package com.lunaimaging.insight.core.dao.jdbc;

import com.lunaimaging.insight.core.dao.AuthenticationDao;
import com.lunaimaging.insight.core.dao.exceptions.AuthenticationFailureException;
import com.lunaimaging.insight.core.domain.Authenticable;
import com.lunaimaging.insight.core.domain.Credentials;
import com.lunaimaging.insight.core.domain.DomainUser;
import com.lunaimaging.insight.core.domain.IpRange;
import com.lunaimaging.insight.core.domain.MediaCollection;
import com.lunaimaging.insight.core.domain.User;
import com.lunaimaging.insight.core.domain.authenticators.Authenticator;
import com.lunaimaging.insight.core.domain.authenticators.LdapSearchAuthenticator;
import com.lunaimaging.insight.core.domain.authenticators.LegacyUserAuthenticator;
import com.lunaimaging.insight.core.domain.cache.IntUnboundCache;
import com.lunaimaging.insight.core.domain.logic.Maintainable;
import com.lunaimaging.insight.core.utils.PasswordEncryptUtils;
import com.lunaimaging.security.IpAddressUsernamePasswordToken;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.collections.map.CaseInsensitiveMap;
import org.apache.commons.lang.StringUtils;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataRetrievalFailureException;

/* loaded from: input_file:com/lunaimaging/insight/core/dao/jdbc/JdbcAuthenticationDao.class */
public class JdbcAuthenticationDao extends JdbcBaseDao implements AuthenticationDao, Maintainable {
    protected Credentials defaultCredentials;
    protected int defaultThumbnailSize;
    protected int defaultPageSize;
    private List<Authenticator> authenticators;
    protected IntUnboundCache userCache = new IntUnboundCache();
    protected IntUnboundCache ipRangeCache = new IntUnboundCache();
    protected IntUnboundCache credentialsCache = new IntUnboundCache();
    private int RESOLUTION_CAP = 5;
    protected boolean initialized = false;
    protected List<MediaCollection> mediaCollections = null;
    protected boolean isLuna7 = true;

    protected synchronized void initialize() throws DataRetrievalFailureException {
        this.log.debug("initialize()");
        try {
            this.log.info("LUNA Viewer authentication cache initialization. Please wait...");
            constructCredentialsCache();
            constructDefaultCredentials();
            constructUserCache();
            constructIpRangeCache();
            this.log.info("End of LUNA Viewer authentication cache initialization.");
            this.initialized = true;
        } catch (SQLException e) {
            e.printStackTrace();
            throw new DataRetrievalFailureException("Unexpected error, unable to load authentication Caches! Check log for errors, could be a malformed IP in IP Ranges.", e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable, com.lunaimaging.insight.core.dao.exceptions.AuthenticationFailureException] */
    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public Authenticable authenticate(IpAddressUsernamePasswordToken ipAddressUsernamePasswordToken) throws DataAccessException {
        User user = null;
        try {
            String str = ipAddressUsernamePasswordToken.getPassword() != null ? new String(ipAddressUsernamePasswordToken.getPassword()) : null;
            try {
                user = getUserWithPassword(ipAddressUsernamePasswordToken.getUsername(), str);
                if (user != null && !(user instanceof DomainUser)) {
                    user.setPassword(PasswordEncryptUtils.digest(str));
                    saveUser(user);
                }
            } catch (DataAccessException e) {
                User user2 = getUser(ipAddressUsernamePasswordToken.getUsername(), "");
                try {
                    if (!PasswordEncryptUtils.matches(str, user2.getPassword())) {
                        String str2 = "Login Failure: user=" + user + ", IP=" + ipAddressUsernamePasswordToken.getIpAddress();
                        this.log.info(str2);
                        throw new AuthenticationFailureException(str2);
                    }
                    user = user2;
                } catch (Exception e2) {
                    e2.printStackTrace();
                    String str3 = "Login Failure: user=" + user + ", IP=" + ipAddressUsernamePasswordToken.getIpAddress();
                    this.log.info(str3);
                    throw new AuthenticationFailureException(str3);
                }
            }
            if (user == null) {
                return authenticateViaAuthenticators(null, ipAddressUsernamePasswordToken);
            }
            if (user instanceof DomainUser) {
                return authenticateViaAuthenticators((DomainUser) user, ipAddressUsernamePasswordToken);
            }
            if (StringUtils.isNotEmpty(ipAddressUsernamePasswordToken.getIpAddress())) {
                user.setIpRange(authenticate(ipAddressUsernamePasswordToken.getIpAddress()));
                if (user.getIpRange() != null && user.getCredentials() != null) {
                    setMergedCredentials(user, user.getCredentials(), user.getIpRange().getCredentials());
                }
            }
            return user;
        } catch (DataAccessException e3) {
            ?? authenticationFailureException = new AuthenticationFailureException("Login Failure: user=" + ipAddressUsernamePasswordToken.getUsername() + ", IP=" + ipAddressUsernamePasswordToken.getIpAddress());
            this.log.info(authenticationFailureException.getMessage());
            throw authenticationFailureException;
        }
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public Authenticable authenticate(String str, String str2, String str3) throws DataAccessException {
        IpAddressUsernamePasswordToken ipAddressUsernamePasswordToken = new IpAddressUsernamePasswordToken(str2, str3);
        ipAddressUsernamePasswordToken.setIpAddress(str);
        return authenticate(ipAddressUsernamePasswordToken);
    }

