package ru.curs.showcase.security;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.util.IllegalFormatException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import ru.curs.showcase.runtime.AppInfoSingleton;
import ru.curs.showcase.runtime.UserDataUtils;
import ru.curs.showcase.util.TextUtils;
import ru.curs.showcase.util.UserAndSessionDetails;
import ru.curs.showcase.util.exception.SettingsFileOpenException;

/* loaded from: input_file:WEB-INF/classes/ru/curs/showcase/security/AuthServerAuthenticationProvider.class */
public class AuthServerAuthenticationProvider implements AuthenticationProvider {
    private static final Logger LOGGER;
    private String innerMessage = null;

    /* JADX WARN: Finally extract failed */
    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) {
        String remoteAddress = ((UserAndSessionDetails) authentication.getDetails()).getRemoteAddress();
        if (remoteAddress == null) {
            remoteAddress = "";
        }
        String obj = authentication.getPrincipal().toString();
        String obj2 = authentication.getCredentials().toString();
        String sessionId = ((UserAndSessionDetails) authentication.getDetails()).getSessionId();
        String remoteAddress2 = ((UserAndSessionDetails) authentication.getDetails()).getRemoteAddress();
        String str = remoteAddress2 != null ? AppInfoSingleton.getAppInfo().getRemoteAddrSessionMap().get(remoteAddress2) : "";
        String groupProviders = ((UserAndSessionDetails) authentication.getDetails()).getUserInfo().getGroupProviders();
        try {
            String localAuthServerUrl = SecurityParamsFactory.getLocalAuthServerUrl();
            if (AppInfoSingleton.getAppInfo().getSessionInfoMap().containsKey(str) && AppInfoSingleton.getAppInfo().getSessionInfoMap().get(str).getAuthServerCrossAppPassword() != null && AppInfoSingleton.getAppInfo().isEnableLogLevelInfo()) {
                LOGGER.info("Попытка аутентификации сессии " + sessionId + " через механизм кроссдоменной аутентификации. Пользователь: " + obj + " Пароль: " + obj2);
            }
            if (AppInfoSingleton.getAppInfo().getSessionInfoMap().containsKey(str) && AppInfoSingleton.getAppInfo().getSessionInfoMap().get(str).getAuthServerCrossAppPassword() != null && AppInfoSingleton.getAppInfo().getSessionInfoMap().get(str).getAuthServerCrossAppPassword().equals(obj2)) {
                try {
                    AppInfoSingleton.getAppInfo().setAuthViaAuthServerForSession(sessionId, true);
                    ((UserAndSessionDetails) authentication.getDetails()).setAuthViaAuthServer(true);
                    if (AuthServerUtils.getTheAuthServerAlias() == null) {
                        AuthServerUtils.init(localAuthServerUrl);
                    }
                    ((UserAndSessionDetails) authentication.getDetails()).setUserInfo(AuthServerUtils.getTheAuthServerAlias().isAuthenticated(str));
                    AppInfoSingleton.getAppInfo().getSessionInfoMap().get(str).setAuthServerCrossAppPassword(null);
                } catch (Throwable th) {
                    AppInfoSingleton.getAppInfo().getSessionInfoMap().get(str).setAuthServerCrossAppPassword(null);
                    throw th;
                }
            } else {
                AuthServerUtils.init(localAuthServerUrl);
                try {
                    URL url = groupProviders == null ? new URL(localAuthServerUrl + String.format("/login?sesid=%s&login=%s&pwd=%s&ip=%s", sessionId, encodeParam(obj), encodeParam(obj2), remoteAddress)) : new URL(localAuthServerUrl + String.format("/login?sesid=%s&login=%s&pwd=%s&gp=%s&ip=%s", sessionId, encodeParam(obj), encodeParam(obj2), encodeParam(groupProviders), remoteAddress));
                    HttpURLConnection httpURLConnection = null;
                    try {
                        HttpURLConnection httpURLConnection2 = (HttpURLConnection) url.openConnection();
                        httpURLConnection2.setRequestMethod("GET");
                        httpURLConnection2.connect();
                        if (httpURLConnection2.getResponseCode() != 200) {
                            if (AppInfoSingleton.getAppInfo().getIsCelestaInitialized().booleanValue()) {
                                AppInfoSingleton.getAppInfo().getCelestaInstance().failedLogin(obj);
                            }
                            String str2 = "";
                            try {
                                str2 = TextUtils.streamToString(httpURLConnection2.getErrorStream());
                            } catch (Exception e) {
                            }
                            if (UserDataUtils.getGeneralOptionalProp("mellophone.show.reason.for.blocked.user") != null && "true".equalsIgnoreCase(UserDataUtils.getGeneralOptionalProp("mellophone.show.reason.for.blocked.user").trim())) {
                                if (str2.contains("locked out for too many unsuccessful login attempts") && str2.contains("Резюме:")) {
                                    if (AppInfoSingleton.getAppInfo().isEnableLogLevelWarning()) {
                                        LOGGER.warn("Пользователь " + obj + " заблокирован меллофоном");
                                    }
                                    throw new BadCredentialsException("User '" + obj + "' is blocked by mellophone. " + str2.substring(str2.indexOf("Time to unlock")));
                                }
                                if (str2.contains("locked out for too many unsuccessful login attempts") && !str2.contains("Резюме:")) {
                                    if (AppInfoSingleton.getAppInfo().isEnableLogLevelWarning()) {
                                        LOGGER.warn("Пользователь " + obj + " заблокирован меллофоном");
                                    }
                                    throw new BadCredentialsException("User '" + obj + "' is already blocked by mellophone. " + str2.substring(str2.indexOf("Time to unlock")));
