package org.iplass.gem.command.auth;

import org.iplass.gem.command.Constants;
import org.iplass.gem.command.GemResourceBundleUtil;
import org.iplass.mtp.ApplicationException;
import org.iplass.mtp.ManagerLocator;
import org.iplass.mtp.SystemException;
import org.iplass.mtp.auth.AuthContext;
import org.iplass.mtp.auth.AuthManager;
import org.iplass.mtp.auth.User;
import org.iplass.mtp.auth.login.CredentialUpdateException;
import org.iplass.mtp.auth.login.IdPasswordCredential;
import org.iplass.mtp.command.Command;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.command.annotation.CommandClass;
import org.iplass.mtp.command.annotation.CommandConfig;
import org.iplass.mtp.command.annotation.action.ActionMapping;
import org.iplass.mtp.command.annotation.action.ActionMappings;
import org.iplass.mtp.command.annotation.action.Result;
import org.iplass.mtp.command.annotation.action.TokenCheck;
import org.iplass.mtp.entity.Entity;
import org.iplass.mtp.entity.EntityManager;
import org.iplass.mtp.entity.permission.EntityPermission;
import org.iplass.mtp.entity.permission.EntityPropertyPermission;
import org.iplass.mtp.entity.query.Query;
import org.iplass.mtp.entity.query.condition.predicate.Equals;
import org.iplass.mtp.impl.auth.authenticate.builtin.policy.AuthenticationPolicyService;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.web.actionmapping.definition.HttpMethodType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ActionMappings({@ActionMapping(name = ResetSpecificPasswordCommand.ACTION_VIEW_SPECIFIC_PASSWORD, allowMethod = {HttpMethodType.POST}, clientCacheType = ActionMapping.ClientCacheType.CACHE, needTrustedAuthenticate = true, command = {}, result = {@Result(type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_RESET_SPECIFIC_PASSWORD, templateName = "gem/auth/SpecificPassword", layoutActionName = Constants.LAYOUT_POPOUT_ACTION)}), @ActionMapping(name = ResetSpecificPasswordCommand.ACTION_RESET_SPECIFIC_PASSWORD, allowMethod = {HttpMethodType.POST}, clientCacheType = ActionMapping.ClientCacheType.NO_CACHE, needTrustedAuthenticate = true, command = {@CommandConfig(commandClass = ResetSpecificPasswordCommand.class)}, result = {@Result(type = Result.Type.JSP, value = Constants.CMD_RSLT_JSP_RESET_SPECIFIC_PASSWORD, templateName = "gem/auth/SpecificPassword", layoutActionName = Constants.LAYOUT_POPOUT_ACTION)}, tokenCheck = @TokenCheck)})
@CommandClass(name = "gem/auth/ResetSpecificPasswordCommand", description = "パスワード指定リセット")
/* loaded from: input_file:org/iplass/gem/command/auth/ResetSpecificPasswordCommand.class */
public class ResetSpecificPasswordCommand implements Command, AuthCommandConstants {
    private static final Logger logger = LoggerFactory.getLogger(ResetSpecificPasswordCommand.class);
    public static final String ACTION_VIEW_SPECIFIC_PASSWORD = "gem/auth/specificpassword";
    public static final String ACTION_RESET_SPECIFIC_PASSWORD = "gem/auth/specificpassword/reset";
    private AuthManager am = ManagerLocator.getInstance().getManager(AuthManager.class);

