package com.vertexinc.common.fw.rba.app;

import com.vertexinc.common.AppRoleEnum;
import com.vertexinc.common.fw.rba.domain.AppRole;
import com.vertexinc.common.fw.rba.domain.AppUser;
import com.vertexinc.common.fw.rba.domain.Login;
import com.vertexinc.common.fw.rba.idomain.IAlreadyAuthenticated;
import com.vertexinc.common.fw.rba.idomain.IAlreadyPartitionAuthenticated;
import com.vertexinc.common.fw.rba.idomain.ILogin;
import com.vertexinc.common.fw.rba.idomain.LoginResultType;
import com.vertexinc.common.fw.rba.ipersist.AppRolePersister;
import com.vertexinc.common.fw.rba.ipersist.AppUserPersister;
import com.vertexinc.common.fw.rba.ipersist.AppUserPersisterException;
import com.vertexinc.common.fw.sprt.domain.Source;
import com.vertexinc.common.fw.sprt.ipersist.SourcePersister;
import com.vertexinc.common.fw.sprt.ipersist.SourcePersisterException;
import com.vertexinc.common.fw.vsf.domain.SessionContext;
import com.vertexinc.util.config.SysConfig;
import com.vertexinc.util.env.Environment;
import com.vertexinc.util.error.VertexInvalidParameterException;
import com.vertexinc.util.i18n.Message;
import com.vertexinc.util.iface.RepositoryType;
import com.vertexinc.util.log.Log;
import com.vertexinc.util.log.LogLevel;
import com.vertexinc.util.sec.SymDecryption;
import com.vertexinc.util.sec.SymEncryption;
import com.vertexinc.util.service.Compare;
import com.vertexinc.util.unicode.Normalizer;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/vertexinc/common/fw/rba/app/UserLogin.class
  input_file:patchedFiles.zip:lib/vertex-oseries-components-common.jar:com/vertexinc/common/fw/rba/app/UserLogin.class
 */
/* loaded from: input_file:patchedFiles.zip:web/vertex-ws.war:WEB-INF/lib/vertex-oseries-components-common.jar:com/vertexinc/common/fw/rba/app/UserLogin.class */
public class UserLogin {
    private static final Map SESSION_LOOKUP = new HashMap();
    public static final String _VTXDEF_COMPANY_NAME = "none";
    public static final String _VTXPRM_COMPANY_NAME = "common.fw.rba.CompanyName";
    public static final String _VTXDEF_PASSWORD = "++uy3P2KWTV57VULcX9sVwPv";
    public static final String _VTXPRM_PASSWORD = "common.fw.rba.Password";
    public static final String _VTXDEF_USER_NAME = "guest";
    private static final String VERTEX_WEB_APP = "vertex-remote-services";

    private UserLogin() {
    }

    private static String decrypt(String str) {
        String str2 = null;
        if (str != null) {
            str2 = SymDecryption.decrypt(str, true);
        }
        return str2;
    }

    private static LoginResultType checkAlreadyAuthenticatedUser(String str) {
        LoginResultType loginResultType = LoginResultType.INVALID_LOGIN;
        if (str == null) {
            Log.logError(UserLogin.class, Message.format(UserLogin.class, "UserLogin. checkAlreadyAuthenticatedUser.sourceNameCannot be null", "Source name cannot be null"));
        } else {
            try {
                Source findByName = SourcePersister.getInstance().findByName(str);
                if (findByName != null) {
                    AppUser appUser = new AppUser(0L, findByName.getName(), findByName.getName());
                    appUser.setSourceId(Long.valueOf(findByName.getId()));
                    appUser.setLocale(findByName.getLocale());
                    SessionContext sessionContext = new SessionContext();
                    SessionContext.CONTEXT.set(sessionContext);
                    sessionContext.setLogin(new Login(findByName));
                    sessionContext.setUser(appUser);
                    sessionContext.setSourceId(appUser.getSourceId().longValue());
                    sessionContext.setLocale(appUser.getLocale());
                    loginResultType = LoginResultType.SUCCESS;
                } else {
                    Log.logError(UserLogin.class, Message.format(UserLogin.class, "UserLogin. checkAlreadyAuthenticatedUser.sourceNameNotFound", "Source name is not found, please verify the database (sourceName={0})", str));
                }
            } catch (Exception e) {
                Log.logException(UserLogin.class, Message.format(UserLogin.class, "UserLogin.checkAlreadyAuthenticatedUser.invalidSourceName", "Unable to process login request for source name.  Verify that the source name is correct.  Contact system administrator if problem persists.  (sourceName={0})", str), e);
            }
        }
        return loginResultType;
    }

