package io.odysz.semantic.jsession;

import io.odysz.anson.AnsonException;
import io.odysz.anson.JsonOpt;
import io.odysz.common.AESHelper;
import io.odysz.common.Configs;
import io.odysz.common.LangExt;
import io.odysz.common.Radix64;
import io.odysz.common.Utils;
import io.odysz.module.rs.AnResultset;
import io.odysz.semantic.DA.Connects;
import io.odysz.semantic.DASemantics;
import io.odysz.semantic.DATranscxt;
import io.odysz.semantic.jprotocol.AnsonHeader;
import io.odysz.semantic.jprotocol.AnsonMsg;
import io.odysz.semantic.jserv.JRobot;
import io.odysz.semantic.jserv.ServPort;
import io.odysz.semantic.jserv.x.SsException;
import io.odysz.semantic.jsession.AnSessionReq;
import io.odysz.semantic.jsession.JUser;
import io.odysz.semantics.IUser;
import io.odysz.semantics.SemanticObject;
import io.odysz.semantics.x.SemanticException;
import io.odysz.transact.x.TransException;
import io.oz.spreadsheet.SpreadsheetReq;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.GeneralSecurityException;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.Random;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletResponse;
import org.xml.sax.SAXException;

@WebServlet(description = "session manager", urlPatterns = {"/login.serv"})
/* loaded from: input_file:io/odysz/semantic/jsession/AnSession.class */
public class AnSession extends ServPort<AnSessionReq> implements ISessionVerifier {
    private static final long serialVersionUID = 1;
    public static final String disableTokenKey = "disable-token";
    protected static DATranscxt sctx;
    static HashMap<String, IUser> users;
    private static ScheduledExecutorService scheduler;
    public static ReentrantLock lock;
    private static ScheduledFuture<?> schedualed;
    private static JUser.JUserMeta usrMeta;
    IUser jrobot;
    private boolean verfiyToken;

    /* loaded from: input_file:io/odysz/semantic/jsession/AnSession$Notify.class */
    public enum Notify {
        changePswd,
        todo
    }

    public static void init(DATranscxt dATranscxt) throws SAXException, IOException, SemanticException, SQLException {
        if (dATranscxt == null) {
            throw new AnsonException(0, "AnSession needs a non-null DAtrans builder.", new Object[0]);
        }
        sctx = dATranscxt;
        lock = new ReentrantLock();
        users = new HashMap<>();
        scheduler = Executors.newScheduledThreadPool(1);
        try {
            usrMeta = createUser("class-IUser", "temp", AnSessionReq.A.pswd, null, "temp user").meta(new String[0]);
        } catch (Exception e) {
            Utils.warn("SSesion: Implementation class of IUser hasn't been configured correctly in: %s/t[id=%s]/k=%s, check the value.", new Object[]{Configs.cfgFullpath, "default", "class-IUser"});
            e.printStackTrace();
        }
        int i = 20;
        try {
            i = Integer.valueOf(Configs.getCfg("ss-timeout-min")).intValue();
        } catch (Exception e2) {
        }
        Utils.logi("[AnSession] timeout = %s minutes (configure: %s)", new Object[]{Integer.valueOf(i), Configs.cfgFullpath});
        Utils.warn("[ServFlags.session] SSession debug mode true (ServFlage.session)", new Object[0]);
        schedualed = scheduler.scheduleAtFixedRate(new SessionChecker(users, i), 0L, serialVersionUID, TimeUnit.MINUTES);
    }

    public static void stopScheduled(int i) {
        Utils.logi("cancling session checker ... ", new Object[0]);
        schedualed.cancel(true);
        scheduler.shutdown();
        try {
            if (!scheduler.awaitTermination(i, TimeUnit.MILLISECONDS)) {
                scheduler.shutdownNow();
            }
        } catch (InterruptedException e) {
            scheduler.shutdownNow();
        }
    }

    public AnSession() {
        this(true);
    }

    public AnSession(boolean z) {
        super(AnsonMsg.Port.session);
        this.jrobot = new JRobot();
        this.verfiyToken = z;
        if (this.verfiyToken) {
            return;
        }
        Utils.warn("Verifying token is recommended but is disabled by config.xml/k=%s", new Object[]{disableTokenKey});
    }