    private synchronized User authenticateViaAuthenticators(DomainUser domainUser, IpAddressUsernamePasswordToken ipAddressUsernamePasswordToken) {
        String str = ipAddressUsernamePasswordToken.getPassword() != null ? new String(ipAddressUsernamePasswordToken.getPassword()) : null;
        if (domainUser != null && StringUtils.isNotEmpty(domainUser.getAuthenticatorType())) {
            boolean z = false;
            for (Authenticator authenticator : this.authenticators) {
                if (authenticator.getClass().toString().equalsIgnoreCase(domainUser.getAuthenticatorType())) {
                    z = true;
                    User preAssignDomainCredentials = preAssignDomainCredentials(authenticator, domainUser, ipAddressUsernamePasswordToken);
                    if (preAssignDomainCredentials != null) {
                        return preAssignDomainCredentials;
                    }
                }
            }
            if (z) {
                return null;
            }
        }
        Iterator<Authenticator> it = this.authenticators.iterator();
        while (it.hasNext()) {
            User preAssignDomainCredentials2 = preAssignDomainCredentials(it.next(), domainUser, ipAddressUsernamePasswordToken);
            if (preAssignDomainCredentials2 != null) {
                return preAssignDomainCredentials2;
            }
        }
        String str2 = "authenticateViaAuthenticators Failure: username=" + ipAddressUsernamePasswordToken.getUsername();
        this.log.info(str2);
        throw new DataRetrievalFailureException(str2);
    }

    private User preAssignDomainCredentials(Authenticator authenticator, DomainUser domainUser, IpAddressUsernamePasswordToken ipAddressUsernamePasswordToken) {
        Credentials authenticate;
        try {
            if (authenticator.getClass() == LegacyUserAuthenticator.class) {
                authenticate = ((LegacyUserAuthenticator) authenticator).authenticate(ipAddressUsernamePasswordToken, this.credentialsCache, this.mediaCollections);
            } else if (authenticator.getClass() == LdapSearchAuthenticator.class) {
                authenticate = ((LdapSearchAuthenticator) authenticator).authenticate(ipAddressUsernamePasswordToken, this.credentialsCache, this.mediaCollections);
            } else {
                if (domainUser != null && ipAddressUsernamePasswordToken != null) {
                    ipAddressUsernamePasswordToken.setCredentialsId(domainUser.getCredentialsId());
                }
                authenticate = authenticator.authenticate(ipAddressUsernamePasswordToken, this.credentialsCache);
            }
            if (authenticate == null) {
                this.log.debug("could not login with authenticator = " + authenticator + ", username=" + ipAddressUsernamePasswordToken.getUsername());
                return null;
            }
            for (int i = 0; i < authenticate.getMaxResolutions().size(); i++) {
                if (Integer.valueOf(authenticate.getMaxResolutions().get(i).toString()).intValue() > this.RESOLUTION_CAP) {
                    authenticate.getMaxResolutions().set(i, Integer.valueOf(this.RESOLUTION_CAP));
                }
            }
            return assignDomainCredentials(domainUser, ipAddressUsernamePasswordToken.getUsername(), ipAddressUsernamePasswordToken.getPassword() != null ? new String(ipAddressUsernamePasswordToken.getPassword()) : null, authenticate, authenticator.getClass().toString());
        } catch (AuthenticationFailureException e) {
            String str = "authenticateViaAuthenticators Failure: username=" + ipAddressUsernamePasswordToken.getUsername();
            this.log.info(str);
            throw new DataRetrievalFailureException(str);
        }
    }