    public static LoginResultType establishUser(String str) {
        LoginResultType loginResultType = LoginResultType.INVALID_LOGIN;
        String normalize = Normalizer.normalize(str);
        Source source = null;
        if (normalize != null) {
            try {
                if (normalize.length() > 0) {
                    source = SourcePersister.getInstance().findByTrustedId(normalize);
                }
            } catch (Exception e) {
                Log.logException(UserLogin.class, Message.format(UserLogin.class, "UserLogin.establishUser.invalidTrustedId", "Unable to process login request for trusted ID.  Verify that ID is correct.  Contact system administrator if problem persists.  (trusted ID={0})", normalize), e);
            }
        }
        if (source != null) {
            AppUser appUser = new AppUser(0L, source.getName(), source.getName());
            appUser.setSourceId(Long.valueOf(source.getId()));
            appUser.setLocale(source.getLocale());
            AppRole findByName = AppRolePersister.getInstance().findByName(AppRoleEnum.API_USER.roleName);
            if (findByName != null) {
                appUser.addRoleId(findByName.getId());
                appUser.addDirectRole(findByName);
            }
            SessionContext sessionContext = new SessionContext();
            SessionContext.CONTEXT.set(sessionContext);
            sessionContext.setLogin(new Login(source.getTrustedId()));
            sessionContext.setUser(appUser);
            sessionContext.setSourceId(appUser.getSourceId().longValue());
            sessionContext.setLocale(appUser.getLocale());
            loginResultType = LoginResultType.SUCCESS;
        } else {
            Log.logError(UserLogin.class, Message.format(UserLogin.class, "UserLogin.establishUser.noSystemPartition", "No system partition could be assigned from either a trusted ID or a default company name.  Verify request parameters."));
        }
        return loginResultType;
    }

    public static LoginResultType establishTokenUser(AppUser appUser) {
        LoginResultType loginResultType = LoginResultType.INVALID_LOGIN;
        SessionContext sessionContext = new SessionContext();
        SessionContext.CONTEXT.set(sessionContext);
        sessionContext.setLogin(new Login(appUser.getUserName()));
        sessionContext.setUser(appUser);
        checkActivePartition(appUser);
        sessionContext.setSourceId(appUser.getSourceId().longValue());
        sessionContext.setLocale(appUser.getLocale());
        return LoginResultType.SUCCESS;
    }

    private static void checkActivePartition(AppUser appUser) {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        if (request == null || request.getHeader("Vertex-Context") == null) {
            return;
        }
        String header = request.getHeader("Vertex-Context");
        Source source = null;
        try {
            source = SourcePersister.getInstance().findByUUID(header);
        } catch (SourcePersisterException e) {
            Log.logException(UserLogin.class, "Error reading source - " + header, e);
        }
        if (source == null) {
            throw new VertexInvalidParameterException("Invalid partition");
        }
        appUser.setSourceId(Long.valueOf(source.getId()));
    }

    public static LoginResultType establishUser(String str, String str2) {
        String normalize = Normalizer.normalize(str);
        String normalize2 = Normalizer.normalize(str2);
        String decrypt = decrypt(normalize);
        String decrypt2 = decrypt(normalize2);
        if (Log.isLevelOn(UserLogin.class, LogLevel.DEBUG) && SysConfig.getEnv(ISecAuthLogging._VTXPRM_AUTH_LOGGING, false)) {
            Log.logDebug(UserLogin.class, "User Authentication with thefollowing credentials userName=" + normalize + ",decryptedUserName=" + decrypt + ",password=" + normalize2 + ",decryptedPassword=" + decrypt2);
        }
        LoginResultType establishUser = establishUser(decrypt != null ? decrypt : normalize, decrypt2 != null ? decrypt2 : normalize2, true);
        if (LoginResultType.INVALID_USER.equals(establishUser) && (decrypt != null || decrypt2 != null)) {
            establishUser = establishUser(normalize, normalize2, true);
        }
        return establishUser;
    }

