package com.butor.sso.web.ajax;

import com.butor.portal.common.PortalMessageID;
import com.butor.portal.common.login.ChangePwdCredential;
import com.butor.portal.common.login.Credential;
import com.butor.portal.common.login.QR;
import com.butor.portal.common.login.UserRegistration;
import com.google.code.kaptcha.Constants;
import com.google.common.base.Strings;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.http.cookie.ClientCookie;
import org.butor.auth.common.AuthMessageID;
import org.butor.auth.common.SecurityConstants;
import org.butor.auth.common.firm.Firm;
import org.butor.auth.common.user.User;
import org.butor.auth.common.user.UserKey;
import org.butor.auth.common.user.UserQuestions;
import org.butor.checksum.CommonChecksumFunction;
import org.butor.json.service.Context;
import org.butor.json.service.ResponseHandler;
import org.butor.mail.IMailer;
import org.butor.sso.AuthInfoProvider;
import org.butor.sso.SSOConstants;
import org.butor.sso.SSOHelper;
import org.butor.sso.SSOInfo;
import org.butor.sso.SSOManager;
import org.butor.sso.UserInfoProvider;
import org.butor.utils.AccessMode;
import org.butor.utils.ApplicationException;
import org.butor.utils.CommonMessageID;
import org.butor.utils.StringUtil;
import org.butor.web.servlet.AjaxContext;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:WEB-INF/classes/com/butor/sso/web/ajax/SSOAjaxCmp.class */
public class SSOAjaxCmp {
    public static final String DEFAULT_EMAIL_REGEX = "^[\\w\\.-]+@[\\w\\.-]+\\.[\\w\\.-]+$";
    private IMailer mailer;
    private String fromRecipient;
    private String adminNotifEmails;
    private String registrationDisabledDomains;
    private Logger logger = LoggerFactory.getLogger(getClass());
    protected SSOManager ssoManager = null;
    protected UserInfoProvider userInfoProvider = null;
    protected AuthInfoProvider authInfoProvider = null;
    private String emailRegEx = DEFAULT_EMAIL_REGEX;
    private final String SEC_SYSTEM = SecurityConstants.SYSTEM_ID;
    private Pattern registrationDisabledDomainsPattern = null;

    protected boolean validateEmail(String str) {
        if (StringUtil.isEmpty(str)) {
            return false;
        }
        return str.matches(this.emailRegEx);
    }

    private boolean isRegistrationAllowed(String str) {
        if (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(this.registrationDisabledDomains)) {
            return false;
        }
        if (this.registrationDisabledDomainsPattern == null) {
            this.registrationDisabledDomainsPattern = Pattern.compile(this.registrationDisabledDomains);
        }
        return !this.registrationDisabledDomainsPattern.matcher(str).find();
    }

    public void getUserInfo(Context<Map<String, Object>> context) {
        ResponseHandler<Map<String, Object>> responseHandler = context.getResponseHandler();
        HashMap hashMap = new HashMap();
        hashMap.put("env", System.getProperty("env"));
        AjaxContext ajaxContext = (AjaxContext) context;
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        ajaxContext.getHttpServletRequest().getSession(true);
        SSOInfo sSOSession = this.ssoManager.getSSOSession(cookie);
        if (sSOSession != null) {
            HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
            session.setAttribute("id", sSOSession.getId());
            session.setAttribute(SSOConstants.SSO_SSO_ID, cookie);
            User readUser = this.userInfoProvider.readUser(sSOSession.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
            if (readUser != null && checkDomainAccess(readUser.getFirmId(), ajaxContext)) {
                boolean isTwoStepsSignin = isTwoStepsSignin(readUser.getFirmId(), ajaxContext);
                hashMap.put("firmId", Long.valueOf(readUser.getFirmId()));
                hashMap.put("theme", readUser.getTheme());
                hashMap.put("firmName", readUser.getFirmName());
                hashMap.put("email", readUser.getEmail());
                hashMap.put(SecurityConstants.SEC_DATA_TYPE_USER, sSOSession);
                hashMap.put("twoStepsSignin", Boolean.valueOf(isTwoStepsSignin));
            }
        }
        responseHandler.addRow(hashMap);
    }

    public void generateApi(Context<String> context) {
        AjaxContext ajaxContext = (AjaxContext) context;
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        ajaxContext.getHttpServletRequest().getSession(true);
        SSOInfo sSOSession = this.ssoManager.getSSOSession(cookie);
        if (sSOSession == null) {
            ApplicationException.exception(PortalMessageID.LOGIN_TIMEOUT.getMessage());
        }
        HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
        session.setAttribute("id", sSOSession.getId());
        session.setAttribute(SSOConstants.SSO_SSO_ID, cookie);
        if (!this.authInfoProvider.hasAccess(SecurityConstants.SYSTEM_ID, "apiKey", AccessMode.WRITE, sSOSession.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).booleanValue()) {
            ApplicationException.exception(PortalMessageID.GENERATE_APIKEY_FAILED.getMessage("UNAUTHORIZED"));
        }
        User readUser = this.userInfoProvider.readUser(sSOSession.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user {}", sSOSession.getId());
            ApplicationException.exception(PortalMessageID.GENERATE_APIKEY_FAILED.getMessage());
        }
        String generateChecksum = CommonChecksumFunction.SHA256.generateChecksum(sSOSession.getId());
        readUser.setAttribute("apiKey", generateChecksum);
        if (this.userInfoProvider.updateUser(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
            this.logger.warn("Failed to save new Api key for user={}", sSOSession.getId());
            throw ApplicationException.exception(PortalMessageID.GENERATE_APIKEY_FAILED.getMessage());
        }
        context.getResponseHandler().addRow(generateChecksum);
    }

