package com.huawei.bigdata.om.web.api.controller;

import com.huawei.bigdata.om.acs.api.model.security.acs.ResultEnum;
import com.huawei.bigdata.om.acs.api.model.security.acs.auth.AuthenticationRequest;
import com.huawei.bigdata.om.acs.api.model.security.acs.securitypolicy.GetKeytabResquest;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.ListUserResponse;
import com.huawei.bigdata.om.acs.api.model.security.acs.user.RemindDaysResponse;
import com.huawei.bigdata.om.client.Client;
import com.huawei.bigdata.om.client.ClientProviderFactory;
import com.huawei.bigdata.om.common.utils.KerberosLoginModule;
import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.controller.api.common.utils.EnvUtil;
import com.huawei.bigdata.om.web.api.converter.AuthModelConverter;
import com.huawei.bigdata.om.web.api.converter.SessionConverter;
import com.huawei.bigdata.om.web.api.exception.InternalServerException;
import com.huawei.bigdata.om.web.api.model.APIExportResponse;
import com.huawei.bigdata.om.web.api.model.auth.APIClusterId;
import com.huawei.bigdata.om.web.api.model.auth.APIIndepdtStatus;
import com.huawei.bigdata.om.web.api.model.auth.APIUserPwdModifyRequest;
import com.huawei.bigdata.om.web.api.model.session.APILogoutResponse;
import com.huawei.bigdata.om.web.api.model.session.APISessionInitResult;
import com.huawei.bigdata.om.web.api.model.session.APISessionUser;
import com.huawei.bigdata.om.web.api.model.session.APIUserOTP;
import com.huawei.bigdata.om.web.api.model.session.APIUserPwd;
import com.huawei.bigdata.om.web.api.model.ui.APISysStatusInfo;
import com.huawei.bigdata.om.web.api.service.AuthorityResourceService;
import com.huawei.bigdata.om.web.api.service.SessionResourceService;
import com.huawei.bigdata.om.web.api.util.APIContextUtil;
import com.huawei.bigdata.om.web.api.util.APIUtils;
import com.huawei.bigdata.om.web.client.AlarmsClient;
import com.huawei.bigdata.om.web.constant.Resource;
import com.huawei.bigdata.om.web.model.proto.LogInCheckResponse;
import com.huawei.bigdata.om.web.model.proto.RESTResponse;
import com.huawei.bigdata.om.web.model.proto.Response;
import com.huawei.bigdata.om.web.model.proto.UIHeartBeatResponse;
import com.huawei.bigdata.om.web.security.FISingleSignOutFilter;
import com.huawei.bigdata.om.web.security.iam.HeartbeatEventManager;
import com.huawei.bigdata.om.web.security.iam.IAMUserPreviligeInfo;
import com.huawei.bigdata.om.web.security.iam.util.FISessionRegistryImp;
import com.huawei.bigdata.om.web.security.iam.util.IAMUserDetails;
import com.huawei.bigdata.om.web.security.iam.util.IAMUtil;
import com.huawei.bigdata.om.web.util.DownloadFileUtil;
import com.huawei.bigdata.om.web.util.MultiFactorConfig;
import com.huawei.bigdata.om.web.util.WebUtils;
import com.huawei.hadoop.security.crypter.CrypterUtil;
import com.omm.extern.fms.model.QueryCondition;
import io.swagger.annotations.ApiParam;
import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.http.HttpStatus;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.tinyradius.packet.AccessRequest;
import org.tinyradius.packet.RadiusPacket;
import org.tinyradius.util.RadiusClient;
import org.tinyradius.util.RadiusException;

