package com.huawei.bigdata.om.web.controller;

import com.galaxmanager.iam.itfc.model.response.OpLogRecordResponse;
import com.google.gson.JsonSyntaxException;
import com.huawei.bigdata.om.acs.api.model.security.acs.Result;
import com.huawei.bigdata.om.acs.api.model.security.acs.UserResultDescEnum;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.PasswordPolicy;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.QueryPwdPolicyResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.IsFirstLoginResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ModifyUserPwdRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.RemindDaysResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.RestRequest;
import com.huawei.bigdata.om.client.Client;
import com.huawei.bigdata.om.client.ClientProvider;
import com.huawei.bigdata.om.client.ClientProviderFactory;
import com.huawei.bigdata.om.common.utils.KerberosLoginModule;
import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.common.utils.ValidateUtil;
import com.huawei.bigdata.om.controller.api.common.conf.OMSConfigs;
import com.huawei.bigdata.om.controller.api.common.conf.lan.LanguageRepository;
import com.huawei.bigdata.om.controller.api.common.data.State;
import com.huawei.bigdata.om.controller.api.common.utils.EnvUtil;
import com.huawei.bigdata.om.northbound.snmp.constdefinition.ConstDefinition;
import com.huawei.bigdata.om.web.auditlog.util.AuditLogUtils;
import com.huawei.bigdata.om.web.client.SecurityClient;
import com.huawei.bigdata.om.web.client.WebClient;
import com.huawei.bigdata.om.web.client.WebContext;
import com.huawei.bigdata.om.web.constant.MonitorConstants;
import com.huawei.bigdata.om.web.constant.Resource;
import com.huawei.bigdata.om.web.model.proto.GetSelfInfoResponse;
import com.huawei.bigdata.om.web.model.proto.LogInCheckResponse;
import com.huawei.bigdata.om.web.model.proto.ModifyPassWordResult;
import com.huawei.bigdata.om.web.model.proto.OMSConfigurationsRequest;
import com.huawei.bigdata.om.web.model.proto.RESTResponse;
import com.huawei.bigdata.om.web.model.proto.Response;
import com.huawei.bigdata.om.web.model.proto.SimpleResponse;
import com.huawei.bigdata.om.web.model.proto.maintenance.SsoServerInfoRequest;
import com.huawei.bigdata.om.web.model.proto.maintenance.SsoServerInfoResponse;
import com.huawei.bigdata.om.web.security.CasAuthenticationEntryPointWrapper;
import com.huawei.bigdata.om.web.security.ControllerHtttpClient;
import com.huawei.bigdata.om.web.security.FISingleSignOutFilter;
import com.huawei.bigdata.om.web.security.SimplePrincipal;
import com.huawei.bigdata.om.web.security.iam.HeartbeatEventManager;
import com.huawei.bigdata.om.web.security.iam.IAMService;
import com.huawei.bigdata.om.web.security.iam.IAMUserPreviligeInfo;
import com.huawei.bigdata.om.web.security.iam.constant.IAMConstant;
import com.huawei.bigdata.om.web.security.iam.util.FISessionRegistryImp;
import com.huawei.bigdata.om.web.security.iam.util.IAMUserDetails;
import com.huawei.bigdata.om.web.security.iam.util.IAMUserUnlockInfo;
import com.huawei.bigdata.om.web.security.iam.util.IAMUtil;
import com.huawei.bigdata.om.web.security.session.SessionService;
import com.huawei.bigdata.om.web.util.ApplicationConfiguration;
import com.huawei.bigdata.om.web.util.WebSecurityUtil;
import com.huawei.bigdata.om.web.util.WebUtils;
import com.huawei.hadoop.security.crypter.CrypterUtil;
import io.netty.util.internal.StringUtil;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URLEncoder;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.configuration2.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;
import org.wcc.framework.AppRuntimeException;

@RequestMapping({"/access"})
@SessionAttributes({"securityClient"})
@Controller
/* loaded from: input_file:com/huawei/bigdata/om/web/controller/SecurityController.class */
public class SecurityController extends BaseController {
    public static final String URL_RULE_PATTERN = "\\b(https?|ftp|file)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]";
    private static final String CLIENT_PROVIDER_FACTORY_BEAN_NAME = "clientProviderFactory";
    private static final String CONFIGURATION_BEAN_NAME = "configuration";
    private static final String LAST_UNREGULAR_URL_TIME_NAME = "last_unregular_url_time";
    private static final String LOCK_SCREEN_NAME = "lock_screen";
    private static final String IS_SECOND_AUTHORIZATION = "is_second_authorization";
    private static final String IS_SESSION_REFRESH = "is_session_refresh";
    private static final int SYN_USER_INFO_FAILED = -39;
    private static final String DEFAULT_LOGIN_URL = "/cas/login";
    private static final String DEFAULT_LOGOUT_URL = "/cas/logout";
    private static final String DEFAULT_SSOCONFIG_MODE = "single";
    private static final String DEFAULT_SSOCONFIG_MODE_ALL = "all";
    private static final String SESSION_ATTRIBUTE_WEBCLIENT = "webClient";
    private static final String SESSION_ATTRIBUTE_SECURITYCLIENT = "securityClient";
    private static final String SESSION_ATTRIBUTE_CONTROLLERCLIENT = "controllerClient";
    private static final String USER_LOCKED_ID = "660017";
    private static final String USER_UNLOCKED_ID = "660016";
    private static final int REST_ERROR_CODE = -500;
    private static final int SUCCESS_CODE = 0;
    private static final String REST_ERROR_DESCRIPTION = "The connection to acs is not available.";
    private static final int INCORRECT_PWD_CODE = 6100013;
    private static final int ERROR_CODE = 500;
    private static final String SCREE_IS_AUDIT = "lock_screen_audit";

    @Autowired
    IAMService iamService;
    private String defaultTargetUrl = "/web/index.html";
    private WebClient client = null;
    private String createCluesterUrl = "/web/pages/install/index.html";
    private String errorUrl = "/web/pages/error/500.html";

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private LogoutFilter logoutFilter;

    @Autowired
    private CasAuthenticationEntryPointWrapper casAuthenticationEntryPoint;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    private FISessionRegistryImp sessionRegistry;

    @Autowired
    private SessionService sessionService;

    @Autowired
    private HeartbeatEventManager heartbeatEventManager;
    private static final String CONFIG_FILE_DIR = System.getenv(ConstDefinition.OM_TOMCAT_HOME) + "/webapps/web/WEB-INF/classes/config/";
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityController.class);

    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    public void setApplicationContext(ApplicationContext applicationContext) {
        this.applicationContext = applicationContext;
    }

    public FISessionRegistryImp getSessionRegistry() {
        return this.sessionRegistry;
    }

    public void setSessionRegistry(FISessionRegistryImp fISessionRegistryImp) {
        this.sessionRegistry = fISessionRegistryImp;
    }

    public SessionService getSessionService() {
        return this.sessionService;
    }

    public void setSessionService(SessionService sessionService) {
        this.sessionService = sessionService;
    }

    public HeartbeatEventManager getHeartbeatEventManager() {
        return this.heartbeatEventManager;
    }

    public void setHeartbeatEventManager(HeartbeatEventManager heartbeatEventManager) {
        this.heartbeatEventManager = heartbeatEventManager;
    }