    public void getApi(Context<String> context) {
        AjaxContext ajaxContext = (AjaxContext) context;
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        ajaxContext.getHttpServletRequest().getSession(true);
        SSOInfo sSOSession = this.ssoManager.getSSOSession(cookie);
        if (sSOSession == null) {
            ApplicationException.exception(PortalMessageID.LOGIN_TIMEOUT.getMessage());
        }
        HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
        session.setAttribute("id", sSOSession.getId());
        session.setAttribute(SSOConstants.SSO_SSO_ID, cookie);
        if (!this.authInfoProvider.hasAccess(SecurityConstants.SYSTEM_ID, "apiKey", AccessMode.WRITE, sSOSession.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).booleanValue()) {
            ApplicationException.exception(PortalMessageID.GET_APIKEY_FAILED.getMessage("UNAUTHORIZED"));
        }
        User readUser = this.userInfoProvider.readUser(sSOSession.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user with id={}", sSOSession.getId());
            ApplicationException.exception(PortalMessageID.GET_APIKEY_FAILED.getMessage());
        }
        context.getResponseHandler().addRow((String) readUser.getAttribute("apiKey"));
    }

    public void removeApi(Context<Boolean> context) {
        AjaxContext ajaxContext = (AjaxContext) context;
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        ajaxContext.getHttpServletRequest().getSession(true);
        SSOInfo sSOSession = this.ssoManager.getSSOSession(cookie);
        if (sSOSession == null) {
            ApplicationException.exception(PortalMessageID.LOGIN_TIMEOUT.getMessage());
        }
        HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
        session.setAttribute("id", sSOSession.getId());
        session.setAttribute(SSOConstants.SSO_SSO_ID, cookie);
        if (!this.authInfoProvider.hasAccess(SecurityConstants.SYSTEM_ID, "apiKey", AccessMode.WRITE, sSOSession.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).booleanValue()) {
            ApplicationException.exception(PortalMessageID.REMOVE_APIKEY_FAILED.getMessage("UNAUTHORIZED"));
        }
        User readUser = this.userInfoProvider.readUser(sSOSession.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user with id={}", sSOSession.getId());
            ApplicationException.exception(PortalMessageID.REMOVE_APIKEY_FAILED.getMessage());
        }
        readUser.setAttribute("apiKey", null);
        if (this.userInfoProvider.updateUser(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
            this.logger.warn("Failed to remove Api key for user={}", sSOSession.getId());
            throw ApplicationException.exception(PortalMessageID.REMOVE_APIKEY_FAILED.getMessage());
        }
        context.getResponseHandler().addRow(true);
    }

    public void changePwd(Context<?> context, ChangePwdCredential changePwdCredential) {
        ResponseHandler<?> responseHandler = context.getResponseHandler();
        AjaxContext ajaxContext = (AjaxContext) context;
        if (changePwdCredential == null) {
            this.logger.warn("Missing credential arg");
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getId())) {
            this.logger.warn("Missing credential id arg");
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getPwd()) && StringUtil.isEmpty(changePwdCredential.getToken())) {
            this.logger.warn("Missing credential token arg for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getNewPwd())) {
            this.logger.warn("Missing credential new pwd arg for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getNewPwdConf())) {
            this.logger.warn("Missing credential new pwd confirmation arg for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getKaptcha())) {
            this.logger.warn("Missing credential kaptcha for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (!changePwdCredential.getNewPwd().equals(changePwdCredential.getNewPwdConf())) {
            this.logger.warn("Password confirmation mismatch for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        String expectedKaptcha = getExpectedKaptcha(ajaxContext.getHttpServletRequest());
        if (StringUtil.isEmpty(expectedKaptcha)) {
            this.logger.warn("Missing generated kaptcha in session for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (!expectedKaptcha.equals(changePwdCredential.getKaptcha())) {
            this.logger.warn(String.format("Kaptchas mismatched for user=%s. Expected \"%s\" but got \"%s\"", changePwdCredential.getId(), expectedKaptcha, changePwdCredential.getKaptcha()));
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(changePwdCredential.toString());
        }
        User readUser = this.userInfoProvider.readUser(changePwdCredential.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user with id={}", changePwdCredential.getId());
            ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(readUser.getEmail())) {
            this.logger.warn("No email defined for user={}", changePwdCredential.getId());
            responseHandler.addMessage(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
            return;
        }
        if (StringUtil.isEmpty(changePwdCredential.getPwd())) {
            if (!changePwdCredential.getToken().equals(readUser.getPwd())) {
                this.logger.warn("Bad change pwd token for user={}", changePwdCredential.getId());
                throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
            }
        } else if (!CommonChecksumFunction.SHA512.validateChecksum(changePwdCredential.getPwd(), readUser.getPwd())) {
            this.logger.warn("Password do not match for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        readUser.setPwd(CommonChecksumFunction.SHA512.generateChecksum(changePwdCredential.getNewPwd()));
        readUser.setActive(true);
        readUser.setMissedLogin(0);
        if (this.userInfoProvider.updateUser(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
            this.logger.warn("Failed to save new password for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.CHANGE_PWD_FAILED.getMessage());
        }
        HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
        boolean z = session.getAttribute("forceSignin") != null;
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        if ((!z && cookie == null) || this.ssoManager.getSSOSession(cookie) == null) {
            if (isTwoStepsSignin(readUser.getFirmId(), ajaxContext)) {
                UserQuestions readUserQuestions = this.userInfoProvider.readUserQuestions(readUser.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
                if (readUser.isResetInProgress() || Strings.isNullOrEmpty(readUserQuestions.getQ1()) || Strings.isNullOrEmpty(readUserQuestions.getR1()) || Strings.isNullOrEmpty(readUserQuestions.getQ2()) || Strings.isNullOrEmpty(readUserQuestions.getR2()) || Strings.isNullOrEmpty(readUserQuestions.getQ3()) || Strings.isNullOrEmpty(readUserQuestions.getR3())) {
                    session.setAttribute("id", readUser.getId());
                    responseHandler.addMessage(PortalMessageID.QUESTIONS_SETUP_REQUIRED.getMessage());
                    return;
                }
            }
            cookie = createSSOSession(session, readUser, ajaxContext);
        }
        if (!z) {
            responseHandler.addMessage(PortalMessageID.CHANGE_PWD_SUCCESS.getMessage());
        } else if (cookie != null) {
            this.ssoManager.destroySSOSession(cookie);
        }
    }

