package org.apache.ofbiz.webapp.control;

import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.ServiceLoader;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.PageContext;
import javax.transaction.Transaction;
import org.apache.ofbiz.accounting.thirdparty.eway.GatewayRequest;
import org.apache.ofbiz.base.component.ComponentConfig;
import org.apache.ofbiz.base.util.Debug;
import org.apache.ofbiz.base.util.GeneralException;
import org.apache.ofbiz.base.util.KeyStoreUtil;
import org.apache.ofbiz.base.util.StringUtil;
import org.apache.ofbiz.base.util.UtilDateTime;
import org.apache.ofbiz.base.util.UtilFormatOut;
import org.apache.ofbiz.base.util.UtilGenerics;
import org.apache.ofbiz.base.util.UtilHttp;
import org.apache.ofbiz.base.util.UtilMisc;
import org.apache.ofbiz.base.util.UtilProperties;
import org.apache.ofbiz.base.util.UtilValidate;
import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.DelegatorFactory;
import org.apache.ofbiz.entity.EntityCryptoException;
import org.apache.ofbiz.entity.GenericEntityException;
import org.apache.ofbiz.entity.GenericValue;
import org.apache.ofbiz.entity.condition.EntityCondition;
import org.apache.ofbiz.entity.condition.EntityConditionList;
import org.apache.ofbiz.entity.condition.EntityFieldMap;
import org.apache.ofbiz.entity.condition.EntityOperator;
import org.apache.ofbiz.entity.model.ModelField;
import org.apache.ofbiz.entity.serialize.XmlSerializer;
import org.apache.ofbiz.entity.transaction.GenericTransactionException;
import org.apache.ofbiz.entity.transaction.TransactionUtil;
import org.apache.ofbiz.entity.util.EntityCrypto;
import org.apache.ofbiz.entity.util.EntityQuery;
import org.apache.ofbiz.entity.util.EntityUtil;
import org.apache.ofbiz.entity.util.EntityUtilProperties;
import org.apache.ofbiz.security.Security;
import org.apache.ofbiz.security.SecurityConfigurationException;
import org.apache.ofbiz.security.SecurityFactory;
import org.apache.ofbiz.service.GenericServiceException;
import org.apache.ofbiz.service.LocalDispatcher;
import org.apache.ofbiz.service.ModelService;
import org.apache.ofbiz.service.ServiceUtil;
import org.apache.ofbiz.webapp.WebAppUtil;
import org.apache.ofbiz.webapp.stats.VisitHandler;
import org.apache.ofbiz.webtools.artifactinfo.ArtifactInfoFactory;
import org.apache.ofbiz.webtools.labelmanager.LabelManagerFactory;
import org.apache.ofbiz.widget.model.ThemeFactory;
import org.apache.ofbiz.widget.renderer.VisualTheme;

/* loaded from: input_file:org/apache/ofbiz/webapp/control/LoginWorker.class */
public class LoginWorker {
    public static final String resourceWebapp = "SecurityextUiLabels";
    public static final String X509_CERT_ATTR = "SSLx509Cert";
    public static final String module = LoginWorker.class.getName();
    public static final String securityProperties = "security.properties";
    private static final String keyValue = UtilProperties.getPropertyValue(securityProperties, "login.secret_key_string");

    public static StringUtil.StringWrapper makeLoginUrl(PageContext pageContext) {
        return makeLoginUrl(pageContext, "checkLogin");
    }

    public static StringUtil.StringWrapper makeLoginUrl(HttpServletRequest httpServletRequest) {
        return makeLoginUrl(httpServletRequest, "checkLogin");
    }

    public static StringUtil.StringWrapper makeLoginUrl(PageContext pageContext, String str) {
        return makeLoginUrl(pageContext.getRequest(), str);
    }

    public static StringUtil.StringWrapper makeLoginUrl(HttpServletRequest httpServletRequest, String str) {
        String urlEncodeArgs = UtilHttp.urlEncodeArgs(UtilHttp.getUrlOnlyParameterMap(httpServletRequest));
        String checkNull = UtilFormatOut.checkNull((String) httpServletRequest.getAttribute("_CURRENT_VIEW_"));
        String str2 = "/" + str;
        if ("login".equals(checkNull)) {
            return StringUtil.wrapString(str2);
        }
        if (UtilValidate.isNotEmpty(checkNull)) {
            str2 = str2 + "/" + checkNull;
        }
        if (UtilValidate.isNotEmpty(urlEncodeArgs)) {
            str2 = str2 + "?" + urlEncodeArgs;
        }
        return StringUtil.wrapString(str2);
    }