@RestController
/* loaded from: input_file:com/huawei/bigdata/om/web/api/controller/SessionController.class */
public class SessionController implements ISessionController {
    private static final String AUTH_FACTOR_TYPE = "auth.factor.type";
    private static final String RADIUS = "radius";
    private static final String RADUIS_SERVER_IP = "raduis.server.ip";
    private static final String RADIUS_SHARED_SECRET = "radius.shared.secret";
    private static final String RADIUS_AUTH_PROTOCOL = "radius.auth.protocol";
    private static final String RADUIS_AUTH_PORT = "raduis.auth.port";
    private static final String OTP_SWITCH = "otp.switch";
    private static final String ON = "ON";
    private static final String ALARMSTATISTICSBYLEVEL = "alarmstatisticsbylevel";
    private static final String DELETE_ACCOUNT_DESC = "Your account was deleted by administrator.";
    private static final String MODIFY_ACOUNT_DESC = "Your account was modified by administrator.";
    private static final String LOCK_SCREEN_DESC = "The system has been locked. Please input the password to unlock it.";
    private static final String ALARM_STATUS_DESC = "Alarm status for cluster.";
    private static final int NUMBER_ONE = 0;
    private static final String HUMAN_MACHINE_ACCOUNT = "0";
    private static final String USER_UNLOCKED_ID = "660016";
    private static final String SCREEN_UNLOCKED_ID = "660013";
    private static final String USER_LOCKED_ID = "660017";
    private static final String SCREEN_LOCKED_ID = "660018";
    private static final int INDEPDT_ERROR_CODE = -216;
    private static final String SESSION_ATTRIBUTE_FIRST_LOGIN = "FIRST_LOGIN";
    private static final String SESSION_ATTRIBUTE_TOKEN = "Token";
    private static final String SESSION_ATTRIBUTE_NEED_TOKEN = "needtoken";
    private static final String SESSION_ATTRIBUTE_LOCK_SCREEN = "lock_screen";
    private static final String SESSION_ATTRIBUTE_LAST_UNREGULAR_URL_TIME_NAME = "last_unregular_url_time";
    private static final String SESSION_ATTRIBUTE_IS_SECOND_AUTHORIZATION = "is_second_authorization";
    private static final String SESSION_ATTRIBUTE_IS_TIMEOUT_LOGOUT = "isTimeoutLogout";
    private static final String SESSION_ATTRIBUTE_SCREE_IS_AUDIT = "lock_screen_audit";
    private static final int ERROR_CODE_SYNCHRONIZE = -39;
    private static final int ERROR_CODE_SET_USER_INDEPDT = -607;
    private static final int ERROR_CODE_MODIFY_USER_PWD = -608;
    private static final int ERROR_CODE_ACCOUNT_LOCKED = -320;
    private static final String EMPTY_STRING = "";

    @Autowired
    protected Client controllerClient;

    @Autowired
    FISingleSignOutFilter fiSingleSignOutFilter;

    @Autowired
    ClientProviderFactory clientProviderFactory;

    @Autowired
    private FISessionRegistryImp sessionRegistry;

    @Autowired
    private HeartbeatEventManager heartbeatEventManager;

    @Autowired
    private AuthorityResourceService authorityService;

    @Autowired
    private SessionResourceService sessionService;
    private static final Logger LOG = LoggerFactory.getLogger(SessionController.class);
    private static final String BIGDATA_DATA_HOME = EnvUtil.getBigdataDataHome();
    private static final String KEYTAB_DOWNLOAD_FOLDER = BIGDATA_DATA_HOME + File.separator + "Manager" + File.separator + "keytab" + File.separator + "downloaddir";

    @ResponseStatus(HttpStatus.OK)
    public APILogoutResponse logout() {
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        HttpSession session = httpServletRequest.getSession();
        boolean booleanValue = Boolean.valueOf(httpServletRequest.getParameter("is_timeout_logout")).booleanValue();
        String parameter = httpServletRequest.getParameter(Resource.HEALTH_CHECK_EXPORT_TYPE_FOR_SERVICE);
        session.setAttribute(SESSION_ATTRIBUTE_IS_TIMEOUT_LOGOUT, Boolean.valueOf(booleanValue));
        String str = "https://" + this.controllerClient.getWsInfo() + (httpServletRequest.getContextPath() + "/index.html");
        String logoutUrl = WebUtils.getLogoutUrl();
        LOG.info("Enter logout casLogoutUrl={}, defaultUrl={}", logoutUrl, str);
        LOG.info("The request service is {}.", StringHelper.replaceBlank(parameter));
        if (StringUtils.isEmpty(parameter)) {
            parameter = str;
        }
        String str2 = logoutUrl + "?service=" + parameter;
        try {
            String username = this.sessionService.getUserDetails().getUsername();
            LOG.info("Delete session from sessionRegistry.");
            this.sessionRegistry.deleteUserSessionAndUserDetails(username, session.getId());
        } catch (InternalServerException e) {
            LOG.error("User details is null.", e);
        }
        session.invalidate();
        APILogoutResponse aPILogoutResponse = new APILogoutResponse();
        aPILogoutResponse.setRedirectUrl(str2);
        return aPILogoutResponse;
    }

