package com.plusmpm.servlet.authorization;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.plusmpm.database.DBManagement;
import com.plusmpm.database.DomainTable;
import com.plusmpm.database.notifications.Notification;
import com.plusmpm.i18n.AbstractI18N;
import com.plusmpm.security.WorkflowPrincipal;
import com.plusmpm.security.authentication.AuthenticationInterceptor;
import com.plusmpm.security.authentication.LdapAuthenticator;
import com.plusmpm.security.authentication.SharkAuthenticator;
import com.plusmpm.util.notifications.NotificationManager;
import com.plusmpm.util.notifications.NotificationReceiver;
import com.plusmpm.util.notifications.NotificationReceiverType;
import com.suncode.pwfl.administration.user.User;
import com.suncode.pwfl.administration.user.UserService;
import com.suncode.pwfl.administration.user.UserSettingsService;
import com.suncode.pwfl.administration.user.security.PasswordPolicyProfile;
import com.suncode.pwfl.administration.user.security.captcha.service.CaptchaService;
import com.suncode.pwfl.administration.user.security.service.BlockedUserService;
import com.suncode.pwfl.administration.user.security.service.PasswordPolicyResolverService;
import com.suncode.pwfl.administration.user.security.service.SelfUnblockUserService;
import com.suncode.pwfl.administration.user.security.service.UserPasswordHistoryService;
import com.suncode.pwfl.i18n.MessageHelper;
import com.suncode.pwfl.license.LicenseVerificator;
import com.suncode.pwfl.license.exceptions.NextSessionNotAllowedException;
import com.suncode.pwfl.tenancy.TenancyContext;
import com.suncode.pwfl.tenancy.config.Configuration;
import com.suncode.pwfl.tenancy.synchronization.xpdl.XpdlSynchronizationManager;
import com.suncode.pwfl.transaction.TransactionManagerFactory;
import com.suncode.pwfl.util.ServiceFactory;
import com.suncode.pwfl.util.SpringContext;
import eu.bitwalker.useragentutils.Browser;
import eu.bitwalker.useragentutils.OperatingSystem;
import eu.bitwalker.useragentutils.UserAgent;
import eu.bitwalker.useragentutils.Version;
import java.io.IOException;
import java.util.HashMap;
import java.util.Locale;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.TransactionCallbackWithoutResult;
import org.springframework.transaction.support.TransactionTemplate;

/* loaded from: input_file:com/plusmpm/servlet/authorization/UserAuthorizationServlet.class */
public class UserAuthorizationServlet extends HttpServlet {
    private static final Logger log = LoggerFactory.getLogger(UserAuthorizationServlet.class);
    private ObjectMapper mapper = new ObjectMapper();

