package org.carewebframework.vista.security.base;

import java.util.List;
import java.util.Properties;
import org.apache.commons.lang.StringUtils;
import org.carewebframework.api.domain.DomainFactoryRegistry;
import org.carewebframework.api.domain.IUser;
import org.carewebframework.api.domain.User;
import org.carewebframework.api.security.ISecurityDomain;
import org.carewebframework.security.spring.AuthenticationCancelledException;
import org.carewebframework.security.spring.Constants;
import org.carewebframework.vista.api.util.VistAUtil;
import org.carewebframework.vista.mbroker.BrokerSession;
import org.carewebframework.vista.mbroker.Security;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.zkoss.zk.ui.Sessions;

/* loaded from: input_file:WEB-INF/lib/org.carewebframework.vista.security.base-1.1.0.jar:org/carewebframework/vista/security/base/SecurityDomain.class */
public class SecurityDomain implements ISecurityDomain {
    private static final long serialVersionUID = 1;
    private final String name;
    private final String logicalId;
    private final Properties properties = new Properties();

    public SecurityDomain(String str, String str2) {
        this.name = str;
        this.logicalId = str2;
    }

    @Override // org.carewebframework.api.security.ISecurityDomain
    public String getName() {
        return this.name;
    }

    @Override // org.carewebframework.api.security.ISecurityDomain
    public String getLogicalId() {
        return this.logicalId;
    }

    @Override // org.carewebframework.api.security.ISecurityDomain
    public String getAttribute(String str) {
        return this.properties.getProperty(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAttribute(String str, String str2) {
        this.properties.setProperty(str, str2);
    }

    @Override // org.carewebframework.api.security.ISecurityDomain
    public IUser authenticate(String str, String str2) {
        BrokerSession brokerSession = VistAUtil.getBrokerSession();
        Security.AuthResult authenticate = brokerSession.authenticate(str, str2, getLogicalId());
        User authenticatedUser = getAuthenticatedUser(brokerSession);
        authenticatedUser.setLoginName(str);
        authenticatedUser.setPassword(str2);
        authenticatedUser.setSecurityDomain(this);
        checkAuthResult(authenticate, authenticatedUser);
        return authenticatedUser;
    }

    @Override // org.carewebframework.api.security.ISecurityDomain
    public List<String> getGrantedAuthorities(IUser iUser) {
        if (iUser == null) {
            return null;
        }
        return VistAUtil.getBrokerSession().callRPCList("RGCWFUSR GETPRIV", null, iUser.getLogicalId());
    }

    @Override // org.carewebframework.api.security.ISecurityDomain
    public SecurityDomain getNativeSecurityDomain() {
        return this;
    }

    private User getAuthenticatedUser(BrokerSession brokerSession) {
        if (brokerSession.isAuthenticated()) {
            return (User) DomainFactoryRegistry.fetchObject(User.class, Integer.toString(brokerSession.getUserId()));
        }
        return null;
    }

    private void checkAuthResult(Security.AuthResult authResult, IUser iUser) throws AuthenticationException {
        switch (authResult.status) {
            case SUCCESS:
                return;
            case CANCELED:
                throw new AuthenticationCancelledException(StringUtils.defaultIfEmpty(authResult.reason, "Authentication attempt was cancelled."));
            case EXPIRED:
                Sessions.getCurrent().setAttribute(Constants.SAVED_USER, iUser);
                throw new CredentialsExpiredException(StringUtils.defaultIfEmpty(authResult.reason, "Your password has expired."));
            case FAILURE:
                throw new BadCredentialsException(StringUtils.defaultIfEmpty(authResult.reason, "Your username or password was not recognized."));
            case LOCKED:
                throw new LockedException(StringUtils.defaultIfEmpty(authResult.reason, "Your user account has been locked and cannot be accessed."));
            case NOLOGINS:
                throw new DisabledException(StringUtils.defaultIfEmpty(authResult.reason, "Logins are currently disabled."));
            default:
                return;
        }
    }
}