    /* JADX WARN: Finally extract failed */
    public static void setLoggedOut(String str, Delegator delegator) {
        if (UtilValidate.isEmpty(str) && Debug.warningOn()) {
            Debug.logWarning("Called setLogged out with empty userLoginId", module);
        }
        Transaction transaction = null;
        try {
            try {
                transaction = TransactionUtil.suspend();
            } catch (Throwable th) {
                if (transaction != null) {
                    try {
                        TransactionUtil.resume(transaction);
                        if (Debug.verboseOn()) {
                            Debug.logVerbose("Resumed the parent transaction.", module);
                        }
                    } catch (GenericTransactionException e) {
                        Debug.logError(e, "Cannot resume transaction: " + e.getMessage(), module);
                    }
                }
                throw th;
            }
        } catch (GenericTransactionException e2) {
            Debug.logError(e2, "Cannot suspend current transaction: " + e2.getMessage(), module);
        }
        try {
            try {
                boolean begin = TransactionUtil.begin();
                GenericValue queryOne = EntityQuery.use(delegator).from("UserLogin").where("userLoginId", str).queryOne();
                if (queryOne == null) {
                    Debug.logError("Could not find UserLogin record for setLoggedOut with userLoginId [" + str + "]", module);
                } else {
                    queryOne.set("hasLoggedOut", "Y");
                    queryOne.store();
                }
                try {
                    TransactionUtil.commit(begin);
                } catch (GenericTransactionException e3) {
                    Debug.logError(e3, "Could not commit nested transaction: " + e3.getMessage(), module);
                }
            } catch (GenericEntityException e4) {
                Debug.logError(e4, "Unable to set logged out flag on UserLogin", module);
                try {
                    TransactionUtil.rollback(false, "Unable to set logged out flag on UserLogin", e4);
                } catch (GenericTransactionException e5) {
                    Debug.logError(e5, "Could not rollback nested transaction: " + e4.getMessage(), module);
                }
                try {
                    TransactionUtil.commit(false);
                } catch (GenericTransactionException e6) {
                    Debug.logError(e6, "Could not commit nested transaction: " + e6.getMessage(), module);
                }
            }
            if (transaction != null) {
                try {
                    TransactionUtil.resume(transaction);
                    if (Debug.verboseOn()) {
                        Debug.logVerbose("Resumed the parent transaction.", module);
                    }
                } catch (GenericTransactionException e7) {
                    Debug.logError(e7, "Cannot resume transaction: " + e7.getMessage(), module);
                }
            }
        } catch (Throwable th2) {
            try {
                TransactionUtil.commit(false);
            } catch (GenericTransactionException e8) {
                Debug.logError(e8, "Could not commit nested transaction: " + e8.getMessage(), module);
            }
            throw th2;
        }
    }

    public static GenericValue checkLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        GenericValue genericValue = (GenericValue) httpServletRequest.getSession().getAttribute("userLogin");
        if (genericValue != null && "anonymous".equals(genericValue.getString("userLoginId"))) {
            genericValue = null;
        }
        if (genericValue != null) {
            List checkList = UtilGenerics.checkList(httpServletRequest.getAttribute("_ERROR_MESSAGE_LIST"));
            if (!hasBasePermission(genericValue, httpServletRequest) || isFlaggedLoggedOut(genericValue, genericValue.getDelegator())) {
                if (checkList == null) {
                    checkList = new LinkedList();
                    httpServletRequest.setAttribute("_ERROR_MESSAGE_LIST", checkList);
                }
                checkList.add("User does not have permission or is flagged as logged out");
                if (Debug.infoOn()) {
                    Debug.logInfo("User does not have permission or is flagged as logged out", module);
                }
                doBasicLogout(genericValue, httpServletRequest, httpServletResponse);
                genericValue = null;
            }
        }
        return genericValue;
    }

    public static String extensionCheckLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String associate;
        Iterator it = ServiceLoader.load(LoginCheck.class).iterator();
        while (it.hasNext()) {
            LoginCheck loginCheck = (LoginCheck) it.next();
            if (loginCheck.isEnabled() && (associate = loginCheck.associate(httpServletRequest, httpServletResponse)) != null) {
                return associate;
            }
        }
        return checkLogin(httpServletRequest, httpServletResponse);
    }

    public static String extensionConnectLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String check;
        Iterator it = ServiceLoader.load(LoginCheck.class).iterator();
        while (it.hasNext()) {
            LoginCheck loginCheck = (LoginCheck) it.next();
            if (loginCheck.isEnabled() && (check = loginCheck.check(httpServletRequest, httpServletResponse)) != null) {
                return check;
            }
        }
        return ModelService.RESPOND_SUCCESS;
    }

    public static String checkLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        GenericValue checkLogout = checkLogout(httpServletRequest, httpServletResponse);
        HttpSession session = httpServletRequest.getSession();
        if (checkLogout != null) {
            return ModelService.RESPOND_SUCCESS;
        }
        String parameter = httpServletRequest.getParameter("USERNAME");
        String parameter2 = httpServletRequest.getParameter("PASSWORD");
        if (parameter == null) {
            parameter = (String) session.getAttribute("USERNAME");
        }
        if (parameter2 == null) {
            parameter2 = (String) session.getAttribute("PASSWORD");
        }
        if (parameter != null && parameter2 != null && !"error".equals(login(httpServletRequest, httpServletResponse))) {
            return ModelService.RESPOND_SUCCESS;
        }
        httpServletRequest.removeAttribute("_LOGIN_PASSED_");
        session.setAttribute("_PREVIOUS_REQUEST_", httpServletRequest.getPathInfo());
        Map<String, Object> urlOnlyParameterMap = UtilHttp.getUrlOnlyParameterMap(httpServletRequest);
        if (UtilValidate.isNotEmpty(urlOnlyParameterMap)) {
            session.setAttribute("_PREVIOUS_PARAM_MAP_URL_", urlOnlyParameterMap);
        }
        Map<String, Object> parameterMap = UtilHttp.getParameterMap(httpServletRequest, urlOnlyParameterMap.keySet(), false);
        if (!UtilValidate.isNotEmpty(parameterMap)) {
            return "error";
        }
        session.setAttribute("_PREVIOUS_PARAM_MAP_FORM_", parameterMap);
        return "error";
    }

