package pl.psnc.dlibra.service;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.rmi.RemoteException;
import java.rmi.server.RemoteServer;
import java.rmi.server.ServerNotActiveException;
import java.rmi.server.UnicastRemoteObject;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.apache.log4j.Logger;
import pl.psnc.dlibra.mgmt.ServiceResolver;
import pl.psnc.dlibra.service.conf.ServiceConfigurationBean;
import pl.psnc.dlibra.service.util.ThreadLocal;
import pl.psnc.dlibra.system.SystemServices;
import pl.psnc.dlibra.user.UserId;

/* loaded from: input_file:WEB-INF/lib/dlteam-fwork-services-common-1.0.6.jar:pl/psnc/dlibra/service/DefaultPasswordChecker.class */
public class DefaultPasswordChecker extends UnicastRemoteObject implements PasswordChecker {
    private static final long serialVersionUID = -5596834787826735317L;
    private ServiceConfigurationBean serviceConfigurationBean;
    private ServiceResolver serviceResolver;
    private byte[] random;
    private AbstractServiceFactory serviceFactory;
    private final InetAddress serverAddress;
    public static Class<? extends AbstractUserAuthenticator> userAuthenticatorClass;
    private static Set<ServiceType> FOR_SERVICES = new HashSet(Arrays.asList(SystemServices.SERVICE_TYPE));
    private static Logger logger = Logger.getLogger(DefaultPasswordChecker.class.getName());
    private static final ThreadLocal<Boolean> ipChecked = new ThreadLocal<Boolean>() { // from class: pl.psnc.dlibra.service.DefaultPasswordChecker.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // pl.psnc.dlibra.service.util.ThreadLocal
        public Boolean get() {
            return super.get() == null ? Boolean.FALSE : (Boolean) super.get();
        }
    };
    private static ThreadLocal<UserId> user = new ThreadLocal<>();
    private PasswordManager pm = new PasswordManager();
    private ServiceInfo loggedServiceInfo = null;
    private boolean authorized = false;
    private UserId authorizedUser = null;

    public DefaultPasswordChecker(ServiceResolver serviceResolver, ServiceConfigurationBean serviceConfigurationBean, AbstractServiceFactory abstractServiceFactory) throws RemoteException {
        this.serviceConfigurationBean = null;
        this.serviceResolver = null;
        this.serviceResolver = serviceResolver;
        this.serviceConfigurationBean = serviceConfigurationBean;
        this.serviceFactory = abstractServiceFactory;
        this.serverAddress = serviceConfigurationBean.getServerHost();
    }

    @Override // pl.psnc.dlibra.service.PasswordChecker
    public byte[] getRandom() {
        byte[] random = this.pm.getRandom();
        this.random = random;
        return random;
    }

    @Override // pl.psnc.dlibra.service.PasswordChecker
    public Service getService() throws AccessDeniedException, DLibraException, RemoteException {
        return getService(user.get() != null ? user.get() : this.authorizedUser);
    }

    @Override // pl.psnc.dlibra.service.PasswordChecker
    public Service getService(UserId userId) throws AccessDeniedException, DLibraException, RemoteException {
        checkAuthorization(userId);
        AbstractService serviceInstance = this.serviceFactory.getServiceInstance();
        if (serviceInstance != null) {
            serviceInstance.setConfiguration(this.serviceResolver, this.serviceConfigurationBean, this.loggedServiceInfo, this.loggedServiceInfo == null ? userId : null);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Returning configured service instance: \n\tClass: " + serviceInstance.getClass().getName() + "\n\tURL:" + this.serviceConfigurationBean.getURL() + "\n\tLogged service: " + this.loggedServiceInfo + "\n\tUser: " + userId);
        }
        return serviceInstance;
    }

