package org.romaframework.module.users;

import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import org.romaframework.aspect.authentication.AuthenticationAspectAbstract;
import org.romaframework.aspect.authentication.AuthenticationException;
import org.romaframework.aspect.authentication.UserObjectPermissionListener;
import org.romaframework.aspect.persistence.QueryByFilter;
import org.romaframework.aspect.session.SessionInfo;
import org.romaframework.aspect.session.SessionListener;
import org.romaframework.core.Roma;
import org.romaframework.core.flow.Controller;
import org.romaframework.core.flow.SchemaFieldListener;
import org.romaframework.core.schema.SchemaAction;
import org.romaframework.core.schema.SchemaClass;
import org.romaframework.core.schema.SchemaEvent;
import org.romaframework.core.schema.SchemaField;
import org.romaframework.module.users.domain.BaseAccount;
import org.romaframework.module.users.domain.BaseAccountStatus;
import org.romaframework.module.users.domain.BaseFunction;
import org.romaframework.module.users.domain.BaseProfile;
import org.romaframework.module.users.repository.BaseAccountRepository;
import org.romaframework.module.users.view.domain.AccountManagementUtility;

/* loaded from: input_file:org/romaframework/module/users/UsersAuthentication.class */
public class UsersAuthentication extends AuthenticationAspectAbstract implements UserObjectPermissionListener, SessionListener, SchemaFieldListener {
    public static final String ANONYMOUS_PROFILE_NAME = "anonymous";
    public static final String PAR_ALGORITHM = "algorithm";
    protected static BaseProfile publicProfile;
    protected static final int ERROR_SLEEP_TIME = 1000;
    private BaseProfile anonymousProfile;
    private boolean loadedAnonymousProfile = false;
    private boolean singleSessionPerUser = false;

    public UsersAuthentication() {
        Controller.getInstance().registerListener(SessionListener.class, this);
        Controller.getInstance().registerListener(SchemaFieldListener.class, this);
        Controller.getInstance().registerListener(UserObjectPermissionListener.class, this);
    }

    public Object authenticate(String str, String str2, Map<String, String> map) throws AuthenticationException {
        BaseAccountRepository repository = Roma.repository(BaseAccount.class);
        QueryByFilter queryByFilter = new QueryByFilter(BaseAccount.class);
        queryByFilter.addItem("name", QueryByFilter.FIELD_EQUALS, str);
        queryByFilter.setMode("full");
        queryByFilter.setStrategy((byte) 2);
        BaseAccount baseAccount = (BaseAccount) repository.findFirstByCriteria(queryByFilter);
        if (baseAccount == null) {
            String str3 = Roma.i18n().get("UsersAuthentication.accountNotFound.label", new Object[]{str});
            if (str3 == null) {
                str3 = "User or Password not correct";
            }
            throwException(str3);
        }
        try {
            if (!checkPassword(baseAccount.getPassword(), str2)) {
                String str4 = Roma.i18n().get("UsersAuthentication.wrongPassword.label", new Object[]{str});
                if (str4 == null) {
                    str4 = "User or Password not correct";
                }
                throwException(str4);
            }
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        QueryByFilter queryByFilter2 = new QueryByFilter(BaseAccountStatus.class);
        queryByFilter2.addItem("name", QueryByFilter.FIELD_EQUALS, UsersInfoConstants.STATUS_UNACTIVE);
        BaseAccountStatus baseAccountStatus = (BaseAccountStatus) Roma.context().persistence().queryOne(queryByFilter2);
        if (AccountManagementUtility.isAccountExpired(baseAccount)) {
            baseAccount.setStatus(baseAccountStatus);
            baseAccount.setSignedOn(null);
            baseAccount = (BaseAccount) repository.update(baseAccount, (byte) 2);
        }
        QueryByFilter queryByFilter3 = new QueryByFilter(BaseAccountStatus.class);
        queryByFilter3.addItem("name", QueryByFilter.FIELD_EQUALS, UsersInfoConstants.STATUS_ACTIVE);
        BaseAccountStatus baseAccountStatus2 = (BaseAccountStatus) Roma.context().persistence().queryOne(queryByFilter3);
        if (baseAccount.getStatus() == null || !baseAccount.getStatus().equals(baseAccountStatus2)) {
            String str5 = Roma.i18n().get("UsersAuthentication.accountDisabled.label", new Object[]{str});
            if (str5 == null) {
                str5 = "Account " + str + " is not active";
            }
            throwException(str5);
        }
        if (isSingleSessionPerUser()) {
            dropExistingSessions(baseAccount);
        }
        baseAccount.setSignedOn(new Date());
        BaseAccount baseAccount2 = (BaseAccount) repository.update(baseAccount, (byte) 2);
        Roma.session().getActiveSessionInfo().setAccount(baseAccount2);
        return baseAccount2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void dropExistingSessions(BaseAccount baseAccount) {
    }