    public static String login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        if (!session.isNew()) {
            httpServletRequest.changeSessionId();
        }
        Delegator delegator = (Delegator) httpServletRequest.getAttribute("delegator");
        String parameter = httpServletRequest.getParameter("USERNAME");
        String parameter2 = httpServletRequest.getParameter("PASSWORD");
        String parameter3 = httpServletRequest.getParameter("forgotPwdFlag");
        EntityCrypto entityCrypto = null;
        try {
            entityCrypto = new EntityCrypto(delegator, null);
        } catch (EntityCryptoException e) {
            Debug.logError(e.getMessage(), module);
        }
        if (entityCrypto != null && "true".equals(parameter3)) {
            try {
                parameter2 = entityCrypto.decrypt(keyValue, ModelField.EncryptMethod.TRUE, parameter2).toString();
            } catch (GeneralException e2) {
                Debug.logError(e2, "Current Password Decryption failed", module);
            }
        }
        if (parameter == null) {
            parameter = (String) session.getAttribute("USERNAME");
        }
        if (parameter2 == null) {
            parameter2 = (String) session.getAttribute("PASSWORD");
        }
        if (UtilValidate.isNotEmpty(httpServletRequest.getAttribute("USERNAME"))) {
            parameter = (String) httpServletRequest.getAttribute("USERNAME");
        }
        if (UtilValidate.isNotEmpty(httpServletRequest.getAttribute("PASSWORD"))) {
            parameter2 = (String) httpServletRequest.getAttribute("PASSWORD");
        }
        LinkedList linkedList = new LinkedList();
        if (UtilValidate.isEmpty(parameter)) {
            linkedList.add(UtilProperties.getMessage("SecurityextUiLabels", "loginevents.username_was_empty_reenter", UtilHttp.getLocale(httpServletRequest)));
        }
        if (UtilValidate.isEmpty(parameter2)) {
            linkedList.add(UtilProperties.getMessage("SecurityextUiLabels", "loginevents.password_was_empty_reenter", UtilHttp.getLocale(httpServletRequest)));
        }
        boolean equals = "Y".equals(httpServletRequest.getParameter("requirePasswordChange"));
        if (!linkedList.isEmpty()) {
            httpServletRequest.setAttribute("_ERROR_MESSAGE_LIST_", linkedList);
            return equals ? "requirePasswordChange" : "error";
        }
        boolean z = false;
        LocalDispatcher localDispatcher = (LocalDispatcher) httpServletRequest.getAttribute("dispatcher");
        ServletContext servletContext = session.getServletContext();
        String parameter4 = httpServletRequest.getParameter("userTenantId");
        if (UtilValidate.isEmpty(parameter4)) {
            parameter4 = (String) httpServletRequest.getAttribute("userTenantId");
        }
        if (UtilValidate.isNotEmpty(parameter4)) {
            String delegatorName = delegator.getDelegatorName();
            int indexOf = delegatorName.indexOf(35);
            String str = null;
            if (indexOf > 0) {
                str = delegatorName.substring(indexOf + 1);
                if (str != null) {
                    str = str.trim();
                }
            }
            if (indexOf == -1 || (str != null && !parameter4.equals(str))) {
                try {
                    delegator = DelegatorFactory.getDelegator(delegator.getDelegatorBaseName() + LabelManagerFactory.keySeparator + parameter4);
                    localDispatcher = WebAppUtil.makeWebappDispatcher(servletContext, delegator);
                    z = true;
                } catch (NullPointerException e3) {
                    Debug.logError(e3, "Error getting tenant delegator", module);
                    httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.following_error_occurred_during_login", (Map<String, ? extends Object>) UtilMisc.toMap(ModelService.ERROR_MESSAGE, "Tenant [" + parameter4 + "]  not found..."), UtilHttp.getLocale(httpServletRequest)));
                    return "error";
                }
            }
        } else {
            if (Debug.infoOn()) {
                Debug.logInfo("Setting default delegator", module);
            }
            try {
                delegator = DelegatorFactory.getDelegator(delegator.getDelegatorBaseName());
                localDispatcher = WebAppUtil.makeWebappDispatcher(servletContext, delegator);
                z = true;
            } catch (NullPointerException e4) {
                Debug.logError(e4, "Error getting default delegator", module);
                httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.following_error_occurred_during_login", (Map<String, ? extends Object>) UtilMisc.toMap(ModelService.ERROR_MESSAGE, "Error getting default delegator"), UtilHttp.getLocale(httpServletRequest)));
                return "error";
            }
        }
        try {
            Map<String, Object> runSync = localDispatcher.runSync("userLogin", UtilMisc.toMap("login.username", parameter, "login.password", parameter2, "visitId", VisitHandler.getVisitId(session), "locale", UtilHttp.getLocale(httpServletRequest), ArtifactInfoFactory.ControllerRequestInfoTypeId, httpServletRequest));
            if (!ModelService.RESPOND_SUCCESS.equals(runSync.get(ModelService.RESPONSE_MESSAGE))) {
                httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.following_error_occurred_during_login", (Map<String, ? extends Object>) UtilMisc.toMap(ModelService.ERROR_MESSAGE, (String) runSync.get(ModelService.ERROR_MESSAGE)), UtilHttp.getLocale(httpServletRequest)));
                return equals ? "requirePasswordChange" : "error";
            }
            GenericValue genericValue = (GenericValue) runSync.get("userLogin");
            if (equals) {
                Map<String, ? extends Object> map = UtilMisc.toMap("login.username", parameter, "login.password", parameter2, "locale", UtilHttp.getLocale(httpServletRequest));
                map.put("userLoginId", parameter);
                map.put("currentPassword", parameter2);
                map.put("newPassword", httpServletRequest.getParameter("newPassword"));
                map.put("newPasswordVerify", httpServletRequest.getParameter("newPasswordVerify"));
                try {
                    Map<String, Object> runSync2 = localDispatcher.runSync("updatePassword", map);
                    if (ServiceUtil.isError(runSync2)) {
                        String str2 = (String) runSync2.get(ModelService.ERROR_MESSAGE);
                        if (UtilValidate.isNotEmpty(str2)) {
                            httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.following_error_occurred_during_login", (Map<String, ? extends Object>) UtilMisc.toMap(ModelService.ERROR_MESSAGE, str2), UtilHttp.getLocale(httpServletRequest)));
                        }
                        httpServletRequest.setAttribute("_ERROR_MESSAGE_LIST_", runSync2.get(ModelService.ERROR_MESSAGE_LIST));
                        return "requirePasswordChange";
                    }
                    try {
                        genericValue.refresh();
                    } catch (GenericEntityException e5) {
                        Debug.logError(e5, "Error refreshing userLogin value", module);
                        httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.following_error_occurred_during_login", (Map<String, ? extends Object>) UtilMisc.toMap(ModelService.ERROR_MESSAGE, e5.getMessage()), UtilHttp.getLocale(httpServletRequest)));
                        return "requirePasswordChange";
                    }
                } catch (GenericServiceException e6) {
                    Debug.logError(e6, "Error calling updatePassword service", module);
                    httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.following_error_occurred_during_login", (Map<String, ? extends Object>) UtilMisc.toMap(ModelService.ERROR_MESSAGE, e6.getMessage()), UtilHttp.getLocale(httpServletRequest)));
                    return "requirePasswordChange";
                }
            }
            if (z) {
                setWebContextObjects(httpServletRequest, httpServletResponse, delegator, localDispatcher);
            }
            Map checkMap = UtilGenerics.checkMap(runSync.get("userLoginSession"), String.class, Object.class);
            if (genericValue != null && "Y".equals(genericValue.getString("requirePasswordChange"))) {
                return "requirePasswordChange";
            }
            if ("true".equalsIgnoreCase(EntityUtilProperties.getPropertyValue("security", "user.auto.change.password.enable", "false", delegator)) && "requirePasswordChange".equals(autoChangePassword(httpServletRequest, httpServletResponse))) {
                return "requirePasswordChange";
            }
            try {
                localDispatcher.runSync("setUserPreference", UtilMisc.toMap("userPrefTypeId", "javaScriptEnabled", "userPrefGroupTypeId", "GLOBAL_PREFERENCES", "userPrefValue", "Y".equals(httpServletRequest.getParameter("JavaScriptEnabled")) ? "Y" : "N", "userLogin", genericValue));
            } catch (GenericServiceException e7) {
                Debug.logError(e7, "Error setting user preference", module);
            }
            return doMainLogin(httpServletRequest, httpServletResponse, genericValue, checkMap);
        } catch (GenericServiceException e8) {
            Debug.logError(e8, "Error calling userLogin service", module);
            httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.following_error_occurred_during_login", (Map<String, ? extends Object>) UtilMisc.toMap(ModelService.ERROR_MESSAGE, e8.getMessage()), UtilHttp.getLocale(httpServletRequest)));
            return "error";
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setWebContextObjects(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Delegator delegator, LocalDispatcher localDispatcher) {
        HttpSession session = httpServletRequest.getSession();
        Security security = null;
        try {
            security = SecurityFactory.getInstance(delegator);
        } catch (SecurityConfigurationException e) {
            Debug.logError(e, module);
        }
        httpServletRequest.setAttribute("delegator", delegator);
        httpServletRequest.setAttribute("dispatcher", localDispatcher);
        httpServletRequest.setAttribute("security", security);
        session.setAttribute("delegatorName", delegator.getDelegatorName());
        session.setAttribute("delegator", delegator);
        session.setAttribute("dispatcher", localDispatcher);
        session.setAttribute("security", security);
        session.removeAttribute("visitor");
        session.removeAttribute("visit");
        VisitHandler.getVisitor(httpServletRequest, httpServletResponse);
        VisitHandler.getVisit(session);
    }

