package com.urbancode.anthill3.domain.authentication;

import com.urbancode.anthill3.domain.authorization.AuthorizationRealm;
import com.urbancode.anthill3.domain.distribution.DistributedServer;
import com.urbancode.anthill3.domain.distribution.DistributedServerFactory;
import com.urbancode.anthill3.domain.persistent.PersistenceException;
import com.urbancode.anthill3.domain.persistent.PersistenceRuntimeException;
import com.urbancode.anthill3.domain.persistent.Persistent;
import com.urbancode.anthill3.domain.security.Authority;
import com.urbancode.anthill3.domain.security.AuthorizationException;
import com.urbancode.anthill3.domain.security.RealmAuthenticationLookupContext;
import com.urbancode.anthill3.domain.security.Role;
import com.urbancode.anthill3.domain.security.User;
import com.urbancode.anthill3.domain.security.UserFactory;
import com.urbancode.anthill3.domain.userprofile.UserProfile;
import com.urbancode.anthill3.persistence.UnitOfWork;
import com.urbancode.anthill3.services.distributedserver.CurrentDistributedServerNameLookup;
import com.urbancode.commons.util.StringUtil;
import java.security.SecureRandom;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.lang.Validate;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/urbancode/anthill3/domain/authentication/BaseLoginModule.class */
public abstract class BaseLoginModule implements LoginModule {
    protected static final String DEFAULT_USER_RESTORE_FAIL_MSG = "Error while looking up user.";
    protected static final String DEFAULT_LOGIN_EX_MSG = "Error while authorizing user login.";
    protected static final String DEFAULT_LOGIN_REJECT_MSG = "Invalid user credentials.";
    protected static final String DEFAULT_LOCKED_OUT_MSG = "You have exceeded the number of allowed login attempts. Please contact your AnthillPro administrator to log in again.";
    protected Subject subject;
    protected CallbackHandler callbackHandler;
    protected AuthenticationRealm realm;
    protected Callback[] authorizationCallbacks;
    protected boolean evaluateRoles;
    protected User user;
    private static final Logger log = Logger.getLogger(BaseLoginModule.class);
    protected static final SecureRandom sr = new SecureRandom();
    protected boolean succeeded = false;
    protected boolean commitSucceeded = false;
    protected String userName = null;
    protected UserProfile userProfile = null;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.realm = (AuthenticationRealm) map2.get(AuthenticationRealm.AUTH_REALM_OPTION);
        this.evaluateRoles = UserEvaluationMarker.isEnabled();
        this.authorizationCallbacks = (Callback[]) ObjectUtils.defaultIfNull(getAuthorizationRealm().getCallbacks(), new Callback[0]);
    }

    protected AuthenticationRealm getRealm() {
        return this.realm;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthorizationRealm getAuthorizationRealm() {
        return getRealm().getAuthorizationRealm();
    }

    public void setEvaluateRoles(boolean z) {
        this.evaluateRoles = z;
    }

    public boolean isEvaluateRoles() {
        return this.evaluateRoles;
    }

    public abstract boolean login() throws LoginException;

