package fish.focus.uvms.usm.authentication.service.impl;

import fish.focus.uvms.usm.authentication.domain.AuthenticationQuery;
import fish.focus.uvms.usm.authentication.domain.AuthenticationRequest;
import fish.focus.uvms.usm.authentication.domain.AuthenticationResponse;
import fish.focus.uvms.usm.authentication.domain.ChallengeResponse;
import fish.focus.uvms.usm.authentication.service.AuthenticationService;
import fish.focus.uvms.usm.policy.service.impl.PolicyProvider;
import fish.focus.uvms.usm.service.impl.RequestValidator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Random;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.enterprise.event.Event;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@TransactionAttribute(TransactionAttributeType.SUPPORTS)
@Stateless
/* loaded from: input_file:WEB-INF/lib/Authentication-Service-2.2.14.jar:fish/focus/uvms/usm/authentication/service/impl/AuthenticationServiceBean.class */
public class AuthenticationServiceBean implements AuthenticationService {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationServiceBean.class);
    private static final String AUTHENTICATION_SUBJECT = "Authentication";
    private static final String RENEWAL_REMINDER = "password.renewalReminder";
    private static final String LOCKOUT_DURATION = "account.lockoutDuration";
    private static final String LOCKOUT_FRESHOLD = "account.lockoutFreshold";
    private static final String LDAP_ENABLED = "ldap.enabled";
    private static final long ONE_MINUTE = 60000;
    private static final long ONE_DAY = 86400000;
    private static final String LOCKED = "L";
    private static final String DISABLED = "D";
    private static final String ENABLED = "E";

    @EJB
    private AuthenticationDao dao;

    @EJB
    private PolicyProvider policyProvider;

    @Inject
    private RequestValidator validator;

    @Inject
    @CreateLdapUser
    private Event<CreateLdapUserEvent> ldapUserEventEvent;

    @Override // fish.focus.uvms.usm.authentication.service.AuthenticationService
    public boolean isLDAPEnabled() {
        LOGGER.debug("isLDAPEnabled() - (ENTER)");
        boolean parseBoolean = Boolean.parseBoolean(this.policyProvider.getProperties(AUTHENTICATION_SUBJECT).getProperty(LDAP_ENABLED, "false"));
        LOGGER.debug("isLDAPEnabled() - (LEAVE): " + parseBoolean);
        return parseBoolean;
    }

    @Override // fish.focus.uvms.usm.authentication.service.AuthenticationService
    public boolean isPasswordExpired(String str) {
        LOGGER.debug("isPasswordExpired() - (ENTER)");
        boolean z = false;
        this.dao.recordLoginSuccess(str);
        Date date = new Date();
        Date passwordExpiry = this.dao.getPasswordExpiry(str);
        if (passwordExpiry != null && passwordExpiry.before(date)) {
            z = true;
        }
        LOGGER.debug("isPasswordExpired() - (LEAVE)");
        return z;
    }

    @Override // fish.focus.uvms.usm.authentication.service.AuthenticationService
    public boolean isPasswordAboutToExpire(String str) {
        LOGGER.debug("isPasswordAboutToExpire() - (ENTER)");
        boolean z = false;
        this.dao.recordLoginSuccess(str);
        Date date = new Date();
        Date passwordExpiry = this.dao.getPasswordExpiry(str);
        if (passwordExpiry != null) {
            int intProperty = this.policyProvider.getIntProperty(this.policyProvider.getProperties(AUTHENTICATION_SUBJECT), RENEWAL_REMINDER, 0);
            if (intProperty != 0 && new Date(passwordExpiry.getTime() - (intProperty * ONE_DAY)).before(date)) {
                z = true;
            }
        }
        LOGGER.debug("isPasswordAboutToExpire() - (LEAVE)");
        return z;
    }

    @Override // fish.focus.uvms.usm.authentication.service.AuthenticationService
    public AuthenticationResponse authenticateUser(AuthenticationRequest authenticationRequest) {
        LOGGER.debug("authenticateUser(" + authenticationRequest + ") - (ENTER)");
        this.validator.assertValid(authenticationRequest);
        AuthenticationResponse authenticateLdap = isLDAPEnabled() ? authenticateLdap(authenticationRequest) : authenticateLocal(authenticationRequest);
        if (!authenticateLdap.isAuthenticated()) {
            handleLoginFailure(authenticationRequest.getUserName());
            LOGGER.debug("authenticateUser() - (LEAVE): " + authenticateLdap);
            return authenticateLdap;
        }
        Date date = new Date();
        Date handleLoginSuccess = handleLoginSuccess(authenticateLdap.getUserMap(), authenticationRequest.getUserName());
        if (handleLoginSuccess != null) {
            if (handleLoginSuccess.before(date)) {
                authenticateLdap.setStatusCode(AuthenticationResponse.PASSWORD_EXPIRED);
            } else {
                int intProperty = this.policyProvider.getIntProperty(this.policyProvider.getProperties(AUTHENTICATION_SUBJECT), RENEWAL_REMINDER, 0);
                if (intProperty != 0 && new Date(handleLoginSuccess.getTime() - (intProperty * ONE_DAY)).before(date)) {
                    authenticateLdap.setStatusCode(AuthenticationResponse.MUST_CHANGE_PASSWORD);
                }
            }
        }
        LOGGER.debug("authenticateUser() - (LEAVE): " + authenticateLdap);
        return authenticateLdap;
    }