    public static String doMainLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, GenericValue genericValue, Map<String, Object> map) {
        HttpSession session = httpServletRequest.getSession();
        if (genericValue == null || !hasBasePermission(genericValue, httpServletRequest)) {
            httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.unable_to_login_this_application", UtilHttp.getLocale(httpServletRequest)));
            return "error";
        }
        doBasicLogin(genericValue, httpServletRequest);
        if (map != null) {
            session.setAttribute("userLoginSession", map);
        }
        httpServletRequest.setAttribute("_LOGIN_PASSED_", "TRUE");
        RequestHandler.getRequestHandler(httpServletRequest.getSession().getServletContext()).runAfterLoginEvents(httpServletRequest, httpServletResponse);
        autoLoginSet(httpServletRequest, httpServletResponse);
        return autoLoginCheck(httpServletRequest, httpServletResponse);
    }

    public static void doBasicLogin(GenericValue genericValue, HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        session.setAttribute("userLogin", genericValue);
        String str = null;
        try {
            str = (String) ((LocalDispatcher) httpServletRequest.getAttribute("dispatcher")).runSync("getUserPreference", UtilMisc.toMap("userPrefTypeId", "javaScriptEnabled", "userPrefGroupTypeId", "GLOBAL_PREFERENCES", "userLogin", genericValue)).get("userPrefValue");
        } catch (GenericServiceException e) {
            Debug.logError(e, "Error getting user preference", module);
        }
        session.setAttribute("javaScriptEnabled", Boolean.valueOf("Y".equals(str)));
        UtilHttp.setVisualTheme(session, (VisualTheme) null);
        UtilHttp.setVisualTheme(session, ThemeFactory.resolveVisualTheme(httpServletRequest));
        if (genericValue.getModelEntity().isField("partyId")) {
            try {
                GenericValue relatedOne = genericValue.getRelatedOne("Person", false);
                GenericValue relatedOne2 = genericValue.getRelatedOne("PartyGroup", false);
                if (relatedOne != null) {
                    session.setAttribute("person", relatedOne);
                }
                if (relatedOne2 != null) {
                    session.setAttribute("partyGroup", relatedOne2);
                }
            } catch (GenericEntityException e2) {
                Debug.logError(e2, "Error getting person/partyGroup info for session, ignoring...", module);
            }
        }
        VisitHandler.setUserLogin(session, genericValue, false);
    }

    public static String logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        RequestHandler.getRequestHandler(httpServletRequest.getSession().getServletContext()).runBeforeLogoutEvents(httpServletRequest, httpServletResponse);
        doBasicLogout((GenericValue) httpServletRequest.getSession().getAttribute("userLogin"), httpServletRequest, httpServletResponse);
        return httpServletRequest.getAttribute("_AUTO_LOGIN_LOGOUT_") == null ? autoLoginCheck(httpServletRequest, httpServletResponse) : ModelService.RESPOND_SUCCESS;
    }

    public static void doBasicLogout(GenericValue genericValue, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        Delegator delegator = (Delegator) httpServletRequest.getAttribute("delegator");
        Security security = (Security) httpServletRequest.getAttribute("security");
        if (security != null && genericValue != null) {
            security.clearUserData(genericValue);
        }
        if (genericValue != null) {
            setLoggedOut(genericValue.getString("userLoginId"), delegator);
        }
        String str = (String) session.getAttribute("CURRENT_CATALOG_ID");
        String str2 = (String) session.getAttribute("delegatorName");
        httpServletRequest.removeAttribute("delegator");
        httpServletRequest.removeAttribute("dispatcher");
        httpServletRequest.removeAttribute("security");
        session.invalidate();
        HttpSession session2 = httpServletRequest.getSession(true);
        if (EntityUtilProperties.propertyValueEquals("security", "security.login.tomcat.sso", "true")) {
            try {
                httpServletRequest.logout();
            } catch (ServletException e) {
                Debug.logError((Throwable) e, module);
            }
        }
        UtilHttp.setInitialRequestInfo(httpServletRequest);
        if (str != null) {
            session2.setAttribute("CURRENT_CATALOG_ID", str);
        }
        if (str2 != null) {
            session2.setAttribute("delegatorName", str2);
            Delegator delegator2 = DelegatorFactory.getDelegator(str2);
            setWebContextObjects(httpServletRequest, httpServletResponse, delegator2, WebAppUtil.makeWebappDispatcher(session2.getServletContext(), delegator2));
        }
    }

    public static String autoLoginSet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Delegator delegator = (Delegator) httpServletRequest.getAttribute("delegator");
        HttpSession session = httpServletRequest.getSession();
        GenericValue genericValue = (GenericValue) session.getAttribute("userLogin");
        ServletContext servletContext = httpServletRequest.getServletContext();
        String applicationName = UtilHttp.getApplicationName(httpServletRequest);
        ComponentConfig.WebappInfo webappInfo = ComponentConfig.getWebappInfo((String) servletContext.getAttribute("_serverId"), applicationName);
        if (genericValue == null) {
            return ModelService.RESPOND_SUCCESS;
        }
        if ((webappInfo == null || !webappInfo.isAutologinCookieUsed()) && webappInfo != null) {
            return ModelService.RESPOND_SUCCESS;
        }
        Cookie cookie = new Cookie(getAutoLoginCookieName(httpServletRequest), genericValue.getString("userLoginId"));
        cookie.setMaxAge(31536000);
        cookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
        cookie.setPath(applicationName.equals("root") ? "/" : httpServletRequest.getContextPath());
        cookie.setSecure(true);
        cookie.setHttpOnly(true);
        httpServletResponse.addCookie(cookie);
        return autoLoginCheck(delegator, session, genericValue.getString("userLoginId"));
    }

    protected static String getAutoLoginCookieName(HttpServletRequest httpServletRequest) {
        return UtilHttp.getApplicationName(httpServletRequest) + ".autoUserLoginId";
    }

    public static String getAutoUserLoginId(HttpServletRequest httpServletRequest) {
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (Debug.verboseOn()) {
            Debug.logVerbose("Cookies: " + Arrays.toString(cookies), module);
        }
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (cookie.getName().equals(getAutoLoginCookieName(httpServletRequest))) {
                    str = cookie.getValue();
                    break;
                }
                i++;
            }
        }
        return str;
    }

    public static String autoLoginCheck(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return autoLoginCheck((Delegator) httpServletRequest.getAttribute("delegator"), httpServletRequest.getSession(), getAutoUserLoginId(httpServletRequest));
    }

