package org.iplass.gem.command.auth;

import org.iplass.gem.command.Constants;
import org.iplass.gem.command.GemResourceBundleUtil;
import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.ManagerLocator;
import org.iplass.mtp.auth.AuthManager;
import org.iplass.mtp.auth.login.Credential;
import org.iplass.mtp.auth.login.CredentialExpiredException;
import org.iplass.mtp.auth.login.IdPasswordCredential;
import org.iplass.mtp.auth.login.LoginFailedException;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.action.ActionMapping;
import org.iplass.mtp.command.annotation.action.ActionMappings;
import org.iplass.mtp.command.annotation.action.Result;
import org.iplass.mtp.command.annotation.template.Template;
import org.iplass.mtp.command.annotation.template.Templates;
import org.iplass.mtp.impl.core.ExecuteContext;
import org.iplass.mtp.impl.web.WebUtil;
import org.iplass.mtp.impl.web.token.TokenStore;
import org.iplass.mtp.tenant.Tenant;
import org.iplass.mtp.tenant.TenantAuthInfo;
import org.iplass.mtp.tenant.web.TenantWebInfo;
import org.iplass.mtp.transaction.Transaction;
import org.iplass.mtp.web.actionmapping.definition.HttpMethodType;
import org.iplass.mtp.web.template.TemplateUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ActionMappings({@ActionMapping(name = LoginCommand.ACTION_VIEW_LOGIN, clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, privilaged = true, command = {}, result = {@Result(type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_LOGIN, templateName = "gem/auth/Login")}), @ActionMapping(name = LoginCommand.ACTION_LOGIN, allowMethod = {HttpMethodType.POST}, clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, privilaged = true, result = {@Result(status = Constants.CMD_EXEC_SUCCESS, type = Result.Type.REDIRECT, value = AuthCommandConstants.RESULT_REDIRECT_PATH), @Result(status = "EXPIRE", type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_PASSWORD_EXPIRE, templateName = "gem/auth/Expire"), @Result(status = "TWOSTEP", type = Result.Type.JSP, value = "/jsp/gem/auth/Verify2nd.jsp", templateName = "gem/auth/Verify2nd"), @Result(status = Constants.CMD_EXEC_ERROR, type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_LOGIN, templateName = "gem/auth/Login"), @Result(exception = ApplicationException.class, type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_LOGIN, templateName = "gem/auth/Login")})})
@Templates({@Template(name = "gem/auth/LastLoginParts", displayName = "最終ログイン日時パーツ", path = "/jsp/gem/auth/lastLoginParts.jsp"), @Template(name = "gem/generic/editor/EntitySelectPropertyEditorJsp", displayName = "エンティティ選択プロパティエディタ", path = "/jsp/gem/generic/editor/EntitySelectPropertyEditor.jsp"), @Template(name = "gem/generic/editor/AuthenticationPolicySelectPropertyEditorJsp", displayName = "認証ポリシー選択プロパティエディタ", path = "/jsp/gem/generic/editor/AuthenticationPolicySelectPropertyEditor.jsp")})
@CommandClass(name = "gem/auth/LoginCommand", displayName = "ログイン処理")
/* loaded from: input_file:org/iplass/gem/command/auth/LoginCommand.class */
public final class LoginCommand implements Command, AuthCommandConstants {
    private static Logger logger = LoggerFactory.getLogger(LoginCommand.class);
    public static final String ACTION_VIEW_LOGIN = "gem/auth/login";
    public static final String ACTION_LOGIN = "gem/auth/dologin";
    public static final String CMD_EXEC_EXPIRE = "EXPIRE";
    public static final String CMD_EXEC_TWOSTEP = "TWOSTEP";
    private boolean checkLoginToken = true;
    private AuthManager auth = ManagerLocator.getInstance().getManager(AuthManager.class);

    public boolean isCheckLoginToken() {
        return this.checkLoginToken;
    }

    public void setCheckLoginToken(boolean z) {
        this.checkLoginToken = z;
    }

    private boolean isRememberMe(RequestContext requestContext) {
        String param = requestContext.getParam(AuthCommandConstants.PARAM_REMEMBER_ME);
        return param != null && param.equals("1");
    }