    public void resetPwd(Context<?> context, ChangePwdCredential changePwdCredential) {
        ResponseHandler<?> responseHandler = context.getResponseHandler();
        AjaxContext ajaxContext = (AjaxContext) context;
        if (changePwdCredential == null) {
            this.logger.warn("Missing credential arg");
            throw ApplicationException.exception(PortalMessageID.RESET_PWD_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getId())) {
            this.logger.warn("Missing credential id arg");
            throw ApplicationException.exception(PortalMessageID.RESET_PWD_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getKaptcha())) {
            this.logger.warn("Missing credential kaptcha for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.RESET_PWD_FAILED.getMessage());
        }
        String expectedKaptcha = getExpectedKaptcha(ajaxContext.getHttpServletRequest());
        if (StringUtil.isEmpty(expectedKaptcha)) {
            this.logger.warn("Missing generated kaptcha in session for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.RESET_PWD_FAILED.getMessage());
        }
        if (!expectedKaptcha.equals(changePwdCredential.getKaptcha())) {
            this.logger.warn(String.format("Kaptchas mismatched for user=%s. Expected \"%s\" but got \"%s\"", changePwdCredential.getId(), expectedKaptcha, changePwdCredential.getKaptcha()));
            throw ApplicationException.exception(PortalMessageID.RESET_PWD_FAILED.getMessage());
        }
        this.userInfoProvider.resetLogin(changePwdCredential.getId(), getSSOUrl(ajaxContext.getHttpServletRequest()), true, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        if (cookie != null) {
            this.ssoManager.destroySSOSession(cookie);
        }
        responseHandler.addMessage(PortalMessageID.RESET_PWD_SUCCESS.getMessage());
    }

    protected String getExpectedKaptcha(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        String str = (String) session.getAttribute(Constants.KAPTCHA_SESSION_KEY);
        session.removeAttribute(Constants.KAPTCHA_SESSION_KEY);
        return str;
    }

    protected String getSSOUrl(HttpServletRequest httpServletRequest) {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String contextPath = httpServletRequest.getContextPath();
        return stringBuffer.substring(0, stringBuffer.indexOf(contextPath) + contextPath.length());
    }

    protected String getSSODomain(HttpServletRequest httpServletRequest) {
        return getDomainName(httpServletRequest);
    }

    public void activate(Context<?> context, ChangePwdCredential changePwdCredential) {
        ResponseHandler<?> responseHandler = context.getResponseHandler();
        AjaxContext ajaxContext = (AjaxContext) context;
        if (changePwdCredential == null) {
            this.logger.warn("Missing credential arg");
            throw ApplicationException.exception(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getId())) {
            this.logger.warn("Missing credential id arg");
            throw ApplicationException.exception(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getToken())) {
            this.logger.warn("Missing credential token for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(changePwdCredential.getKaptcha())) {
            this.logger.warn("Missing credential kaptcha for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
        }
        String expectedKaptcha = getExpectedKaptcha(ajaxContext.getHttpServletRequest());
        if (StringUtil.isEmpty(expectedKaptcha)) {
            this.logger.warn("Missing generated kaptcha in session for user={}", changePwdCredential.getId());
            throw ApplicationException.exception(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
        }
        if (!expectedKaptcha.equals(changePwdCredential.getKaptcha())) {
            this.logger.warn(String.format("Kaptchas mismatched for user=%s. Expected \"%s\" but got \"%s\"", changePwdCredential.getId(), expectedKaptcha, changePwdCredential.getKaptcha()));
            throw ApplicationException.exception(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(changePwdCredential.toString());
        }
        User readUser = this.userInfoProvider.readUser(changePwdCredential.getId(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user {}", changePwdCredential.getId());
            ApplicationException.exception(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(readUser.getEmail())) {
            this.logger.warn("No user defined for user={}", changePwdCredential.getId());
            responseHandler.addMessage(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
        } else {
            if (!changePwdCredential.getToken().equals(readUser.getPwd())) {
                this.logger.warn("Bad token provided for user={}", changePwdCredential.getId());
                responseHandler.addMessage(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
                return;
            }
            readUser.setActive(true);
            readUser.setResetInProgress(true);
            readUser.setMissedLogin(0);
            if (this.userInfoProvider.updateUser(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
                this.logger.warn("Failed to update user on activation for user={}", changePwdCredential.getId());
                throw ApplicationException.exception(PortalMessageID.ACTIVATE_ACCOUNT_FAILED.getMessage());
            }
        }
    }