    @Override // fish.focus.uvms.usm.authentication.service.AuthenticationService
    public ChallengeResponse getUserChallenge(AuthenticationQuery authenticationQuery) {
        LOGGER.debug("getUserChallenge(" + authenticationQuery + ") - (ENTER)");
        this.validator.assertValid(authenticationQuery);
        ChallengeResponse challengeResponse = null;
        try {
            List<ChallengeResponse> userChallenges = this.dao.getUserChallenges(authenticationQuery.getUserName());
            if (userChallenges != null && !userChallenges.isEmpty()) {
                challengeResponse = userChallenges.get(new Random().nextInt(userChallenges.size()));
            }
            LOGGER.debug("getUserChallenge() - (LEAVE): " + challengeResponse);
            return challengeResponse;
        } catch (Exception e) {
            throw new RuntimeException("Problem: " + e.getMessage(), e);
        }
    }

    @Override // fish.focus.uvms.usm.authentication.service.AuthenticationService
    public AuthenticationResponse authenticateUser(ChallengeResponse challengeResponse) {
        LOGGER.debug("authenticateUser(" + challengeResponse + ") - (ENTER)");
        this.validator.assertValid(challengeResponse);
        AuthenticationResponse authenticationResponse = new AuthenticationResponse();
        try {
            authenticationResponse.setAuthenticated(this.dao.getActiveUserId(challengeResponse) != null);
            if (authenticationResponse.isAuthenticated()) {
                authenticationResponse.setStatusCode(0);
            } else {
                authenticationResponse.setStatusCode(49);
            }
        } catch (Exception e) {
            LOGGER.error("Problem: " + e.getMessage(), e);
            authenticationResponse.setStatusCode(1);
        }
        LOGGER.debug("authenticateUser(" + challengeResponse.getUserName() + ") - (LEAVE): " + authenticationResponse);
        return authenticationResponse;
    }

    private AuthenticationResponse authenticateLocal(AuthenticationRequest authenticationRequest) {
        LOGGER.debug("authenticateLocal(" + authenticationRequest + ") - (ENTER)");
        AuthenticationResponse createResponse = createResponse();
        try {
            Long activeUserId = this.dao.getActiveUserId(authenticationRequest.getUserName(), hashPassword(authenticationRequest.getPassword()));
            String lockoutReason = this.dao.getLockoutReason(authenticationRequest.getUserName());
            if (activeUserId != null) {
                createResponse.setAuthenticated(true);
                createResponse.setStatusCode(0);
            } else {
                String userStatus = this.dao.getUserStatus(authenticationRequest.getUserName());
                if (ENABLED.equals(userStatus)) {
                    createResponse.setStatusCode(49);
                } else if (userStatus == null) {
                    createResponse.setStatusCode(49);
                } else if (DISABLED.equals(userStatus)) {
                    createResponse.setStatusCode(AuthenticationResponse.ACCOUNT_DISABLED);
                } else if (LOCKED.equals(userStatus)) {
                    createResponse.setStatusCode(AuthenticationResponse.ACCOUNT_LOCKED);
                    createResponse.setErrorDescription(lockoutReason);
                } else {
                    createResponse.setStatusCode(80);
                }
            }
        } catch (Exception e) {
            LOGGER.error("Problem: " + e.getMessage(), e);
            createResponse.setStatusCode(1);
        }
        LOGGER.debug("authenticateLocal() - (LEAVE): " + createResponse);
        return createResponse;
    }