    private static String autoLoginCheck(Delegator delegator, HttpSession httpSession, String str) {
        if (str == null) {
            return ModelService.RESPOND_SUCCESS;
        }
        if (Debug.infoOn()) {
            Debug.logInfo("Running autoLogin check.", module);
        }
        try {
            GenericValue queryOne = EntityQuery.use(delegator).from("UserLogin").where("userLoginId", str).queryOne();
            GenericValue genericValue = null;
            GenericValue genericValue2 = null;
            if (queryOne != null) {
                httpSession.setAttribute("autoUserLogin", queryOne);
                if (queryOne.getModelEntity().isField("partyId")) {
                    genericValue = EntityQuery.use(delegator).from("Person").where("partyId", queryOne.getString("partyId")).queryOne();
                    genericValue2 = EntityQuery.use(delegator).from("PartyGroup").where("partyId", queryOne.getString("partyId")).queryOne();
                }
            }
            if (genericValue != null) {
                httpSession.setAttribute("autoName", genericValue.getString("firstName") + " " + genericValue.getString("lastName"));
            } else if (genericValue2 != null) {
                httpSession.setAttribute("autoName", genericValue2.getString("groupName"));
            }
            return ModelService.RESPOND_SUCCESS;
        } catch (GenericEntityException e) {
            Debug.logError(e, "Cannot get autoUserLogin information: " + e.getMessage(), module);
            return ModelService.RESPOND_SUCCESS;
        }
    }

    public static String autoLoginRemove(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        GenericValue genericValue = (GenericValue) session.getAttribute("autoUserLogin");
        if (genericValue != null) {
            Delegator delegator = (Delegator) httpServletRequest.getAttribute("delegator");
            String applicationName = UtilHttp.getApplicationName(httpServletRequest);
            Cookie cookie = new Cookie(getAutoLoginCookieName(httpServletRequest), genericValue.getString("userLoginId"));
            cookie.setMaxAge(0);
            cookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
            cookie.setPath(applicationName.equals("root") ? "/" : httpServletRequest.getContextPath());
            httpServletResponse.addCookie(cookie);
        }
        session.removeAttribute("autoUserLogin");
        session.removeAttribute("autoName");
        if (session.getAttribute("userLogin") == null) {
            return ModelService.RESPOND_SUCCESS;
        }
        httpServletRequest.setAttribute("_AUTO_LOGIN_LOGOUT_", Boolean.TRUE);
        return logout(httpServletRequest, httpServletResponse);
    }

    public static boolean isUserLoggedIn(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        GenericValue genericValue = (GenericValue) session.getAttribute("userLogin");
        if (genericValue == null) {
            return false;
        }
        String string = genericValue.getString("hasLoggedOut");
        if (string != null && "N".equals(string)) {
            return true;
        }
        session.setAttribute("userLogin", (Object) null);
        return false;
    }

    public static String loginUserWithUserLoginId(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        try {
            GenericValue queryOne = EntityQuery.use((Delegator) httpServletRequest.getAttribute("delegator")).from("UserLogin").where("userLoginId", str).queryOne();
            if (queryOne == null) {
                return "error";
            }
            String string = queryOne.getString("enabled");
            if (string != null && !"Y".equals(string)) {
                return "error";
            }
            queryOne.set("hasLoggedOut", "N");
            queryOne.store();
            return doMainLogin(httpServletRequest, httpServletResponse, queryOne, getUserLoginSession(queryOne));
        } catch (GeneralException e) {
            Debug.logError(e, module);
            return "error";
        }
    }

    public static String checkRequestHeaderLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String propertyValue = EntityUtilProperties.getPropertyValue("security", "security.login.http.header", null, (Delegator) httpServletRequest.getAttribute("delegator"));
        if (!UtilValidate.isNotEmpty(propertyValue) || isUserLoggedIn(httpServletRequest)) {
            return ModelService.RESPOND_SUCCESS;
        }
        String header = httpServletRequest.getHeader(propertyValue);
        return UtilValidate.isNotEmpty(header) ? loginUserWithUserLoginId(httpServletRequest, httpServletResponse, header) : "error";
    }

    public static String checkServletRequestRemoteUserLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (Boolean.valueOf("true".equals(EntityUtilProperties.getPropertyValue("security", "security.login.http.servlet.remoteuserlogin.allow", "false", (Delegator) httpServletRequest.getAttribute("delegator")))).booleanValue() && !isUserLoggedIn(httpServletRequest)) {
            String remoteUser = httpServletRequest.getRemoteUser();
            return UtilValidate.isNotEmpty(remoteUser) ? loginUserWithUserLoginId(httpServletRequest, httpServletResponse, remoteUser) : "error";
        }
        if (!Boolean.valueOf(EntityUtilProperties.propertyValueEquals("security", "security.login.tomcat.sso", "true")).booleanValue() || isUserLoggedIn(httpServletRequest)) {
            return ModelService.RESPOND_SUCCESS;
        }
        String remoteUser2 = httpServletRequest.getRemoteUser();
        return UtilValidate.isNotEmpty(remoteUser2) ? loginUserWithUserLoginId(httpServletRequest, httpServletResponse, remoteUser2) : ModelService.RESPOND_SUCCESS;
    }