    public void register(Context<?> context, UserRegistration userRegistration) {
        String domain = context.getRequest().getDomain();
        if (!isRegistrationAllowed(domain)) {
            this.logger.warn("Registration not allowed on domain={}", domain);
            throw ApplicationException.exception(PortalMessageID.REGISTRATION_FAILED.getMessage());
        }
        ResponseHandler<?> responseHandler = context.getResponseHandler();
        AjaxContext ajaxContext = (AjaxContext) context;
        if (userRegistration == null) {
            this.logger.warn("Missing user arg");
            throw ApplicationException.exception(PortalMessageID.REGISTRATION_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(userRegistration.getEmail())) {
            this.logger.warn("Missing user email arg");
            throw ApplicationException.exception(PortalMessageID.REGISTRATION_FAILED.getMessage());
        }
        if (!validateEmail(userRegistration.getEmail())) {
            this.logger.warn("Invalid user email={}", userRegistration.getEmail());
            throw ApplicationException.exception(CommonMessageID.INVALID_ARG.getMessage("email"));
        }
        if (StringUtil.isEmpty(userRegistration.getKaptcha())) {
            this.logger.warn("Missing kaptcha for user={}", userRegistration.getEmail());
            throw ApplicationException.exception(PortalMessageID.REGISTRATION_FAILED.getMessage());
        }
        String expectedKaptcha = getExpectedKaptcha(ajaxContext.getHttpServletRequest());
        if (StringUtil.isEmpty(expectedKaptcha)) {
            this.logger.warn("Missing generated kaptcha in session for user={}", userRegistration.getEmail());
            throw ApplicationException.exception(PortalMessageID.REGISTRATION_FAILED.getMessage());
        }
        if (!expectedKaptcha.equals(userRegistration.getKaptcha())) {
            this.logger.warn(String.format("Kaptchas mismatched for user=%s. Expected \"%s\" but got \"%s\"", userRegistration.getEmail(), expectedKaptcha, userRegistration.getKaptcha()));
            throw ApplicationException.exception(PortalMessageID.REGISTRATION_FAILED.getMessage());
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(userRegistration.toString());
        }
        if (this.userInfoProvider.readUser(userRegistration.getEmail(), ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())) != null) {
            this.logger.warn("User with email={} already registered!", userRegistration.getEmail());
            responseHandler.addMessage(PortalMessageID.REGISTRATION_FAILED.getMessage());
            return;
        }
        User user = new User();
        BeanUtils.copyProperties(userRegistration, user);
        user.setId(user.getEmail());
        user.setDisplayName(user.getFirstName() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + user.getLastName());
        user.setFirmId(2L);
        user.setLanguage("en");
        String generateChecksumWithTTL = CommonChecksumFunction.SHA256.generateChecksumWithTTL(System.currentTimeMillis() + "", 2L, TimeUnit.HOURS);
        user.setPwd(generateChecksumWithTTL);
        user.setActive(false);
        user.setResetInProgress(true);
        user.setMissedLogin(0);
        user.setAttribute("ip", ajaxContext.getHttpServletRequest().getRemoteAddr());
        user.setAttribute(ClientCookie.DOMAIN_ATTR, getDomainName(ajaxContext.getHttpServletRequest()));
        String header = ajaxContext.getHttpServletRequest().getHeader("User-Agent");
        if (header == null) {
            header = "";
        }
        user.setAttribute("userAgent", header);
        try {
            user.setAttribute("reverseLookup", InetAddress.getByName(ajaxContext.getHttpServletRequest().getRemoteAddr()).getCanonicalHostName());
        } catch (UnknownHostException e) {
        }
        if (this.userInfoProvider.insertUser(user, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
            this.logger.warn("Failed to register (create) user={}", userRegistration.getEmail());
            throw ApplicationException.exception(PortalMessageID.REGISTRATION_FAILED.getMessage());
        }
        String sSOUrl = getSSOUrl(ajaxContext.getHttpServletRequest());
        String str = ("Your login to the portal has been created as you requested.\n Please click on the link bellow and follow the instructions.\n\nVotre login au portail a été créé à votre demande.\n SVP cliquer sur le lien plus bas et suivre les instructions.\n\n") + sSOUrl + "/reset?t=" + generateChecksumWithTTL + "&id=" + user.getId();
        this.logger.info("Sending activation link via email for user={}\n{}", userRegistration.getEmail(), str);
        this.mailer.sendMail(user.getEmail(), "New user registered on " + sSOUrl, str, this.fromRecipient);
        this.mailer.sendMail(this.adminNotifEmails, "User registered", "User " + user.getEmail() + " has registered on " + sSOUrl + ". Please handle him with care.", this.fromRecipient);
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        if (cookie != null) {
            this.ssoManager.destroySSOSession(cookie);
        }
        responseHandler.addMessage(PortalMessageID.REGISTRATION_SUCCESS.getMessage());
    }

    public void setSsoManager(SSOManager sSOManager) {
        this.ssoManager = sSOManager;
    }