    @Override // io.odysz.semantic.jserv.ServPort, io.odysz.semantic.jsession.ISessionVerifier
    public IUser verify(AnsonHeader ansonHeader, int... iArr) throws SsException {
        if (ansonHeader == null) {
            throw new SsException("session header is missing", new Object[0]);
        }
        String ssid = ansonHeader.ssid();
        if (!users.containsKey(ssid)) {
            throw new SsException("Session info is missing or timeout.", new Object[0]);
        }
        IUser iUser = users.get(ssid);
        if (this.verfiyToken) {
            touchSessionToken(iUser, ansonHeader.token(), iUser.sessionKey());
        } else {
            iUser.touch();
        }
        return iUser;
    }

    static void touchSessionToken(IUser iUser, String str, String str2) throws SsException {
        LangExt.notBlank(str2, new String[0]);
        try {
            if (!AESHelper.verifyToken(str, str2, iUser.uid(), iUser.pswd())) {
                throw new SsException("Tokens are not matching", new Object[0]);
            }
            iUser.touch();
        } catch (IOException | GeneralSecurityException e) {
            e.printStackTrace();
            throw new SsException("Can not decrypt token: %s. %s", str, e.getMessage());
        } catch (Exception e2) {
            throw new SsException("Error while verifying tokens: %s. %s", str, e2.getMessage());
        }
    }

    public static IUser getUser(SemanticObject semanticObject) {
        return users.get(semanticObject.get("ssid"));
    }

    @Override // io.odysz.semantic.jserv.ServPort
    protected void onGet(AnsonMsg<AnSessionReq> ansonMsg, HttpServletResponse httpServletResponse) throws ServletException, IOException, AnsonException, SemanticException {
        jsonResp(ansonMsg, httpServletResponse);
    }