    @ResponseStatus(HttpStatus.OK)
    public APISessionInitResult checkLogin() {
        LogInCheckResponse logInCheckResponse = new LogInCheckResponse();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute(SESSION_ATTRIBUTE_FIRST_LOGIN);
        if (StringUtils.isEmpty(str)) {
            String keyBySessionIdInMappingStorage = this.fiSingleSignOutFilter.getKeyBySessionIdInMappingStorage(session.getId());
            session.invalidate();
            session = httpServletRequest.getSession(true);
            session.setAttribute(SESSION_ATTRIBUTE_FIRST_LOGIN, Resource.SCREEN_LOCK);
            session.setAttribute(SESSION_ATTRIBUTE_NEED_TOKEN, Resource.SCREEN_LOCK);
            session.setAttribute(SESSION_ATTRIBUTE_TOKEN, this.sessionService.getTokenInfo());
            this.fiSingleSignOutFilter.updatSeesionInMappingStorage(keyBySessionIdInMappingStorage, session);
        }
        logInCheckResponse.setToken((String) session.getAttribute(SESSION_ATTRIBUTE_TOKEN));
        LOG.info("Enter login check : session timeout = {} seconds. ", Integer.valueOf(session.getMaxInactiveInterval()));
        this.sessionService.addWebClientToSession(httpServletRequest, session, session.getServletContext(), userPrincipal);
        session.setAttribute("is_second_authorization", true);
        IAMUserDetails userDetails = this.sessionService.getUserDetails();
        LOG.info("Add user details and session to memery");
        String username = userDetails.getUsername();
        this.sessionRegistry.addPrincipalAndUserDetails(username, session, userDetails);
        this.sessionService.unlockCurrentUser(username, USER_UNLOCKED_ID);
        LOG.info("userDetails isHasOTPAuth {} result isNeedOTP {}", Boolean.valueOf(userDetails.isHasOTPAuth()), Boolean.valueOf(logInCheckResponse.isNeedOTP()));
        if (isOTPSwitchOn() && !userDetails.isHasOTPAuth() && (null == this.sessionRegistry.getUserDetailsMap(username) || !this.sessionRegistry.getUserDetailsMap(username).get(session.getId()).isHasOTPAuth())) {
            if (null != this.sessionRegistry.getUserDetailsMap(username)) {
                LOG.info("userDetails isHasOTPAuth {} ", Boolean.valueOf(this.sessionRegistry.getUserDetailsMap(username).get(session.getId()).isHasOTPAuth()));
            }
            logInCheckResponse.setNeedOTP(true);
            return SessionConverter.convert2APISessionInitResult(logInCheckResponse, str);
        }
        RemindDaysResponse resObj = APIContextUtil.getSecurityClient().queryRemind(userPrincipal.getName()).getResObj();
        if (ResultEnum.SUCCESS.getResultCode() != resObj.getResultCode()) {
            LOG.error("Lock user faild when getting Remind days.");
            this.authorityService.handleErrorCode(resObj.getResultCode());
        }
        logInCheckResponse.setRemindPwd(resObj.isRemindPwd());
        logInCheckResponse.setRemindDays(resObj.getRemindDays());
        return SessionConverter.convert2APISessionInitResult(logInCheckResponse, str);
    }

    public boolean isOTPSwitchOn() {
        return "ON".equalsIgnoreCase(new AnnotationConfigApplicationContext(new Class[]{MultiFactorConfig.class}).getEnvironment().getProperty(OTP_SWITCH));
    }