    private User assignDomainCredentials(DomainUser domainUser, String str, String str2, Credentials credentials, String str3) {
        boolean z = false;
        if (domainUser == null) {
            z = true;
            domainUser = new DomainUser();
            domainUser.setDomainAuthenticationRequired(true);
            domainUser.setAuthenticatorType(str3);
            domainUser.setUsername(str);
            domainUser.setPassword(str2);
            domainUser.setEnabled(true);
            domainUser.setDefaultPageSize(this.defaultPageSize);
            domainUser.setDefaultThumbnailSize(this.defaultThumbnailSize);
            domainUser.setFirstName("");
            domainUser.setLastName("");
            domainUser.setEmail("");
        }
        if (credentials == null) {
            domainUser.setDomainCredentials(new Credentials(getDefaultCredentials()));
        } else {
            domainUser.setDomainCredentials(credentials);
        }
        if (z) {
            domainUser.setCredentials(getDefaultCredentials());
            domainUser.setCredentialsId(getDefaultCredentials().getId());
        }
        if (str3 == null || str3.isEmpty()) {
            domainUser.setMergedCredentials(domainUser.getDomainCredentials());
        } else {
            setMergedCredentials(domainUser, domainUser.getCredentials(), domainUser.getDomainCredentials());
        }
        if (z && credentials != null) {
            domainUser.setCredentialsId(credentials.getId());
        }
        if (z) {
            domainUser.setPassword("");
            saveUser(domainUser);
        }
        return domainUser;
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public IpRange authenticate(String str) throws DataAccessException {
        IpRange ipRange = null;
        for (IpRange ipRange2 : this.ipRangeCache.getAll()) {
            if (ipRange2.isSetAsDefault()) {
                ipRange = ipRange2;
            }
            if (ipRange2.contains(str)) {
                return ipRange2;
            }
        }
        return ipRange;
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public Map<Integer, String> getAllUsersMap(boolean z) throws DataAccessException {
        HashMap hashMap = new HashMap();
        for (User user : getAllUsers()) {
            if (z || user.isEnabled()) {
                hashMap.put(Integer.valueOf(user.getId()), user.getUsername());
            }
        }
        return hashMap;
    }

    public Map<String, String> getUsernameMap(boolean z) throws DataAccessException {
        CaseInsensitiveMap caseInsensitiveMap = new CaseInsensitiveMap();
        for (User user : getAllUsers()) {
            if (z || user.isEnabled()) {
                caseInsensitiveMap.put(user.getUsername(), "");
            }
        }
        return caseInsensitiveMap;
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public boolean isUniqueName(String str) {
        boolean z = false;
        if (getUsernameMap(true).containsKey(str)) {
            z = true;
        }
        if (z) {
            Iterator<Authenticator> it = this.authenticators.iterator();
            while (it.hasNext()) {
                z = it.next().isUniqueUsername(str);
                if (!z) {
                    break;
                }
            }
        }
        return z;
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public Collection<User> getAllUsers() throws DataAccessException {
        return this.userCache.getAll();
    }