    @RequestMapping(value = {"/login_check.htm"}, method = {RequestMethod.GET})
    @ResponseBody
    public LogInCheckResponse loginCheck(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, Principal principal) {
        LogInCheckResponse logInCheckResponse = new LogInCheckResponse();
        if (EnvUtil.getIsCloudDepoly()) {
            logInCheckResponse.setCloud(true);
            if (EnvUtil.getIsSecurityCloudDepoly()) {
                logInCheckResponse.setSecurity(true);
            } else {
                principal = new SimplePrincipal();
                logInCheckResponse.setSecurity(false);
            }
        }
        if (ValidateUtil.isNull(new Object[]{httpServletRequest, httpServletResponse, httpSession, principal})) {
            logInCheckResponse.setRefURL(this.errorUrl);
            logInCheckResponse.setState(State.FAILED);
            LOGGER.error("The parameter is null.");
            return logInCheckResponse;
        }
        LOGGER.info("Enter login check: session timeout = {} seconds. ", Integer.valueOf(httpSession.getMaxInactiveInterval()));
        addWebClientToSession(httpServletRequest, httpSession, httpSession.getServletContext(), principal);
        httpSession.setAttribute("is_second_authorization", false);
        IAMUserDetails userDetails = IAMUtil.getUserDetails();
        if (userDetails != null) {
            LOGGER.info("Add user details and session to memery.");
            this.sessionRegistry.addPrincipalAndUserDetails(userDetails.getUsername(), httpSession, userDetails);
        }
        try {
            if (null == this.controllerClient.getCurrentClusterInfo()) {
                LOGGER.info("Cluster does not exist.");
                logInCheckResponse.setExistCluster(false);
                logInCheckResponse.setRefURL(this.createCluesterUrl);
                logInCheckResponse.setState(State.COMPLETE);
                return logInCheckResponse;
            }
            LOGGER.info("Cluster exist.");
            logInCheckResponse.setExistCluster(true);
            RemindDaysResponse resObj = ((SecurityClient) httpSession.getAttribute("securityClient")).queryRemind(principal.getName()).getResObj();
            if (ValidateUtil.isNull(new Object[]{resObj})) {
                LOGGER.error("remindResponse is null.");
                logInCheckResponse.setRefURL(this.errorUrl);
                logInCheckResponse.setState(State.FAILED);
                return logInCheckResponse;
            }
            logInCheckResponse.setRemindPwd(resObj.isRemindPwd());
            logInCheckResponse.setRemindDays(resObj.getRemindDays());
            logInCheckResponse.setRefURL(this.defaultTargetUrl);
            logInCheckResponse.setState(State.COMPLETE);
            LOGGER.info("Leave login check");
            return logInCheckResponse;
        } catch (Exception e) {
            LOGGER.error("Get current cluster error.");
            logInCheckResponse.setRefURL(this.errorUrl);
            logInCheckResponse.setState(State.FAILED);
            return logInCheckResponse;
        }
    }

    @RequestMapping(value = {"/login_check_gettoken.htm"}, method = {RequestMethod.GET})
    @ResponseBody
    public LogInCheckResponse loginCheckGetToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession, Principal principal) {
        LogInCheckResponse logInCheckResponse = new LogInCheckResponse();
        if (StringUtils.isEmpty((String) httpSession.getAttribute("FIRST_LOGIN"))) {
            String id = httpSession.getId();
            FISingleSignOutFilter fISingleSignOutFilter = (FISingleSignOutFilter) this.applicationContext.getBean("singleLogoutFilter", FISingleSignOutFilter.class);
            if (null == fISingleSignOutFilter) {
                logInCheckResponse.setRefURL(this.errorUrl);
                logInCheckResponse.setState(State.FAILED);
                LOGGER.error("can not get application context filter.");
                return logInCheckResponse;
            }
            String keyBySessionIdInMappingStorage = fISingleSignOutFilter.getKeyBySessionIdInMappingStorage(id);
            httpSession.invalidate();
            httpSession = httpServletRequest.getSession(true);
            httpSession.setAttribute("FIRST_LOGIN", IAMConstant.TRUE);
            httpSession.setAttribute("needtoken", Resource.SCREEN_LOCK);
            httpSession.setAttribute("Token", getTokenInfo());
            fISingleSignOutFilter.updatSeesionInMappingStorage(keyBySessionIdInMappingStorage, httpSession);
        }
        if (EnvUtil.getIsCloudDepoly()) {
            logInCheckResponse.setCloud(true);
            if (EnvUtil.getIsSecurityCloudDepoly()) {
                logInCheckResponse.setSecurity(true);
            } else {
                principal = new SimplePrincipal();
                logInCheckResponse.setSecurity(false);
            }
        }
        String str = (String) httpSession.getAttribute("Token");
        if (!StringUtils.isEmpty(str)) {
            logInCheckResponse.setToken(str);
        }
        if (ValidateUtil.isNull(new Object[]{httpServletRequest, httpServletResponse, httpSession, principal})) {
            logInCheckResponse.setRefURL(this.errorUrl);
            logInCheckResponse.setState(State.FAILED);
            LOGGER.error("The parameter is null.");
            return logInCheckResponse;
        }
        LOGGER.info("Enter login check gettoken : session timeout = {} seconds. ", Integer.valueOf(httpSession.getMaxInactiveInterval()));
        addWebClientToSession(httpServletRequest, httpSession, httpSession.getServletContext(), principal);
        httpSession.setAttribute("is_second_authorization", Boolean.valueOf(WebSecurityUtil.getIsSecondAuthentication()));
        IAMUserDetails userDetails = IAMUtil.getUserDetails();
        if (userDetails != null) {
            LOGGER.info("Add user details and session to memery");
            this.sessionRegistry.addPrincipalAndUserDetails(userDetails.getUsername(), httpSession, userDetails);
        }
        try {
            if (null == this.controllerClient.getCurrentClusterInfo()) {
                LOGGER.info("Cluster does not exist.");
                logInCheckResponse.setExistCluster(false);
                logInCheckResponse.setRefURL(this.createCluesterUrl);
                logInCheckResponse.setState(State.COMPLETE);
                return logInCheckResponse;
            }
            LOGGER.info("Cluster exist.");
            logInCheckResponse.setExistCluster(true);
            RemindDaysResponse resObj = ((SecurityClient) httpSession.getAttribute("securityClient")).queryRemind(principal.getName()).getResObj();
            if (ValidateUtil.isNull(new Object[]{resObj})) {
                LOGGER.error("remindResponse is null.");
                logInCheckResponse.setRefURL(this.errorUrl);
                logInCheckResponse.setState(State.FAILED);
                return logInCheckResponse;
            }
            logInCheckResponse.setRemindPwd(resObj.isRemindPwd());
            logInCheckResponse.setRemindDays(resObj.getRemindDays());
            logInCheckResponse.setRefURL(this.defaultTargetUrl);
            logInCheckResponse.setState(State.COMPLETE);
            LOGGER.info("Leave login check");
            return logInCheckResponse;
        } catch (Exception e) {
            LOGGER.error("Get current cluster error.");
            logInCheckResponse.setRefURL(this.errorUrl);
            logInCheckResponse.setState(State.FAILED);
            return logInCheckResponse;
        }
    }

