package com.alogic.auth.sso.server;

import com.alogic.auth.AuthenticationHandler;
import com.alogic.auth.CommonPrincipal;
import com.alogic.auth.Constants;
import com.alogic.auth.Principal;
import com.alogic.auth.Session;
import com.alogic.auth.SessionManager;
import com.alogic.auth.UserModel;
import com.alogic.auth.util.SimpleUser;
import com.alogic.load.Loader;
import com.alogic.load.Store;
import com.anysoft.util.BaseException;
import com.anysoft.util.Factory;
import com.anysoft.util.Properties;
import com.anysoft.util.PropertiesConstants;
import com.anysoft.util.XmlElementProperties;
import com.anysoft.util.XmlTools;
import com.anysoft.util.code.Coder;
import com.anysoft.util.code.CoderFactory;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alogic/auth/sso/server/ServerSideHandler.class */
public class ServerSideHandler extends AuthenticationHandler.Abstract {
    protected SessionManager sessionManager = null;
    protected Store<Principal> store = null;
    protected Loader<UserModel> loader = null;
    protected Coder encrypter = null;
    protected Coder md5 = null;
    protected String dftApp = "${server.app}";

    @Override // com.alogic.auth.AuthenticationHandler.Abstract
    public void configure(Element element, Properties properties) {
        XmlElementProperties xmlElementProperties = new XmlElementProperties(element, properties);
        Element firstElementByPath = XmlTools.getFirstElementByPath(element, "user-model");
        if (firstElementByPath != null) {
            try {
                this.loader = (Loader) new Factory().newInstance(firstElementByPath, xmlElementProperties, "loader", SimpleUser.LoadFromInner.class.getName());
            } catch (Exception e) {
                this.LOG.error("Can not create loader :" + XmlTools.node2String(firstElementByPath));
                this.LOG.error(ExceptionUtils.getStackTrace(e));
            }
        }
        Element firstElementByPath2 = XmlTools.getFirstElementByPath(element, "principal-store");
        if (firstElementByPath2 != null) {
            try {
                this.store = (Store) new Factory().newInstance(firstElementByPath2, xmlElementProperties, "module", Principal.LocalCacheStore.class.getName());
            } catch (Exception e2) {
                this.LOG.error("Can not create store:" + XmlTools.node2String(firstElementByPath2));
                this.LOG.error(ExceptionUtils.getStackTrace(e2));
            }
        }
        configure(xmlElementProperties);
    }

    @Override // com.alogic.auth.AuthenticationHandler.Abstract
    public void configure(Properties properties) {
        super.configure(properties);
        this.dftApp = PropertiesConstants.getString(properties, "dftApp", this.dftApp);
        this.encrypter = CoderFactory.newCoder("DES3");
        this.md5 = CoderFactory.newCoder("MD5");
        if (this.store == null) {
            this.store = new Principal.LocalCacheStore();
            this.store.configure(properties);
        }
    }

    @Override // com.alogic.auth.AuthenticationHandler
    public Principal getCurrent(HttpServletRequest httpServletRequest) {
        return getCurrent(httpServletRequest, this.sessionManager.getSession(httpServletRequest, false));
    }

    @Override // com.alogic.auth.AuthenticationHandler
    public Principal getCurrent(HttpServletRequest httpServletRequest, Session session) {
        Principal principal = null;
        if (session != null && session.isLoggedIn()) {
            String hGet = session.hGet(Constants.DEFAULT_GROUP, Constants.TOKEN, "");
            if (StringUtils.isNotEmpty(hGet)) {
                principal = getPrincipal(this.dftApp, hGet);
            }
        }
        return principal;
    }

    @Override // com.alogic.auth.AuthenticationHandler
    public Principal getPrincipal(String str, String str2) {
        return (Principal) this.store.load(str2, true);
    }