    public String execute(RequestContext requestContext) {
        TokenStore tokenStore;
        if (this.checkLoginToken && ((tokenStore = TokenStore.getTokenStore(requestContext.getSession())) == null || !tokenStore.isValid(requestContext.getParam("_t"), true))) {
            requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, new ApplicationException(resourceString("auth.Login.invalidToken", new Object[0])));
            return Constants.CMD_EXEC_ERROR;
        }
        String param = requestContext.getParam("id");
        String param2 = requestContext.getParam(AuthCommandConstants.PARAM_PASSWORD);
        String param3 = requestContext.getParam(AuthCommandConstants.PARAM_BACK_URL);
        boolean isRememberMe = isRememberMe(requestContext);
        try {
            IdPasswordCredential idPasswordCredential = new IdPasswordCredential(param, param2);
            if (ExecuteContext.getCurrentContext().getCurrentTenant().getTenantConfig(TenantAuthInfo.class).isUseRememberMe()) {
                idPasswordCredential.setAuthenticationFactor(AuthCommandConstants.PARAM_REMEMBER_ME, Boolean.valueOf(isRememberMe));
            }
            this.auth.login(idPasswordCredential);
            setRedirectPathAfterLogin(requestContext, param3);
            return Constants.CMD_EXEC_SUCCESS;
        } catch (LoginFailedException e) {
            if (logger.isDebugEnabled()) {
                logger.debug(e.getMessage(), e);
            }
            requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, e);
            if (param3 == null) {
                return Constants.CMD_EXEC_ERROR;
            }
            requestContext.setAttribute("redirectPath", param3);
            return Constants.CMD_EXEC_ERROR;
        } catch (CredentialExpiredException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug(e2.getMessage(), e2);
            }
            return handleCredentialExpiredException(requestContext, param, null, null, param3, isRememberMe, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setRedirectPathAfterLogin(RequestContext requestContext, String str) {
        if (checkRedirectPath(str)) {
            requestContext.setAttribute(AuthCommandConstants.RESULT_REDIRECT_PATH, str);
            return;
        }
        Tenant currentTenant = ExecuteContext.getCurrentContext().getCurrentTenant();
        String homeUrl = currentTenant.getTenantConfig(TenantWebInfo.class) != null ? currentTenant.getTenantConfig(TenantWebInfo.class).getHomeUrl() : null;
        if (homeUrl == null || homeUrl.length() == 0) {
            requestContext.setAttribute(AuthCommandConstants.RESULT_REDIRECT_PATH, TemplateUtil.getTenantContextPath() + "/gem/");
        } else {
            requestContext.setAttribute(AuthCommandConstants.RESULT_REDIRECT_PATH, TemplateUtil.getTenantContextPath() + homeUrl);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String handleCredentialExpiredException(RequestContext requestContext, String str, String str2, Credential credential, String str3, boolean z, CredentialExpiredException credentialExpiredException) {
        if (!ManagerLocator.getInstance().getManager(AuthManager.class).canUpdateCredential(credentialExpiredException.getPolicyName())) {
            throw credentialExpiredException;
        }
        requestContext.getSession().setAttribute(AuthCommandConstants.SESSION_CREDENTIAL_EXPIRE_STATE, new CredentialExpiredState(str, str2, credential, z && ExecuteContext.getCurrentContext().getCurrentTenant().getTenantConfig(TenantAuthInfo.class).isUseRememberMe(), credential != null, str3, credentialExpiredException.getPolicyName()));
        if (!credentialExpiredException.isInitialLogin()) {
            requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, credentialExpiredException);
        }
        Transaction.getCurrent().setRollbackOnly();
        return "EXPIRE";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkRedirectPath(String str) {
        if (str == null) {
            return false;
        }
        if (WebUtil.isValidInternalUrl(str)) {
            return true;
        }
        if (!logger.isDebugEnabled()) {
            return false;
        }
        logger.debug("invalid redirect url: " + str);
        return false;
    }

    private static String resourceString(String str, Object... objArr) {
        return GemResourceBundleUtil.resourceString(str, objArr);
    }
}