    public User getUserWithPassword(String str, String str2) throws DataAccessException {
        Iterator<User> it = getAllUsers().iterator();
        while (it.hasNext()) {
            User next = it.next();
            if (next.getUsername().equalsIgnoreCase(str)) {
                if (!(next instanceof DomainUser) && !next.getPassword().equals(str2)) {
                    String str3 = "Need to check encrypted password for user: username=" + str;
                    this.log.debug(str3);
                    throw new DataRetrievalFailureException(str3);
                }
                return next;
            }
        }
        return null;
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public User getUser(String str, String str2) throws DataAccessException {
        for (User user : getAllUsers()) {
            if (user.getUsername().equals(str)) {
                return user;
            }
        }
        return null;
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public User getUserByEmailAddress(String str, String str2) throws DataAccessException {
        for (User user : getAllUsers()) {
            if (StringUtils.equalsIgnoreCase(user.getEmail(), str)) {
                return user;
            }
        }
        String str3 = "Failed attempt to process forgotten password: emailAddress=" + str + ", IP=" + str2;
        this.log.info(str3);
        throw new AuthenticationFailureException(str3);
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public User getUser(int i) throws DataAccessException {
        if (this.userCache.get(i) != null) {
            return (User) this.userCache.get(i);
        }
        String str = "Failed attempt to find user: id=" + i;
        this.log.info(str);
        throw new DataRetrievalFailureException(str);
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public void saveUser(User user) throws DataAccessException {
        try {
            saveObject(user);
            this.userCache.put(user.getId(), user);
        } catch (SQLException e) {
            String str = "Error saving user: username=" + user.getUsername();
            this.log.error(str);
            throw new DataRetrievalFailureException(str, e);
        }
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public String generateRandomPassword(int i) {
        Random random = new Random();
        char[] cArr = new char[i];
        int i2 = 0;
        while (i2 < i) {
            int nextInt = random.nextInt(74) + 48;
            if ((nextInt <= 57 || nextInt >= 65) && (nextInt <= 90 || nextInt >= 97)) {
                cArr[i2] = (char) nextInt;
            } else {
                i2--;
            }
            i2++;
        }
        return String.valueOf(cArr);
    }

    public void setMergedCredentials(User user, Credentials credentials, Credentials credentials2) {
        Credentials credentials3 = new Credentials();
        try {
            credentials3 = (Credentials) BeanUtils.cloneBean(credentials);
        } catch (Exception e) {
            this.log.error(e);
            e.printStackTrace();
        }
        credentials3.setExportAllowed(credentials.isExportAllowed() || credentials2.isExportAllowed());
        credentials3.setUploadAllowed(credentials.isUploadAllowed() || credentials2.isUploadAllowed());
        credentials3.setPublicContentAllowed(credentials.isPublicContentAllowed() || credentials2.isPublicContentAllowed());
        for (int i = 0; i < credentials2.getAuthorizedCollectionIds().size(); i++) {
            String str = (String) credentials2.getAuthorizedCollectionIds().get(i);
            int retrieveMaxResolution = credentials2.retrieveMaxResolution(str);
            int retrieveMaxExportResolution = credentials2.retrieveMaxExportResolution(str);
            int retrieveMaxResolution2 = credentials.retrieveMaxResolution(str);
            int retrieveMaxExportResolution2 = credentials.retrieveMaxExportResolution(str);
            if (retrieveMaxResolution2 == -1 || (retrieveMaxResolution2 > -1 && retrieveMaxResolution2 < retrieveMaxResolution)) {
                credentials3.updateMaxResolution(str, retrieveMaxResolution);
            }
            if (retrieveMaxExportResolution2 == -1 || (retrieveMaxExportResolution2 > -1 && retrieveMaxExportResolution2 < retrieveMaxExportResolution)) {
                credentials3.updateMaxExportResolution(str, retrieveMaxExportResolution);
            }
        }
        user.setMergedCredentials(credentials3);
    }

    private Credentials getCredentials(int i) throws DataRetrievalFailureException {
        return (Credentials) this.credentialsCache.get(i);
    }