    private static LoginResultType establishUser(String str, String str2, boolean z) {
        String normalize = Normalizer.normalize(str);
        String normalize2 = Normalizer.normalize(str2);
        AppUser appUser = null;
        LoginResultType loginResultType = null;
        try {
            SessionContext sessionContext = (SessionContext) SessionContext.CONTEXT.get();
            if (sessionContext == null) {
                synchronized (UserLogin.class) {
                    sessionContext = new SessionContext();
                    SESSION_LOOKUP.put(normalize, sessionContext);
                    SessionContext.CONTEXT.set(sessionContext);
                }
            }
            appUser = (AppUser) sessionContext.getUser();
            if (appUser != null) {
                String env = Environment.getEnv(SysConfig.VERTEX_APPLICATION_NAME, null);
                if (appUser.getRepositoryType() == RepositoryType.LDAP && VERTEX_WEB_APP.equalsIgnoreCase(env) && Compare.equals(normalize, appUser.getUserName())) {
                    loginResultType = LoginResultType.SUCCESS;
                    Login login = new Login();
                    login.setUserName(appUser.getUserName());
                    sessionContext.setLogin(login);
                    appUser = null;
                } else if (Compare.equals(normalize, appUser.getUserName()) && Compare.equals(SymEncryption.encrypt(normalize2, 'P'), appUser.getPassword())) {
                    loginResultType = LoginResultType.SUCCESS;
                    Login login2 = new Login();
                    login2.setUserName(appUser.getUserName());
                    if (appUser.getRepositoryType() == RepositoryType.DBASE) {
                        login2.setEncryptedPassword(appUser.getPassword());
                    }
                    sessionContext.setLogin(login2);
                    appUser = null;
                } else {
                    sessionContext = new SessionContext();
                    SessionContext.CONTEXT.set(sessionContext);
                    appUser = null;
                }
            }
            if (loginResultType == null) {
                appUser = AppUserPersister.getInstance().findByName(normalize);
                if (appUser == null) {
                    loginResultType = LoginResultType.INVALID_USER;
                }
                if (loginResultType == null && appUser.isDisabled()) {
                    loginResultType = appUser.getFailedLoginCount() >= AppUser.getRetyLoginLimit() ? LoginResultType.PASSWORD_DISABLED : isUserExpired(appUser) ? LoginResultType.USER_EXPIRED : LoginResultType.USER_DISABLED;
                }
                if (loginResultType == null && isUserExpired(appUser)) {
                    loginResultType = LoginResultType.USER_EXPIRED;
                }
                if (loginResultType == null && !appUser.verifyPassword(normalize2)) {
                    loginResultType = LoginResultType.INVALID_PASSWORD;
                }
                if (loginResultType == null && appUser.getPasswordExpiration() != null && appUser.getPasswordExpiration().getTime() < System.currentTimeMillis()) {
                    loginResultType = LoginResultType.PASSWORD_EXPIRED;
                }
                if (loginResultType == null) {
                    if (appUser.getSourceId().longValue() == 1) {
                        loginResultType = LoginResultType.INVALID_USER;
                    } else {
                        loginResultType = LoginResultType.SUCCESS;
                        sessionContext.setUser(appUser);
                        sessionContext.setSourceId(appUser.getSourceId().longValue());
                        sessionContext.setLocale(appUser.getLocale());
                        Login login3 = new Login();
                        login3.setUserName(appUser.getUserName());
                        if (appUser.getRepositoryType() == RepositoryType.DBASE) {
                            login3.setEncryptedPassword(appUser.getPassword());
                        } else {
                            login3.setPassword(normalize2);
                        }
                        sessionContext.setLogin(login3);
                    }
                }
                if (loginResultType != LoginResultType.SUCCESS && z) {
                    appUser = null;
                    Source.reloadAll();
                    AppUser.reloadAll();
                    loginResultType = establishUser(normalize, normalize2, false);
                }
            }
        } catch (Exception e) {
            loginResultType = LoginResultType.INVALID_LOGIN;
            Log.logException(UserLogin.class, Message.format(UserLogin.class, "UserLogin.establishUser.invalidUser", "Login attempt failed.  No match found for specified user and password.  Note that all entries are case-sensitive.  Contact system administrator if failures persist.  (user name={0})", normalize), e);
        }
        if (appUser != null && !appUser.isDisabled()) {
            try {
                if (loginResultType == LoginResultType.SUCCESS) {
                    appUser.registerSuccessfulLogin();
                } else if (loginResultType == LoginResultType.USER_EXPIRED) {
                    appUser.registerState(true);
                } else if (loginResultType != LoginResultType.PASSWORD_EXPIRED) {
                    appUser.registerFailedLogin();
                }
            } catch (Exception e2) {
                Log.logException(UserLogin.class, Message.format(UserLogin.class, "UserLogin.establishUser.loginRegistrationError", "Unable to register login status when login complete.  Error is not critical; however, if error persists, contact system administrator.  (user name={0})", normalize), e2);
            }
        }
        return loginResultType;
    }