    @Override // io.odysz.semantic.jserv.ServPort
    protected void onPost(AnsonMsg<AnSessionReq> ansonMsg, HttpServletResponse httpServletResponse) throws IOException {
        jsonResp(ansonMsg, httpServletResponse);
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Multi-variable type inference failed */
    protected void jsonResp(AnsonMsg<AnSessionReq> ansonMsg, HttpServletResponse httpServletResponse) throws IOException {
        String str = null;
        try {
            try {
                if (ansonMsg == null) {
                    throw new SsException("Session request not supported: request body is null", new Object[0]);
                }
                if (LangExt.isblank(ansonMsg.body(0).uri(), new String[0])) {
                    throw new SsException("Since 2.0.0, client uri cannot be empty for session checking, logging in, etc.", new Object[0]);
                }
                if (ansonMsg != null) {
                    str = Connects.uri2conn(ansonMsg.body(0).uri());
                }
                if (LangExt.isblank(str, new String[0])) {
                    throw new SsException("Since 2.0.0, connection id for logging is mandatory. See uri(%s) - connId mappings in connects.xml.", ansonMsg.body(0).uri());
                }
                AnSessionReq body = ansonMsg.body(0);
                String a = body.a();
                if (AnSessionReq.A.login.equals(a)) {
                    IUser loadUser = loadUser(body, str);
                    if (!loadUser.login(body)) {
                        Object[] objArr = new Object[1];
                        objArr[0] = (loadUser.notifies() == null || loadUser.notifies().size() <= 0) ? "" : loadUser.notifies().get(0);
                        throw new SsException("Password doesn't match!\\nAdditional Details: %s", objArr);
                    }
                    try {
                        lock.lock();
                        loadUser.sessionId(allocateSsid());
                        users.put(loadUser.sessionId(), loadUser);
                        lock.unlock();
                        write(httpServletResponse, ok((AnSession) new AnSessionResp(null, loadUser.getClientSessionInf(loadUser)).profile(loadUser.profile())), ansonMsg.opts());
                    } catch (Throwable th) {
                        lock.unlock();
                        throw th;
                    }
                } else if (AnSessionReq.A.logout.equals(a)) {
                    AnsonHeader header = ansonMsg.header();
                    try {
                        verify(header, new int[0]);
                    } catch (SsException e) {
                    }
                    String ssid = header.ssid();
                    try {
                        lock.lock();
                        IUser remove = users.remove(ssid);
                        if (remove != null) {
                            write(httpServletResponse, AnsonMsg.ok(this.p, remove.logout().msg()), ansonMsg.opts());
                        } else {
                            write(httpServletResponse, AnsonMsg.ok(this.p, "But no such session exists."), ansonMsg.opts());
                        }
                        lock.unlock();
                    } catch (Throwable th2) {
                        lock.unlock();
                        throw th2;
                    }
                } else if (AnSessionReq.A.pswd.equals(a)) {
                    AnsonHeader header2 = ansonMsg.header();
                    IUser verify = verify(header2, new int[0]);
                    if (!DATranscxt.hasSemantics(str, usrMeta.tbl, DASemantics.smtype.dencrypt)) {
                        throw new SemanticException("Can't update pswd, because data entry %s is not protected by semantics %s", new Object[]{usrMeta.tbl, DASemantics.smtype.dencrypt.name()});
                    }
                    String ssid2 = header2.ssid();
                    String md = body.md("iv_pswd");
                    if (!verify.guessPswd(body.md("oldpswd"), body.md("iv_old"))) {
                        throw new SemanticException("Can not verify old password!", new Object[0]);
                    }
                    sctx.update(usrMeta.tbl, verify).nv(usrMeta.pswd, body.md(AnSessionReq.A.pswd)).nv(usrMeta.iv, md).whereEq(usrMeta.pk, verify.uid()).u(sctx.instancontxt(str, verify));
                    try {
                        lock.lock();
                        users.remove(ssid2);
                        lock.unlock();
                        write(httpServletResponse, ok("You must re-login!", new Object[0]), new JsonOpt[0]);
                    } catch (Throwable th3) {
                        lock.unlock();
                        throw th3;
                    }
                } else if (AnSessionReq.A.init.equals(a)) {
                    AnsonHeader header3 = ansonMsg.header();
                    if (!DATranscxt.hasSemantics(str, usrMeta.tbl, DASemantics.smtype.dencrypt)) {
                        throw new SemanticException("Can't update pswd, because data entry %s is not protected by semantics %s", new Object[]{usrMeta.tbl, DASemantics.smtype.dencrypt.name()});
                    }
                    String ssid3 = header3.ssid();
                    String md2 = body.md("iv_pswd");
                    String md3 = body.md(AnSessionReq.A.pswd);
                    AnResultset anResultset = (AnResultset) sctx.select(usrMeta.tbl, new String[]{"u"}).col(usrMeta.iv, new String[]{"iv"}).where_("=", "u." + usrMeta.pk, body.uid()).rs(sctx.instancontxt(str, this.jrobot)).rs(0);
                    if (anResultset.beforeFirst().next() && !LangExt.isEmpty(anResultset.getString("iv"))) {
                        throw new SemanticException("Can't update pswd, because it is not allowed to change.", new Object[0]);
                    }
                    String decrypt = AESHelper.decrypt(md3, this.jrobot.sessionId(), AESHelper.decode64(md2));
                    Utils.logi("intialize pswd: %s", new Object[]{decrypt});
                    sctx.update(usrMeta.tbl, this.jrobot).nv(usrMeta.pswd, decrypt).nv(usrMeta.iv, md2).whereEq(usrMeta.pk, header3.logid()).u(sctx.instancontxt(str, this.jrobot));
                    if (users.containsKey(ssid3)) {
                        try {
                            lock.lock();
                            users.remove(ssid3);
                            lock.unlock();
                            write(httpServletResponse, ok("You must re-login!", new Object[0]), new JsonOpt[0]);
                        } catch (Throwable th4) {
                            lock.unlock();
                            throw th4;
                        }
                    } else {
                        write(httpServletResponse, ok("Initializing password successed.", new Object[0]), new JsonOpt[0]);
                    }
                } else {
                    if (a != null) {
                        a = a.toLowerCase().trim();
                    }
                    if (!AnSessionReq.A.ping.equals(a) && !AnSessionReq.A.touch.equals(a)) {
                        throw new SsException("Session Request not supported: a=%s", a);
                    }
                    verify(ansonMsg.header(), new int[0]);
                    write(httpServletResponse, AnsonMsg.ok(this.p, str), ansonMsg.opts());
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                write(httpServletResponse, err(AnsonMsg.MsgCode.exGeneral, e2.getMessage(), new Object[0]).uri(null), new JsonOpt[0]);
            }
        } catch (SsException | TransException e3) {
            write(httpServletResponse, err(AnsonMsg.MsgCode.exSession, e3.getMessage(), new Object[0]).uri(null), new JsonOpt[0]);
        }
    }

    public static String allocateSsid() {
        String str;
        Random random = new Random();
        String radix64 = Radix64.toString(random.nextInt() * ((short) random.nextInt()), 8);
        while (true) {
            str = radix64;
            if (users == null || !users.containsKey(str)) {
                break;
            }
            radix64 = Radix64.toString(random.nextInt() * ((short) random.nextInt()), 8);
        }
        return str;
    }

