package nga.servlet.dsp;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import nga.model.User;
import nga.servlet.CongaServlet;
import nga.servlet.ServiceInfo;
import nga.servlet.spi.UserAuth;
import nga.servlet.spi.UserStorage;

/* loaded from: input_file:WEB-INF/lib/nga.jar:nga/servlet/dsp/DefaultUserAuth.class */
public class DefaultUserAuth extends UserAuth {
    private static final String ENCODING = "UTF-8";
    private static final String USER_KEY = "nga.servlet.dsp.user";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/nga.jar:nga/servlet/dsp/DefaultUserAuth$UserWrapper.class */
    public class UserWrapper implements HttpSessionBindingListener {
        private User user;
        private ServiceInfo serviceInfo;

        public UserWrapper(ServiceInfo serviceInfo, User user) throws ServletException {
            this.serviceInfo = serviceInfo;
            this.user = user;
            UserStorage.load(serviceInfo, user);
        }

        public User getUser() {
            return this.user;
        }

        public void valueBound(HttpSessionBindingEvent httpSessionBindingEvent) {
        }

        public void valueUnbound(HttpSessionBindingEvent httpSessionBindingEvent) {
            try {
                UserStorage.save(this.serviceInfo, this.user);
                this.user.setAuthorized(false);
            } catch (ServletException e) {
            }
        }
    }

    @Override // nga.servlet.spi.UserAuth
    protected void handleLogin(ServiceInfo serviceInfo, User user) throws ServletException {
        user.setAuthorized(false);
        String userId = user.getUserId();
        if (userId == null || userId.length() == 0) {
            return;
        }
        String password = user.getPassword();
        if (password == null) {
            password = "";
        }
        user.setPassword(null);
        if (auth(serviceInfo.getServlet(), user.getUserId(), password)) {
            user.setAuthorized(true);
            serviceInfo.getSession().setAttribute(USER_KEY, new UserWrapper(serviceInfo, user));
        }
    }

    private boolean auth(CongaServlet congaServlet, String str, String str2) throws ServletException {
        File passwordFile = getPasswordFile(congaServlet, str);
        if (!passwordFile.exists()) {
            return false;
        }
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                byte[] digest = digest(str2);
                byte[] bArr = new byte[digest.length];
                bufferedInputStream = new BufferedInputStream(new FileInputStream(passwordFile), bArr.length);
                bufferedInputStream.read(bArr);
                if (!equal(bArr, digest)) {
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    return false;
                }
                if (bufferedInputStream == null) {
                    return true;
                }
                try {
                    bufferedInputStream.close();
                    return true;
                } catch (IOException e2) {
                    return true;
                }
            } catch (Exception e3) {
                throw new ServletException(e3);
            }
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }

    private byte[] digest(String str) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        MessageDigest messageDigest = getMessageDigest();
        messageDigest.update(str.getBytes(ENCODING));
        return messageDigest.digest();
    }

    private File getPasswordFile(CongaServlet congaServlet, String str) {
        return DefaultUserStorage.getFile(congaServlet, str + ".password");
    }

    private MessageDigest getMessageDigest() throws NoSuchAlgorithmException {
        return MessageDigest.getInstance("SHA-512");
    }

    private boolean equal(byte[] bArr, byte[] bArr2) {
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    @Override // nga.servlet.spi.UserAuth
    protected void handleLogout(ServiceInfo serviceInfo) {
        if (handleGetUser(serviceInfo) != null) {
            serviceInfo.getSession().invalidate();
        }
    }

    @Override // nga.servlet.spi.UserAuth
    protected User handleGetUser(ServiceInfo serviceInfo) {
        UserWrapper userWrapper = (UserWrapper) serviceInfo.getSession().getAttribute(USER_KEY);
        if (userWrapper == null) {
            return null;
        }
        return userWrapper.getUser();
    }

    @Override // nga.servlet.spi.UserAuth
    protected void handleSetPassword(ServiceInfo serviceInfo, User user) throws ServletException {
        File passwordFile = getPasswordFile(serviceInfo.getServlet(), user.getUserId());
        BufferedOutputStream bufferedOutputStream = null;
        try {
            try {
                byte[] digest = digest(user.getPassword());
                bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(passwordFile), digest.length);
                bufferedOutputStream.write(digest);
                bufferedOutputStream.flush();
                if (bufferedOutputStream != null) {
                    try {
                        bufferedOutputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
                throw new ServletException(e2);
            }
        } catch (Throwable th) {
            if (bufferedOutputStream != null) {
                try {
                    bufferedOutputStream.close();
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }
}
