package com.huawei.bigdata.om.web.client;

import com.huawei.bigdata.om.common.utils.KerberosLoginModule;
import com.huawei.bigdata.om.controller.api.common.data.State;
import com.huawei.bigdata.om.web.model.proto.Response;
import com.huawei.bigdata.om.web.security.iam.util.IAMUserDetails;
import com.huawei.bigdata.om.web.security.iam.util.IAMUtil;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/bigdata/om/web/client/Common.class */
public class Common {
    private static final int NO_USER_CODE = 6100012;
    private static final int INCORRECT_PWD_CODE = 6100013;
    private static final String IS_SECOND_AUTHORIZATION = "is_second_authorization";
    private static final Logger LOG = LoggerFactory.getLogger(Common.class);

    public boolean checkAuthority(String str, Response response, HttpSession httpSession) {
        Object attribute = httpSession.getAttribute("is_second_authorization");
        if (attribute == null) {
            LOG.error("The value of is_second_authorization is null.");
            return false;
        }
        if ((attribute instanceof Boolean) && !((Boolean) attribute).booleanValue()) {
            LOG.info("No need to second_authorization.");
            return true;
        }
        if (StringUtils.isEmpty(str)) {
            LOG.error("userPassword is null.");
            setResponseInfo(response, NO_USER_CODE);
            return false;
        }
        if (str.length() > 32) {
            LOG.warn("input user password too long, the length is {}.", Integer.valueOf(str.length()));
            str = str.substring(0, 32);
        }
        IAMUserDetails userDetails = IAMUtil.getUserDetails();
        if (null == userDetails) {
            setResponseInfo(response, NO_USER_CODE);
            LOG.error("check authority error, currentUser is null.");
            return false;
        }
        String username = userDetails.getUsername();
        try {
            new KerberosLoginModule().doAuthenticationUsePwd(username, str);
            WebClient.userUnlocked(userDetails, username);
            LOG.info("check user operate authority successfully.");
            return true;
        } catch (LoginException e) {
            if (!e.getMessage().contains("LOCKED_OUT")) {
                setResponseInfo(response, NO_USER_CODE);
                LOG.error("check authority error, currentUser is null.");
                return false;
            }
            WebClient.userLocked(userDetails, username);
            LOG.error("Authentication failed because of kerberos locked.");
            setResponseInfo(response, 6100016);
            return false;
        }
    }

    public void setResponseInfo(Response response, int i) {
        response.setState(State.FAILED);
        response.setId(-10L);
        if (i == INCORRECT_PWD_CODE || i == NO_USER_CODE) {
            i = NO_USER_CODE;
            response.setErrorDescription("The username or password is incorrect.");
        }
        if (i == 6100016) {
            response.setErrorDescription("The number of failed login attempts has reached the maximum. This account has been locked.Please try again later.");
        }
        response.setErrorCode(i);
    }
}