    public void addWebClientToSession(HttpServletRequest httpServletRequest, HttpSession httpSession, ServletContext servletContext, Principal principal) {
        Configuration configuration = (Configuration) this.applicationContext.getBean(CONFIGURATION_BEAN_NAME, Configuration.class);
        WebContext webContext = new WebContext();
        webContext.setConfiguration(configuration);
        webContext.setPrincipal(principal);
        webContext.setServletContext(servletContext);
        ClientProvider newClientProvider = ((ClientProviderFactory) this.applicationContext.getBean(CLIENT_PROVIDER_FACTORY_BEAN_NAME, ClientProviderFactory.class)).newClientProvider(webContext);
        AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class});
        String property = annotationConfigApplicationContext.getEnvironment().getProperty(WebUtils.CONTROLLER_URL);
        LOGGER.info("Controller url is {}.", property);
        Client newClient = newClientProvider.newClient(property);
        String property2 = annotationConfigApplicationContext.getEnvironment().getProperty("acs.rest.server.url");
        LOGGER.info("Acs url is {}.", property2);
        Client newClient2 = newClientProvider.newClient(property2);
        String property3 = annotationConfigApplicationContext.getEnvironment().getProperty("aos.rest.server.url");
        LOGGER.info("Aos url is {}.", property3);
        Client newClient3 = newClientProvider.newClient(property3);
        WebClient webClient = new WebClient(newClient, webContext);
        SecurityClient securityClient = new SecurityClient(newClient2, newClient3);
        securityClient.setClientProvider(newClientProvider);
        securityClient.setAcsurl(property2);
        securityClient.setAosurl(property3);
        securityClient.setClientContext(webContext);
        securityClient.setRestTemplate(this.restTemplate);
        httpSession.setAttribute("webClient", webClient);
        httpSession.setAttribute("securityClient", securityClient);
        httpSession.setAttribute(SESSION_ATTRIBUTE_CONTROLLERCLIENT, newClient);
        String str = httpServletRequest.getRemoteAddr() + httpServletRequest.getHeader("USER-AGENT");
        try {
            str = CrypterUtil.encrypt(str);
        } catch (AppRuntimeException e) {
            LOGGER.error("Encrypt addr and agent failed.");
        }
        httpSession.setAttribute("IP_AND_USER_AGENT", str);
        if (StringUtils.isEmpty((String) httpSession.getAttribute("CHECK_LOGIN"))) {
            httpSession.setAttribute("CHECK_LOGIN", IAMConstant.TRUE);
        }
    }

    @RequestMapping(value = {"/isfirstlogin.do"}, method = {RequestMethod.GET})
    @ResponseBody
    public RESTResponse<IsFirstLoginResponse> isFirstLogin(HttpServletRequest httpServletRequest, @RequestParam String str) {
        LOGGER.info("isFirstLogin enter, userName = {}", StringHelper.replaceBlank(str));
        RESTResponse<IsFirstLoginResponse> rESTResponse = new RESTResponse<>();
        String lanFromCookies = WebUtils.getLanFromCookies(httpServletRequest);
        if (!ValidateUtil.isNull(new Object[]{str})) {
            accessAcsIsFirstLogin(str, rESTResponse);
            LOGGER.info("isFirstLogin exit, response = {}", Integer.valueOf(rESTResponse.getErrorCode()));
            return rESTResponse;
        }
        rESTResponse.setState(State.FAILED);
        rESTResponse.setErrorDescription(LanguageRepository.getLanResById(lanFromCookies, "RESID_OM_USER_0002"));
        LOGGER.error("userName is null.");
        return rESTResponse;
    }

    private void accessAcsIsFirstLogin(String str, RESTResponse<IsFirstLoginResponse> rESTResponse) {
        IsFirstLoginResponse isFirstLoginResponse;
        AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class});
        try {
            String encode = URLEncoder.encode(str, "UTF-8");
            String str2 = annotationConfigApplicationContext.getEnvironment().getProperty("acs.rest.server.url") + "/user/isfirstlogin?userName=" + encode;
            try {
                LOGGER.info("Begin to check is first login, userName = {}.", StringHelper.replaceBlank(encode));
                isFirstLoginResponse = (IsFirstLoginResponse) this.restTemplate.getForObject(str2, IsFirstLoginResponse.class, new Object[0]);
            } catch (Exception e) {
                try {
                    isFirstLoginResponse = (IsFirstLoginResponse) this.restTemplate.getForObject(str2, IsFirstLoginResponse.class, new Object[0]);
                } catch (Exception e2) {
                    LOGGER.error(REST_ERROR_DESCRIPTION);
                    rESTResponse.setState(State.FAILED);
                    rESTResponse.setErrorCode(REST_ERROR_CODE);
                    rESTResponse.setErrorDescription(REST_ERROR_DESCRIPTION);
                    return;
                }
            }
            if (ValidateUtil.isNull(new Object[]{isFirstLoginResponse})) {
                LOGGER.error("isFirstLoginResponse, the return of ACS, is null.");
                rESTResponse.setState(State.FAILED);
                rESTResponse.setErrorCode(REST_ERROR_CODE);
                return;
            }
            LOGGER.info("after checking is first login, response = {}.", Integer.valueOf(isFirstLoginResponse.getResultCode()));
            rESTResponse.setErrorCode(isFirstLoginResponse.getResultCode());
            rESTResponse.setErrorDescription(isFirstLoginResponse.getResultDesc());
            if (isFirstLoginResponse.getResultCode() != 0) {
                rESTResponse.setState(State.FAILED);
            } else {
                rESTResponse.setState(State.COMPLETE);
                rESTResponse.setResObj(isFirstLoginResponse);
            }
        } catch (UnsupportedEncodingException e3) {
            LOGGER.error("The user name is invalid.");
            rESTResponse.setErrorCode(REST_ERROR_CODE);
            rESTResponse.setState(State.FAILED);
        }
    }

    @RequestMapping(value = {"/modify_password.htm"}, method = {RequestMethod.POST})
    @ResponseBody
    public SimpleResponse modifyPassword(HttpServletRequest httpServletRequest, @RequestParam String str, @RequestParam String str2, @RequestParam String str3, @RequestParam String str4) {
        SimpleResponse simpleResponse = new SimpleResponse();
        String lanFromCookies = WebUtils.getLanFromCookies(httpServletRequest);
        if (ValidateUtil.isNull(new Object[]{str, str2, str3, str4})) {
            simpleResponse.setIntResultCode(-1);
            simpleResponse.setErrorDescriptionRecoder(lanFromCookies, "RESID_OM_USER_0002");
            LOGGER.error("The parameter is null.");
            return simpleResponse;
        }
        if (!httpServletRequest.isRequestedSessionIdValid()) {
            LOGGER.error("Session is invalid");
            simpleResponse.setIntResultCode(-1);
            simpleResponse.setErrorDescriptionRecoder(lanFromCookies, "RESID_OM_USER_0072");
            return simpleResponse;
        }
        LOGGER.info("Enter modify password");
        if (str == null || str.isEmpty()) {
            LOGGER.error("Username is null:" + StringHelper.replaceBlank(str));
            simpleResponse.setIntResultCode(-1);
            simpleResponse.setErrorDescriptionRecoder(lanFromCookies, "RESID_OM_USER_0002");
            return simpleResponse;
        }
        ModifyPassWordResult accessAcsModifyPwd = accessAcsModifyPwd(str, str2, str3, str4, simpleResponse, lanFromCookies);
        if (accessAcsModifyPwd != null && accessAcsModifyPwd.getResult() != null) {
            int resultCode = accessAcsModifyPwd.getResult().getResultCode();
            String remoteAddr = httpServletRequest.getRemoteAddr();
            if (resultCode == -320) {
                lockedUser(str, remoteAddr, USER_LOCKED_ID);
            } else if (resultCode == 0 || resultCode == SYN_USER_INFO_FAILED) {
                unlockedUser(str, remoteAddr, USER_UNLOCKED_ID);
            }
        }
        LOGGER.info("Leave modify password");
        return simpleResponse;
    }

