package org.silverpeas.authentication;

import com.silverpeas.export.ImportExportDescriptor;
import com.silverpeas.form.fieldType.UserField;
import com.silverpeas.util.StringUtil;
import com.stratelia.silverpeas.silvertrace.SilverTrace;
import com.stratelia.webactiv.beans.admin.AdminController;
import com.stratelia.webactiv.beans.admin.AdminException;
import com.stratelia.webactiv.beans.admin.AdminReference;
import com.stratelia.webactiv.beans.admin.Domain;
import com.stratelia.webactiv.beans.admin.UserDetail;
import com.stratelia.webactiv.beans.admin.UserFull;
import com.stratelia.webactiv.util.DBUtil;
import com.stratelia.webactiv.util.ResourceLocator;
import java.sql.Connection;
import java.sql.Driver;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Properties;
import java.util.Random;
import org.silverpeas.authentication.exception.AuthenticationBadCredentialException;
import org.silverpeas.authentication.exception.AuthenticationException;
import org.silverpeas.authentication.exception.AuthenticationHostException;
import org.silverpeas.authentication.exception.AuthenticationPasswordExpired;
import org.silverpeas.authentication.exception.AuthenticationPasswordMustBeChangedAtNextLogon;
import org.silverpeas.authentication.exception.AuthenticationPasswordMustBeChangedOnFirstLogin;
import org.silverpeas.authentication.exception.AuthenticationPwdNotAvailException;
import org.silverpeas.authentication.exception.AuthenticationUserAccountBlockedException;
import org.silverpeas.authentication.exception.AuthenticationUserAccountDeactivatedException;
import org.silverpeas.authentication.verifier.AuthenticationUserVerifierFactory;
import org.silverpeas.authentication.verifier.UserCanLoginVerifier;
import org.silverpeas.authentication.verifier.UserMustChangePasswordVerifier;

/* loaded from: input_file:org/silverpeas/authentication/AuthenticationService.class */
public class AuthenticationService {
    private static final String module = "authentication";
    protected static final String m_JDBCUrl;
    protected static final String m_AccessLogin;
    protected static final String m_AccessPasswd;
    protected static final String m_DriverClass;
    protected static final String m_DomainTableName;
    protected static final String m_DomainIdColumnName;
    protected static final String m_DomainNameColumnName;
    protected static final String m_DomainAuthenticationServerColumnName;
    protected static final String m_KeyStoreTableName;
    protected static final String m_KeyStoreKeyColumnName;
    protected static final String m_KeyStoreLoginColumnName;
    protected static final String m_KeyStoreDomainIdColumnName;
    protected static final String m_UserTableName;
    protected static final String m_UserIdColumnName;
    protected static final String m_UserLoginColumnName;
    protected static final String m_UserDomainColumnName;
    protected static int m_AutoInc = 1;
    private static final String ERROR_PREFIX = "Error";
    public static final String ERROR_PWD_EXPIRED = "Error_PwdExpired";
    public static final String ERROR_PWD_MUST_BE_CHANGED = "Error_PwdMustBeChanged";
    public static final String ERROR_INCORRECT_LOGIN_PWD = "Error_1";
    public static final String ERROR_AUTHENTICATION_FAILURE = "Error_2";
    public static final String ERROR_PASSWORD_NOT_AVAILABLE = "Error_5";
    public static final String ERROR_INCORRECT_LOGIN_PWD_DOMAIN = "Error_6";

    private static Connection openConnection() throws AuthenticationException {
        Properties properties = new Properties();
        try {
            properties.setProperty(UserField.TYPE, m_AccessLogin);
            properties.setProperty("password", m_AccessPasswd);
            try {
                return ((Driver) Class.forName(m_DriverClass).newInstance()).connect(m_JDBCUrl, properties);
            } catch (SQLException e) {
                throw new AuthenticationHostException("AuthenticationService.openConnection()", 4, "root.EX_CONNECTION_OPEN_FAILED", "JDBCUrl=" + m_JDBCUrl, e);
            }
        } catch (Exception e2) {
            throw new AuthenticationHostException("AuthenticationService.openConnection()", 4, "root.EX_CANT_INSTANCIATE_DB_DRIVER", "Driver=" + m_DriverClass, e2);
        }
    }