    public boolean authenticateByOTP(APIUserOTP aPIUserOTP) {
        AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext(new Class[]{MultiFactorConfig.class});
        if (!annotationConfigApplicationContext.getEnvironment().getProperty(AUTH_FACTOR_TYPE).equalsIgnoreCase(RADIUS)) {
            return true;
        }
        String property = annotationConfigApplicationContext.getEnvironment().getProperty(RADUIS_SERVER_IP);
        String decrypt = CrypterUtil.decrypt(annotationConfigApplicationContext.getEnvironment().getProperty(RADIUS_SHARED_SECRET));
        String property2 = annotationConfigApplicationContext.getEnvironment().getProperty(RADIUS_AUTH_PROTOCOL);
        int intValue = Integer.valueOf(annotationConfigApplicationContext.getEnvironment().getProperty(RADUIS_AUTH_PORT)).intValue();
        RadiusClient radiusClient = new RadiusClient(property, decrypt);
        AccessRequest accessRequest = new AccessRequest(aPIUserOTP.getUserName(), aPIUserOTP.getPassCode());
        accessRequest.setAuthProtocol(property2);
        radiusClient.setAuthPort(intValue);
        LOG.info("Packet before it is sent");
        try {
            try {
                try {
                    RadiusPacket authenticate = radiusClient.authenticate(accessRequest);
                    radiusClient.close();
                    if (!authenticate.getPacketTypeName().equals("Access-Accept")) {
                        return false;
                    }
                    LOG.info("Auth by OTP successfully.");
                    return true;
                } catch (IOException e) {
                    LOG.error("auth failed {}" + e);
                    radiusClient.close();
                    return false;
                }
            } catch (RadiusException e2) {
                LOG.error("auth failed {}" + e2);
                radiusClient.close();
                return false;
            }
        } catch (Throwable th) {
            radiusClient.close();
            throw th;
        }
    }

    @ResponseStatus(HttpStatus.OK)
    public APISessionInitResult loginWithOTP(APIUserOTP aPIUserOTP) {
        LOG.info("Enter login with otp username {}", aPIUserOTP.getUserName());
        LogInCheckResponse logInCheckResponse = new LogInCheckResponse();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        HttpSession session = httpServletRequest.getSession();
        if (APIContextUtil.getIsEncoded()) {
            aPIUserOTP.setPassCode(SessionConverter.base64Decode(aPIUserOTP.getPassCode()));
        }
        String str = (String) session.getAttribute(SESSION_ATTRIBUTE_FIRST_LOGIN);
        if (StringUtils.isEmpty(str)) {
            generateSession();
        }
        logInCheckResponse.setToken((String) session.getAttribute(SESSION_ATTRIBUTE_TOKEN));
        LOG.info("Enter login loginWithOTP : session timeout = {} seconds. ", Integer.valueOf(session.getMaxInactiveInterval()));
        this.sessionService.addWebClientToSession(httpServletRequest, session, session.getServletContext(), userPrincipal);
        session.setAttribute("is_second_authorization", true);
        IAMUserDetails userDetails = this.sessionService.getUserDetails();
        String username = userDetails.getUsername();
        if (!aPIUserOTP.getUserName().equals(username)) {
            LOG.error("can not use other people passcode.");
            LOG.info("Delete session from sessionRegistry.");
            this.sessionRegistry.deleteUserSessionAndUserDetails(username, session.getId());
            session.invalidate();
            return SessionConverter.convert2APISessionInitResult(logInCheckResponse, str);
        }
        if (!authenticateByOTP(aPIUserOTP)) {
            LOG.info("Auth by OTP faild.");
            userDetails.setHasOTPAuth(false);
            logInCheckResponse.setNeedOTP(true);
            throw new InternalServerException("13-5000004", "RESID_OM_API_SESSION_0007");
        }
        userDetails.setHasOTPAuth(true);
        logInCheckResponse.setNeedOTP(false);
        LOG.info("Add user details and session to memory");
        this.sessionRegistry.addPrincipalAndUserDetails(username, session, userDetails);
        this.sessionService.unlockCurrentUser(username, USER_UNLOCKED_ID);
        RemindDaysResponse resObj = APIContextUtil.getSecurityClient().queryRemind(userPrincipal.getName()).getResObj();
        if (ResultEnum.SUCCESS.getResultCode() != resObj.getResultCode()) {
            LOG.error("Lock user faild when getting Remind days.");
            this.authorityService.handleErrorCode(resObj.getResultCode());
        }
        logInCheckResponse.setRemindPwd(resObj.isRemindPwd());
        logInCheckResponse.setRemindDays(resObj.getRemindDays());
        LOG.info("Leave loginWithOTP");
        return SessionConverter.convert2APISessionInitResult(logInCheckResponse, str);
    }