    private ModifyPassWordResult accessAcsModifyPwd(String str, String str2, String str3, String str4, SimpleResponse simpleResponse, String str5) {
        RestRequest restRequest = new RestRequest();
        ModifyUserPwdRequest modifyUserPwdRequest = new ModifyUserPwdRequest();
        modifyUserPwdRequest.setConfirmPassword(str4);
        modifyUserPwdRequest.setNewPassword(str3);
        modifyUserPwdRequest.setOldPassword(str2);
        modifyUserPwdRequest.setUserName(str);
        restRequest.setModUserPwdRequest(modifyUserPwdRequest);
        ModifyPassWordResult modifyPassWordResult = new ModifyPassWordResult();
        ResponseEntity responseEntity = null;
        try {
            new HttpHeaders().setContentType(MediaType.APPLICATION_JSON);
            responseEntity = this.restTemplate.postForEntity(new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/user/xml/modifypassword", modifyUserPwdRequest, Result.class, new Object[0]);
        } catch (RestClientException e) {
            LOGGER.info("accessAcsModifyPwd encountered RestClientException.");
        } catch (JsonSyntaxException e2) {
            LOGGER.info("accessAcsModifyPwd encountered JsonSyntaxException.");
        } catch (Exception e3) {
            LOGGER.info("accessAcsModifyPwd encountered Exception.");
        }
        if (responseEntity == null || responseEntity.getBody() == null) {
            simpleResponse.setIntResultCode(-1);
        } else {
            simpleResponse.setIntResultCode(((Result) responseEntity.getBody()).getResultCode());
            if (((Result) responseEntity.getBody()).getResultCode() == SYN_USER_INFO_FAILED) {
                simpleResponse.setResultDesc(((Result) responseEntity.getBody()).getResultDesc(str5));
                if (((Result) responseEntity.getBody()).getResultDescriptionMap() != null) {
                    simpleResponse.setErrorDescriptionRecoder(((Result) responseEntity.getBody()).getResultDescriptionMap());
                }
            } else {
                simpleResponse.setErrorDescriptionRecoder(str5, UserResultDescEnum.getDescIdByCode(((Result) responseEntity.getBody()).getResultCode()));
            }
            modifyPassWordResult.setResult((Result) responseEntity.getBody());
        }
        return modifyPassWordResult;
    }

    @RequestMapping(value = {"/modify_self_password.htm"}, method = {RequestMethod.POST})
    @ResponseBody
    public SimpleResponse modifySelfPassword(HttpServletRequest httpServletRequest, @RequestParam String str, @RequestParam String str2, @RequestParam String str3) {
        SimpleResponse simpleResponse = new SimpleResponse();
        String lanFromCookies = WebUtils.getLanFromCookies(httpServletRequest);
        if (!WebUtils.isLicValid(this.controllerClient)) {
            simpleResponse.setIntResultCode(-1);
            simpleResponse.setErrorDescriptionRecoder(lanFromCookies, Resource.RES_INVALID_LIC);
            LOGGER.error("License is invalid.Please import a new license.");
            return simpleResponse;
        }
        if (ValidateUtil.isNull(new Object[]{httpServletRequest, str, str2, str3})) {
            simpleResponse.setIntResultCode(-1);
            simpleResponse.setErrorDescriptionRecoder(lanFromCookies, "RESID_OM_USER_0002");
            LOGGER.error("The parameter is null.");
            return simpleResponse;
        }
        LOGGER.info("Enter modify password");
        try {
            String username = IAMUtil.getUserDetails().getUsername();
            LOGGER.info("UserDetails is not null:iamUser is {}.", username);
            ModifyPassWordResult accessAcsModifyPwd = accessAcsModifyPwd(username, str, str2, str3, simpleResponse, lanFromCookies);
            if (accessAcsModifyPwd != null && accessAcsModifyPwd.getResult() != null) {
                int resultCode = accessAcsModifyPwd.getResult().getResultCode();
                String remoteAddr = httpServletRequest.getRemoteAddr();
                if (resultCode == -320) {
                    lockedUser(username, remoteAddr, USER_LOCKED_ID);
                    HttpSession session = httpServletRequest.getSession();
                    String str4 = "https://" + this.controllerClient.getWsInfo() + "/web/index.html";
                    String logoutUrl = WebUtils.getLogoutUrl();
                    LOGGER.info("redirect to casLogoutUrl={}, defaultUrl={}", logoutUrl, str4);
                    String str5 = logoutUrl + "?service=" + str4;
                    IAMUserDetails userDetails = IAMUtil.getUserDetails();
                    if (session != null && this.sessionRegistry != null && userDetails != null) {
                        String username2 = userDetails.getUsername();
                        LOGGER.info("Delset session from sessionRegistry.");
                        this.sessionRegistry.deleteUserSessionAndUserDetails(username2, session.getId());
                    }
                    if (session != null) {
                        session.invalidate();
                    }
                    simpleResponse.setIntResultCode(resultCode);
                    simpleResponse.setResultDesc(str5);
                } else if (resultCode == 0 || resultCode == SYN_USER_INFO_FAILED) {
                    unlockedUser(username, remoteAddr, USER_UNLOCKED_ID);
                }
                if (resultCode == 0) {
                    this.heartbeatEventManager.recordModUserEvent(username);
                }
            }
            LOGGER.info("Leave modify password");
            return simpleResponse;
        } catch (Exception e) {
            LOGGER.info("Get userDetails info error.");
            simpleResponse.setIntResultCode(ERROR_CODE);
            simpleResponse.setErrorDescriptionRecoder(lanFromCookies, "RESID_OM_AUDIT_0430");
            return simpleResponse;
        }
    }

    private void unlockedUser(String str, String str2, String str3) {
        LOGGER.info("The user account is unlocked.");
        if (org.apache.commons.lang3.StringUtils.isEmpty(ControllerHtttpClient.doExecute(str, "2"))) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(MonitorConstants.DUMP_KEY_USERNAME, str);
        hashMap.put("clientAddress", str2);
        hashMap.put("actionId", str3);
        hashMap.put(MonitorConstants.STR_RESULT, "0");
        hashMap.put("succeedDetails", LanguageRepository.getLanResById("en-us", "RESID_OM_USER_0071", new Object[]{str}));
        hashMap.put("succeedDetailsCh", LanguageRepository.getLanResById("zh-cn", "RESID_OM_USER_0071", new Object[]{str}));
        recordAuditlog(hashMap);
        ControllerHtttpClient.doExecute(str, "3");
    }