    public void setEmailRegEx(String str) {
        this.emailRegEx = str;
    }

    public void setMailer(IMailer iMailer) {
        this.mailer = iMailer;
    }

    public void signInS1(Context<Map<String, Object>> context, Credential credential) {
        if (credential == null) {
            this.logger.warn("Missing credential arg");
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(credential.getId())) {
            this.logger.warn("Missing credential id arg");
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (StringUtil.isEmpty(credential.getPwd())) {
            this.logger.warn("Missing credential pwd arg for user={}", credential.getId());
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(credential.toString());
        }
        String id = credential.getId();
        AjaxContext ajaxContext = (AjaxContext) context;
        ResponseHandler<Map<String, Object>> responseHandler = context.getResponseHandler();
        User readUser = this.userInfoProvider.readUser(id, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user {}", id);
            responseHandler.addMessage(AuthMessageID.LOGIN_FAILED.getMessage());
            return;
        }
        if (readUser.getMissedLogin() >= 3) {
            this.logger.warn("Missed logins >= 3 for user={}", id);
            throw ApplicationException.exception(PortalMessageID.LOGIN_FAILED.getMessage());
        }
        if (!readUser.isActive()) {
            this.logger.warn("Login not active for user={}", id);
            responseHandler.addMessage(PortalMessageID.LOGIN_FAILED.getMessage());
            return;
        }
        if (!CommonChecksumFunction.SHA512.validateChecksum(credential.getPwd(), readUser.getPwd())) {
            this.logger.warn("Password do not match for user={}", id);
            readUser.setMissedLogin(readUser.getMissedLogin() + 1);
            if (this.userInfoProvider.updateState(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() != null) {
                throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
            }
            this.logger.warn("Failed to lock login account after 3 unsuccessful login attempts for user={}", id);
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (!checkDomainAccess(readUser.getFirmId(), ajaxContext)) {
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
        session.setAttribute("id", credential.getId());
        session.setAttribute("signInStep", CustomBooleanEditor.VALUE_1);
        boolean isTwoStepsSignin = isTwoStepsSignin(readUser.getFirmId(), ajaxContext);
        HashMap hashMap = new HashMap();
        if (!isTwoStepsSignin) {
            this.logger.info("User's firm has disabled Challenge questions signin!");
            hashMap.put("twoStepsSignin", Boolean.FALSE);
            readUser.setLastLoginDate(new Date());
            readUser.setMissedLogin(0);
            readUser.setAttribute("ip", ajaxContext.getHttpServletRequest().getRemoteAddr());
            readUser.setAttribute(ClientCookie.DOMAIN_ATTR, getDomainName(ajaxContext.getHttpServletRequest()));
            String header = ajaxContext.getHttpServletRequest().getHeader("User-Agent");
            if (header == null) {
                header = "";
            }
            readUser.setAttribute("userAgent", header);
            try {
                readUser.setAttribute("reverseLookup", InetAddress.getByName(ajaxContext.getHttpServletRequest().getRemoteAddr()).getCanonicalHostName());
            } catch (UnknownHostException e) {
            }
            if (this.userInfoProvider.updateUser(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
                this.logger.warn("Failed to update last login date for user={}", id);
                throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
            }
            session.removeAttribute("id");
            session.removeAttribute("signInStep");
            SSOInfo createSSOSession = this.ssoManager.createSSOSession(id, readUser.getFirstName(), readUser.getLastName(), readUser.getDisplayName(), readUser.getEmail());
            String ssoId = createSSOSession.getSsoId();
            SSOHelper.setCookie(ajaxContext.getHttpServletResponse(), SSOConstants.SSO_SSO_ID, ssoId, -1, "/");
            session.setAttribute("id", createSSOSession.getId());
            session.setAttribute(SSOConstants.SSO_SSO_ID, ssoId);
            hashMap.put("ssoId", ssoId);
            responseHandler.addMessage(PortalMessageID.LOGIN_SUCCESS.getMessage());
        }
        responseHandler.addRow(hashMap);
    }

    public void checkCredential(Context<String> context, Credential credential) {
        if (credential == null) {
            this.logger.warn("Missing credential arg");
            throw ApplicationException.exception(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
        }
        if (StringUtil.isEmpty(credential.getPwd())) {
            this.logger.warn("Missing credential pwd arg for user={}", credential.getId());
            throw ApplicationException.exception(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(credential.toString());
        }
        AjaxContext ajaxContext = (AjaxContext) context;
        ResponseHandler<String> responseHandler = context.getResponseHandler();
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        if (cookie == null) {
            this.logger.warn("No sso session found!, ssoId={}", cookie);
            throw ApplicationException.exception(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
        }
        String id = this.ssoManager.getSSOSession(cookie).getId();
        User readUser = this.userInfoProvider.readUser(id, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user with id={}", id);
            responseHandler.addMessage(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
            return;
        }
        if (readUser.getMissedLogin() >= 3) {
            this.logger.warn("Missed logins >= 3 for user={}", id);
            throw ApplicationException.exception(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
        }
        if (!readUser.isActive()) {
            this.logger.warn("Login not active for user={}", id);
            responseHandler.addMessage(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
            return;
        }
        if (!CommonChecksumFunction.SHA512.validateChecksum(credential.getPwd(), readUser.getPwd())) {
            this.logger.warn("Password do not match for user={}", id);
            readUser.setMissedLogin(readUser.getMissedLogin() + 1);
            if (this.userInfoProvider.updateState(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() != null) {
                throw ApplicationException.exception(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
            }
            this.logger.warn("Failed to lock login account after 3 unsuccessful login attempts for user={}", id);
            throw ApplicationException.exception(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
        }
        if (!checkDomainAccess(readUser.getFirmId(), ajaxContext)) {
            throw ApplicationException.exception(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
        }
        readUser.setLastLoginDate(new Date());
        readUser.setMissedLogin(0);
        readUser.setAttribute("ip", ajaxContext.getHttpServletRequest().getRemoteAddr());
        readUser.setAttribute(ClientCookie.DOMAIN_ATTR, getDomainName(ajaxContext.getHttpServletRequest()));
        String header = ajaxContext.getHttpServletRequest().getHeader("User-Agent");
        if (header == null) {
            header = "";
        }
        readUser.setAttribute("userAgent", header);
        try {
            readUser.setAttribute("reverseLookup", InetAddress.getByName(ajaxContext.getHttpServletRequest().getRemoteAddr()).getCanonicalHostName());
        } catch (UnknownHostException e) {
        }
        if (this.userInfoProvider.updateUser(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
            this.logger.warn("Failed to update last login date for user={}", id);
            throw ApplicationException.exception(AuthMessageID.AUTH_FAILED.getMessage().setSysId("sso"));
        }
        responseHandler.addMessage(AuthMessageID.AUTH_SUCCESS.getMessage().setSysId("sso"));
        responseHandler.addRow(this.ssoManager.createTicket(cookie));
    }

