package org.aspcfs.controller;

import com.darkhorseventures.database.ConnectionElement;
import com.darkhorseventures.database.ConnectionPool;
import com.darkhorseventures.framework.hooks.CustomHook;
import com.darkhorseventures.framework.servlets.ControllerHook;
import com.zeroio.iteam.base.ProjectList;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.Date;
import java.util.Hashtable;
import javax.servlet.Servlet;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import org.aspcfs.modules.admin.base.User;
import org.aspcfs.modules.base.Constants;
import org.aspcfs.modules.login.beans.LoginBean;
import org.aspcfs.modules.login.beans.UserBean;
import org.aspcfs.modules.system.base.Site;
import org.aspcfs.modules.website.base.SiteList;
import org.aspcfs.modules.website.base.SiteLog;
import org.aspcfs.utils.SiteUtils;

/* loaded from: input_file:org/aspcfs/controller/SecurityHook.class */
public class SecurityHook implements ControllerHook {
    public static final String fs = System.getProperty("file.separator");

    public String securityCheck(Servlet servlet, HttpServletRequest httpServletRequest) {
        UserBean userBean = (UserBean) httpServletRequest.getSession().getAttribute("User");
        ConnectionElement connectionElement = (ConnectionElement) httpServletRequest.getSession().getAttribute("ConnectionElement");
        String servletPath = httpServletRequest.getServletPath();
        String substring = servletPath.substring(servletPath.lastIndexOf("/") + 1);
        ApplicationPrefs applicationPrefs = (ApplicationPrefs) servlet.getServletConfig().getServletContext().getAttribute("applicationPrefs");
        if (substring.toUpperCase().startsWith("LOGIN") || substring.toUpperCase().startsWith("SETUP") || substring.toUpperCase().startsWith("UPGRADE") || substring.toUpperCase().startsWith("LICENSESERVER") || substring.toUpperCase().startsWith("PROCESS")) {
            return null;
        }
        if (substring.toUpperCase().startsWith("PORTAL")) {
            Connection connection = null;
            try {
                try {
                    Site retrieveSite = retrieveSite(servlet.getServletConfig().getServletContext(), httpServletRequest);
                    boolean z = false;
                    if (userBean == null || connectionElement == null) {
                        z = true;
                        if (System.getProperty("DEBUG") != null) {
                            System.out.println("SecurityHook-> Creating a web site user session");
                        }
                        connectionElement = retrieveSite.getConnectionElement();
                        httpServletRequest.getSession().setAttribute("ConnectionElement", connectionElement);
                        userBean = new UserBean();
                        userBean.setUserId(-2);
                        userBean.setActualUserId(-2);
                        userBean.setIdRange("-2");
                        userBean.setConnectionElement(connectionElement);
                        userBean.setClientType(httpServletRequest);
                        httpServletRequest.getSession().setAttribute("User", userBean);
                    }
                    connection = ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).getConnection(connectionElement);
                    if (z) {
                        SiteLog siteLog = new SiteLog();
                        SiteList siteList = new SiteList();
                        siteList.setEnabled(1);
                        siteList.buildList(connection);
                        if (siteList.size() > 0) {
                            siteLog.setSiteId(((org.aspcfs.modules.website.base.Site) siteList.get(0)).getId());
                            siteLog.setIp(httpServletRequest.getRemoteAddr());
                            siteLog.setBrowser(httpServletRequest.getHeader("USER-AGENT"));
                            siteLog.setReferrer(httpServletRequest.getHeader("REFERER"));
                            siteLog.insert(connection);
                            userBean.setSessionId(String.valueOf(siteLog.getId()));
                        }
                    }
                    retrieveSystemStatus(servlet.getServletConfig().getServletContext(), connection, connectionElement, retrieveSite.getLanguage());
                    ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection);
                    return null;
                } catch (Exception e) {
                    e.printStackTrace();
                    ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection);
                    return null;
                }
            } catch (Throwable th) {
                ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection);
                throw th;
            }
        }
        String populateSecurityHook = CustomHook.populateSecurityHook(applicationPrefs);
        if (populateSecurityHook != null) {
            return populateSecurityHook;
        }
        if (((String) httpServletRequest.getAttribute("requestedURL")) == null && "GET".equals(httpServletRequest.getMethod()) && httpServletRequest.getParameter("redirectTo") == null) {
            String requestURI = httpServletRequest.getRequestURI();
            String queryString = httpServletRequest.getQueryString();
            httpServletRequest.setAttribute("requestedURL", requestURI.substring(requestURI.lastIndexOf("/") + 1) + (queryString == null ? "" : "?" + queryString));
        }
        if (userBean == null || userBean.getUserId() < 0) {
            LoginBean loginBean = new LoginBean();
            loginBean.setMessage("* Please login, your session has expired");
            httpServletRequest.setAttribute("LoginBean", loginBean);
            return "SecurityCheck";
        }