    public static String check509CertLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        GenericValue queryOne;
        String string;
        String string2;
        Delegator delegator = (Delegator) httpServletRequest.getAttribute("delegator");
        if (!"true".equalsIgnoreCase(EntityUtilProperties.getPropertyValue("security", "security.login.cert.allow", "true", delegator))) {
            return ModelService.RESPOND_SUCCESS;
        }
        GenericValue genericValue = (GenericValue) httpServletRequest.getSession().getAttribute("userLogin");
        if (genericValue != null && (string2 = genericValue.getString("hasLoggedOut")) != null && "Y".equals(string2)) {
            genericValue = null;
        }
        String propertyValue = EntityUtilProperties.getPropertyValue("security", "security.login.cert.pattern", "(.*)", delegator);
        Pattern compile = Pattern.compile(propertyValue);
        if (genericValue != null) {
            return ModelService.RESPOND_SUCCESS;
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null) {
            x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.net.ssl.peer_certificates");
        }
        if (x509CertificateArr == null) {
            return ModelService.RESPOND_SUCCESS;
        }
        String str = null;
        for (int i = 0; i < x509CertificateArr.length; i++) {
            Map<String, String> certX500Map = KeyStoreUtil.getCertX500Map(x509CertificateArr[i]);
            if (i == 0) {
                Matcher matcher = compile.matcher(certX500Map.get("CN").replaceAll("\\\\", GatewayRequest.REQUEST_URL_REFUND_TEST));
                if (matcher.matches()) {
                    str = matcher.group(1);
                } else if (Debug.infoOn()) {
                    Debug.logInfo("Client certificate CN does not match pattern: [" + propertyValue + "]", module);
                }
            }
            try {
                if (checkValidIssuer(delegator, certX500Map, x509CertificateArr[i].getSerialNumber()) && (queryOne = EntityQuery.use(delegator).from("UserLogin").where("userLoginId", str).queryOne()) != null && ((string = queryOne.getString("enabled")) == null || "Y".equals(string))) {
                    queryOne.set("hasLoggedOut", "N");
                    queryOne.store();
                    return doMainLogin(httpServletRequest, httpServletResponse, queryOne, getUserLoginSession(queryOne));
                }
            } catch (GeneralException e) {
                Debug.logError(e, module);
            }
        }
        return ModelService.RESPOND_SUCCESS;
    }

    protected static boolean checkValidIssuer(Delegator delegator, Map<String, String> map, BigInteger bigInteger) throws GeneralException {
        LinkedList linkedList = new LinkedList();
        linkedList.add(EntityCondition.makeCondition(EntityOperator.OR, (EntityCondition[]) new EntityFieldMap[]{EntityCondition.makeConditionMap("commonName", map.get("CN")), EntityCondition.makeConditionMap("commonName", null), EntityCondition.makeConditionMap("commonName", GatewayRequest.REQUEST_URL_REFUND_TEST)}));
        linkedList.add(EntityCondition.makeCondition(EntityOperator.OR, (EntityCondition[]) new EntityFieldMap[]{EntityCondition.makeConditionMap("organizationalUnit", map.get("OU")), EntityCondition.makeConditionMap("organizationalUnit", null), EntityCondition.makeConditionMap("organizationalUnit", GatewayRequest.REQUEST_URL_REFUND_TEST)}));
        linkedList.add(EntityCondition.makeCondition(EntityOperator.OR, (EntityCondition[]) new EntityFieldMap[]{EntityCondition.makeConditionMap("organizationName", map.get("O")), EntityCondition.makeConditionMap("organizationName", null), EntityCondition.makeConditionMap("organizationName", GatewayRequest.REQUEST_URL_REFUND_TEST)}));
        linkedList.add(EntityCondition.makeCondition(EntityOperator.OR, (EntityCondition[]) new EntityFieldMap[]{EntityCondition.makeConditionMap("cityLocality", map.get("L")), EntityCondition.makeConditionMap("cityLocality", null), EntityCondition.makeConditionMap("cityLocality", GatewayRequest.REQUEST_URL_REFUND_TEST)}));
        linkedList.add(EntityCondition.makeCondition(EntityOperator.OR, (EntityCondition[]) new EntityFieldMap[]{EntityCondition.makeConditionMap("stateProvince", map.get("ST")), EntityCondition.makeConditionMap("stateProvince", null), EntityCondition.makeConditionMap("stateProvince", GatewayRequest.REQUEST_URL_REFUND_TEST)}));
        linkedList.add(EntityCondition.makeCondition(EntityOperator.OR, (EntityCondition[]) new EntityFieldMap[]{EntityCondition.makeConditionMap("country", map.get("C")), EntityCondition.makeConditionMap("country", null), EntityCondition.makeConditionMap("country", GatewayRequest.REQUEST_URL_REFUND_TEST)}));
        linkedList.add(EntityCondition.makeCondition(EntityOperator.OR, (EntityCondition[]) new EntityFieldMap[]{EntityCondition.makeConditionMap("serialNumber", bigInteger.toString(16)), EntityCondition.makeConditionMap("serialNumber", null), EntityCondition.makeConditionMap("serialNumber", GatewayRequest.REQUEST_URL_REFUND_TEST)}));
        EntityConditionList makeCondition = EntityCondition.makeCondition(linkedList);
        if (Debug.infoOn()) {
            Debug.logInfo("Doing issuer lookup: " + makeCondition.toString(), module);
        }
        return EntityQuery.use(delegator).from("X509IssuerProvision").where(makeCondition).queryCount() > 0;
    }

    public static boolean isFlaggedLoggedOut(GenericValue genericValue, Delegator delegator) {
        if ("true".equalsIgnoreCase(EntityUtilProperties.getPropertyValue("security", "login.disable.global.logout", delegator))) {
            return false;
        }
        if (genericValue == null || genericValue.get("userLoginId") == null) {
            return true;
        }
        try {
            genericValue.refreshFromCache();
        } catch (GenericEntityException e) {
            if (Debug.warningOn()) {
                Debug.logWarning(e, "Unable to refresh UserLogin", module);
            }
        }
        if (genericValue.get("hasLoggedOut") != null) {
            return "Y".equalsIgnoreCase(genericValue.getString("hasLoggedOut"));
        }
        return false;
    }