    private static void closeConnection(Connection connection) {
        DBUtil.close(connection);
    }

    public List<Domain> getAllDomains() {
        List<Domain> emptyList;
        try {
            emptyList = Arrays.asList(AdminReference.getAdminService().getAllDomains());
        } catch (AdminException e) {
            SilverTrace.error(module, "AuthenticationService", "Problem to retrieve all the domains", e);
            emptyList = Collections.emptyList();
        }
        return emptyList;
    }

    public String authenticate(AuthenticationCredential authenticationCredential) {
        String str = null;
        if (authenticationCredential.getLogin() != null) {
            try {
                str = authenticationCredential.isPasswordSet() ? authenticateByLoginAndPasswordAndDomain(authenticationCredential) : authenticateByLoginAndDomain(authenticationCredential);
            } catch (AuthenticationException e) {
                e = e;
                String str2 = ERROR_AUTHENTICATION_FAILURE;
                Exception nested = e.getNested();
                if (nested != null && (nested instanceof AuthenticationException)) {
                    e = (AuthenticationException) nested;
                }
                if (e instanceof AuthenticationBadCredentialException) {
                    List<Domain> allDomains = getAllDomains();
                    str2 = (allDomains == null || allDomains.size() <= 1) ? ERROR_INCORRECT_LOGIN_PWD : ERROR_INCORRECT_LOGIN_PWD_DOMAIN;
                } else if (e instanceof AuthenticationHostException) {
                    str2 = ERROR_AUTHENTICATION_FAILURE;
                } else if (e instanceof AuthenticationPwdNotAvailException) {
                    str2 = ERROR_PASSWORD_NOT_AVAILABLE;
                } else if (e instanceof AuthenticationPasswordExpired) {
                    str2 = ERROR_PWD_EXPIRED;
                } else if (e instanceof AuthenticationPasswordMustBeChangedAtNextLogon) {
                    str2 = ERROR_PWD_MUST_BE_CHANGED;
                } else if (e instanceof AuthenticationPasswordMustBeChangedOnFirstLogin) {
                    str2 = UserMustChangePasswordVerifier.ERROR_PWD_MUST_BE_CHANGED_ON_FIRST_LOGIN;
                } else if (e instanceof AuthenticationUserAccountBlockedException) {
                    str2 = UserCanLoginVerifier.ERROR_USER_ACCOUNT_BLOCKED;
                } else if (e instanceof AuthenticationUserAccountDeactivatedException) {
                    str2 = UserCanLoginVerifier.ERROR_USER_ACCOUNT_DEACTIVATED;
                }
                SilverTrace.error(module, "AuthenticationService.authenticate()", "authentication.EX_USER_REJECTED", "DomainId=" + authenticationCredential.getDomainId() + ", Login=" + authenticationCredential.getLogin() + ", ErrorCode=" + str2);
                return str2;
            }
        }
        return str;
    }

    public boolean isInError(String str) {
        return StringUtil.isNotDefined(str) || str.startsWith(ERROR_PREFIX);
    }

    private String authenticateByLoginAndPasswordAndDomain(AuthenticationCredential authenticationCredential) throws AuthenticationException {
        String login = authenticationCredential.getLogin();
        String password = authenticationCredential.getPassword();
        String domainId = authenticationCredential.getDomainId();
        if (login == null || password == null || domainId == null) {
            return null;
        }
        AuthenticationUserVerifierFactory.getUserCanLoginVerifier(authenticationCredential).verify();
        Connection connection = null;
        try {
            connection = openConnection();
            AuthenticationServer authenticationServer = getAuthenticationServer(connection, domainId);
            authenticationCredential.getCapabilities().put(Authentication.PASSWORD_CHANGE_ALLOWED, authenticationServer.isPasswordChangeAllowed() ? "yes" : "no");
            authenticationServer.authenticate(authenticationCredential);
            String authenticationKey = getAuthenticationKey(login, domainId);
            closeConnection(connection);
            return authenticationKey;
        } catch (Throwable th) {
            closeConnection(connection);
            throw th;
        }
    }