    @Override // pl.psnc.dlibra.service.PasswordChecker
    public boolean checkPassword(ServiceUrl serviceUrl, byte[] bArr) throws RemoteException, DLibraException {
        InetAddress inetAddress;
        logger.debug(String.format("%s: Checking password for %s", this.serviceFactory.getClass().getName(), serviceUrl));
        if (this.serviceConfigurationBean.getURL().equals(serviceUrl)) {
            this.loggedServiceInfo = this.serviceConfigurationBean.getServiceInfo();
            boolean equals = Arrays.equals(this.pm.getHash(this.random, this.serviceConfigurationBean.getPassword()), bArr);
            this.authorized = equals;
            return equals;
        }
        Boolean bool = ipChecked.get();
        ipChecked.set(Boolean.TRUE);
        SystemServices systemServices = this.serviceResolver.getSystemServices();
        ipChecked.set(bool);
        try {
            this.loggedServiceInfo = systemServices.getServiceInfo(serviceUrl);
            if (logger.isDebugEnabled()) {
                logger.debug("Checking password for service \"" + this.loggedServiceInfo.getURL() + "\" which tries to access service " + this.serviceFactory.getServiceType());
            }
            try {
                inetAddress = InetAddress.getByName(RemoteServer.getClientHost());
            } catch (ServerNotActiveException e) {
                logger.debug(e.getMessage() + "RMI Server not active. Assuming host from license. ");
                inetAddress = this.serverAddress;
            } catch (UnknownHostException e2) {
                logger.error("Unknown RMI client host!", e2);
                this.authorized = false;
                return false;
            }
            InetAddress host = this.loggedServiceInfo.getURL().getHost();
            if (!inetAddress.equals(host) && (!host.equals(this.serverAddress) || !ipChecked.get().booleanValue())) {
                logger.error("Service address comparison failed! Should be:" + host + " or " + this.serverAddress + ", was: " + inetAddress);
                this.authorized = false;
                return false;
            }
            if (this.loggedServiceInfo == null) {
                this.authorized = false;
                return false;
            }
            this.authorized = Arrays.equals(systemServices.getPasswordHash(this.random, this.loggedServiceInfo.getId()), bArr);
            if (this.authorized) {
                ipChecked.set(Boolean.TRUE);
            }
            return this.authorized;
        } catch (AccessDeniedException e3) {
            this.authorized = false;
            return false;
        } catch (IdNotFoundException e4) {
            this.authorized = false;
            return false;
        }
    }

    @Override // pl.psnc.dlibra.service.PasswordChecker
    public boolean checkPassword(AuthorizationToken authorizationToken) throws RemoteException, AccessDeniedException, DLibraException {
        logger.info("Checking password for user \"" + authorizationToken.getLogin() + "\" which tries to access service " + this.serviceFactory.getServiceType());
        try {
            try {
                authorizationToken.setAddress(InetAddress.getByName(RemoteServer.getClientHost()));
                if (logger.isDebugEnabled()) {
                    logger.debug("\t*** User host/IP: " + authorizationToken.getAddress());
                }
                setIpChecked(Boolean.TRUE);
                AbstractUserAuthenticator abstractUserAuthenticator = null;
                UserId userId = null;
                try {
                    try {
                        abstractUserAuthenticator = userAuthenticatorClass.getConstructor(AuthorizationToken.class, ServiceResolver.class).newInstance(authorizationToken, this.serviceResolver);
                        userId = abstractUserAuthenticator.getUserId();
                    } catch (Exception e) {
                        logger.error("Error while creating authenticator instanceconnecting to service or user not found!", e);
                    }
                    if (userId == null) {
                        this.authorized = false;
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("\t*** User id: " + userId);
                        }
                        user.set(userId);
                        this.authorized = abstractUserAuthenticator.authenticateUser();
                        this.authorizedUser = userId;
                    }
                } catch (AccessDeniedException e2) {
                    this.authorized = false;
                } catch (IdNotFoundException e3) {
                    this.authorized = false;
                }
                boolean z = this.authorized;
                logger.info("Authorized: " + this.authorized);
                return z;
            } catch (UnknownHostException e4) {
                throw new RemoteException(e4.getMessage(), e4);
            } catch (ServerNotActiveException e5) {
                throw new RemoteException(e5.getMessage(), e5);
            }
        } catch (Throwable th) {
            logger.info("Authorized: " + this.authorized);
            throw th;
        }
    }

    private void checkAuthorization(UserId userId) throws AccessDeniedException {
        UserId userId2 = null;
        if (user.get() != null) {
            userId2 = user.get();
        }
        ServiceUrl url = this.loggedServiceInfo == null ? null : this.loggedServiceInfo.getURL();
        if (!this.authorized) {
            throw new AccessDeniedException(url, "Bad authorization.", userId2);
        }
        if (userId2 != null && !userId2.equals(userId)) {
            throw new AccessDeniedException(url, "Bad authorization.", userId2);
        }
        ServiceType serviceType = this.serviceConfigurationBean.getServiceType();
        if (this.loggedServiceInfo == null && FOR_SERVICES.contains(serviceType)) {
            throw new AccessDeniedException(url, "Service available only for services.", userId2);
        }
    }

    public static void setIpChecked(Boolean bool) {
        ipChecked.set(bool);
    }

    public static void setUser(UserId userId) {
        user.set(userId);
    }

    public static UserId getUserId() {
        return user.get();
    }
}