    private static boolean isUserExpired(AppUser appUser) {
        boolean z = false;
        Source source = null;
        if (appUser != null) {
            try {
                if (appUser.getLastSuccessfulLogin() != null) {
                    Source findByPK = SourcePersister.getInstance().findByPK(appUser.getSourceId().longValue());
                    source = findByPK;
                    if (findByPK != null && SysConfig.getEnv(AppUser.USER_EXPIRATION_PREF) != null && Integer.parseInt(SysConfig.getEnv(AppUser.USER_EXPIRATION_PREF)) != 0) {
                        if (appUser.getLastSuccessfulLogin().getTime() + (Integer.parseInt(SysConfig.getEnv(AppUser.USER_EXPIRATION_PREF)) * 24 * 60 * 60 * 1000) < System.currentTimeMillis()) {
                            z = true;
                        }
                    }
                }
            } catch (Exception e) {
                String str = null;
                if (appUser != null) {
                    str = appUser.getUserName();
                }
                String str2 = null;
                if (source != null) {
                    str2 = source.getName();
                }
                Log.logException(UserLogin.class, Message.format(UserLogin.class, "UserLogin.isUserExpired.invalidUserExpiration", "Unable to process user expiration value.  (user={0}, source={1})", str, str2), e);
            }
        }
        return z;
    }

    private static LoginResultType handlePartitionLogin(String str) {
        LoginResultType loginResultType;
        LoginResultType loginResultType2 = LoginResultType.SUCCESS;
        try {
            AppUser findByName = AppUserPersister.getInstance().findByName(str);
            loginResultType = establishUser(findByName.getUserName(), findByName.getPassword());
        } catch (Exception e) {
            loginResultType = LoginResultType.INVALID_LOGIN;
            Log.logException(UserLogin.class, Message.format(UserLogin.class, "UserLogin.handlePartitionLogin.invalidUser", "Login attempt failed.  No match found for specified user and password.  Note that all entries are case-sensitive.  Contact system administrator if failures persist.  (user name={0})", str), e);
        }
        return loginResultType;
    }