    public static boolean hasApplicationPermission(ComponentConfig.WebappInfo webappInfo, Security security, GenericValue genericValue) {
        String accessPermission = webappInfo.getAccessPermission();
        if (!accessPermission.isEmpty()) {
            return security.hasPermission(accessPermission, genericValue);
        }
        for (String str : webappInfo.getBasePermission()) {
            if (!"NONE".equals(str) && !security.hasEntityPermission(str, "_VIEW", genericValue)) {
                return false;
            }
        }
        return true;
    }

    public static boolean hasBasePermission(GenericValue genericValue, HttpServletRequest httpServletRequest) {
        Security security = (Security) httpServletRequest.getAttribute("security");
        if (security == null) {
            if (!Debug.warningOn()) {
                return true;
            }
            Debug.logWarning("Received a null Security object from HttpServletRequest", module);
            return true;
        }
        String str = (String) httpServletRequest.getServletContext().getAttribute("_serverId");
        String contextPath = httpServletRequest.getContextPath();
        if (UtilValidate.isEmpty(contextPath)) {
            contextPath = "/";
        }
        ComponentConfig.WebappInfo webAppInfo = ComponentConfig.getWebAppInfo(str, contextPath);
        if (webAppInfo != null) {
            return hasApplicationPermission(webAppInfo, security, genericValue);
        }
        if (!Debug.infoOn()) {
            return true;
        }
        Debug.logInfo("No webapp configuration found for : " + str + " / " + contextPath, module);
        return true;
    }

    public static Collection<ComponentConfig.WebappInfo> getAppBarWebInfos(Security security, GenericValue genericValue, String str, String str2) {
        List<ComponentConfig.WebappInfo> appBarWebInfos = ComponentConfig.getAppBarWebInfos(str, str2);
        ArrayList arrayList = new ArrayList(appBarWebInfos.size());
        for (ComponentConfig.WebappInfo webappInfo : appBarWebInfos) {
            if (hasApplicationPermission(webappInfo, security, genericValue)) {
                arrayList.add(webappInfo);
            }
        }
        return arrayList;
    }

    public static Map<String, Object> getUserLoginSession(GenericValue genericValue) {
        Delegator delegator = genericValue.getDelegator();
        Map<String, Object> map = null;
        try {
            GenericValue relatedOne = genericValue.getRelatedOne("UserLoginSession", false);
            if (relatedOne != null) {
                map = UtilGenerics.checkMap(XmlSerializer.deserialize(relatedOne.getString("sessionData"), delegator), String.class, Object.class);
            }
        } catch (GenericEntityException e) {
            if (Debug.warningOn()) {
                Debug.logWarning(e, "Cannot get UserLoginSession for UserLogin ID: " + genericValue.getString("userLoginId"), module);
            }
        } catch (Exception e2) {
            if (Debug.warningOn()) {
                Debug.logWarning(e2, "Problems deserializing UserLoginSession", module);
            }
        }
        return map;
    }

    public static String autoChangePassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Delegator delegator = (Delegator) httpServletRequest.getAttribute("delegator");
        String parameter = httpServletRequest.getParameter("USERNAME");
        Timestamp nowTimestamp = UtilDateTime.nowTimestamp();
        Integer propertyAsInteger = EntityUtilProperties.getPropertyAsInteger("security", "user.change.password.days", 0);
        Integer propertyAsInteger2 = EntityUtilProperties.getPropertyAsInteger("security", "user.change.password.notification.days", 0);
        if (propertyAsInteger.intValue() <= 0) {
            return ModelService.RESPOND_SUCCESS;
        }
        List<GenericValue> list = null;
        try {
            list = EntityQuery.use(delegator).from("UserLoginPasswordHistory").where("userLoginId", parameter).queryList();
        } catch (GenericEntityException e) {
            Debug.logError(e, "Cannot get user's password history record: " + e.getMessage(), module);
        }
        if (!UtilValidate.isNotEmpty((Collection) list)) {
            return ModelService.RESPOND_SUCCESS;
        }
        Timestamp timestamp = EntityUtil.getFirst((List<GenericValue>) EntityUtil.filterByDate(list)).getTimestamp("fromDate");
        Timestamp addDaysToTimestamp = UtilDateTime.addDaysToTimestamp(timestamp, Integer.valueOf(propertyAsInteger.intValue() - propertyAsInteger2.intValue()).intValue());
        Timestamp addDaysToTimestamp2 = UtilDateTime.addDaysToTimestamp(timestamp, propertyAsInteger.intValue());
        if (!nowTimestamp.after(addDaysToTimestamp)) {
            return ModelService.RESPOND_SUCCESS;
        }
        if (nowTimestamp.after(addDaysToTimestamp2)) {
            httpServletRequest.setAttribute("_ERROR_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.password_expired_message", (Map<String, ? extends Object>) UtilMisc.toMap("passwordExpirationDate", addDaysToTimestamp2.toString()), UtilHttp.getLocale(httpServletRequest)));
            return "requirePasswordChange";
        }
        httpServletRequest.setAttribute("_EVENT_MESSAGE_", UtilProperties.getMessage("SecurityextUiLabels", "loginevents.password_expiration_alert", (Map<String, ? extends Object>) UtilMisc.toMap("passwordExpirationDate", addDaysToTimestamp2.toString()), UtilHttp.getLocale(httpServletRequest)));
        return ModelService.RESPOND_SUCCESS;
    }
}