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        getOrCreateUser(this.userName);
        checkUserAuthorizedToAuthenticate();
        this.commitSucceeded = true;
        this.subject.getPrincipals().add(this.user);
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().clear();
        this.succeeded = false;
        this.commitSucceeded = false;
        this.userName = null;
        this.user = null;
        this.userProfile = null;
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void getOrCreateUser(String str) throws LoginException {
        try {
            try {
                try {
                    Validate.notEmpty(str, "usernames can not be empty");
                    UnitOfWork.getCurrent().setUser(UserFactory.getSystemUser());
                    if (this.realm.getUserCaseSensitive()) {
                        this.user = UserFactory.getInstance().restoreForCaseNameAndRealm(this.userName, this.realm);
                    } else {
                        this.user = UserFactory.getInstance().restoreForNameAndRealm(this.userName, this.realm);
                    }
                    if (this.user == null) {
                        if (!this.realm.isCreateUsers()) {
                            throw new LoginException("Unable to create User: " + str);
                        }
                        this.user = new User(true, this.realm);
                        this.user.setName(str);
                        this.user.setInactive(false);
                    } else {
                        if (!this.realm.equals(this.user.getAuthenticationRealm())) {
                            throw new LoginException("Unable to create User. Username is not unique, it exists in another user authentication realm");
                        }
                        if (this.user.isInactive() && !this.realm.isActivateUsers() && !this.user.isAdmin()) {
                            throw new LoginException("User is deactivated in Anthill");
                        }
                        UserFactory.getInstance().reactivateUser(this.user.getId());
                    }
                    this.userProfile = this.user.getUserProfile();
                    if (this.userProfile == null) {
                        this.userProfile = new UserProfile(this.user);
                    }
                    setUserAttributes(this.user, this.userProfile);
                    if (isEvaluateRoles() || this.user.isNew()) {
                        Role[] userRoles = getUserRoles();
                        storeIfNew(userRoles);
                        this.user.setRoles(userRoles);
                    }
                    storeIfNew(this.user, this.userProfile);
                    UnitOfWork.getCurrent().commit();
                } catch (PersistenceException e) {
                    log.debug("Error occurred during Authentication: " + e.getMessage(), e);
                    UnitOfWork.getCurrent().evict(this.user);
                    throw newLoginException(DEFAULT_LOGIN_EX_MSG, e);
                }
            } catch (AuthorizationException e2) {
                log.debug("Error occurred during Authentication: " + e2.getMessage(), e2);
                UnitOfWork.getCurrent().evict(this.user);
                throw newLoginException(DEFAULT_LOGIN_EX_MSG, e2);
            }
        } finally {
            UnitOfWork.getCurrent().setUser(this.user);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Role[] getUserRoles() throws AuthorizationException {
        return getAuthorizationRealm().getUserRoles(this.user, this.authorizationCallbacks);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUserAttributes(User user, UserProfile userProfile) {
    }

    protected void checkUserAuthorizedToAuthenticate() throws LoginException {
        if (this.user == null) {
            return;
        }
        String name = CurrentDistributedServerNameLookup.getInstance().getName();
        if (StringUtil.isEmpty(name)) {
            return;
        }
        try {
            DistributedServer restoreForName = DistributedServerFactory.getInstance().restoreForName(name);
            if (!restoreForName.isActive()) {
                throw new LoginException("This server is not active.");
            }
            if (!this.user.isAdmin()) {
                Authority authority = Authority.getInstance();
                if (!restoreForName.isAccessibleByAll() && !authority.hasPermission(restoreForName, DistributedServer.PERMISSION_ACCESS)) {
                    throw new LoginException("User " + this.user.getName() + " is not allowed access to this server.");
                }
            }
        } catch (PersistenceException e) {
            log.error(e, e);
            throw newLoginException(DEFAULT_LOGIN_EX_MSG, e);
        }
    }

    private void storeIfNew(Persistent... persistentArr) {
        for (Persistent persistent : persistentArr) {
            if (persistent.isNew()) {
                persistent.store();
            }
        }
    }

    protected void addToFailedUsers(User user) {
        RealmAuthenticationLookupContext current = RealmAuthenticationLookupContext.getCurrent();
        if (user == null || current == null) {
            log.debug("Unable to add user " + user + " to context");
        } else {
            current.addFailedUser(user);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addToFailedUsers(String str) {
        try {
            User restoreForNameAndRealm = UserFactory.getInstance().restoreForNameAndRealm(str, this.realm);
            if (restoreForNameAndRealm != null) {
                addToFailedUsers(restoreForNameAndRealm);
            }
        } catch (PersistenceException e) {
            throw new PersistenceRuntimeException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LoginException newLoginException(String str, Throwable th) {
        LoginException loginException = new LoginException(str);
        if (th != null) {
            loginException.initCause(th);
        }
        return loginException;
    }
}