    public static LoginResultType establishUser(ILogin iLogin) throws AppUserPersisterException {
        LoginResultType establishUser;
        AppUser findByName;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.isAuthenticated()) {
            if (authentication instanceof OAuth2Authentication) {
                Map map = (Map) ((OAuth2AuthenticationDetails) ((OAuth2Authentication) authentication).getDetails()).getDecodedDetails();
                findByName = map.get("user_name") != null ? AppUserPersister.getInstance().findByName((String) map.get("user_name")) : map.get("userId") instanceof Long ? AppUserPersister.getInstance().findByPK(((Long) map.get("userId")).longValue()) : AppUserPersister.getInstance().findByPK(((Integer) map.get("userId")).intValue());
            } else {
                findByName = AppUserPersister.getInstance().findByName(authentication.getName());
            }
            if (findByName != null) {
                return establishTokenUser(findByName);
            }
        }
        if (iLogin instanceof IAlreadyAuthenticated) {
            establishUser = checkAlreadyAuthenticatedUser(((IAlreadyAuthenticated) iLogin).getSourceName());
        } else if (iLogin instanceof IAlreadyPartitionAuthenticated) {
            establishUser = handlePartitionLogin(iLogin.getUserName());
        } else if (iLogin == null || iLogin.getUserName() == null || !(iLogin.getTrustedId() == null || iLogin.getTrustedId().trim().isEmpty())) {
            establishUser = establishUser(iLogin != null ? iLogin.getTrustedId() : (String) null);
        } else {
            Login login = iLogin instanceof Login ? (Login) iLogin : new Login(iLogin);
            establishUser = establishUser(login.getUserName(), login.getPassword());
        }
        return establishUser;
    }

    public static LoginResultType establishRemoteUser(String str) {
        String normalize = Normalizer.normalize(str);
        LoginResultType loginResultType = null;
        try {
            SessionContext sessionContext = (SessionContext) SessionContext.CONTEXT.get();
            if (sessionContext == null) {
                synchronized (UserLogin.class) {
                    sessionContext = (SessionContext) SESSION_LOOKUP.get(normalize);
                    if (sessionContext == null) {
                        sessionContext = new SessionContext();
                        SESSION_LOOKUP.put(normalize, sessionContext);
                    }
                    SessionContext.CONTEXT.set(sessionContext);
                }
            }
            AppUser appUser = (AppUser) sessionContext.getUser();
            if (appUser != null) {
                if (Compare.equals(normalize, appUser.getUserName())) {
                    loginResultType = LoginResultType.SUCCESS;
                    Login login = new Login();
                    login.setUserName(appUser.getUserName());
                    if (appUser.getRepositoryType() == RepositoryType.DBASE) {
                        login.setEncryptedPassword(appUser.getPassword());
                    }
                    sessionContext.setLogin(login);
                } else {
                    sessionContext = new SessionContext();
                    SessionContext.CONTEXT.set(sessionContext);
                }
            }
            if (loginResultType == null) {
                AppUser findByName = AppUserPersister.getInstance().findByName(normalize);
                if (findByName == null) {
                    AppUser.reloadAll();
                    findByName = AppUserPersister.getInstance().findByName(normalize);
                }
                if (findByName == null) {
                    loginResultType = LoginResultType.INVALID_USER;
                } else {
                    loginResultType = LoginResultType.SUCCESS;
                    sessionContext.setUser(findByName);
                    sessionContext.setSourceId(findByName.getSourceId().longValue());
                    sessionContext.setLocale(findByName.getLocale());
                    Login login2 = new Login();
                    login2.setUserName(findByName.getUserName());
                    if (findByName.getRepositoryType() == RepositoryType.DBASE) {
                        login2.setEncryptedPassword(findByName.getPassword());
                    }
                    sessionContext.setLogin(login2);
                }
            }
        } catch (Exception e) {
            loginResultType = LoginResultType.INVALID_LOGIN;
            Log.logException(UserLogin.class, Message.format(UserLogin.class, "UserLogin.establishRemoteUser.invalidUser", "Login attempt failed.  No match found for specified user and password.  Note that all entries are case-sensitive.  Contact system administrator if failures persist.  (user name={0})", normalize), e);
        }
        return loginResultType;
    }

    public static Principal login(String str, String str2, String str3) throws AppUserPersisterException {
        return login(new Login(str2, str3));
    }

    public static Principal login(ILogin iLogin) throws AppUserPersisterException {
        SessionContext sessionContext;
        Principal principal = null;
        if (establishUser(iLogin) == LoginResultType.SUCCESS && (sessionContext = (SessionContext) SessionContext.CONTEXT.get()) != null) {
            principal = sessionContext.getUser();
        }
        return principal;
    }
}