    public boolean checkPassword(String str, String str2) throws NoSuchAlgorithmException {
        if (getEncryptionAlgorithm() != null) {
            return encryptPassword(str2).equals(str);
        }
        if (str == null && str2 == null) {
            return true;
        }
        return (str2 == null || str == null || !str2.equals(str)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void throwException(String str) throws AuthenticationException {
        try {
            Thread.sleep(1000L);
        } catch (InterruptedException e) {
        }
        throw new AuthenticationException(str);
    }

    public boolean allow(Object obj, String str) {
        BaseFunction baseFunction;
        if (obj == null) {
            obj = getAnonymousProfile();
        }
        if (obj == null) {
            return true;
        }
        BaseProfile baseProfile = (BaseProfile) obj;
        ArrayList arrayList = new ArrayList();
        BaseProfile baseProfile2 = baseProfile;
        while (true) {
            BaseProfile baseProfile3 = baseProfile2;
            if (baseProfile3 == null) {
                break;
            }
            arrayList.add(baseProfile3);
            baseProfile2 = baseProfile3.getParent();
        }
        BaseProfile.Mode mode = baseProfile.getParent() != null ? ((BaseProfile) arrayList.get(arrayList.size() - 1)).getMode() : baseProfile.getMode();
        boolean z = mode != null && mode == BaseProfile.Mode.ALLOW_ALL_BUT;
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            BaseProfile baseProfile4 = (BaseProfile) it.next();
            if (baseProfile4.getFunctions() != null && (baseFunction = baseProfile4.getFunctions().get(str)) != null) {
                z = baseFunction.isAllow();
                break;
            }
        }
        return z;
    }

    public void logout() throws AuthenticationException {
    }

    public boolean allowClass(SchemaClass schemaClass) {
        if (schemaClass != null && this.status.equals("up")) {
            return allow(m1getCurrentProfile(), schemaClass.getName());
        }
        return true;
    }

    private boolean allow(String str) {
        return allow(m1getCurrentProfile(), str);
    }

    public boolean allowField(SchemaField schemaField) {
        if (this.status.equals("up")) {
            return allow(schemaField.getFullName());
        }
        return true;
    }

    public boolean allowAction(SchemaAction schemaAction) {
        if (this.status.equals("up")) {
            return allow(schemaAction.getFullName());
        }
        return true;
    }

    public boolean allowEvent(SchemaEvent schemaEvent) {
        if (this.status.equals("up")) {
            return allow(schemaEvent.getFullName());
        }
        return true;
    }

    /* renamed from: getCurrentProfile, reason: merged with bridge method [inline-methods] */
    public BaseProfile m1getCurrentProfile() {
        BaseAccount baseAccount = (BaseAccount) getCurrentAccount();
        return baseAccount == null ? getAnonymousProfile() : baseAccount.m4getProfile();
    }

    public void onSessionCreating(SessionInfo sessionInfo) {
    }

    public void onSessionDestroying(SessionInfo sessionInfo) {
        logout();
    }

    public void startup() {
        super.startup();
    }

    private BaseProfile getAnonymousProfile() {
        if (this.loadedAnonymousProfile) {
            return null;
        }
        if (!this.loadedAnonymousProfile && this.anonymousProfile == null) {
            synchronized (this) {
                if (this.anonymousProfile == null) {
                    QueryByFilter queryByFilter = new QueryByFilter(BaseProfile.class);
                    queryByFilter.addItem("name", QueryByFilter.FIELD_EQUALS, ANONYMOUS_PROFILE_NAME);
                    queryByFilter.setMode("full");
                    queryByFilter.setStrategy((byte) 2);
                    this.anonymousProfile = (BaseProfile) Roma.context().persistence().queryOne(queryByFilter);
                    this.loadedAnonymousProfile = true;
                }
            }
        }
        return this.anonymousProfile;
    }

    public boolean isSingleSessionPerUser() {
        return this.singleSessionPerUser;
    }

    public void setSingleSessionPerUser(boolean z) {
        this.singleSessionPerUser = z;
    }

    public Object onAfterFieldRead(Object obj, SchemaField schemaField, Object obj2) {
        if (obj2 instanceof Collection) {
            Iterator it = ((Collection) obj2).iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (next != null && !allowClass(Roma.schema().getSchemaClass(next.getClass()))) {
                    it.remove();
                }
            }
        }
        if (obj2 instanceof Map) {
            Iterator it2 = ((Map) obj2).entrySet().iterator();
            while (it2.hasNext()) {
                Map.Entry entry = (Map.Entry) it2.next();
                Object key = entry.getKey();
                if (key != null && !allowClass(Roma.schema().getSchemaClass(key.getClass()))) {
                    it2.remove();
                } else if (entry.getValue() != null && !allowClass(Roma.schema().getSchemaClass(entry.getValue().getClass()))) {
                    it2.remove();
                }
            }
        }
        return obj2;
    }

    public Object onAfterFieldWrite(Object obj, SchemaField schemaField, Object obj2) {
        return obj2;
    }

    public Object onBeforeFieldRead(Object obj, SchemaField schemaField, Object obj2) {
        return IGNORED;
    }

    public Object onBeforeFieldWrite(Object obj, SchemaField schemaField, Object obj2) {
        return IGNORED;
    }
}
