Configuration;
import org.lamsfoundation.lams.util.ConfigurationKeys;
import org.lamsfoundation.lams.util.HashUtil;
import org.lamsfoundation.lams.web.session.SessionManager;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:org/lamsfoundation/lams/security/UniversalLoginModule.class */
public class UniversalLoginModule extends UsernamePasswordLoginModule {
    private static Logger log = Logger.getLogger(UniversalLoginModule.class);
    protected String dsJndiName;
    protected String rolesQuery;
    protected String principalsQuery;
    private IThemeService themeService;
    private UserManagementService service;

    @Override // org.lamsfoundation.lams.security.UsernamePasswordLoginModule, org.lamsfoundation.lams.security.AbstractServerLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.dsJndiName = (String) map2.get("dsJndiName");
        this.principalsQuery = (String) map2.get("principalsQuery");
        this.rolesQuery = (String) map2.get("rolesQuery");
    }

    @Override // org.lamsfoundation.lams.security.UsernamePasswordLoginModule
    protected boolean validatePassword(String str, String str2) {
        LdapService ldapService;
        boolean z = false;
        if (str != null) {
            if (str.length() == 0) {
                return false;
            }
            try {
                String username = getUsername();
                log.debug("===> authenticating user: " + username);
                WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(SessionManager.getServletContext());
                if (this.service == null) {
                    this.service = (UserManagementService) webApplicationContext.getBean("userManagementService");
                }
                User userByLogin = this.service.getUserByLogin(username);
                if (this.themeService == null) {
                    this.themeService = (IThemeService) webApplicationContext.getBean(ThemeConstants.THEME_SERVICE_BEAN_NAME);
                }
                if (userByLogin == null) {
                    if (!Configuration.getAsBoolean(ConfigurationKeys.LDAP_PROVISIONING_ENABLED)) {
                        return false;
                    }
                    try {
                        ldapService = (LdapService) webApplicationContext.getBean("ldapService");
                    } catch (NoSuchBeanDefinitionException e) {
                        log.error("NoSuchBeanDefinitionException while getting ldapService bean, will try another method...", e);
                        ldapService = (LdapService) new ClassPathXmlApplicationContext("org/lamsfoundation/lams/usermanagement/ldapContext.xml").getBean("ldapService");
                    }
                    log.debug("===> LDAP provisioning is enabled, checking username against LDAP server...");
                    LDAPAuthenticator lDAPAuthenticator = new LDAPAuthenticator();
                    z = lDAPAuthenticator.authenticate(username, str);
                    if (!z) {
                        return false;
                    }
                    log.info("===> Creating new user for LDAP username: " + username);
                    if (!ldapService.createLDAPUser(lDAPAuthenticator.getAttrs())) {
                        log.error("===> Couldn't create new user for LDAP username: " + username);
                        return false;
                    }
                    userByLogin = this.service.getUserByLogin(username);
                    if (!ldapService.addLDAPUser(lDAPAuthenticator.getAttrs(), userByLogin.getUserId())) {
                        log.error("===> Couldn't add LDAP user: " + username + " to organisation.");
                    }
                }
                if (this.service.isUserSysAdmin()) {
                    z = true;
                }
                if (!z) {
                    String description = userByLogin.getAuthenticationMethod().getAuthenticationMethodType().getDescription();
                    log.debug("===> authentication type: " + description);
                    if ("LDAP".equals(description)) {
                        z = new LDAPAuthenticator().authenticate(username, str);
                        userByLogin = this.service.getUserByLogin(username);
                    } else {
                        if (!"LAMS".equals(description)) {
                            log.error("===> Unexpected authentication type: " + description);
                            return false;
                        }
                        DatabaseAuthenticator databaseAuthenticator = new DatabaseAuthenticator(this.dsJndiName, this.principalsQuery);
                        if (Configuration.getAsBoolean(ConfigurationKeys.LDAP_ENCRYPT_PASSWORD_FROM_BROWSER)) {
                            z = databaseAuthenticator.authenticate(username, str);
                        } else {
                            if (!databaseAuthenticator.authenticate(username, str)) {
                                str = HashUtil.sha1(str);
                            }
                            z = databaseAuthenticator.authenticate(username, str);
                        }
                    }
                }
                if (userByLogin.getDisabledFlag().booleanValue()) {
                    log.debug("===> user is disabled.");
                    return false;
                }
                if (z) {
                    UserDTO userDTO = userByLogin.getUserDTO();
                    CSSThemeBriefDTO htmlTheme = userDTO.getHtmlTheme();
                    if (htmlTheme != null) {
                        boolean z2 = false;
                        Iterator it = this.themeService.getAllCSSThemes().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            if (htmlTheme.getId().equals(((Theme) it.next()).getThemeId())) {
                                z2 = true;
                                break;
                            }
                        }
                        if (!z2) {
                            userDTO.setHtmlTheme(new CSSThemeBriefDTO(this.themeService.getDefaultCSSTheme()));
                        }
                    }
                    CSSThemeBriefDTO flashTheme = userDTO.getFlashTheme();
                    if (flashTheme != null) {
                        boolean z3 = false;
                        Iterator it2 = this.themeService.getAllFlashThemes().iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            if (flashTheme.getId().equals(((Theme) it2.next()).getThemeId())) {
                                z3 = true;
                                break;
                            }
                        }
                        if (!z3) {
                            userDTO.setFlashTheme(new CSSThemeBriefDTO(this.themeService.getDefaultFlashTheme()));
                        }
                    }
                }
            } catch (Exception e2) {
                log.error("Error while validating password", e2);
            }
        }
        return z;
    }