    private void generateSession() {
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        HttpSession session = httpServletRequest.getSession();
        String keyBySessionIdInMappingStorage = this.fiSingleSignOutFilter.getKeyBySessionIdInMappingStorage(session.getId());
        session.invalidate();
        HttpSession session2 = httpServletRequest.getSession(true);
        session2.setAttribute(SESSION_ATTRIBUTE_FIRST_LOGIN, Resource.SCREEN_LOCK);
        session2.setAttribute(SESSION_ATTRIBUTE_NEED_TOKEN, Resource.SCREEN_LOCK);
        session2.setAttribute(SESSION_ATTRIBUTE_TOKEN, this.sessionService.getTokenInfo());
        this.fiSingleSignOutFilter.updatSeesionInMappingStorage(keyBySessionIdInMappingStorage, session2);
    }

    @ResponseStatus(HttpStatus.OK)
    public APISessionUser getCurrentUser() {
        String currentLoginUsername = this.sessionService.getCurrentLoginUsername();
        IAMUserPreviligeInfo iAMUserPreviligeInfo = new IAMUserPreviligeInfo();
        iAMUserPreviligeInfo.setUserName(currentLoginUsername);
        iAMUserPreviligeInfo.setPrivilegeName(new ArrayList<>(IAMUtil.getAllUserPrivilegs(this.controllerClient, currentLoginUsername, "0")));
        return SessionConverter.convert2APISessionUser(iAMUserPreviligeInfo);
    }