    private void lockedUser(String str, String str2, String str3) {
        LOGGER.info("The user account is locked.");
        if (StringUtils.isEmpty(ControllerHtttpClient.doExecute(str, "2"))) {
            if (!StringUtils.isEmpty(ControllerHtttpClient.doExecute(str, "1"))) {
                LOGGER.info("add user acount was blocked success.");
            }
            HashMap hashMap = new HashMap();
            hashMap.put(MonitorConstants.DUMP_KEY_USERNAME, str);
            hashMap.put("clientAddress", str2);
            hashMap.put("actionId", str3);
            hashMap.put(MonitorConstants.STR_RESULT, "0");
            hashMap.put("succeedDetails", LanguageRepository.getLanResById("en-us", "RESID_OM_USER_0070", new Object[]{str}));
            hashMap.put("succeedDetailsCh", LanguageRepository.getLanResById("zh-cn", "RESID_OM_USER_0070", new Object[]{str}));
            recordAuditlog(hashMap);
        }
    }

    private void recordAuditlog(Map<String, String> map) {
        OpLogRecordResponse recordOperationLog = AuditLogUtils.recordOperationLog(map);
        if (recordOperationLog == null || recordOperationLog.getIntResultCode() != 0) {
            LOGGER.error("user unlock record auditlog error.");
        } else {
            LOGGER.info("user unlock record auditlog success.");
        }
    }

    @RequestMapping(value = {"/service/{serviceName}/config.do"}, method = {RequestMethod.GET})
    @ResponseBody
    public RESTResponse<Properties> getOMSconfigurations(@PathVariable String str, HttpServletRequest httpServletRequest) {
        LOGGER.info("Enter get OMSconfigurations.");
        String lanFromCookies = WebUtils.getLanFromCookies(httpServletRequest);
        RESTResponse<Properties> rESTResponse = new RESTResponse<>(new Properties());
        if (!"KrbServer".equals(str) && !"LdapServer".equals(str)) {
            rESTResponse.setState(State.FAILED);
            rESTResponse.setErrorDescription(LanguageRepository.getLanResById(lanFromCookies, "RESID_OM_USER_0002"));
            LOGGER.error("The parameter is invalid.");
            return rESTResponse;
        }
        OMSConfigs oMSConfigurations = this.controllerClient.getOMSConfigurations(str);
        if (oMSConfigurations == null || oMSConfigurations.getConfigs() == null || oMSConfigurations.getConfigs().isEmpty()) {
            rESTResponse.setState(State.FAILED);
            rESTResponse.setErrorDescription(LanguageRepository.getLanResById(lanFromCookies, "RESID_OM_USER_0073"));
        } else {
            rESTResponse.setResObj(oMSConfigurations.getConfigs());
            rESTResponse.setState(State.COMPLETE);
        }
        LOGGER.info("Leave get OMSconfigurations.");
        return rESTResponse;
    }

    private String getLogoutUrl() {
        String str = "";
        try {
            Field declaredField = LogoutFilter.class.getDeclaredField("logoutSuccessHandler");
            declaredField.setAccessible(true);
            SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = (SimpleUrlLogoutSuccessHandler) declaredField.get(this.logoutFilter);
            Method superDeclaredMethod = getWebClient().getSuperDeclaredMethod(simpleUrlLogoutSuccessHandler, "getDefaultTargetUrl");
            superDeclaredMethod.setAccessible(true);
            str = (String) superDeclaredMethod.invoke(simpleUrlLogoutSuccessHandler, new Object[0]);
            LOGGER.info("get url from LogoutFilter ={}", str);
        } catch (IllegalAccessException e) {
            LOGGER.info("catch IllegalAccessException.", e);
        } catch (IllegalArgumentException e2) {
            LOGGER.info("catch IllegalArgumentException.", e2);
        } catch (NoSuchFieldException e3) {
            LOGGER.info("catch NoSuchFieldException.", e3);
        } catch (SecurityException e4) {
            LOGGER.info("catch SecurityException.", e4);
        } catch (InvocationTargetException e5) {
            LOGGER.info("catch InvocationTargetException.", e5);
        }
        return str;
    }

    @RequestMapping(value = {"/ssoconfig.do"}, method = {RequestMethod.GET})
    @ResponseBody
    public RESTResponse<SsoServerInfoResponse> getSsoInfo(HttpServletRequest httpServletRequest) {
        RESTResponse<SsoServerInfoResponse> rESTResponse = new RESTResponse<>();
        LOGGER.info("Enter getSsoInfo");
        String logoutUrl = getLogoutUrl();
        String loginUrl = this.casAuthenticationEntryPoint.getLoginUrl();
        if (StringUtils.isEmpty(logoutUrl)) {
            LOGGER.error("get logout url failed ");
            rESTResponse.setErrorCode(-1);
            rESTResponse.setState(State.FAILED);
            return rESTResponse;
        }
        String substringBefore = org.apache.commons.lang3.StringUtils.substringBefore(org.apache.commons.lang3.StringUtils.substringAfter(logoutUrl, "//"), "/");
        String substringBefore2 = org.apache.commons.lang3.StringUtils.substringBefore(substringBefore, ":");
        String substringAfter = org.apache.commons.lang3.StringUtils.substringAfter(substringBefore, ":");
        SsoServerInfoResponse ssoServerInfoResponse = new SsoServerInfoResponse();
        ssoServerInfoResponse.setSsoIp(substringBefore2);
        ssoServerInfoResponse.setSsoPort(substringAfter);
        ssoServerInfoResponse.setLoginUrl(loginUrl);
        ssoServerInfoResponse.setLogoutUrl(logoutUrl);
        rESTResponse.setErrorCode(0);
        rESTResponse.setState(State.COMPLETE);
        rESTResponse.setResObj(ssoServerInfoResponse);
        return rESTResponse;
    }

    private void processSsoRequest(SsoServerInfoRequest ssoServerInfoRequest) {
        String str = ssoServerInfoRequest.getSsoIp() + ":" + ssoServerInfoRequest.getSsoPort();
        String loginUrl = StringUtil.isNullOrEmpty(ssoServerInfoRequest.getLoginUrl()) ? "https://" + str + DEFAULT_LOGIN_URL : ssoServerInfoRequest.getLoginUrl();
        String logoutUrl = StringUtil.isNullOrEmpty(ssoServerInfoRequest.getLogoutUrl()) ? "https://" + str + DEFAULT_LOGIN_URL : ssoServerInfoRequest.getLogoutUrl();
        String mode = StringUtil.isNullOrEmpty(ssoServerInfoRequest.getMode()) ? DEFAULT_SSOCONFIG_MODE : ssoServerInfoRequest.getMode();
        ssoServerInfoRequest.setLoginUrl(loginUrl);
        ssoServerInfoRequest.setLogoutUrl(logoutUrl);
        ssoServerInfoRequest.setMode(mode);
    }