    @Override // org.lamsfoundation.lams.security.AbstractServerLoginModule
    protected Group[] getRoleSets() throws LoginException {
        String username = getUsername();
        Connection connection = null;
        HashMap hashMap = new HashMap();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                Connection connection2 = ((DataSource) new InitialContext().lookup(this.dsJndiName)).getConnection();
                PreparedStatement prepareStatement = connection2.prepareStatement(this.rolesQuery);
                try {
                    prepareStatement.setString(1, username);
                } catch (ArrayIndexOutOfBoundsException e) {
                }
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    if (getUnauthenticatedIdentity() == null) {
                        throw new FailedLoginException("No matching username found in Roles");
                    }
                    Group[] groupArr = {new SimpleGroup("Roles")};
                    if (executeQuery != null) {
                        try {
                            executeQuery.close();
                        } catch (SQLException e2) {
                        }
                    }
                    if (prepareStatement != null) {
                        try {
                            prepareStatement.close();
                        } catch (SQLException e3) {
                        }
                    }
                    if (connection2 != null) {
                        try {
                            connection2.close();
                        } catch (Exception e4) {
                        }
                    }
                    return groupArr;
                }
                ArrayList arrayList = new ArrayList();
                do {
                    String string = executeQuery.getString(1);
                    String string2 = executeQuery.getString(2);
                    if (string2 == null || string2.length() == 0) {
                        string2 = "Roles";
                    }
                    Group group = (Group) hashMap.get(string2);
                    if (group == null) {
                        group = new SimpleGroup(string2);
                        hashMap.put(string2, group);
                    }
                    if (string == null) {
                        try {
                            string = "LEARNER";
                            log.info("===> Found no roles");
                        } catch (Exception e5) {
                            log.debug("===> Failed to create principal: " + string, e5);
                        }
                    }
                    Principal createIdentity = super.createIdentity(string);
                    if (!arrayList.contains(string)) {
                        log.info("===> Assign user to role " + createIdentity.getName());
                        group.addMember(createIdentity);
                        arrayList.add(string);
                    }
                    if (string.equals("SYSADMIN")) {
                        Principal createIdentity2 = super.createIdentity("AUTHOR");
                        log.info("===> Found " + string);
                        if (!arrayList.contains("AUTHOR")) {
                            log.info("===> Assign user to role AUTHOR");
                            group.addMember(createIdentity2);
                            arrayList.add("AUTHOR");
                        }
                    }
                } while (executeQuery.next());
                if (executeQuery != null) {
                    try {
                        executeQuery.close();
                    } catch (SQLException e6) {
                    }
                }
                if (prepareStatement != null) {
                    try {
                        prepareStatement.close();
                    } catch (SQLException e7) {
                    }
                }
                if (connection2 != null) {
                    try {
                        connection2.close();
                    } catch (Exception e8) {
                    }
                }
                Group[] groupArr2 = new Group[hashMap.size()];
                hashMap.values().toArray(groupArr2);
                return groupArr2;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        resultSet.close();
                    } catch (SQLException e9) {
                    }
                }
                if (0 != 0) {
                    try {
                        preparedStatement.close();
                    } catch (SQLException e10) {
                    }
                }
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Exception e11) {
                    }
                }
                throw th;
            }
        } catch (NamingException e12) {
            throw new LoginException(e12.toString(true));
        } catch (SQLException e13) {
            this.log.error("SQL failure", e13);
            throw new LoginException(e13.toString());
        }
    }

    @Override // org.lamsfoundation.lams.security.UsernamePasswordLoginModule
    protected String getUsersPassword() throws LoginException {
        return "";
    }
}