    private String authenticateByLoginAndDomain(AuthenticationCredential authenticationCredential) throws AuthenticationException {
        String login = authenticationCredential.getLogin();
        String domainId = authenticationCredential.getDomainId();
        if (login == null || domainId == null) {
            return null;
        }
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        Connection connection = null;
        try {
            try {
                connection = openConnection();
                preparedStatement = connection.prepareStatement("SELECT " + m_UserIdColumnName + " FROM " + m_UserTableName + " WHERE " + m_UserLoginColumnName + " = ? AND " + m_UserDomainColumnName + " = ?");
                preparedStatement.setString(1, login);
                preparedStatement.setInt(2, Integer.parseInt(domainId));
                resultSet = preparedStatement.executeQuery();
                boolean next = resultSet.next();
                DBUtil.close(resultSet, preparedStatement);
                closeConnection(connection);
                String str = null;
                if (next) {
                    AuthenticationUserVerifierFactory.getUserCanLoginVerifier(authenticationCredential).verify();
                    try {
                        str = getAuthenticationKey(login, domainId);
                    } catch (Exception e) {
                        SilverTrace.warn(module, "AuthenticationService.authenticate()", "authentication.EX_CANT_GET_AUTHENTICATION_KEY", "DomainId=" + domainId + ";User=" + login, e);
                        return ERROR_AUTHENTICATION_FAILURE;
                    }
                }
                return str;
            } catch (Exception e2) {
                SilverTrace.warn(module, "AuthenticationService.authenticate()", "authentication.EX_USER_REJECTED", "DomainId=" + domainId + ";User=" + login, e2);
                DBUtil.close(resultSet, preparedStatement);
                closeConnection(connection);
                return ERROR_AUTHENTICATION_FAILURE;
            }
        } catch (Throwable th) {
            DBUtil.close(resultSet, preparedStatement);
            closeConnection(connection);
            throw th;
        }
    }

    public void changePassword(AuthenticationCredential authenticationCredential, String str) throws AuthenticationException {
        changePasswordAndEmail(authenticationCredential, str, null);
    }

    public void changePasswordAndEmail(AuthenticationCredential authenticationCredential, String str, String str2) throws AuthenticationException {
        String login = authenticationCredential.getLogin();
        String password = authenticationCredential.getPassword();
        String domainId = authenticationCredential.getDomainId();
        if (login == null || password == null || domainId == null || str == null) {
            throw new AuthenticationBadCredentialException("AuthenticationService.changePassword", 4, "authentication.EX_NULL_VALUE_DETECTED");
        }
        AuthenticationUserVerifierFactory.getUserCanLoginVerifier(authenticationCredential).verify();
        Connection connection = null;
        try {
            try {
                connection = openConnection();
                getAuthenticationServer(connection, domainId).changePassword(authenticationCredential, str);
                closeConnection(connection);
                onPasswordAndEmailChanged(authenticationCredential, str2);
            } catch (AuthenticationException e) {
                SilverTrace.error(module, "AuthenticationService.changePassword()", "authentication.EX_USER_REJECTED", "DomainId=" + domainId + ";User=" + login, e);
                throw e;
            }
        } catch (Throwable th) {
            closeConnection(connection);
            throw th;
        }
    }

    public String getAuthenticationKey(String str, String str2) throws AuthenticationException {
        String computeGenerationKey = computeGenerationKey(str);
        storeAuthenticationKey(str, str2, computeGenerationKey);
        return computeGenerationKey;
    }