    private void constructUserCache() throws SQLException {
        this.log.debug("Start constructing User cache.");
        new ArrayList();
        new ArrayList();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("domainAuthenticationRequired", 0);
        hashMap2.put("domainAuthenticationRequired", 1);
        Collection<User> constructObjects = constructObjects(User.class, hashMap);
        Collection<DomainUser> constructObjects2 = constructObjects(DomainUser.class, hashMap2);
        int i = 0;
        for (User user : constructObjects) {
            user.setCredentials(getCredentials(user.getCredentialsId()));
            this.userCache.put(user.getId(), user);
            if (this.log.isDebugEnabled()) {
                i++;
                if (i % 50 == 1) {
                    this.log.debug("Adding User: " + user.getUsername() + ", # " + i + " of " + constructObjects.size() + " total users.");
                }
            }
        }
        this.log.debug("Finished constructing User cache.");
        this.log.debug("Start constructing DomainUser cache.");
        int i2 = 0;
        for (DomainUser domainUser : constructObjects2) {
            domainUser.setCredentials(getCredentials(domainUser.getCredentialsId()));
            if (domainUser.isDomainAuthenticationRequired()) {
                this.userCache.put(domainUser.getId(), domainUser);
            }
            if (this.log.isDebugEnabled()) {
                i2++;
                if (i2 % 50 == 1) {
                    this.log.info("Adding User: " + domainUser.getUsername() + ", # " + i2 + " of " + constructObjects.size() + " total users.");
                }
            }
        }
        this.log.debug("Finished constructing DomainUser cache.");
    }

    private void constructIpRangeCache() throws SQLException {
        this.log.debug("Start constructing IP Range cache.");
        new ArrayList();
        Collection<IpRange> allObjects = getAllObjects(IpRange.class);
        int i = 0;
        for (IpRange ipRange : allObjects) {
            ipRange.setCredentials(getCredentials(ipRange.getCredentialsId()));
            this.ipRangeCache.put(ipRange.getId(), ipRange);
            if (this.log.isDebugEnabled()) {
                i++;
                this.log.debug("Adding IP Range: " + ipRange.getLocation() + " (" + ipRange.getStartIp() + "-" + ipRange.getEndIp() + "), # " + i + " of " + allObjects.size() + " total IP Ranges.");
            }
        }
        this.log.debug("Finished constructing IP Range cache.");
    }

    private void constructCredentialsCache() throws SQLException {
        this.log.debug("Start constructing Credentials cache.");
        new ArrayList();
        Collection<Credentials> allObjects = getAllObjects(Credentials.class);
        int i = 0;
        for (Credentials credentials : allObjects) {
            this.credentialsCache.put(credentials.getId(), credentials);
            if (this.log.isDebugEnabled()) {
                i++;
                this.log.debug("Adding Credentials: " + credentials.getName() + ", # " + i + " of " + allObjects.size() + " total Credentials.");
            }
            if (credentials.isUseAsDefault()) {
                this.defaultCredentials = credentials;
            }
        }
        this.log.debug("Finished constructing Credentials cache.");
    }

    private void constructDefaultCredentials() {
        for (Authenticator authenticator : this.authenticators) {
            Object obj = this.credentialsCache.get(authenticator.getDefaultCredentialsId());
            if (obj != null) {
                Credentials credentials = (Credentials) obj;
                authenticator.setDefaultCredentals(credentials);
                this.log.debug("Authenticator = " + authenticator.toString() + " default Credentials set. Credentials id = " + credentials.getId());
            }
        }
    }

    @Override // com.lunaimaging.insight.core.dao.AuthenticationDao
    public Credentials getDefaultCredentials() {
        return this.defaultCredentials;
    }

    public void setDefaultCredentials(Credentials credentials) {
        this.defaultCredentials = credentials;
    }

    public void setMediaCollectionList(List<MediaCollection> list) {
        this.mediaCollections = list;
    }

    @Override // com.lunaimaging.insight.core.domain.logic.Maintainable
    public void startMaintenance() throws Exception {
        this.userCache.purge();
        this.ipRangeCache.purge();
        this.credentialsCache.purge();
        this.defaultCredentials = null;
        this.initialized = false;
        if (this.isLuna7) {
            endMaintenance();
        }
    }

    @Override // com.lunaimaging.insight.core.domain.logic.Maintainable
    public void endMaintenance() throws Exception {
        initialize();
    }

    public List<Authenticator> getAuthenticators() {
        return this.authenticators;
    }

    public void setAuthenticators(List<Authenticator> list) {
        this.authenticators = list;
    }

    public int getDefaultPageSize() {
        return this.defaultPageSize;
    }

    public void setDefaultPageSize(int i) {
        this.defaultPageSize = i;
    }

    public int getDefaultThumbnailSize() {
        return this.defaultThumbnailSize;
    }

    public void setDefaultThumbnailSize(int i) {
        this.defaultThumbnailSize = i;
    }
}