    @ResponseStatus(HttpStatus.OK)
    public APIIndepdtStatus getUserIndepdt() {
        String language = APIContextUtil.getLanguage();
        String currentLoginUsername = this.sessionService.getCurrentLoginUsername();
        String indepdtInConfig = APIContextUtil.getSecurityClient().getIndepdtInConfig();
        RESTResponse<ListUserResponse> queryAdUserByName = APIContextUtil.getSecurityClient().queryAdUserByName(currentLoginUsername);
        return (ResultEnum.SUCCESS.getResultCode() != queryAdUserByName.getErrorCode() || queryAdUserByName.getResObj().getTotal() <= 0) ? SessionConverter.convert2APIShowIndepdtStatus(indepdtInConfig, APIContextUtil.getSecurityClient().queryUserByName(currentLoginUsername, language).getResObj()) : SessionConverter.convert2APIShowIndepdtStatus(indepdtInConfig, queryAdUserByName.getResObj());
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void setUserIndepdt(@ApiParam(value = "设置indepdt属性", required = true) @RequestBody APIIndepdtStatus aPIIndepdtStatus) {
        if (!APIContextUtil.getHttpServletRequest().isRequestedSessionIdValid()) {
            LOG.error("Session is invalid.");
            throw new InternalServerException("13-5000005", "RESID_OM_API_SESSION_0008");
        }
        boolean isEncoded = APIContextUtil.getIsEncoded();
        String currentLoginUsername = this.sessionService.getCurrentLoginUsername();
        this.authorityService.checkPassword(aPIIndepdtStatus.getPassword(), currentLoginUsername, isEncoded);
        this.sessionService.operationAuthentication();
        Response indepdt = APIContextUtil.getSecurityClient().setIndepdt(SessionConverter.convert2SetUserIndepdtRequest(currentLoginUsername, aPIIndepdtStatus, isEncoded));
        if (ResultEnum.SUCCESS.getResultCode() != indepdt.getErrorCode()) {
            if (indepdt.getErrorCode() == INDEPDT_ERROR_CODE) {
                LOG.error("the authority of the user's table has been assigned to other roles");
                throw new InternalServerException("13-5000008", "RESID_OM_API_SESSION_0011");
            }
            LOG.error("set user indepdt faild : " + indepdt.getErrorDescription());
            if (indepdt.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                indepdt.setErrorCode(ERROR_CODE_SET_USER_INDEPDT);
            }
            this.authorityService.handleErrorCode(indepdt.getErrorCode(), indepdt.getErrorDescriptionRecoder().getRecoder());
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void unlockCurrentUser(@ApiParam(value = "当前登录用户的密码", required = true) @RequestBody APIUserPwd aPIUserPwd) {
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        HttpSession session = httpServletRequest.getSession();
        SessionConverter.reconstructAPIUserPwd(aPIUserPwd, APIContextUtil.getIsEncoded());
        IAMUserDetails userDetails = this.sessionService.getUserDetails();
        String username = userDetails.getUsername();
        String remoteAddress = userDetails.getRemoteAddress();
        doAuthenticationUsePwd(username, aPIUserPwd, remoteAddress, "Unlock user");
        session.setAttribute(SESSION_ATTRIBUTE_LOCK_SCREEN, Resource.SCREEN_UNLOCK);
        session.setAttribute(SESSION_ATTRIBUTE_SCREE_IS_AUDIT, Resource.SCREEN_LOCK);
        session.setAttribute(SESSION_ATTRIBUTE_LAST_UNREGULAR_URL_TIME_NAME, Long.valueOf(System.currentTimeMillis()));
        this.sessionService.resetSession(httpServletRequest, session, userPrincipal);
        this.sessionService.unlockedUser(username, remoteAddress, SCREEN_UNLOCKED_ID);
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void modifyCurrentUserPwd(@ApiParam(value = "修改密码请求", required = true) @RequestBody APIUserPwdModifyRequest aPIUserPwdModifyRequest) {
        String language = APIContextUtil.getLanguage();
        if (!APIContextUtil.getHttpServletRequest().isRequestedSessionIdValid()) {
            LOG.error("Session is invalid.");
            throw new InternalServerException("13-5000005", "RESID_OM_API_SESSION_0008");
        }
        String currentLoginUsername = this.sessionService.getCurrentLoginUsername();
        if (APIUtils.isAdUser(currentLoginUsername)) {
            LOG.info("modify password for ad user is not supported.");
            throw new InternalServerException("12-5000111", "RESID_OM_API_AUTHORITY_0180");
        }
        boolean isEncoded = APIContextUtil.getIsEncoded();
        this.authorityService.checkPassword(aPIUserPwdModifyRequest.getNewPassword(), currentLoginUsername, isEncoded);
        this.authorityService.checkWeakPassword(aPIUserPwdModifyRequest.getNewPassword(), isEncoded);
        new Response();
        Response modifyPassword = APIContextUtil.getSecurityClient().modifyPassword(SessionConverter.convert2ModifyUserPwdRequest(currentLoginUsername, aPIUserPwdModifyRequest, isEncoded), language);
        if (ResultEnum.SUCCESS.getResultCode() != modifyPassword.getErrorCode()) {
            LOG.error("modify user password faild : " + modifyPassword.getErrorDescription());
            if (modifyPassword.getErrorCode() == ERROR_CODE_SYNCHRONIZE) {
                modifyPassword.setErrorCode(ERROR_CODE_MODIFY_USER_PWD);
            }
            if (modifyPassword.getErrorCode() == ERROR_CODE_ACCOUNT_LOCKED) {
                this.sessionService.lockedUser(currentLoginUsername, this.sessionService.getUserDetails().getRemoteAddress(), USER_LOCKED_ID);
            }
            this.authorityService.handleErrorCode(modifyPassword.getErrorCode(), modifyPassword.getErrorDescriptionRecoder().getRecoder());
        }
        this.heartbeatEventManager.recordModUserEvent(currentLoginUsername);
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void validateCurrentUserPwd(@ApiParam(value = "当前登录用户的密码", required = true) @RequestBody APIUserPwd aPIUserPwd) {
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        HttpSession session = httpServletRequest.getSession();
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        boolean isEncoded = APIContextUtil.getIsEncoded();
        IAMUserDetails userDetails = this.sessionService.getUserDetails();
        String username = userDetails.getUsername();
        String remoteAddress = userDetails.getRemoteAddress();
        SessionConverter.reconstructAPIUserPwd(aPIUserPwd, isEncoded);
        doAuthenticationUsePwd(username, aPIUserPwd, remoteAddress, "Validate current user password");
        this.sessionService.resetSession(httpServletRequest, session, userPrincipal);
    }