    @RequestMapping(value = {"/ssoconfig.do"}, method = {RequestMethod.POST})
    @ResponseBody
    public Response refreshSsoInfo(@RequestBody SsoServerInfoRequest ssoServerInfoRequest, HttpServletRequest httpServletRequest) {
        String lanFromCookies = WebUtils.getLanFromCookies(httpServletRequest);
        Response response = new Response();
        response.setState(State.FAILED);
        if (!WebUtils.isLicValid(this.controllerClient)) {
            response.setErrorDescription(lanFromCookies, Resource.RES_INVALID_LIC);
            LOGGER.error("License is invalid.");
            return response;
        }
        if (ValidateUtil.isNull(new Object[]{ssoServerInfoRequest, ssoServerInfoRequest.getSsoIp(), ssoServerInfoRequest.getSsoPort()}) || !("all".equals(ssoServerInfoRequest.getMode()) || DEFAULT_SSOCONFIG_MODE.equals(ssoServerInfoRequest.getMode()))) {
            response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0002");
            LOGGER.error("The parameter is null or invalid.");
            return response;
        }
        processSsoRequest(ssoServerInfoRequest);
        String str = ssoServerInfoRequest.getSsoIp() + ":" + ssoServerInfoRequest.getSsoPort();
        String substringAfter = org.apache.commons.lang3.StringUtils.substringAfter(ssoServerInfoRequest.getLoginUrl(), "://");
        String substringAfter2 = org.apache.commons.lang3.StringUtils.substringAfter(ssoServerInfoRequest.getLogoutUrl(), "://");
        LOGGER.info("Enter ssoServerInfoRequest.ip={},mode={},port={}, loginUrl={}, logoutUrl={}", new Object[]{StringHelper.replaceBlank(ssoServerInfoRequest.getSsoIp()), StringHelper.replaceBlank(ssoServerInfoRequest.getSsoPort()), StringHelper.replaceBlank(ssoServerInfoRequest.getMode()), StringHelper.replaceBlank(ssoServerInfoRequest.getLoginUrl()), StringHelper.replaceBlank(ssoServerInfoRequest.getLogoutUrl())});
        if (!substringAfter.startsWith(str) || !substringAfter2.startsWith(str) || !ValidateUtil.isMatchRule(ssoServerInfoRequest.getLoginUrl(), URL_RULE_PATTERN) || !ValidateUtil.isMatchRule(ssoServerInfoRequest.getLogoutUrl(), URL_RULE_PATTERN)) {
            response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0002");
            LOGGER.error("The url parameter does not match ip and port pattern.");
            return response;
        }
        String loginUrl = this.casAuthenticationEntryPoint.getLoginUrl();
        String logoutUrl = getLogoutUrl();
        if (!org.apache.commons.lang3.StringUtils.isEmpty(loginUrl) && !org.apache.commons.lang3.StringUtils.isEmpty(logoutUrl)) {
            return getWebClient().updateSsoConfig(ssoServerInfoRequest, loginUrl, org.apache.commons.lang3.StringUtils.substringBeforeLast(loginUrl, "/"), logoutUrl, lanFromCookies);
        }
        response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0002");
        LOGGER.error("can not get current login URL or logout URL");
        return response;
    }

    @RequestMapping(value = {"/service/{serviceName}/config.do"}, method = {RequestMethod.POST})
    @ResponseBody
    public Response modifyOMSconfigurations(@PathVariable String str, @RequestBody OMSConfigurationsRequest oMSConfigurationsRequest, HttpServletRequest httpServletRequest, @RequestParam(value = "asyn", required = false, defaultValue = "false") String str2, HttpSession httpSession, Principal principal) {
        boolean parseBoolean = Boolean.parseBoolean(str2);
        LOGGER.info("Enter modify OMSconfigurations. serviceName = {},asynFlag is {},asyn is {}.", new Object[]{StringHelper.replaceBlank(str), Boolean.valueOf(parseBoolean), StringHelper.replaceBlank(str2)});
        Response response = new Response();
        String lanFromCookies = WebUtils.getLanFromCookies(httpServletRequest);
        if (!WebUtils.isLicValid(this.controllerClient)) {
            Response response2 = new Response();
            response2.setState(State.FAILED);
            response2.setErrorDescription(lanFromCookies, Resource.RES_INVALID_LIC);
            LOGGER.error("License is invalid.Please import a new license.");
            return response2;
        }
        if (ValidateUtil.isNull(new Object[]{oMSConfigurationsRequest}) || !("KrbServer".equals(str) || "LdapServer".equals(str))) {
            response.setState(State.FAILED);
            response.setErrorCode(-1);
            response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0002");
            LOGGER.error("The parameter is null.");
            return response;
        }
        if (!isConfigsValid(oMSConfigurationsRequest.getConfigs())) {
            response.setState(State.FAILED);
            response.setErrorCode(-1);
            response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0002");
            LOGGER.error("invalid parameter");
            return response;
        }
        if (!getWebClient().checkAuthority(oMSConfigurationsRequest.getUserPassword(), response, httpServletRequest.getSession())) {
            response.setState(State.FAILED);
            LOGGER.error("check user operate authority failed.");
            return response;
        }
        if (oMSConfigurationsRequest.getConfigs().getProperty("KADMIN_ACL") != null) {
            oMSConfigurationsRequest.getConfigs().remove("KADMIN_ACL");
        }
        OMSConfigs oMSConfigs = new OMSConfigs();
        oMSConfigs.setConfigs(oMSConfigurationsRequest.getConfigs());
        long modifyOMSConfigurations = this.controllerClient.modifyOMSConfigurations(str, oMSConfigs, parseBoolean);
        LOGGER.info("command id returned from controller is {}", Long.valueOf(modifyOMSConfigurations));
        if (parseBoolean) {
            response.setState(State.COMPLETE);
            response.setId(modifyOMSConfigurations);
            response.updateResponseInfo(lanFromCookies, modifyOMSConfigurations, this.controllerClient);
        } else if (modifyOMSConfigurations != 0) {
            response.setState(State.FAILED);
            response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0074");
        } else {
            response.setState(State.COMPLETE);
        }
        this.sessionService.rebuildSession(httpSession, httpServletRequest, response, principal);
        LOGGER.info("Leave modify OMSconfigurations.");
        return response;
    }

    @RequestMapping(value = {"/selfinfo.do"}, method = {RequestMethod.GET})
    @ResponseBody
    public RESTResponse<GetSelfInfoResponse> viewSelfInfo() {
        LOGGER.info("Enter view self info.");
        String currentLoginUsername = IAMUtil.getCurrentLoginUsername();
        GetSelfInfoResponse getSelfInfoResponse = new GetSelfInfoResponse();
        getSelfInfoResponse.setUserName(currentLoginUsername);
        RESTResponse<GetSelfInfoResponse> rESTResponse = new RESTResponse<>();
        rESTResponse.setResObj(getSelfInfoResponse);
        rESTResponse.setState(State.COMPLETE);
        rESTResponse.setErrorCode(0);
        LOGGER.info("Leave view self info.");
        return rESTResponse;
    }