    private String getAuthenticationServerName(Connection connection, String str) throws AuthenticationException {
        String str2 = "SELECT " + m_DomainAuthenticationServerColumnName + " FROM " + m_DomainTableName + " WHERE " + m_DomainIdColumnName + " = " + str + ImportExportDescriptor.NO_FORMAT;
        SilverTrace.info(module, "AuthenticationService.getAuthenticationServerName()", "root.MSG_GEN_PARAM_VALUE", "query=" + str2);
        try {
            try {
                Statement createStatement = connection.createStatement();
                ResultSet executeQuery = createStatement.executeQuery(str2);
                if (!executeQuery.next()) {
                    throw new AuthenticationException("AuthenticationService.getAuthenticationServerName()", 4, "authentication.EX_DOMAIN_NOT_FOUND", "DomainId=" + str);
                }
                String string = executeQuery.getString(m_DomainAuthenticationServerColumnName);
                if (!StringUtil.isDefined(string)) {
                    throw new AuthenticationException("AuthenticationService.getAuthenticationServerName()", 4, "authentication.EX_SERVER_NOT_FOUND", "DomainId=" + str);
                }
                DBUtil.close(executeQuery, createStatement);
                return string;
            } catch (SQLException e) {
                throw new AuthenticationException("AuthenticationService.getAuthenticationServerName()", 4, "authentication.EX_DOMAIN_INFO_ERROR", "DomainId=" + str);
            }
        } catch (Throwable th) {
            DBUtil.close(null, null);
            throw th;
        }
    }

    private String computeGenerationKey(String str) {
        long hashCode = str.hashCode() * new Date().getTime();
        int i = m_AutoInc;
        m_AutoInc = i + 1;
        return String.valueOf(new Random(hashCode * i).nextInt());
    }

    private void storeAuthenticationKey(String str, String str2, String str3) throws AuthenticationException {
        PreparedStatement preparedStatement = null;
        String str4 = "INSERT INTO " + m_KeyStoreTableName + "(" + m_KeyStoreKeyColumnName + ", " + m_KeyStoreLoginColumnName + ", " + m_KeyStoreDomainIdColumnName + ") VALUES (?, ?, ?)";
        Connection connection = null;
        try {
            try {
                connection = openConnection();
                preparedStatement = connection.prepareStatement(str4);
                preparedStatement.setInt(1, Integer.parseInt(str3));
                preparedStatement.setString(2, str);
                preparedStatement.setInt(3, Integer.parseInt(str2));
                preparedStatement.executeUpdate();
                DBUtil.close(preparedStatement);
                closeConnection(connection);
            } catch (SQLException e) {
                SilverTrace.error(module, "AuthenticationService.storeAuthenticationKey()", "authentication.EX_WRITE_KEY_ERROR", "User=" + str + " exception=" + e.getSQLState());
                DBUtil.close(preparedStatement);
                closeConnection(connection);
            }
        } catch (Throwable th) {
            DBUtil.close(preparedStatement);
            closeConnection(connection);
            throw th;
        }
    }

    public void resetPassword(AuthenticationCredential authenticationCredential, String str) throws AuthenticationException {
        String login = authenticationCredential.getLogin();
        String domainId = authenticationCredential.getDomainId();
        if (login == null || domainId == null || str == null) {
            throw new AuthenticationBadCredentialException("AuthenticationService.resetPassword", 4, "authentication.EX_NULL_VALUE_DETECTED");
        }
        AuthenticationUserVerifierFactory.getUserCanLoginVerifier(authenticationCredential).verify();
        Connection connection = null;
        try {
            try {
                connection = openConnection();
                getAuthenticationServer(connection, domainId).resetPassword(login, str);
                closeConnection(connection);
                onPasswordAndEmailChanged(authenticationCredential, null);
            } catch (AuthenticationException e) {
                SilverTrace.error(module, "AuthenticationService.resetPassword()", "authentication.EX_USER_REJECTED", "DomainId=" + domainId + ";User=" + login, e);
                throw e;
            }
        } catch (Throwable th) {
            closeConnection(connection);
            throw th;
        }
    }