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        SharkAuthenticator ldapAuthenticator;
        UserPasswordHistoryService userPasswordHistoryService = (UserPasswordHistoryService) SpringContext.getBean(UserPasswordHistoryService.class);
        UserService userService = ServiceFactory.getUserService();
        CaptchaService captchaService = (CaptchaService) SpringContext.getBean(CaptchaService.class);
        PasswordPolicyResolverService passwordPolicyResolverService = (PasswordPolicyResolverService) SpringContext.getBean(PasswordPolicyResolverService.class);
        BlockedUserService blockedUserService = (BlockedUserService) SpringContext.getBean(BlockedUserService.class);
        SelfUnblockUserService selfUnblockUserService = (SelfUnblockUserService) SpringContext.getBean(SelfUnblockUserService.class);
        resolveUserAgentAuditParam(httpServletRequest);
        HttpSession session = httpServletRequest.getSession();
        String id = session.getId();
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter("password");
        String parameter3 = httpServletRequest.getParameter("domainId");
        String parameter4 = httpServletRequest.getParameter("customer");
        String parameter5 = httpServletRequest.getParameter("captchaId");
        String parameter6 = httpServletRequest.getParameter("captcha");
        Boolean valueOf = Boolean.valueOf((StringUtils.isBlank(parameter3) || parameter3.equals("plusworkflow")) ? false : true);
        String str = parameter;
        try {
            httpServletResponse.setContentType("application/json");
            httpServletResponse.setCharacterEncoding("UTF-8");
            if (!Configuration.getInstance().isClientExist(parameter4)) {
                httpServletResponse.getWriter().write("{success:false, license:true, msg: \"" + (MessageHelper.getMessage("Autoryzacja_zakonczona_niepomyslnie") + ".") + "\" }");
                log.warn("Nastąpiła próba zalogowania na nieistniejącego klienta.");
            } else if (((XpdlSynchronizationManager) SpringContext.getBean(XpdlSynchronizationManager.class)).isClientOutOfSync(parameter4)) {
                httpServletResponse.getWriter().write("{success:false, license:false, msg: \"Nie można się zalogować, gdyż klient ma rozsynchronizowane pakiety. Skontaktuj się z administratorem.\" }");
                log.warn("Klient '" + parameter4 + "' nie ma zsynchronizowanych pakietów. Logowanie zablokowane.");
            } else {
                TenancyContext.setTenant(parameter4);
                String validateOnLogin = LicenseVerificator.validateOnLogin();
                boolean isNotEmpty = StringUtils.isNotEmpty(validateOnLogin);
                if (isNotEmpty && !parameter.equals("admin")) {
                    writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).license(false).msg(MessageHelper.getMessage("Wystapil_problem_z_licencja_systemu") + ". " + MessageHelper.getMessage("Skontaktuj_sie_z_administratorem_systemu") + ".").build());
                    log.warn("Wystąpił problem z licencją systemu: {}", validateOnLogin);
                    return;
                }
                if (!LicenseVerificator.isNextSessionAllowed()) {
                    writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).license(false).msg(new NextSessionNotAllowedException().getMessageTranslated()).build());
                    log.warn("Limit zalogowanych użytkowników wykorzystany.");
                    return;
                }
                if (valueOf.booleanValue()) {
                    DomainTable domainTable = getDomainTable(parameter3);
                    ldapAuthenticator = new LdapAuthenticator(new WorkflowPrincipal(parameter, parameter2, domainTable.getId().toString(), domainTable.getDomainName()), session);
                    str = domainTable.getDomainName() + "/" + str;
                } else {
                    ldapAuthenticator = new SharkAuthenticator(new WorkflowPrincipal(parameter, parameter2), session, AuthenticationInterceptor.LoginType.PLUSWORKFLOW);
                }
                log.debug("fullUsername: " + str);
                if (!valueOf.booleanValue()) {
                    if (captchaService.requireCaptcha(session)) {
                        log.debug("Captcha is required for current session");
                        if (!captchaService.validateCaptcha(parameter5, parameter6)) {
                            log.warn("Captcha is invalid");
                            writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).license(true).incorrectCaptcha(true).requireCaptcha(Boolean.valueOf(captchaService.requireCaptcha(session))).build());
                            return;
                        }
                    } else if (captchaService.requireCaptcha(str) && (StringUtils.isEmpty(parameter5) || !captchaService.validateCaptcha(parameter5, parameter6))) {
                        log.debug("Captcha is required for {}", str);
                        writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).license(true).incorrectCaptcha(false).requireCaptcha(Boolean.valueOf(captchaService.requireCaptcha(str))).build());
                        return;
                    }
                    User user = userService.getUser(str, new String[]{"groups"});
                    if (user != null) {
                        Optional forUser = passwordPolicyResolverService.getForUser(user);
                        log.debug("Checking if user {} is blocked", str);
                        if (blockedUserService.isUserBlocked(user)) {
                            log.warn("User {} is blocked", str);
                            writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).license(true).userBlocked(true).requireCaptcha(Boolean.valueOf(captchaService.requireCaptcha(session) || captchaService.requireCaptcha(str))).build());
                            if (((PasswordPolicyProfile) forUser.get()).getSendUnblockingEmail().booleanValue() || parameter.equals("admin")) {
                                new Thread(() -> {
                                    try {
                                        selfUnblockUserService.sendSelfUnblockEmail(user);
                                    } catch (Exception e) {
                                        log.error("Error while sending self unblock email to user " + parameter, e);
                                    }
                                }).start();
                                return;
                            }
                            return;
                        }
                        if (forUser.isPresent()) {
                            PasswordPolicyProfile passwordPolicyProfile = (PasswordPolicyProfile) forUser.get();
                            if (user.getPassword().equals(userService.hashPassword(parameter2))) {
                                log.debug("Checking requirements with current password for user {}", str);
                                try {
                                    passwordPolicyResolverService.validatePasswordFulfillingRequirements(passwordPolicyProfile, parameter2);
                                } catch (IllegalArgumentException e) {
                                    log.warn("Current password for user {} is not fulfilling password profile requirements", str);
                                    session.setAttribute("changePasswordUser", str);
                                    writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).license(true).weakPassword(true).requireCaptcha(Boolean.valueOf(captchaService.requireCaptcha(session) || captchaService.requireCaptcha(str))).build());
                                    return;
                                }
                            }
                            log.debug("Checking password expiration for user {}", str);
                            if (userPasswordHistoryService.hasExpiredPassword(passwordPolicyProfile, user)) {
                                log.warn("User {} has expired password", parameter);
                                session.setAttribute("changePasswordUser", str);
                                writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).license(true).expiredPassword(true).requireCaptcha(Boolean.valueOf(captchaService.requireCaptcha(session) || captchaService.requireCaptcha(str))).build());
                                return;
                            }
                        }
                    } else {
                        log.warn("User {} not found", str);
                    }
                }
                if (ldapAuthenticator.authenticate()) {
                    if (!valueOf.booleanValue()) {
                        blockedUserService.invalidateFailedLogins(str);
                        captchaService.invalidateFailedLogins(id, str);
                    }
                    if (isNotEmpty && parameter.equals("admin")) {
                        writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(true).license(false).msg(validateOnLogin).build());
                    } else {
                        writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(true).license(true).build());
                    }
                    log.info("Uwierzytelnienie użytkownika: " + parameter + " w domenie: " + parameter3 + " powiodło się.");
                    try {
                        processLocaleForNewUser(str, AbstractI18N.getFromBrowserSettings(httpServletRequest));
                    } catch (Exception e2) {
                        log.error("Nie można ustawić języka użytkownikowi: " + str, e2);
                    }
                    httpServletRequest.setAttribute("auditSuccess", true);
                } else {
                    Boolean bool = false;
                    if (!valueOf.booleanValue()) {
                        blockedUserService.registerFailedLoginAttempt(str);
                        captchaService.registerFailedLoginAttempt(id, str);
                        bool = Boolean.valueOf(captchaService.requireCaptcha(session) || captchaService.requireCaptcha(str));
                    }
                    writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).license(true).msg(MessageHelper.getMessage("Autoryzacja_zakonczona_niepomyslnie") + ".").requireCaptcha(bool).build());
                    log.warn("Uwierzytelnienie użytkownika: " + parameter + " w domenie: " + parameter3 + " nie powiodło się.");
                }
            }
        } catch (Exception e3) {
            log.error(e3.getMessage(), e3);
            writeResponse(httpServletResponse, UserAuthorizationServletResponse.builder().success(false).requireCaptcha(Boolean.valueOf(captchaService.requireCaptcha(session))).msg(MessageHelper.getMessage("Nieznany_blad")).build());
        }
    }