    @RequestMapping(value = {"/userprivilege.do"}, method = {RequestMethod.GET})
    @ResponseBody
    public RESTResponse<IAMUserPreviligeInfo> viewUserPreviligeInfo() {
        LOGGER.info("Enter view user previlige info");
        RESTResponse<IAMUserPreviligeInfo> rESTResponse = new RESTResponse<>();
        String currentLoginUsername = IAMUtil.getCurrentLoginUsername();
        IAMUserPreviligeInfo iAMUserPreviligeInfo = new IAMUserPreviligeInfo();
        iAMUserPreviligeInfo.setUserName(currentLoginUsername);
        Set<String> allUserPrivilegs = IAMUtil.getAllUserPrivilegs(this.controllerClient, currentLoginUsername, "0");
        if (allUserPrivilegs != null) {
            iAMUserPreviligeInfo.setPrivilegeName(new ArrayList<>(allUserPrivilegs));
        }
        rESTResponse.setErrorCode(0);
        rESTResponse.setState(State.COMPLETE);
        rESTResponse.setResObj(iAMUserPreviligeInfo);
        LOGGER.info("Leave view user previlige info");
        return rESTResponse;
    }

    private void updateSessionContent(HttpServletRequest httpServletRequest, HttpSession httpSession, Principal principal) {
        httpSession.setAttribute("FIRST_LOGIN", IAMConstant.TRUE);
        httpSession.setAttribute("needtoken", Resource.SCREEN_LOCK);
        addWebClientToSession(httpServletRequest, httpSession, httpSession.getServletContext(), principal);
        httpSession.setAttribute("is_second_authorization", Boolean.valueOf(WebSecurityUtil.getIsSecondAuthentication()));
        IAMUserDetails userDetails = IAMUtil.getUserDetails();
        if (this.sessionRegistry == null || userDetails == null) {
            return;
        }
        LOGGER.info("Add user details and session to memery");
        this.sessionRegistry.addPrincipalAndUserDetails(userDetails.getUsername(), httpSession, userDetails);
    }

    @RequestMapping(value = {"/passwordpolicy/loginpolicy.do"}, method = {RequestMethod.GET})
    @ResponseBody
    public RESTResponse<PasswordPolicy> getPasswordPolicy() {
        LOGGER.info("Get password policy enter.");
        RESTResponse<PasswordPolicy> rESTResponse = new RESTResponse<>();
        try {
            QueryPwdPolicyResponse queryPwdPolicyResponse = (QueryPwdPolicyResponse) this.restTemplate.getForObject(new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty("acs.rest.server.url") + "/policy/getsecuritypolicy", QueryPwdPolicyResponse.class, new Object[0]);
            if (ValidateUtil.isNull(new Object[]{queryPwdPolicyResponse})) {
                LOGGER.error("Acs return value is null.");
                rESTResponse.setState(State.FAILED);
                rESTResponse.setErrorCode(REST_ERROR_CODE);
                return rESTResponse;
            }
            rESTResponse.setErrorCode(queryPwdPolicyResponse.getResultCode());
            rESTResponse.setErrorDescription(queryPwdPolicyResponse.getResultDesc());
            if (queryPwdPolicyResponse.getResultCode() == 0) {
                rESTResponse.setResObj(queryPwdPolicyResponse.getPasswordPolicy());
                rESTResponse.setState(State.COMPLETE);
            } else {
                rESTResponse.setState(State.FAILED);
            }
            LOGGER.info("Get password policy exit.");
            return rESTResponse;
        } catch (Exception e) {
            LOGGER.error(REST_ERROR_DESCRIPTION);
            rESTResponse.setState(State.FAILED);
            rESTResponse.setErrorCode(REST_ERROR_CODE);
            rESTResponse.setErrorDescription(REST_ERROR_DESCRIPTION);
            return rESTResponse;
        }
    }

    @RequestMapping(value = {"/unlock.htm"}, method = {RequestMethod.POST})
    @ResponseBody
    public SimpleResponse unlock(HttpSession httpSession, @RequestBody IAMUserUnlockInfo iAMUserUnlockInfo, HttpServletRequest httpServletRequest, Principal principal) {
        LOGGER.info("Enter unlock. ");
        String lanFromCookies = WebUtils.getLanFromCookies(httpServletRequest);
        SimpleResponse simpleResponse = new SimpleResponse();
        if (ValidateUtil.isNull(new Object[]{httpSession, iAMUserUnlockInfo})) {
            simpleResponse.setIntResultCode(-1);
            simpleResponse.setErrorDescriptionRecoder("RESID_OM_USER_0002");
            simpleResponse.setResultDesc(LanguageRepository.getLanResById(lanFromCookies, "RESID_OM_USER_0002"));
            LOGGER.error("The parameter is null.");
            return simpleResponse;
        }
        IAMUserDetails userDetails = IAMUtil.getUserDetails();
        String username = userDetails.getUsername();
        KerberosLoginModule kerberosLoginModule = new KerberosLoginModule();
        String remoteAddress = userDetails.getRemoteAddress();
        try {
            kerberosLoginModule.doAuthenticationUsePwd(username, iAMUserUnlockInfo.getPassword());
            httpSession.setAttribute(LOCK_SCREEN_NAME, Resource.SCREEN_UNLOCK);
            httpSession.setAttribute(SCREE_IS_AUDIT, Resource.SCREEN_LOCK);
            httpSession.setAttribute(LAST_UNREGULAR_URL_TIME_NAME, Long.valueOf(System.currentTimeMillis()));
            LOGGER.info("Unlock success.");
            String id = httpSession.getId();
            FISingleSignOutFilter fISingleSignOutFilter = (FISingleSignOutFilter) this.applicationContext.getBean("singleLogoutFilter", FISingleSignOutFilter.class);
            if (null == fISingleSignOutFilter) {
                simpleResponse.setErrorDescriptionRecoder("RESID_OM_USER_0002");
                simpleResponse.setResultDesc(LanguageRepository.getLanResById(lanFromCookies, "RESID_OM_USER_0002"));
                simpleResponse.setIntResultCode(-1);
                LOGGER.error("can not get application context filter.");
                return simpleResponse;
            }
            String keyBySessionIdInMappingStorage = fISingleSignOutFilter.getKeyBySessionIdInMappingStorage(id);
            IAMUserDetails userDetails2 = IAMUtil.getUserDetails();
            if (this.sessionRegistry != null && userDetails2 != null) {
                String username2 = userDetails2.getUsername();
                LOGGER.info("Delset session from sessionRegistry.");
                this.sessionRegistry.deleteUserSessionAndUserDetails(username2, httpSession.getId());
            }
            String str = (String) httpSession.getAttribute("Token");
            httpSession.setAttribute(IS_SESSION_REFRESH, true);
            httpSession.invalidate();
            HttpSession session = httpServletRequest.getSession(true);
            fISingleSignOutFilter.updatSeesionInMappingStorage(keyBySessionIdInMappingStorage, session);
            updateSessionContent(httpServletRequest, session, principal);
            session.setAttribute("Token", str);
            unlockedUser(username, remoteAddress, USER_UNLOCKED_ID);
            simpleResponse.setIntResultCode(0);
            return simpleResponse;
        } catch (LoginException e) {
            if (e.getMessage().contains("LOCKED_OUT")) {
                LOGGER.error("Authentication failed because of kerberos locked.");
                simpleResponse.setIntResultCode(6100016);
                simpleResponse.setResultDesc(LanguageRepository.getLanResById(lanFromCookies, "RESID_OM_USER_0066"));
                simpleResponse.setErrorDescriptionRecoder("RESID_OM_USER_0066");
                LOGGER.info("Leave unlock");
                lockedUser(username, remoteAddress, USER_LOCKED_ID);
                return simpleResponse;
            }
            if (e.getMessage().contains("EXPIRED")) {
                simpleResponse.setIntResultCode(6100017);
                simpleResponse.setResultDesc(LanguageRepository.getLanResById(lanFromCookies, "RESID_OM_USER_0067"));
                simpleResponse.setErrorDescriptionRecoder("RESID_OM_USER_0067");
                LOGGER.info("Leave unlock");
                lockedUser(username, remoteAddress, USER_LOCKED_ID);
                return simpleResponse;
            }
            LOGGER.error("Unlock error, {}", LanguageRepository.getLanResById("en-us", Resource.PWD_INCORRECT_DESC));
            simpleResponse.setIntResultCode(INCORRECT_PWD_CODE);
            simpleResponse.setResultDesc(LanguageRepository.getLanResById(lanFromCookies, Resource.PWD_INCORRECT_DESC));
            simpleResponse.setErrorDescriptionRecoder(Resource.PWD_INCORRECT_DESC);
            LOGGER.info("Leave unlock");
            return simpleResponse;
        }
    }

