package org.iplass.gem.command.auth;

import org.iplass.gem.command.Constants;
import org.iplass.gem.command.GemResourceBundleUtil;
import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.ManagerLocator;
import org.iplass.mtp.SystemException;
import org.iplass.mtp.auth.AuthManager;
import org.iplass.mtp.auth.login.CredentialUpdateException;
import org.iplass.mtp.auth.login.IdPasswordCredential;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.CommandConfig;
import org.iplass.mtp.command.annotation.action.ActionMapping;
import org.iplass.mtp.command.annotation.action.Result;
import org.iplass.mtp.impl.core.ExecuteContext;
import org.iplass.mtp.impl.web.WebUtil;
import org.iplass.mtp.impl.web.token.TokenStore;
import org.iplass.mtp.web.actionmapping.definition.HttpMethodType;
import org.iplass.mtp.web.template.TemplateUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ActionMapping(name = UpdateExpirePasswordCommand.ACTION_UPDATE_EXP_PASSWORD, allowMethod = {HttpMethodType.POST}, clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, privilaged = true, command = {@CommandConfig("cmd.checkLoginToken=true")}, result = {@Result(status = Constants.CMD_EXEC_SUCCESS, type = Result.Type.REDIRECT, value = AuthCommandConstants.RESULT_REDIRECT_PATH), @Result(status = Constants.CMD_EXEC_ERROR, type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_PASSWORD_EXPIRE, templateName = "gem/auth/Expire"), @Result(status = "TOKEN_ERROR", type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_LOGIN, templateName = "gem/auth/Login")})
@CommandClass(name = "gem/auth/UpdateExpirePasswordCommand", displayName = "有効期限切れパスワード更新")
/* loaded from: input_file:org/iplass/gem/command/auth/UpdateExpirePasswordCommand.class */
public final class UpdateExpirePasswordCommand implements Command, AuthCommandConstants {
    private static Logger logger = LoggerFactory.getLogger(UpdateExpirePasswordCommand.class);
    public static final String ACTION_UPDATE_EXP_PASSWORD = "gem/auth/expiredpassword/update";
    private boolean checkLoginToken;
    private AuthManager am = ManagerLocator.getInstance().getManager(AuthManager.class);

    public boolean isCheckLoginToken() {
        return this.checkLoginToken;
    }

    public void setCheckLoginToken(boolean z) {
        this.checkLoginToken = z;
    }

    public String execute(RequestContext requestContext) {
        TokenStore tokenStore;
        if (this.checkLoginToken && ((tokenStore = TokenStore.getTokenStore(requestContext.getSession())) == null || !tokenStore.isValid(requestContext.getParam("_t"), true))) {
            return "TOKEN_ERROR";
        }
        CredentialExpiredState credentialExpiredState = (CredentialExpiredState) requestContext.getSession().getAttribute(AuthCommandConstants.SESSION_CREDENTIAL_EXPIRE_STATE);
        if (credentialExpiredState == null) {
            throw new SystemException("CredentialExpiredState is null");
        }
        String param = requestContext.getParam(AuthCommandConstants.PARAM_PASSWORD);
        String param2 = requestContext.getParam(AuthCommandConstants.PARAM_NEW_PASSWORD);
        if (!checkSame(param2, requestContext.getParam(AuthCommandConstants.PARAM_CONFIRM_PASSWORD))) {
            requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, new ApplicationException(resourceString("command.auth.UpdatePasswordCommand.notMatch", new Object[0])));
            return Constants.CMD_EXEC_ERROR;
        }
        if (!checkNotSame(param, param2)) {
            requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, new ApplicationException(resourceString("command.auth.UpdatePasswordCommand.notSame", new Object[0])));
            return Constants.CMD_EXEC_ERROR;
        }
        IdPasswordCredential idPasswordCredential = new IdPasswordCredential(credentialExpiredState.getId(), param);
        IdPasswordCredential idPasswordCredential2 = new IdPasswordCredential(credentialExpiredState.getId(), param2);
        try {
            this.am.updateCredential(idPasswordCredential, idPasswordCredential2, credentialExpiredState.getPolicyName());
            if (credentialExpiredState.isRememberMe()) {
                idPasswordCredential2.setAuthenticationFactor(AuthCommandConstants.PARAM_REMEMBER_ME, Boolean.TRUE);
            }
            this.am.login(idPasswordCredential2);
            String redirectPath = credentialExpiredState.getRedirectPath();
            if (LoginCommand.checkRedirectPath(redirectPath)) {
                requestContext.setAttribute(AuthCommandConstants.RESULT_REDIRECT_PATH, redirectPath);
                return Constants.CMD_EXEC_SUCCESS;
            }
            String homeUrl = WebUtil.getTenantWebInfo(ExecuteContext.getCurrentContext().getCurrentTenant()).getHomeUrl();
            if (homeUrl == null || homeUrl.length() == 0) {
                requestContext.setAttribute(AuthCommandConstants.RESULT_REDIRECT_PATH, TemplateUtil.getTenantContextPath() + "/gem/");
                return Constants.CMD_EXEC_SUCCESS;
            }
            requestContext.setAttribute(AuthCommandConstants.RESULT_REDIRECT_PATH, TemplateUtil.getTenantContextPath() + homeUrl);
            return Constants.CMD_EXEC_SUCCESS;
        } catch (CredentialUpdateException e) {
            if (logger.isDebugEnabled()) {
                logger.debug(e.getMessage(), e);
            }
            requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, e);
            return Constants.CMD_EXEC_ERROR;
        }
    }

    private boolean checkSame(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        return str.equals(str2);
    }

    private boolean checkNotSame(String str, String str2) {
        return (str == null || str2 == null || str.equals(str2)) ? false : true;
    }

    private static String resourceString(String str, Object... objArr) {
        return GemResourceBundleUtil.resourceString(str, objArr);
    }
}