    protected boolean isTwoStepsSignin(long j, AjaxContext ajaxContext) {
        boolean z = true;
        Firm readFirm = this.userInfoProvider.readFirm(j, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readFirm == null) {
            this.logger.warn("Firm (firmId={}) not found or there is permission problem!", Long.valueOf(j));
        } else if (readFirm.getAttribute("twoStepsSignin") != null) {
            z = ((Boolean) readFirm.getAttribute("twoStepsSignin")).booleanValue();
            if (!z) {
                this.logger.info("Firm {} has disabled signin challenge questions!", readFirm.getFirmName());
            }
        }
        return z;
    }

    protected boolean checkDomainAccess(long j, AjaxContext ajaxContext) {
        String sSODomain = getSSODomain(ajaxContext.getHttpServletRequest());
        Firm readFirm = this.userInfoProvider.readFirm(j, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readFirm == null) {
            this.logger.warn("Firm (firmId={}) not found or there is permission problem!", Long.valueOf(j));
            return false;
        }
        if (readFirm.getAttribute("allowedDomains") == null) {
            this.logger.warn("Firm {} has no allowedDomains settings! Allowing access from domain {}", readFirm.getFirmName(), sSODomain);
            return true;
        }
        String str = (String) readFirm.getAttribute("allowedDomains");
        if (Strings.isNullOrEmpty(str)) {
            this.logger.warn("Firm {} has not allowedDomains settings!", readFirm.getFirmName());
            this.logger.warn("Firm {} has no allowedDomains settings! Allowing access from domain {}", readFirm.getFirmName(), sSODomain);
            return true;
        }
        for (String str2 : str.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)) {
            if (str2.equals("*") || sSODomain.equalsIgnoreCase(str2)) {
                this.logger.info("Firm {} allowed access from domain {}", readFirm.getFirmName(), str2);
                return true;
            }
        }
        this.logger.warn("Firm {} is not allowed access from domain {}. Should use {}", new Object[]{readFirm.getFirmName(), sSODomain, str});
        return false;
    }

    protected boolean sqSetupRequired(UserQuestions userQuestions) {
        return Strings.isNullOrEmpty(userQuestions.getQ1()) || Strings.isNullOrEmpty(userQuestions.getR1()) || Strings.isNullOrEmpty(userQuestions.getQ2()) || Strings.isNullOrEmpty(userQuestions.getR2()) || Strings.isNullOrEmpty(userQuestions.getQ3()) || Strings.isNullOrEmpty(userQuestions.getR3());
    }

    protected boolean sqSetupRequired(User user) {
        return Strings.isNullOrEmpty(user.getQ1()) || Strings.isNullOrEmpty(user.getR1()) || Strings.isNullOrEmpty(user.getQ2()) || Strings.isNullOrEmpty(user.getR2()) || Strings.isNullOrEmpty(user.getQ3()) || Strings.isNullOrEmpty(user.getR3());
    }

    public void getS2Info(Context<String> context) {
        AjaxContext ajaxContext = (AjaxContext) context;
        HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
        String str = (String) session.getAttribute("id");
        String str2 = (String) session.getAttribute("signInStep");
        if (Strings.isNullOrEmpty(str)) {
            this.logger.warn("Missing id in session (missing signin step1).");
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (Strings.isNullOrEmpty(str2)) {
            this.logger.warn("Missing step in session (missing signin step1).");
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (!str2.equals(CustomBooleanEditor.VALUE_1)) {
            this.logger.warn("bad signIn step in session (bad signin step1).");
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        ResponseHandler<String> responseHandler = context.getResponseHandler();
        UserQuestions readUserQuestions = this.userInfoProvider.readUserQuestions(str, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUserQuestions == null) {
            this.logger.warn("Unknown user with id={}", str);
            responseHandler.addMessage(AuthMessageID.LOGIN_FAILED.getMessage());
            return;
        }
        if (sqSetupRequired(readUserQuestions)) {
            responseHandler.addMessage(PortalMessageID.QUESTIONS_SETUP_REQUIRED.getMessage());
            return;
        }
        User readUser = this.userInfoProvider.readUser(str, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user with id={}", str);
            responseHandler.addMessage(AuthMessageID.LOGIN_FAILED.getMessage());
        } else {
            if (readUser.isResetInProgress()) {
                responseHandler.addMessage(PortalMessageID.QUESTIONS_SETUP_REQUIRED.getMessage());
                return;
            }
            String q1 = readUserQuestions.getLastQ() <= 1 ? readUserQuestions.getQ1() : readUserQuestions.getLastQ() == 2 ? readUserQuestions.getQ2() : readUserQuestions.getQ3();
            if (Strings.isNullOrEmpty(q1)) {
                this.logger.warn("Next question to ask is empty/null for user={}", str);
                throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
            }
            responseHandler.addRow(q1);
            responseHandler.addRow(readUserQuestions.getAvatar());
        }
    }