    @Override // com.alogic.auth.AuthenticationHandler
    public Principal login(HttpServletRequest httpServletRequest) {
        Session session = this.sessionManager.getSession(httpServletRequest, true);
        if (session.isLoggedIn()) {
            String hGet = session.hGet(Constants.DEFAULT_GROUP, Constants.TOKEN, "");
            if (StringUtils.isNotEmpty(hGet)) {
                this.store.del(hGet);
            }
        }
        String parameter = getParameter(httpServletRequest, "loginId");
        String parameter2 = getParameter(httpServletRequest, "pwd");
        String parameter3 = getParameter(httpServletRequest, "loginCode");
        try {
            try {
                String hGet2 = session.hGet(Constants.DEFAULT_GROUP, Constants.AUTH_CODE, "");
                if (StringUtils.isEmpty(hGet2)) {
                    throw new BaseException("clnt.e2003", "The auth code does not exist.");
                }
                if (!parameter3.equals(hGet2)) {
                    throw new BaseException("clnt.e2002", String.format("The auth code %s is not correct", parameter3));
                }
                UserModel loadUserModel = loadUserModel(parameter);
                if (loadUserModel == null) {
                    throw new BaseException("clnt.e2001", String.format("User %s does not exist or the password is not correct.", parameter));
                }
                if (!this.md5.encode(this.encrypter.decode(parameter2, parameter3), parameter).equals(loadUserModel.getPassword())) {
                    throw new BaseException("clnt.e2001", String.format("User %s does not exist or the password is not correct.", parameter));
                }
                String id = session.getId();
                CommonPrincipal commonPrincipal = new CommonPrincipal(session.getId());
                this.store.save(id, commonPrincipal, true);
                loadUserModel.copyTo(commonPrincipal);
                commonPrincipal.setProperty(Constants.LOGIN_TIME, String.valueOf(System.currentTimeMillis()), true);
                commonPrincipal.setProperty(Constants.FROM_IP, getClientIp(httpServletRequest), true);
                session.setLoggedIn(true);
                session.hSet(Constants.DEFAULT_GROUP, Constants.TOKEN, id, true);
                this.LOG.info(String.format("User %s has logged in.", loadUserModel.getId()));
                session.hDel(Constants.DEFAULT_GROUP, Constants.AUTH_CODE);
                return commonPrincipal;
            } catch (Exception e) {
                this.LOG.error(String.format("User %s tried to login ,but %s", parameter, e.getMessage()));
                throw e;
            }
        } catch (Throwable th) {
            session.hDel(Constants.DEFAULT_GROUP, Constants.AUTH_CODE);
            throw th;
        }
    }

    @Override // com.alogic.auth.AuthenticationHandler
    public boolean hasPrivilege(Principal principal, String str) {
        if (principal != null) {
            return ((CommonPrincipal) principal).hasPrivilege(str);
        }
        return false;
    }

    @Override // com.alogic.auth.AuthenticationHandler
    public void logout(Principal principal) {
        if (principal != null) {
            CommonPrincipal commonPrincipal = (CommonPrincipal) principal;
            this.LOG.info(String.format("User %s has logged out.", commonPrincipal.getUserId()));
            commonPrincipal.expire();
        }
    }

    @Override // com.alogic.auth.AuthenticationHandler
    public void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    protected UserModel loadUserModel(String str) {
        if (this.loader == null) {
            return null;
        }
        return (UserModel) this.loader.load(str, true);
    }

    protected String getParameter(HttpServletRequest httpServletRequest, String str) {
        String parameter = httpServletRequest.getParameter(str);
        if (StringUtils.isEmpty(parameter)) {
            throw new BaseException("clnt.e2000", String.format("Can not find parameter %s", str));
        }
        return parameter;
    }

    protected String getParameter(HttpServletRequest httpServletRequest, String str, String str2) {
        String parameter = httpServletRequest.getParameter(str);
        return StringUtils.isEmpty(parameter) ? str2 : parameter;
    }
}
