package pl.edu.icm.yadda.aal.authentication;

import java.util.Iterator;
import org.apache.log4j.Logger;
import pl.edu.icm.yadda.aal.AalException;
import pl.edu.icm.yadda.aal.AalSession;
import pl.edu.icm.yadda.aal.Authentication;
import pl.edu.icm.yadda.aal.AuthenticationRequest;
import pl.edu.icm.yadda.aal.model.Group;
import pl.edu.icm.yadda.aal.model.Role;
import pl.edu.icm.yadda.aal.model.User;
import pl.edu.icm.yadda.aal.service.AalReaderService;
import pl.edu.icm.yadda.tools.encoding.MockPasswordEncoder;
import pl.edu.icm.yadda.tools.encoding.PasswordEncoder;

/* loaded from: input_file:pl/edu/icm/yadda/aal/authentication/LoginPasswordModule.class */
public class LoginPasswordModule extends AbstractAuthenticationModule implements AuthenticationModule {
    private PasswordEncoder encoder = new MockPasswordEncoder();
    private static final String NAME = "LoginPassword";
    public static final String MODE_IN = "login/password";
    public static final String MODE_OUT = "logout";
    public static final String LOGIN = "LOGIN";
    public static final String PASSWORD = "PASSWORD";
    private AalReaderService reader;
    private static final Logger log = Logger.getLogger(LoginPasswordModule.class);
    private static final String[] modes = {"login/password", "logout"};
    private static String[] eagers = {"getGroupSet", "getRoles"};

    @Override // pl.edu.icm.yadda.aal.authentication.AuthenticationModule
    public String getName() {
        return NAME;
    }

    @Override // pl.edu.icm.yadda.aal.authentication.AuthenticationModule
    public String getDescription() {
        return "Login/Password authentication support";
    }

    @Override // pl.edu.icm.yadda.aal.authentication.AuthenticationModule
    public String[] getModes() {
        return modes;
    }

    @Override // pl.edu.icm.yadda.aal.authentication.AuthenticationModule
    public String[] getDependencies() {
        return null;
    }

    private void clearAuthentications(AalSession aalSession) {
        for (Authentication authentication : aalSession.getAuthentications()) {
            if ("login/password".equals(authentication.getMode())) {
                authentication.setDeleted(true);
            }
        }
    }

    protected boolean authenticateLogout(AalSession aalSession, AuthenticationRequest authenticationRequest) throws AalException {
        aalSession.setLogin(null);
        aalSession.getGroups().clear("login/password");
        aalSession.getRoles().clear("login/password");
        clearAuthentications(aalSession);
        return true;
    }

    protected boolean authenticateLogin(AalSession aalSession, AuthenticationRequest authenticationRequest) throws AalException {
        aalSession.setLogin(null);
        if (!authenticationRequest.containsKey("LOGIN")) {
            log.debug("Login not defined");
            makeProblem(aalSession, authenticationRequest, new AalException("Login not defined"));
            return true;
        }
        if (!authenticationRequest.containsKey("PASSWORD")) {
            log.debug("Password not defined");
            makeProblem(aalSession, authenticationRequest, new AalException("Password not defined"));
            return true;
        }
        String str = (String) authenticationRequest.get("LOGIN");
        String str2 = (String) authenticationRequest.get("PASSWORD");
        try {
            User user = this.reader.getUser(str, null, eagers);
            if (user == null) {
                log.warn("cannot obtain user for login " + str);
                makeProblem(aalSession, authenticationRequest, new AalException("Authentication error - cannot obtain user for login"));
                return true;
            }
            if (!user.isActivated()) {
                log.warn("Account for login " + str + " is not active");
                makeProblem(aalSession, authenticationRequest, new AalException("Account for login " + str + " is not active"));
                return true;
            }
            if (user.isDeleted()) {
                log.warn("Account for login " + str + " is marked as deleted");
                makeProblem(aalSession, authenticationRequest, new AalException("Account for login " + str + " is marked as deleted"));
                return true;
            }
            if (!this.encoder.isPasswordValid(user.getPassword(), str2, null)) {
                log.warn("Authentication error - pair login/password not matched for user " + str);
                makeProblem(aalSession, authenticationRequest, new AalException("Authentication error - pair login/password not matched"));
                return true;
            }
            log.debug("Authentication successfull for login " + str);
            populateAuthorities(aalSession, user);
            Authentication authentication = new Authentication();
            long currentTimeMillis = System.currentTimeMillis();
            authentication.setCreationTime(currentTimeMillis);
            authentication.setMode("login/password");
            authentication.put("LOGIN", str);
            authentication.setExpireTime(currentTimeMillis + 604800000);
            aalSession.getAuthentications().add(authentication);
            return true;
        } catch (Exception e) {
            log.warn("cannot obtain user for login " + str, e);
            makeProblem(aalSession, authenticationRequest, new AalException("Authentication error - cannot obtain user for login"));
            return true;
        }
    }

    public String encodePassword(String str) {
        if (str == null) {
            return null;
        }
        return this.encoder.encodePassword(str, null);
    }

    @Override // pl.edu.icm.yadda.aal.authentication.AuthenticationModule
    public boolean authenticate(AalSession aalSession, AuthenticationRequest authenticationRequest) throws AalException {
        log.debug("Authentication request received");
        if ("login/password".equals(authenticationRequest.getMode())) {
            return authenticateLogin(aalSession, authenticationRequest);
        }
        if ("logout".equals(authenticationRequest.getMode())) {
            return authenticateLogout(aalSession, authenticationRequest);
        }
        return true;
    }

    private void populateAuthorities(AalSession aalSession, User user) {
        aalSession.setLogin(user.getLogin());
        for (Group group : user.getGroupSet()) {
            aalSession.getGroups().add(group.getName(), "login/password");
            Iterator<Role> it = group.getRoles().iterator();
            while (it.hasNext()) {
                aalSession.getRoles().add(it.next().getName(), "login/password");
            }
        }
        Iterator<Role> it2 = user.getRoles().iterator();
        while (it2.hasNext()) {
            aalSession.getRoles().add(it2.next().getName(), "login/password");
        }
    }

    public PasswordEncoder getEncoder() {
        return this.encoder;
    }

    public void setEncoder(PasswordEncoder passwordEncoder) {
        this.encoder = passwordEncoder;
    }

    @Override // pl.edu.icm.yadda.aal.authentication.AuthenticationModule
    public boolean reauthenticate(AalSession aalSession, Authentication authentication) {
        if (aalSession == null || authentication == null) {
            return true;
        }
        if (!authentication.containsKey("LOGIN")) {
            log.debug("Login not defined");
            makeProblem(aalSession, new AalException("Login not defined"));
            return false;
        }
        String str = (String) authentication.get("LOGIN");
        try {
            User user = this.reader.getUser(str, null, eagers);
            if (user != null) {
                populateAuthorities(aalSession, user);
                return true;
            }
            log.warn("cannot obtain user for login " + str);
            makeProblem(aalSession, new AalException("Authentication error - cannot obtain user for login"));
            return false;
        } catch (Exception e) {
            log.warn("cannot obtain user for login " + str, e);
            makeProblem(aalSession, new AalException("Authentication error - cannot obtain user for login"));
            return false;
        }
    }

    public AalReaderService getReader() {
        return this.reader;
    }

    public void setReader(AalReaderService aalReaderService) {
        this.reader = aalReaderService;
    }
}