    private void onPasswordAndEmailChanged(AuthenticationCredential authenticationCredential, String str) throws AuthenticationException {
        AdminController adminController = new AdminController(null);
        UserDetail byId = UserDetail.getById(adminController.getUserIdByLoginAndDomain(authenticationCredential.getLogin(), authenticationCredential.getDomainId()));
        AuthenticationUserVerifierFactory.getUserMustChangePasswordVerifier(byId).notifyPasswordChange();
        UserFull userFull = adminController.getUserFull(byId.getId());
        userFull.setNbSuccessfulLoginAttempts(0);
        userFull.setLastLoginCredentialUpdateDate(new Date());
        if (StringUtil.isDefined(str)) {
            userFull.seteMail(str);
        }
        try {
            adminController.updateUserFull(userFull);
        } catch (AdminException e) {
            throw new AuthenticationException("AuthenticationService.onPasswordAndEmailChanged", 4, "authentication.EX_CANT_UPDATE_USERFULL", e);
        }
    }

    public boolean isPasswordChangeAllowed(String str) {
        Connection connection = null;
        try {
            try {
                connection = openConnection();
                boolean isPasswordChangeAllowed = getAuthenticationServer(connection, str).isPasswordChangeAllowed();
                closeConnection(connection);
                return isPasswordChangeAllowed;
            } catch (AuthenticationException e) {
                SilverTrace.error(module, "AuthenticationService.isPasswordChangeAllowed()", "authentication.EX_AUTHENTICATION_STATUS_ERROR", "DomainId=" + str + " exception=" + e.getMessage());
                closeConnection(connection);
                return false;
            }
        } catch (Throwable th) {
            closeConnection(connection);
            throw th;
        }
    }

    private AuthenticationServer getAuthenticationServer(Connection connection, String str) throws AuthenticationException {
        return AuthenticationServer.getAuthenticationServer(getAuthenticationServerName(connection, str));
    }

    static {
        ResourceLocator resourceLocator = new ResourceLocator("com.stratelia.silverpeas.authentication.domains", ImportExportDescriptor.NO_FORMAT);
        m_JDBCUrl = resourceLocator.getString("SQLDomainJDBCUrl");
        m_AccessLogin = resourceLocator.getString("SQLDomainAccessLogin");
        m_AccessPasswd = resourceLocator.getString("SQLDomainAccessPasswd");
        m_DriverClass = resourceLocator.getString("SQLDomainDriverClass");
        m_DomainTableName = resourceLocator.getString("SQLDomainTableName");
        m_DomainIdColumnName = resourceLocator.getString("SQLDomainIdColumnName");
        m_DomainNameColumnName = resourceLocator.getString("SQLDomainNameColumnName");
        m_DomainAuthenticationServerColumnName = resourceLocator.getString("SQLDomainAuthenticationServerColumnName");
        m_KeyStoreTableName = resourceLocator.getString("SQLKeyStoreTableName");
        m_KeyStoreKeyColumnName = resourceLocator.getString("SQLKeyStoreKeyColumnName");
        m_KeyStoreLoginColumnName = resourceLocator.getString("SQLKeyStoreLoginColumnName");
        m_KeyStoreDomainIdColumnName = resourceLocator.getString("SQLKeyStoreDomainIdColumnName");
        m_UserTableName = resourceLocator.getString("SQLUserTableName");
        m_UserIdColumnName = resourceLocator.getString("SQLUserIdColumnName");
        m_UserLoginColumnName = resourceLocator.getString("SQLUserLoginColumnName");
        m_UserDomainColumnName = resourceLocator.getString("SQLUserDomainColumnName");
    }
}