    @ResponseStatus(HttpStatus.OK)
    public List<APISysStatusInfo> getSystemStatus() {
        ArrayList arrayList = new ArrayList();
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        HeartbeatEventManager.UserEvent userEventBySessionId = this.heartbeatEventManager.getUserEventBySessionId(httpServletRequest.getSession().getId());
        if (HeartbeatEventManager.UserEvent.DELUSER.equals(userEventBySessionId)) {
            UIHeartBeatResponse uIHeartBeatResponse = new UIHeartBeatResponse();
            uIHeartBeatResponse.setId(HeartbeatEventManager.EventID.DELUSER_ID.getValue());
            uIHeartBeatResponse.setContent(DELETE_ACCOUNT_DESC);
            uIHeartBeatResponse.setDesc("");
            arrayList.add(uIHeartBeatResponse);
        }
        if (HeartbeatEventManager.UserEvent.MODUSER.equals(userEventBySessionId)) {
            UIHeartBeatResponse uIHeartBeatResponse2 = new UIHeartBeatResponse();
            uIHeartBeatResponse2.setId(HeartbeatEventManager.EventID.MODUSER_ID.getValue());
            uIHeartBeatResponse2.setContent(MODIFY_ACOUNT_DESC);
            uIHeartBeatResponse2.setDesc("");
            arrayList.add(uIHeartBeatResponse2);
        }
        String str = (String) httpServletRequest.getSession().getAttribute(SESSION_ATTRIBUTE_LOCK_SCREEN);
        String str2 = (String) httpServletRequest.getSession().getAttribute(SESSION_ATTRIBUTE_SCREE_IS_AUDIT);
        if (Resource.SCREEN_LOCK.equals(str)) {
            UIHeartBeatResponse uIHeartBeatResponse3 = new UIHeartBeatResponse();
            uIHeartBeatResponse3.setId(HeartbeatEventManager.EventID.LOCKSCREEN_ID.getValue());
            uIHeartBeatResponse3.setContent(LOCK_SCREEN_DESC);
            uIHeartBeatResponse3.setDesc("");
            arrayList.add(uIHeartBeatResponse3);
            if (str2.equals(Resource.SCREEN_LOCK)) {
                IAMUserDetails userDetails = this.sessionService.getUserDetails();
                this.sessionService.lockedScreen(userDetails.getUsername(), userDetails.getRemoteAddress(), SCREEN_LOCKED_ID);
                httpServletRequest.getSession().setAttribute(SESSION_ATTRIBUTE_SCREE_IS_AUDIT, Resource.SCREEN_UNLOCK);
            }
        }
        UIHeartBeatResponse uIHeartBeatResponse4 = new UIHeartBeatResponse();
        uIHeartBeatResponse4.setId(HeartbeatEventManager.EventID.ALARM_ID.getValue());
        uIHeartBeatResponse4.setContent(getAlarmLevelSummary(httpServletRequest));
        uIHeartBeatResponse4.setDesc(ALARM_STATUS_DESC);
        Date date = new Date();
        uIHeartBeatResponse4.setSystemTime(date.toString());
        uIHeartBeatResponse4.setUtcTimeOffset(date.getTimezoneOffset());
        uIHeartBeatResponse4.setTimestamp(date.getTime());
        arrayList.add(uIHeartBeatResponse4);
        return SessionConverter.convert2APISysStatusInfos(arrayList);
    }