        if ("true".equals((String) servlet.getServletConfig().getServletContext().getAttribute("ForceSSL")) && "http".equals(httpServletRequest.getScheme())) {
            LoginBean loginBean2 = new LoginBean();
            loginBean2.setMessage("* A secure connection is required");
            httpServletRequest.setAttribute("LoginBean", loginBean2);
            if (System.getProperty("DEBUG") == null) {
                return "SecurityCheck";
            }
            System.out.println("A secure connection is required");
            return "SecurityCheck";
        }
        if (userBean == null || userBean.getUserId() <= -1) {
            return null;
        }
        ConnectionElement connectionElement2 = userBean.getConnectionElement();
        if (connectionElement2 == null) {
            System.out.println("SecurityHook-> Fatal: CE is null");
            return "SystemError";
        }
        Hashtable hashtable = (Hashtable) servlet.getServletConfig().getServletContext().getAttribute("SystemStatus");
        if (hashtable == null) {
            System.out.println("SecurityHook-> Fatal: SystemStatus Hashtable is null!");
        }
        SystemStatus systemStatus = (SystemStatus) hashtable.get(connectionElement2.getUrl());
        if (systemStatus == null) {
            Connection connection2 = null;
            try {
                Site retrieveSite2 = retrieveSite(servlet.getServletConfig().getServletContext(), httpServletRequest);
                connection2 = ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).getConnection(connectionElement2);
                systemStatus = retrieveSystemStatus(servlet.getServletConfig().getServletContext(), connection2, connectionElement2, retrieveSite2.getLanguage());
                ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection2);
            } catch (Exception e2) {
                ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection2);
            } catch (Throwable th2) {
                ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection2);
                throw th2;
            }
        }
        String queryString2 = httpServletRequest.getQueryString();
        if (queryString2 == null || queryString2.indexOf("actionSource") == -1) {
            httpServletRequest.setAttribute("moduleAction", substring);
            httpServletRequest.setAttribute("moduleCommand", httpServletRequest.getParameter("command"));
            httpServletRequest.setAttribute("moduleSection", httpServletRequest.getParameter("section"));
        }
        SessionManager sessionManager = systemStatus.getSessionManager();
        UserSession userSession = sessionManager.getUserSession(userBean.getActualUserId());
        if (userSession == null) {
            httpServletRequest.getSession().setMaxInactiveInterval(systemStatus.getSessionTimeout());
            sessionManager.addUser(httpServletRequest, userBean.getActualUserId());
        }
        if (userSession != null && !userSession.getId().equals(httpServletRequest.getSession().getId())) {
            if (httpServletRequest.getSession(false) != null) {
                httpServletRequest.getSession(false).invalidate();
            }
            LoginBean loginBean3 = new LoginBean();
            loginBean3.setMessage("* Please login, your session expired because you logged in from " + userSession.getIpAddress());
            httpServletRequest.setAttribute("LoginBean", loginBean3);
            return "SecurityCheck";
        }
        if (userSession == null) {
            httpServletRequest.getSession().setMaxInactiveInterval(systemStatus.getSessionTimeout());
            sessionManager.addUser(httpServletRequest, userBean.getActualUserId());
            userSession = sessionManager.getUserSession(userBean.getActualUserId());
        }
        userSession.setLastAccessed(System.currentTimeMillis());
        if (userBean.getHierarchyCheck().before(systemStatus.getHierarchyCheck()) || userBean.getPermissionCheck().before(systemStatus.getPermissionCheck())) {
            Connection connection3 = null;
            try {
                connection3 = ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).getConnection(connectionElement2);
                if (userBean.getHierarchyCheck().before(systemStatus.getHierarchyCheck())) {
                    if (System.getProperty("DEBUG") != null) {
                        System.out.println("SecurityHook-> ** Getting you a new user record");
                    }
                    userBean.setUserRecord(systemStatus.getUser(userBean.getUserId()));
                    userBean.setHierarchyCheck(new Date());
                    if (System.getProperty("DEBUG") != null) {
                        System.out.println("SecurityHook-> Updating user session with new user record");
                    }
                }
                User userRecord = userBean.getUserRecord();
                if (userBean.getHierarchyCheck().before(systemStatus.getHierarchyCheck())) {
                    userRecord.setBuildContact(true);
                } else {
                    userRecord.setBuildContact(false);
                }
                userRecord.setBuildHierarchy(false);
                userRecord.buildResources(connection3);
                userBean.setPermissionCheck(new Date());
                ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection3);
            } catch (SQLException e3) {
                ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection3);
            } catch (Throwable th3) {
                ((ConnectionPool) servlet.getServletConfig().getServletContext().getAttribute("ConnectionPool")).free(connection3);
                throw th3;
            }
        }
        userBean.getUserRecord().setCurrency(applicationPrefs.get("SYSTEM.CURRENCY"));
        userBean.getUserRecord().setLanguage(systemStatus.getLanguage());
        return null;
    }