    private void resolveUserAgentAuditParam(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("User-Agent");
        HashMap hashMap = new HashMap();
        hashMap.put("useragent", header);
        try {
            UserAgent parseUserAgentString = UserAgent.parseUserAgentString(header);
            Browser browser = parseUserAgentString.getBrowser();
            Version browserVersion = parseUserAgentString.getBrowserVersion();
            OperatingSystem operatingSystem = parseUserAgentString.getOperatingSystem();
            hashMap.put("browser", browser.getName());
            hashMap.put("browserVersion", browserVersion.getVersion());
            hashMap.put("operatingSystem", operatingSystem.getName());
        } catch (Exception e) {
            log.warn("Cannot parse User-Agent", e);
        }
        httpServletRequest.setAttribute("auditExtraParam", (String) hashMap.entrySet().stream().map(entry -> {
            return ((String) entry.getKey()) + "=" + ((String) entry.getValue());
        }).collect(Collectors.joining("@AUDIT_PARAM@")));
    }

    private DomainTable getDomainTable(String str) {
        return new DBManagement().getDomain(str);
    }

    private void processLocaleForNewUser(final String str, final Locale locale) {
        new TransactionTemplate(TransactionManagerFactory.getHibernateTransactionManager()).execute(new TransactionCallbackWithoutResult() { // from class: com.plusmpm.servlet.authorization.UserAuthorizationServlet.1
            protected void doInTransactionWithoutResult(TransactionStatus transactionStatus) {
                if (locale == null || !AbstractI18N.isLocaleSupported(locale) || UserAuthorizationServlet.this.hasLanguageSetting(str)) {
                    return;
                }
                UserAuthorizationServlet.log.debug("Brak ustawień języka dla użytkownika: " + str);
                UserAuthorizationServlet.this.setUserLocale(str, locale);
                UserAuthorizationServlet.this.notifyUserAboutLanguage(str, locale);
                UserAuthorizationServlet.log.debug("Ustawiono język \"" + locale.getLanguage() + "\" użytkownikowi \"" + str + "\"");
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean hasLanguageSetting(String str) {
        return StringUtils.isNotEmpty(ServiceFactory.getUserSettingsService().getSetting(str, UserSettingsService.UserSetting.LANGUAGE));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setUserLocale(String str, Locale locale) {
        ServiceFactory.getUserSettingsService().setUserSetting(str, UserSettingsService.UserSetting.LANGUAGE, locale.getLanguage());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void notifyUserAboutLanguage(String str, Locale locale) {
        Notification notification = new Notification();
        String message = MessageHelper.getMessage("languageName");
        notification.setFailure(false);
        notification.setMessage(MessageHelper.getMessage("newLanguageForUser", new Object[]{message}));
        notification.setSender("System");
        NotificationManager.add(notification, new NotificationReceiver(NotificationReceiverType.USER, str));
    }

    private void writeResponse(HttpServletResponse httpServletResponse, UserAuthorizationServletResponse userAuthorizationServletResponse) throws JsonProcessingException, IOException {
        httpServletResponse.getWriter().write(this.mapper.writeValueAsString(userAuthorizationServletResponse));
    }
}
