package pl.edu.icm.yadda.desklight.services.security.userdb;

import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aal.AalException;
import pl.edu.icm.yadda.aal.AalSession;
import pl.edu.icm.yadda.aal.Authentication;
import pl.edu.icm.yadda.aal.AuthenticationRequest;
import pl.edu.icm.yadda.aal.authentication.AbstractAuthenticationModule;
import pl.edu.icm.yadda.aal.authentication.AuthenticationModule;
import pl.edu.icm.yadda.service2.user.UserCatalog;
import pl.edu.icm.yadda.service2.user.exception.TokenVerificationException;
import pl.edu.icm.yadda.service2.user.model.GroupName;
import pl.edu.icm.yadda.service2.user.model.UserData;
import pl.edu.icm.yadda.service2.user.token.LoginPasswordToken;

/* loaded from: input_file:pl/edu/icm/yadda/desklight/services/security/userdb/UserDBAuthenticationModule.class */
public class UserDBAuthenticationModule extends AbstractAuthenticationModule implements AuthenticationModule {
    private static final int EXPIRATION_TIME = 60480000;
    public static final String LOGIN = "LOGIN";
    public static final String PASSWORD = "PASSWORD";
    protected UserCatalog userCatalog;
    public static final String MODE_IN = "login/password";
    public static final String MODE_OUT = "logout";
    private static final String[] modes = {MODE_IN, MODE_OUT};
    protected final Logger log = LoggerFactory.getLogger(UserDBAuthenticationModule.class);
    private String domain = "YADDA";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:pl/edu/icm/yadda/desklight/services/security/userdb/UserDBAuthenticationModule$NonFatalException.class */
    public class NonFatalException extends Exception {
        public NonFatalException(String str) {
            super(str);
        }
    }

    public boolean authenticate(AalSession aalSession, AuthenticationRequest authenticationRequest) throws AalException {
        try {
            if (MODE_IN.equals(authenticationRequest.getMode())) {
                authenticateLogin(aalSession, authenticationRequest);
            } else if (MODE_OUT.equals(authenticationRequest.getMode())) {
                authenticateLogout(aalSession, authenticationRequest);
            }
            return true;
        } catch (NonFatalException e) {
            this.log.warn(e.getMessage());
            makeProblem(aalSession, authenticationRequest, new AalException(e.getMessage()));
            return true;
        }
    }

    protected void authenticateLogin(AalSession aalSession, AuthenticationRequest authenticationRequest) throws NonFatalException, AalException {
        aalSession.setLogin((String) null);
        if (!authenticationRequest.containsKey("LOGIN")) {
            throw new NonFatalException("Login not defined");
        }
        if (!authenticationRequest.containsKey(PASSWORD)) {
            throw new NonFatalException("Password not defined");
        }
        String str = (String) authenticationRequest.get("LOGIN");
        String str2 = (String) authenticationRequest.get(PASSWORD);
        try {
            LoginPasswordToken loginPasswordToken = new LoginPasswordToken();
            loginPasswordToken.setDomain(this.domain);
            loginPasswordToken.setLogin(str);
            loginPasswordToken.setPassword(str2);
            String verifyToken = this.userCatalog.verifyToken(loginPasswordToken);
            UserData loadUser = this.userCatalog.loadUser(verifyToken, this.domain, new UserData.UserDataParts[]{UserData.UserDataParts.EFFECTIVE_ROLES, UserData.UserDataParts.EFFECTIVE_GROUPS});
            if (loadUser == null) {
                throw new AalException("cannot finalize authentication of user " + str + ", unable to retrieve user data for id: " + verifyToken);
            }
            if (loadUser.getUser().getFlags() != null && loadUser.getUser().getFlags().contains("INACTIVE")) {
                throw new AalException("cannot finalize authentication of user " + str + ", user is inactive!");
            }
            if (loadUser.getUser().getFlags() != null && loadUser.getUser().getFlags().contains("DELETED")) {
                throw new AalException("cannot finalize authentication of user " + str + ", user is deleted!");
            }
            aalSession.getAuthentications().add(buildAuthentication(str));
            populateAuthorities(aalSession, str, loadUser);
        } catch (TokenVerificationException e) {
            throw new NonFatalException("unable to authenticate user " + str + ", bad password provided or user is deleted/disabled!");
        }
    }

    protected Authentication buildAuthentication(String str) {
        Authentication authentication = new Authentication();
        long currentTimeMillis = System.currentTimeMillis();
        authentication.setCreationTime(currentTimeMillis);
        authentication.setMode(MODE_IN);
        authentication.put("LOGIN", str);
        authentication.setExpireTime(currentTimeMillis + 60480000);
        return authentication;
    }

    protected void populateAuthorities(AalSession aalSession, String str, UserData userData) throws NonFatalException {
        aalSession.setLogin(str);
        if (userData.getEffectiveGroups() != null) {
            Iterator it = userData.getEffectiveGroups().iterator();
            while (it.hasNext()) {
                aalSession.getGroups().add(((GroupName) it.next()).getName(), MODE_IN);
            }
        }
        if (userData.getEffectiveRoles() != null) {
            Iterator it2 = userData.getEffectiveRoles().iterator();
            while (it2.hasNext()) {
                aalSession.getRoles().add((String) it2.next(), MODE_IN);
            }
        }
    }

    protected void authenticateLogout(AalSession aalSession, AuthenticationRequest authenticationRequest) throws NonFatalException {
        aalSession.setLogin((String) null);
        aalSession.getGroups().clear(MODE_IN);
        aalSession.getRoles().clear(MODE_IN);
        clearAuthentications(aalSession);
    }

    private void clearAuthentications(AalSession aalSession) {
        for (Authentication authentication : aalSession.getAuthentications()) {
            if (MODE_IN.equals(authentication.getMode())) {
                authentication.setDeleted(true);
            }
        }
    }

    public boolean reauthenticate(AalSession aalSession, Authentication authentication) {
        if (aalSession == null || authentication == null) {
            return true;
        }
        try {
            if (!authentication.containsKey("LOGIN")) {
                throw new NonFatalException("Login not defined");
            }
            String str = (String) authentication.get("LOGIN");
            UserData loadUser = this.userCatalog.loadUser(str, this.domain, new UserData.UserDataParts[]{UserData.UserDataParts.EFFECTIVE_ROLES, UserData.UserDataParts.EFFECTIVE_GROUPS});
            if (loadUser == null) {
                throw new NonFatalException("Authentication error - cannot obtain user for login");
            }
            populateAuthorities(aalSession, str, loadUser);
            return true;
        } catch (NonFatalException e) {
            this.log.warn(e.getMessage());
            makeProblem(aalSession, new AalException(e.getMessage()));
            return false;
        }
    }

    public String[] getDependencies() {
        return null;
    }

    public String getDescription() {
        return "Yadda2 UserCatalog based authentication module";
    }

    public String[] getModes() {
        return modes;
    }

    public String getName() {
        return getClass().getName();
    }

    public void setDomain(String str) {
        this.domain = str;
    }

    public void setUserCatalog(UserCatalog userCatalog) {
        this.userCatalog = userCatalog;
    }
}