    public static Site retrieveSite(ServletContext servletContext, HttpServletRequest httpServletRequest) {
        org.aspcfs.modules.system.base.SiteList siteList = SiteUtils.getSiteList((ApplicationPrefs) servletContext.getAttribute("applicationPrefs"), (ConnectionPool) servletContext.getAttribute("ConnectionPool"), httpServletRequest.getServerName());
        if (siteList.size() == 1) {
            return (Site) siteList.get(0);
        }
        if (System.getProperty("DEBUG") == null) {
            return null;
        }
        System.out.println("SecurityHook-> retrieveSite size: " + siteList.size());
        return null;
    }

    public static Site retrieveSite(ServletContext servletContext, ConnectionElement connectionElement) {
        org.aspcfs.modules.system.base.SiteList siteList = SiteUtils.getSiteList((ApplicationPrefs) servletContext.getAttribute("applicationPrefs"), (ConnectionPool) servletContext.getAttribute("ConnectionPool"), connectionElement);
        if (siteList.size() == 1) {
            return (Site) siteList.get(0);
        }
        return null;
    }

    public static synchronized SystemStatus retrieveSystemStatus(ServletContext servletContext, Connection connection, ConnectionElement connectionElement, String str) throws SQLException {
        Hashtable hashtable = (Hashtable) servletContext.getAttribute("SystemStatus");
        if (!hashtable.containsKey(connectionElement.getUrl())) {
            SystemStatus systemStatus = new SystemStatus();
            systemStatus.setConnectionElement((ConnectionElement) connectionElement.clone());
            ApplicationPrefs applicationPrefs = (ApplicationPrefs) servletContext.getAttribute("applicationPrefs");
            systemStatus.setFileLibraryPath(applicationPrefs.get("FILELIBRARY") + connectionElement.getDbName() + fs);
            systemStatus.queryRecord(connection);
            ConnectionPool connectionPool = (ConnectionPool) servletContext.getAttribute("ConnectionPool");
            String str2 = "";
            if (applicationPrefs.has("WEBSERVER.URL")) {
                str2 = applicationPrefs.get("WEBSERVER.URL");
            } else {
                org.aspcfs.modules.system.base.SiteList siteList = SiteUtils.getSiteList(applicationPrefs, connectionPool, connectionElement);
                if (siteList.size() > 0) {
                    str2 = ((Site) siteList.get(0)).getVirtualHost();
                    String str3 = applicationPrefs.get("WEBSERVER.PORT");
                    if (str3 != null && !str3.equals("80") && !str3.equals("443")) {
                        str2 = str2 + ":" + str3;
                    }
                    String str4 = applicationPrefs.get("WEBSERVER.CONTEXT");
                    if (str4 != null) {
                        str2 = str2 + str4;
                    }
                }
            }
            String str5 = "true".equals(applicationPrefs.get("FORCESSL")) ? "https://" + str2 : "http://" + str2;
            if (str5.endsWith("/")) {
                str5 = str5.substring(0, str5.length() - 1);
            }
            systemStatus.setUrl(str5);
            systemStatus.getLookupList(connection, "lookup_project_role");
            hashtable.put(connectionElement.getUrl(), systemStatus);
            if (System.getProperty("DEBUG") != null) {
                System.out.println("SecurityHook-> Added new System Status object: " + connectionElement.getUrl());
            }
            systemStatus.getObjects().put(Constants.SYSTEM_PROJECT_NAME_LIST, ProjectList.buildNameList(connection));
            systemStatus.setApplicationPrefs(applicationPrefs);
            if (str != null) {
                systemStatus.setLanguage(str);
            } else {
                systemStatus.setLanguage(applicationPrefs.get("SYSTEM.LANGUAGE"));
            }
            applicationPrefs.addDictionary(servletContext, str);
            applicationPrefs.addIcelets(servletContext, str);
            systemStatus.startServers(servletContext);
        }
        return (SystemStatus) hashtable.get(connectionElement.getUrl());
    }
}