    public void signInS2(Context<String> context, QR qr) {
        String r3;
        int i;
        AjaxContext ajaxContext = (AjaxContext) context;
        if (qr == null) {
            this.logger.warn("Missing qr arg");
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
        String str = (String) session.getAttribute("id");
        String str2 = (String) session.getAttribute("signInStep");
        if (Strings.isNullOrEmpty(str)) {
            this.logger.warn("Missing id in session (missing signin step1).");
            throw ApplicationException.exception(PortalMessageID.LOGIN_TIMEOUT.getMessage());
        }
        if (Strings.isNullOrEmpty(str2)) {
            this.logger.warn("Missing step in session (missing signin step1).");
            throw ApplicationException.exception(PortalMessageID.LOGIN_TIMEOUT.getMessage());
        }
        if (!str2.equals(CustomBooleanEditor.VALUE_1)) {
            this.logger.warn("bad signIn step in session (bad signin step1).");
            throw ApplicationException.exception(PortalMessageID.LOGIN_TIMEOUT.getMessage());
        }
        String q = qr.getQ();
        if (StringUtil.isEmpty(q)) {
            this.logger.warn("Missing question arg for user={}", str);
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        String r = qr.getR();
        if (StringUtil.isEmpty(r)) {
            this.logger.warn("Missing response arg for user={}", str);
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        UserQuestions readUserQuestions = this.userInfoProvider.readUserQuestions(str, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        User readUser = this.userInfoProvider.readUser(str, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user with id={}", str);
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (readUser.getMissedLogin() >= 3) {
            this.logger.warn("Missed logins >= 3 for user={}", str);
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (!checkDomainAccess(readUser.getFirmId(), ajaxContext)) {
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (!Strings.isNullOrEmpty(readUserQuestions.getQ1()) && readUserQuestions.getQ1().equals(q)) {
            r3 = readUserQuestions.getR1();
            i = 2;
        } else if (!Strings.isNullOrEmpty(readUserQuestions.getQ2()) && readUserQuestions.getQ2().equals(q)) {
            r3 = readUserQuestions.getR2();
            i = 3;
        } else {
            if (Strings.isNullOrEmpty(readUserQuestions.getQ3()) || !readUserQuestions.getQ3().equals(q)) {
                this.logger.warn("Unknown question provided for user={}, question={}", str, q);
                throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
            }
            r3 = readUserQuestions.getR3();
            i = 1;
        }
        if (Strings.isNullOrEmpty(r3)) {
            this.logger.warn("No answer found in DB for user={}.", str);
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        boolean z = true;
        if (!CommonChecksumFunction.SHA512.validateChecksum(r, r3)) {
            z = false;
            this.logger.warn("Answer do not match for user={}", str);
            readUser.setMissedLogin(readUser.getMissedLogin() + 1);
            UserKey updateState = this.userInfoProvider.updateState(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
            if (updateState.getId() == null) {
                this.logger.warn("Failed to lock login account after 3 unsuccessful login attempts for user={}", str);
                throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
            }
            if (readUser.getMissedLogin() >= 3) {
                String property = System.getProperty("env");
                this.mailer.sendMail(this.adminNotifEmails, readUser.getEmail() + " locked his login|Portal|" + property, readUser.getEmail() + " locked his login in Portal in the " + property + " environment!", this.fromRecipient);
            }
            readUser.setRevNo(updateState.getRevNo());
        }
        if (z) {
            readUser.setLastLoginDate(new Date());
            readUser.setMissedLogin(0);
        }
        readUser.setLastQ(i);
        readUser.setAttribute("ip", ajaxContext.getHttpServletRequest().getRemoteAddr());
        readUser.setAttribute(ClientCookie.DOMAIN_ATTR, getDomainName(ajaxContext.getHttpServletRequest()));
        String header = ajaxContext.getHttpServletRequest().getHeader("User-Agent");
        if (header == null) {
            header = "";
        }
        readUser.setAttribute("userAgent", header);
        try {
            readUser.setAttribute("reverseLookup", InetAddress.getByName(ajaxContext.getHttpServletRequest().getRemoteAddr()).getCanonicalHostName());
        } catch (UnknownHostException e) {
        }
        if (this.userInfoProvider.updateUser(readUser, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
            this.logger.warn("Failed to update last login date for user={}", str);
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (!z) {
            throw ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        String createSSOSession = createSSOSession(session, readUser, ajaxContext);
        ResponseHandler<String> responseHandler = context.getResponseHandler();
        responseHandler.addRow(createSSOSession);
        responseHandler.addMessage(PortalMessageID.LOGIN_SUCCESS.getMessage());
    }

    protected String createSSOSession(HttpSession httpSession, User user, AjaxContext ajaxContext) {
        httpSession.removeAttribute("id");
        httpSession.removeAttribute("signInStep");
        if (!checkDomainAccess(user.getFirmId(), ajaxContext)) {
            throw ApplicationException.exception(CommonMessageID.SERVICE_FAILURE.getMessage());
        }
        SSOInfo createSSOSession = this.ssoManager.createSSOSession(user.getId(), user.getFirstName(), user.getLastName(), user.getDisplayName(), user.getEmail());
        String ssoId = createSSOSession.getSsoId();
        SSOHelper.setCookie(ajaxContext.getHttpServletResponse(), SSOConstants.SSO_SSO_ID, ssoId, -1, "/");
        httpSession.setAttribute("id", createSSOSession.getId());
        httpSession.setAttribute(SSOConstants.SSO_SSO_ID, ssoId);
        return ssoId;
    }