    private AuthenticationResponse authenticateLdap(AuthenticationRequest authenticationRequest) {
        LOGGER.debug("authenticateLdap(" + authenticationRequest + ") - (ENTER)");
        AuthenticationResponse createResponse = createResponse();
        String userName = authenticationRequest.getUserName();
        Map<String, Object> authenticate = new LDAP(this.policyProvider.getProperties(AUTHENTICATION_SUBJECT)).authenticate(userName, authenticationRequest.getPassword());
        LOGGER.debug("ldap.authenticate: " + authenticate);
        if (authenticate == null) {
            LOGGER.debug("authenticateLdap() - (LEAVE): " + createResponse);
            return createResponse;
        }
        if (hasLdapError(authenticate)) {
            createResponse.setStatusCode(((Integer) authenticate.get(LDAP.STATUS_CODE)).intValue());
            LOGGER.debug("authenticateLdap() - (LEAVE): " + createResponse);
            return createResponse;
        }
        if (userDoesNotExistInDatabase(userName)) {
            createUserInDatabaseFromLdap(userName);
        }
        if (personDoesNotExistInDatabase(userName)) {
            createPersonInDatabaseFromLdap(userName, authenticate);
        }
        String userStatus = this.dao.getUserStatus(userName);
        if (ENABLED.equals(userStatus)) {
            createResponse.setAuthenticated(true);
            createResponse.setUserMap(authenticate);
            createResponse.setStatusCode(0);
        } else if (DISABLED.equals(userStatus)) {
            createResponse.setStatusCode(AuthenticationResponse.ACCOUNT_DISABLED);
        } else if (LOCKED.equals(userStatus)) {
            createResponse.setStatusCode(AuthenticationResponse.ACCOUNT_LOCKED);
        } else {
            createResponse.setStatusCode(80);
        }
        LOGGER.debug("authenticateLdap() - (LEAVE): " + createResponse);
        return createResponse;
    }

    private boolean hasLdapError(Map<String, Object> map) {
        return map.get(LDAP.STATUS_CODE) != null;
    }

    private AuthenticationResponse createResponse() {
        AuthenticationResponse authenticationResponse = new AuthenticationResponse();
        authenticationResponse.setAuthenticated(false);
        authenticationResponse.setStatusCode(49);
        return authenticationResponse;
    }

    private String hashPassword(String str) throws NoSuchAlgorithmException {
        if (str == null) {
            return null;
        }
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(str.getBytes());
        byte[] digest = messageDigest.digest();
        StringBuilder sb = new StringBuilder();
        for (byte b : digest) {
            sb.append(Integer.toString((b & 255) + 256, 16).substring(1));
        }
        return sb.toString();
    }

    private Date handleLoginSuccess(Map<String, Object> map, String str) {
        LOGGER.debug("handleLoginSuccess(" + str + ") - (ENTER)");
        this.dao.recordLoginSuccess(str);
        Date passwordExpiry = this.dao.getPasswordExpiry(str);
        if (!isLDAPEnabled() || map == null || map.isEmpty()) {
            LOGGER.debug("No handle sync with LDAP need");
        } else {
            handleSyncWithLDAP(map, str);
        }
        LOGGER.debug("handleLoginSuccess() - (LEAVE)");
        return passwordExpiry;
    }

    private void handleSyncWithLDAP(Map<String, Object> map, String str) {
        int personId = this.dao.getPersonId(str);
        if (personId == 0) {
            this.dao.createPersonForUser(map, str);
        } else {
            this.dao.syncPerson(map, personId);
        }
    }

    private boolean personDoesNotExistInDatabase(String str) {
        return this.dao.getPersonId(str) == 0;
    }

    private void createPersonInDatabaseFromLdap(String str, Map<String, Object> map) {
        this.dao.createPersonForUser(map, str);
    }

    private boolean userDoesNotExistInDatabase(String str) {
        return this.dao.getUserStatus(str) == null;
    }

    private void createUserInDatabaseFromLdap(String str) {
        CreateLdapUserEvent createLdapUserEvent = new CreateLdapUserEvent();
        createLdapUserEvent.username = str;
        this.ldapUserEventEvent.fire(createLdapUserEvent);
    }

    private void handleLoginFailure(String str) {
        LOGGER.debug("handleLoginFailure(" + str + ") - (ENTER)");
        this.dao.recordLoginFailure(str);
        Properties properties = this.policyProvider.getProperties(AUTHENTICATION_SUBJECT);
        int intProperty = this.policyProvider.getIntProperty(properties, LOCKOUT_FRESHOLD, 0);
        int intProperty2 = this.policyProvider.getIntProperty(properties, LOCKOUT_DURATION, 0);
        if (intProperty != 0 && intProperty2 != 0 && this.dao.getLoginFailures(str) >= intProperty) {
            this.dao.lockUser(str, new Date(System.currentTimeMillis() + (intProperty2 * ONE_MINUTE)));
        }
        LOGGER.debug("handleLoginFailure() - (LEAVE)");
    }
}