                                }
                            }
                            if (str2.contains("is blocked permanently")) {
                                if (AppInfoSingleton.getAppInfo().isEnableLogLevelWarning()) {
                                    LOGGER.warn("Пользователь " + obj + " заблокирован на постоянной основе");
                                }
                                throw new BadCredentialsException("User '" + obj + "' is blocked by administrator");
                            }
                            if (!str2.contains("Stored procedure message begin:")) {
                                if (AppInfoSingleton.getAppInfo().isEnableLogLevelWarning()) {
                                    LOGGER.warn("Пользователю " + obj + " не удалось войти в систему: Bad credentials. В поле пароля были введены следующие символы: " + obj2);
                                }
                                throw new BadCredentialsException("Bad credentials");
                            }
                            this.innerMessage = str2.substring(str2.indexOf("Stored procedure message begin:") + "Stored procedure message begin:".length(), str2.indexOf("Stored procedure message end.")).trim();
                            if (AppInfoSingleton.getAppInfo().isEnableLogLevelWarning()) {
                                LOGGER.warn(this.innerMessage);
                            }
                            throw new BadCredentialsException(this.innerMessage);
                        }
                        AppInfoSingleton.getAppInfo().setAuthViaAuthServerForSession(sessionId, true);
                        ((UserAndSessionDetails) authentication.getDetails()).setAuthViaAuthServer(true);
                        ((UserAndSessionDetails) authentication.getDetails()).setUserInfo(AuthServerUtils.getTheAuthServerAlias().isAuthenticated(sessionId));
                        if (httpURLConnection2 != null) {
                            httpURLConnection2.disconnect();
                        }
                    } catch (Throwable th2) {
                        if (0 != 0) {
                            httpURLConnection.disconnect();
                        }
                        throw th2;
                    }
                } catch (IOException | IllegalStateException | IndexOutOfBoundsException | NullPointerException | SecurityException | IllegalFormatException | BadCredentialsException e2) {
                    if (AppInfoSingleton.getAppInfo().isEnableLogLevelError()) {
                        LOGGER.error("", (Throwable) e2);
                    }
                    if ("Bad credentials".equals(e2.getMessage())) {
                        throw new BadCredentialsException(e2.getMessage(), (Throwable) e2);
                    }
                    if (e2.getMessage().contains("User") && e2.getMessage().contains("is blocked by mellophone")) {
                        throw new BadCredentialsException(e2.getMessage(), (Throwable) e2);
                    }
                    if (e2.getMessage().contains("User") && e2.getMessage().contains("is already blocked by mellophone")) {
                        throw new BadCredentialsException(e2.getMessage(), (Throwable) e2);
                    }
                    if (e2.getMessage().contains("User") && e2.getMessage().contains("is blocked by administrator")) {
                        throw new BadCredentialsException(e2.getMessage(), (Throwable) e2);
                    }
                    if (this.innerMessage == null || !e2.getMessage().contains(this.innerMessage)) {
                        throw new BadCredentialsException("Authentication server is not available: " + e2.getMessage(), (Throwable) e2);
                    }
                    throw new BadCredentialsException(e2.getMessage(), (Throwable) e2);
                } catch (Exception e3) {
                    if (AppInfoSingleton.getAppInfo().isEnableLogLevelError()) {
                        LOGGER.error("Ошибка фиксации неудачного логина в коде celesta", (Throwable) e3);
                    }
                }
            }
            try {
                AppInfoSingleton.getAppInfo().getCelestaInstance().login(sessionId, ((UserAndSessionDetails) authentication.getDetails()).getUserInfo().getSid());
                AppInfoSingleton.getAppInfo().getSessionSidsMap().put(sessionId, ((UserAndSessionDetails) authentication.getDetails()).getUserInfo().getSid());
                if (AppInfoSingleton.getAppInfo().getPrintWriterForCelesta() != null) {
                    AppInfoSingleton.getAppInfo().getPrintWriterForCelesta().println("Сессия с id " + sessionId + " и sid '" + ((UserAndSessionDetails) authentication.getDetails()).getUserInfo().getSid() + "' залогинена в celesta");
                    AppInfoSingleton.getAppInfo().getPrintWriterForCelesta().flush();
                }
            } catch (Exception e4) {
                if (AppInfoSingleton.getAppInfo().isEnableLogLevelError()) {
                    LOGGER.error("Ошибка привязки сессии приложения к пользователю в celesta", (Throwable) e4);
                }
            }
            return authentication;
        } catch (SettingsFileOpenException e5) {
            throw new AuthenticationServiceException(SecurityParamsFactory.APP_PROP_READ_ERROR, e5);
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<? extends Object> cls) {
        return SignedUsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    public static String encodeParam(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str.replace("%", "AB4AFD63A4C").replace("+", "D195B4C989F"), "ISO8859_1");
    }

    static {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: ru.curs.showcase.security.AuthServerAuthenticationProvider.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        LOGGER = LoggerFactory.getLogger(AuthServerAuthenticationProvider.class);
    }
}