    @RequestMapping(value = {"/isAuthorizable.do"}, method = {RequestMethod.POST})
    @ResponseBody
    public Response isAuthorizable(HttpSession httpSession, @RequestBody IAMUserUnlockInfo iAMUserUnlockInfo, HttpServletRequest httpServletRequest, Principal principal) {
        LOGGER.info("Enter isAuthorizable.");
        Response response = new Response();
        String lanFromCookies = WebUtils.getLanFromCookies(httpServletRequest);
        if (ValidateUtil.isNull(new Object[]{httpSession, iAMUserUnlockInfo})) {
            response.setErrorCode(-1);
            response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0002");
            response.setState(State.FAILED);
            LOGGER.error("The parameter is null.");
            return response;
        }
        IAMUserDetails userDetails = IAMUtil.getUserDetails();
        String username = userDetails.getUsername();
        KerberosLoginModule kerberosLoginModule = new KerberosLoginModule();
        String remoteAddress = userDetails.getRemoteAddress();
        try {
            kerberosLoginModule.doAuthenticationUsePwd(username, iAMUserUnlockInfo.getPassword());
            LOGGER.info("Authorizable success.");
            String id = httpSession.getId();
            FISingleSignOutFilter fISingleSignOutFilter = (FISingleSignOutFilter) this.applicationContext.getBean("singleLogoutFilter", FISingleSignOutFilter.class);
            if (null == fISingleSignOutFilter) {
                response.setErrorCode(-1);
                response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0002");
                response.setState(State.FAILED);
                LOGGER.error("can not get application context filter.");
                return response;
            }
            String keyBySessionIdInMappingStorage = fISingleSignOutFilter.getKeyBySessionIdInMappingStorage(id);
            IAMUserDetails userDetails2 = IAMUtil.getUserDetails();
            if (this.sessionRegistry != null && userDetails2 != null) {
                String username2 = userDetails2.getUsername();
                LOGGER.info("Delete session from sessionRegistry.");
                this.sessionRegistry.deleteUserSessionAndUserDetails(username2, httpSession.getId());
            }
            String str = (String) httpSession.getAttribute("Token");
            httpSession.setAttribute(IS_SESSION_REFRESH, true);
            httpSession.invalidate();
            HttpSession session = httpServletRequest.getSession(true);
            fISingleSignOutFilter.updatSeesionInMappingStorage(keyBySessionIdInMappingStorage, session);
            updateSessionContent(httpServletRequest, session, principal);
            session.setAttribute("Token", str);
            unlockedUser(username, remoteAddress, USER_UNLOCKED_ID);
            response.setState(State.COMPLETE);
            response.setErrorCode(0);
            response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0064");
            return response;
        } catch (LoginException e) {
            if (e.getMessage().contains("LOCKED_OUT")) {
                LOGGER.error("Authentication failed because of kerberos locked.");
                response.setErrorCode(6100016);
                response.setState(State.FAILED);
                response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0066");
                LOGGER.info("Leave unlock");
                lockedUser(username, remoteAddress, USER_LOCKED_ID);
                return response;
            }
            if (e.getMessage().contains("EXPIRED")) {
                response.setErrorCode(6100017);
                response.setState(State.FAILED);
                response.setErrorDescription(lanFromCookies, "RESID_OM_USER_0067");
                LOGGER.info("Leave unlock");
                lockedUser(username, remoteAddress, USER_LOCKED_ID);
                return response;
            }
            LOGGER.error("Authentication error, {}", LanguageRepository.getLanResById("en-us", Resource.PWD_INCORRECT_DESC));
            response.setErrorCode(INCORRECT_PWD_CODE);
            response.setState(State.FAILED);
            response.setErrorDescription(lanFromCookies, Resource.PWD_INCORRECT_DESC);
            LOGGER.info("Leave Authentication");
            return response;
        }
    }

    public IAMService getIamService() {
        return this.iamService;
    }

    public void setIamService(IAMService iAMService) {
        this.iamService = iAMService;
    }

    private void initWebClient() {
        Configuration configuration = (Configuration) this.applicationContext.getBean(CONFIGURATION_BEAN_NAME, Configuration.class);
        WebContext webContext = new WebContext();
        webContext.setConfiguration(configuration);
        this.client = new WebClient(((ClientProviderFactory) this.applicationContext.getBean(CLIENT_PROVIDER_FACTORY_BEAN_NAME, ClientProviderFactory.class)).newClientProvider(webContext).newClient((String) null), webContext);
    }

    public WebClient getWebClient() {
        if (ValidateUtil.isNull(new Object[]{this.client})) {
            initWebClient();
        }
        return this.client;
    }

    private boolean isConfigsValid(Properties properties) {
        return properties != null && isIntValid(properties, "kdc_timeout", 50, 6000) && isIntValid(properties, "max_retries", 1, 10) && isIntValid(properties, "LDAP_OPTION_TIMEOUT", 50, 6000) && isIntValid(properties, "LDAP_SEARCH_TIMEOUT", 50, 6000) && isIntValid(properties, "KADMIN_PORT", 21700, 21729) && isIntValid(properties, "kdc_ports", 21700, 21729) && isIntValid(properties, "KPASSWD_PORT", 21700, 21729) && isIntValid(properties, "LDAP_SERVER_PORT", 21750, 21779);
    }

    private boolean isIntValid(Properties properties, String str, int i, int i2) {
        String property = properties.getProperty(str);
        if (property == null) {
            return true;
        }
        try {
            int parseInt = Integer.parseInt(property);
            if (parseInt <= i2 && parseInt >= i) {
                return true;
            }
            LOGGER.error("invalid int value " + StringHelper.replaceBlank(property));
            return false;
        } catch (Exception e) {
            LOGGER.error("invalid int " + StringHelper.replaceBlank(property));
            return false;
        }
    }

    private String getTokenInfo() {
        StringBuilder sb = new StringBuilder();
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            for (int i = 0; i < 32; i++) {
                switch (secureRandom.nextInt(3)) {
                    case 0:
                        sb.append(secureRandom.nextInt(10));
                        break;
                    case 1:
                        sb.append((char) (secureRandom.nextInt(26) + 65));
                        break;
                    case 2:
                        sb.append((char) (secureRandom.nextInt(26) + 97));
                        break;
                }
            }
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            LOGGER.error("getToken failed!");
        }
        return sb.toString();
    }
}