    protected boolean hasSession(HttpServletRequest httpServletRequest) {
        return this.ssoManager.getSSOSession(SSOHelper.getCookie(httpServletRequest, SSOConstants.SSO_SSO_ID)) != null;
    }

    protected void assertSession(HttpServletRequest httpServletRequest) {
        if (hasSession(httpServletRequest)) {
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        String str = null;
        if (session != null) {
            str = (String) session.getAttribute("id");
        }
        this.logger.warn("User has no session! userId=" + str);
        throw ApplicationException.exception(CommonMessageID.SERVICE_FAILURE.getMessage());
    }

    public void setQRs(Context<?> context, UserQuestions userQuestions) {
        AjaxContext ajaxContext = (AjaxContext) context;
        if (userQuestions == null) {
            this.logger.warn("Missing QRs arg");
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage());
        }
        HttpSession session = ajaxContext.getHttpServletRequest().getSession(true);
        String str = (String) session.getAttribute("id");
        if (Strings.isNullOrEmpty(str)) {
            this.logger.warn("Missing id in session (missing signin step1).");
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage());
        }
        User readUser = this.userInfoProvider.readUser(str, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        if (readUser == null) {
            this.logger.warn("Unknown user with id={}", str);
            ApplicationException.exception(AuthMessageID.LOGIN_FAILED.getMessage());
        }
        if (!readUser.isResetInProgress() && !sqSetupRequired(readUser)) {
            assertSession(ajaxContext.getHttpServletRequest());
        }
        if (StringUtil.isEmpty(userQuestions.getQ1())) {
            this.logger.warn("Missing question 1 arg for user={}", userQuestions.getId());
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage());
        }
        if (StringUtil.isEmpty(userQuestions.getR1())) {
            this.logger.warn("Missing response 1 arg for user={}", userQuestions.getId());
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage());
        }
        if (StringUtil.isEmpty(userQuestions.getQ2())) {
            this.logger.warn("Missing question 2 arg for user={}", userQuestions.getId());
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage());
        }
        if (StringUtil.isEmpty(userQuestions.getR2())) {
            this.logger.warn("Missing response 2 arg for user={}", userQuestions.getId());
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage());
        }
        if (StringUtil.isEmpty(userQuestions.getQ3())) {
            this.logger.warn("Missing question 3 arg for user={}", userQuestions.getId());
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage());
        }
        if (StringUtil.isEmpty(userQuestions.getR3())) {
            this.logger.warn("Missing response 3 arg for user={}", userQuestions.getId());
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage());
        }
        if (userQuestions.getQ1().equalsIgnoreCase(userQuestions.getQ2()) || userQuestions.getQ1().equalsIgnoreCase(userQuestions.getQ3()) || userQuestions.getQ2().equalsIgnoreCase(userQuestions.getQ3())) {
            this.logger.warn("Questions must be differents for user={}", userQuestions.getId());
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_NOT_UNIQUES.getMessage());
        }
        if (StringUtil.isEmpty(userQuestions.getAvatar())) {
            this.logger.warn("Missing avatar arg for user={}", userQuestions.getId());
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_MISSING_INFO.getMessage("avatar"));
        }
        userQuestions.setRevNo(readUser.getRevNo());
        userQuestions.setId(str);
        userQuestions.setR1(CommonChecksumFunction.SHA512.generateChecksum(userQuestions.getR1()));
        userQuestions.setR2(CommonChecksumFunction.SHA512.generateChecksum(userQuestions.getR2()));
        userQuestions.setR3(CommonChecksumFunction.SHA512.generateChecksum(userQuestions.getR3()));
        if (this.userInfoProvider.updateQuestions(userQuestions, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
            this.logger.warn("Failed to set questions for user={}", str);
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_FAILED.getMessage());
        }
        User readUser2 = this.userInfoProvider.readUser(str, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest()));
        readUser2.setMissedLogin(0);
        readUser2.setResetInProgress(false);
        if (this.userInfoProvider.updateUser(readUser2, ajaxContext.getRequest().getSessionId(), ajaxContext.getRequest().getReqId(), ajaxContext.getRequest().getLang(), getDomainName(ajaxContext.getHttpServletRequest())).getId() == null) {
            this.logger.warn("Failed to reset login user={}", str);
            throw ApplicationException.exception(PortalMessageID.QUESTIONS_SETUP_FAILED.getMessage());
        }
        String cookie = SSOHelper.getCookie(ajaxContext.getHttpServletRequest(), SSOConstants.SSO_SSO_ID);
        if (cookie == null || this.ssoManager.getSSOSession(cookie) == null) {
            createSSOSession(session, readUser2, ajaxContext);
        }
    }

    protected String getDomainName(HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders("host");
        String str = null;
        if (headers != null && headers.hasMoreElements()) {
            str = (String) headers.nextElement();
        }
        if (Strings.isNullOrEmpty(str)) {
            str = httpServletRequest.getServerName();
        }
        return str;
    }

    public void setAdminNotifEmails(String str) {
        this.adminNotifEmails = str;
    }

    public void setFromRecipient(String str) {
        this.fromRecipient = str;
    }

    public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
        this.userInfoProvider = userInfoProvider;
    }

    public void setAuthInfoProvider(AuthInfoProvider authInfoProvider) {
        this.authInfoProvider = authInfoProvider;
    }

    public String getRegistrationDisabledDomains() {
        return this.registrationDisabledDomains;
    }

    public void setRegistrationDisabledDomains(String str) {
        this.registrationDisabledDomains = str;
    }
}