    private Map<String, Object> getAlarmLevelSummary(HttpServletRequest httpServletRequest) {
        QueryCondition queryCondition = new QueryCondition();
        queryCondition.setCurrentPageNum(0);
        queryCondition.setSinglePageNum(0);
        queryCondition.setiDisplay(-1);
        HashMap hashMap = new HashMap();
        hashMap.put(ALARMSTATISTICSBYLEVEL, new AlarmsClient().getAlarmsStatisticsByLevel(queryCondition).getAlarmstatisticsbylevel());
        return hashMap;
    }

    private void doAuthenticationUsePwd(String str, APIUserPwd aPIUserPwd, String str2, String str3) {
        KerberosLoginModule kerberosLoginModule = new KerberosLoginModule();
        try {
            if (APIUtils.isAdUser(str)) {
                APIContextUtil.getSecurityClient().doAuthentication(new AuthenticationRequest(str, aPIUserPwd.getPassword(), "", ""));
            } else {
                kerberosLoginModule.doAuthenticationUsePwd(str, aPIUserPwd.getPassword());
            }
        } catch (LoginException e) {
            if (e.getMessage().contains("LOCKED_OUT")) {
                LOG.error("{} faild, Authentication failed because of kerberos locked.", str3);
                this.sessionService.lockedUser(str, str2, USER_LOCKED_ID);
                throw new InternalServerException("13-5000002", "RESID_OM_API_SESSION_0005");
            }
            if (!e.getMessage().contains("EXPIRED")) {
                LOG.error("{} faild, The username or password does not match.", str3);
                throw new InternalServerException("13-5000004", "RESID_OM_API_SESSION_0007");
            }
            LOG.error("{} faild, The password has expired. Please access the login page again and change the password.", str3);
            this.sessionService.lockedUser(str, str2, USER_LOCKED_ID);
            throw new InternalServerException("13-5000003", "RESID_OM_API_SESSION_0006");
        }
    }

    public APIExportResponse exportUserKeytab(APIClusterId aPIClusterId) {
        APIExportResponse aPIExportResponse = new APIExportResponse();
        String currentLoginUsername = this.sessionService.getCurrentLoginUsername();
        if (APIUtils.isAdUser(currentLoginUsername)) {
            LOG.info("modify password for ad user is not supported.");
            throw new InternalServerException("12-5000112", "RESID_OM_API_AUTHORITY_0181");
        }
        HttpServletRequest httpServletRequest = APIContextUtil.getHttpServletRequest();
        GetKeytabResquest convert2GetKeytabResquest = AuthModelConverter.convert2GetKeytabResquest(currentLoginUsername);
        if (null != aPIClusterId) {
            convert2GetKeytabResquest.setClusterId(aPIClusterId.getClusterId());
        } else {
            convert2GetKeytabResquest.setClusterId(1);
        }
        new RESTResponse();
        RESTResponse<String> userKeytab = APIContextUtil.getSecurityClient().getUserKeytab(APIContextUtil.getSecurityClient(), convert2GetKeytabResquest, httpServletRequest);
        if (ResultEnum.SUCCESS.getResultCode() != userKeytab.getErrorCode()) {
            LOG.error("Get current login user keytab faild.");
            this.authorityService.handleErrorCode(userKeytab.getErrorCode());
        }
        aPIExportResponse.setFileName(userKeytab.getResObj());
        return aPIExportResponse;
    }

    @ResponseStatus(HttpStatus.OK)
    public void downloadUserKeytab() {
        String parameter = APIContextUtil.getHttpServletRequest().getParameter("file_name");
        this.sessionService.checkDownloadPermission(parameter);
        if (DownloadFileUtil.downloadFile(APIContextUtil.getHttpServletResponse(), KEYTAB_DOWNLOAD_FOLDER + File.separator + parameter, parameter, false)) {
            return;
        }
        LOG.error("Download current login user keytab faild.");
        throw new InternalServerException("12-5000002", "RESID_OM_API_AUTHORITY_0045");
    }
}