    public String execute(RequestContext requestContext) {
        User user = AuthContext.getCurrentContext().getUser();
        if (user == null || user.isAnonymous()) {
            throw new SystemException("not logined");
        }
        String param = requestContext.getParam(Constants.OID);
        if (param == null) {
            throw new SystemException("oid is null");
        }
        EntityManager manager = ManagerLocator.getInstance().getManager(EntityManager.class);
        Entity entity = (Entity) EntityPermission.doQueryAs(EntityPermission.Action.UPDATE, () -> {
            return (Entity) manager.searchEntity(new Query().select(new Object[]{"accountId", "accountPolicy"}).from("mtp.auth.User").where(new Equals(Constants.OID, param))).getFirst();
        });
        String str = null;
        if (entity != null) {
            str = (String) entity.getValue("accountId");
        }
        if (str == null) {
            requestContext.setAttribute(Constants.MESSAGE, resourceString("command.auth.ResetPasswordCommand.onlyAdmin", new Object[0]));
            return Constants.CMD_EXEC_ERROR;
        }
        if (!ServiceRegistry.getRegistry().getService(AuthenticationPolicyService.class).getOrDefault((String) entity.getValue("accountPolicy")).isResetPasswordWithSpecificPassword()) {
            requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, new ApplicationException(resourceString("command.auth.ResetSpecificPasswordCommand.notAllowed", new Object[0])));
            return Constants.CMD_EXEC_ERROR;
        }
        String str2 = null;
        if (!isResetRandomPassword(requestContext)) {
            String param2 = requestContext.getParam(AuthCommandConstants.PARAM_NEW_PASSWORD);
            if (!checkSame(param2, requestContext.getParam(AuthCommandConstants.PARAM_CONFIRM_PASSWORD))) {
                requestContext.setAttribute(AuthCommandConstants.RESULT_PASSWORD_EXPIRE_USER_ID, str);
                requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, new ApplicationException(resourceString("command.auth.UpdatePasswordCommand.notMatch", new Object[0])));
                return Constants.CMD_EXEC_ERROR;
            }
            str2 = param2;
        }
        if (!Constants.EXEC_TYPE_UPDATE.equals(requestContext.getParam(Constants.EXEC_TYPE))) {
            requestContext.setAttribute(Constants.MESSAGE, resourceString("command.auth.ResetPasswordCommand.onlyUpdate", new Object[0]));
            return Constants.CMD_EXEC_ERROR;
        }
        if (!this.am.canResetCredential((String) entity.getValue("accountPolicy"))) {
            requestContext.setAttribute(Constants.MESSAGE, resourceString("command.auth.ResetPasswordCommand.notSupport", new Object[0]));
            return Constants.CMD_EXEC_ERROR;
        }
        if (!ResetPasswordCommand.isUserAdminRole(AuthContext.getCurrentContext().getTenant())) {
            requestContext.setAttribute(Constants.MESSAGE, resourceString("command.auth.ResetPasswordCommand.onlyAdmin", new Object[0]));
            return Constants.CMD_EXEC_ERROR;
        }
        if (!AuthContext.getCurrentContext().checkPermission(new EntityPropertyPermission("mtp.auth.User", AuthCommandConstants.PARAM_PASSWORD, EntityPropertyPermission.Action.UPDATE))) {
            requestContext.setAttribute(Constants.MESSAGE, resourceString("command.auth.ResetPasswordCommand.onlyAdmin", new Object[0]));
            return Constants.CMD_EXEC_ERROR;
        }
        try {
            this.am.resetCredential(new IdPasswordCredential(str, str2), (String) entity.getValue("accountPolicy"));
            return Constants.CMD_EXEC_SUCCESS;
        } catch (CredentialUpdateException e) {
            if (logger.isDebugEnabled()) {
                logger.debug(e.getMessage(), e);
            }
            requestContext.setAttribute(AuthCommandConstants.RESULT_ERROR, e);
            return Constants.CMD_EXEC_ERROR;
        }
    }

    private boolean isResetRandomPassword(RequestContext requestContext) {
        String param = requestContext.getParam(AuthCommandConstants.PARAM_RESET_RANDOM_PASSWORD);
        return param != null && param.equals("1");
    }

    private boolean checkSame(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        return str.equals(str2);
    }

    private static String resourceString(String str, Object... objArr) {
        return GemResourceBundleUtil.resourceString(str, objArr);
    }
}