    private IUser loadUser(AnSessionReq anSessionReq, String str) throws TransException, SQLException, SsException, ReflectiveOperationException, GeneralSecurityException, IOException {
        return loadUser(anSessionReq.uid(), str, this.jrobot).onCreate(anSessionReq);
    }

    public static IUser loadUser(String str, String str2, IUser... iUserArr) throws TransException, SQLException, SsException, ReflectiveOperationException, GeneralSecurityException, IOException {
        AnResultset anResultset = (AnResultset) sctx.select(usrMeta.tbl, new String[]{"u"}).l_(usrMeta.rm.tbl, SpreadsheetReq.A.records, new Object[]{usrMeta.role, "roleId"}).l_(usrMeta.om.tbl, "o", new Object[]{usrMeta.org, "orgId"}).col("u.*", new String[0]).col(usrMeta.orgName, new String[0]).col(usrMeta.roleName, new String[0]).whereEq("u." + usrMeta.pk, str).rs(sctx.instancontxt(str2, LangExt.isNull(iUserArr) ? DATranscxt.dummyUser() : iUserArr[0])).rs(0);
        if (!anResultset.beforeFirst().next()) {
            throw new SsException("Cannot find user id: %s", str);
        }
        IUser iUser = createUser("class-IUser", str, anResultset.getString(usrMeta.pswd), anResultset.getString(usrMeta.iv), anResultset.getString(usrMeta.uname)).onCreate(anResultset).orgId(anResultset.getString(usrMeta.org)).roleId(anResultset.getString(usrMeta.role)).touch();
        if (iUser instanceof SemanticObject) {
            return iUser;
        }
        throw new SemanticException("IUser implementation must extend SemanticObject.", new Object[0]);
    }

    static IUser createUser(String str, String str2, String str3, String str4, String str5) throws ReflectiveOperationException, GeneralSecurityException, IOException, IllegalArgumentException, TransException {
        if (!Configs.hasCfg(str)) {
            throw new SemanticException("No class name configured for creating user information, check config.xml/k=%s", new Object[]{str});
        }
        String cfg = Configs.getCfg(str);
        return cfg == null ? createUserByClassname(str, str2, str3, str4, str5) : createUserByClassname(cfg, str2, str3, str4, str5);
    }

    static IUser createUserByClassname(String str, String str2, String str3, String str4, String str5) throws ReflectiveOperationException, GeneralSecurityException, IOException, IllegalArgumentException, TransException {
        Class<?> cls = Class.forName(str);
        try {
            Constructor<?> constructor = cls.getConstructor(String.class, String.class, String.class);
            try {
                if (LangExt.isblank(str4, new String[0])) {
                    return ((IUser) constructor.newInstance(str2, str3, str5)).notify(Notify.changePswd.name());
                }
                try {
                    str3 = AESHelper.decrypt(str3, DATranscxt.key("user-pswd"), AESHelper.decode64(str4));
                } catch (Throwable th) {
                    String key = DATranscxt.key("user-pswd");
                    Object[] objArr = new Object[3];
                    objArr[0] = str3;
                    objArr[1] = str4 == null ? null : AESHelper.decode64(str4);
                    objArr[2] = key == null ? null : Integer.valueOf(key.length());
                    Utils.warn("Decrypting user pswd failed. cipher: %s, iv %s, rootkey: *(%s)", objArr);
                    if (key == null) {
                        Utils.warn("The rootkey can be configured either with context.xml or set like the way of JSingleton.initjserv().\n\t%s\n\t%s", new Object[]{"context.xml example: https://github.com/odys-z/semantic-jserv/blob/master/jserv-sample/src/main/webapp/META-INF/context.xml", "JSingleton.initJserv() example: https://github.com/odys-z/semantic-jserv/blob/20acb2f9a5397f96927a5e768263ccd3088e1a85/jserv-album/src/main/java/io/oz/album/JettyApp.java#L45"});
                    }
                }
                return (IUser) constructor.newInstance(str2, str3, str5);
            } catch (InvocationTargetException e) {
                e.printStackTrace();
                Object[] objArr2 = new Object[1];
                objArr2[0] = e.getTargetException() == null ? "" : e.getTargetException().getMessage();
                throw new SemanticException("create IUser instance failed: %s", objArr2);
            }
        } catch (NoSuchMethodException e2) {
            throw new SemanticException("Class %s needs a consturctor like JUser(String uid, String pswd, String usrName).", new Object[]{cls.getTypeName()});
        }
    }
}
