package de.docware.framework.modules.gui.misc.endpoint.webapi.a;

import de.docware.apps.etk.base.project.docu.EtkDataDocument;
import de.docware.framework.combimodules.useradmin.db.ae;
import de.docware.framework.combimodules.useradmin.db.ah;
import de.docware.framework.combimodules.useradmin.db.k;
import de.docware.framework.combimodules.useradmin.db.v;
import de.docware.framework.modules.config.ConfigBase;
import de.docware.framework.modules.gui.app.AbstractApplication;
import de.docware.framework.modules.gui.misc.endpoint.webapi.i;
import de.docware.framework.modules.gui.misc.endpoint.webapi.j;
import de.docware.framework.modules.gui.misc.http.server.f;
import de.docware.framework.modules.gui.misc.http.server.h;
import de.docware.framework.modules.gui.misc.logger.LogType;
import de.docware.framework.modules.interappcom.transferobjects.GenericResponseDTO;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:de/docware/framework/modules/gui/misc/endpoint/webapi/a/d.class */
public class d extends i {
    public static final String pvb = i.adS("/validate");

    @Override // de.docware.framework.modules.gui.misc.endpoint.webapi.i
    public String getPath() {
        return pvb;
    }

    @Override // de.docware.framework.modules.gui.misc.endpoint.webapi.i
    public boolean dtM() {
        return false;
    }

    @Override // de.docware.framework.modules.gui.misc.endpoint.webapi.i
    public boolean dtN() {
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.docware.framework.modules.gui.misc.endpoint.webapi.i
    public void b(f fVar, h hVar) throws IOException {
        try {
            try {
                if ("GET".equals(fVar.getMethod()) || "POST".equals(fVar.getMethod())) {
                    AbstractApplication cVH = AbstractApplication.cVH();
                    if (cVH instanceof de.docware.framework.modules.gui.app.b.a) {
                        String cWP = ((de.docware.framework.modules.gui.app.b.a) cVH).cWP();
                        String parameter = fVar.getParameter("userId");
                        String parameter2 = fVar.getParameter(de.docware.util.transport.repeat.c.PROP_PASSWORD);
                        if (de.docware.util.h.ae(parameter) || de.docware.util.h.ae(parameter2)) {
                            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, "Missing username and/or password");
                            hVar.setResponseCode(400);
                        } else {
                            de.docware.util.sql.pool.a cIx = v.cGn().cIx();
                            ConfigBase cVw = AbstractApplication.cVH().cVw();
                            ae a = a(parameter, parameter2, cVw, cIx);
                            if (a != null) {
                                List<k> A = ah.A(cIx, null, a.getUserId(), cWP);
                                if (A.size() > 0) {
                                    a((de.docware.framework.modules.gui.app.b.a) cVH, new j(a, A.get(0), cWP, cVw, cIx, fVar, hVar));
                                } else {
                                    de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, "Could not find a organisation for user '" + parameter + "'");
                                    hVar.setResponseCode(401);
                                }
                            } else {
                                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, "Could not login in username with username '" + parameter + "'");
                                hVar.setResponseCode(401);
                            }
                        }
                    } else {
                        de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, "Function is not supported from  '" + cVH.cVl() + "'");
                        hVar.setResponseCode(501);
                    }
                } else {
                    de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, "Unsupported HTTP method: '" + fVar.getMethod() + "'");
                    hVar.setResponseCode(405);
                }
                hVar.dxj();
            } catch (Exception e) {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, e);
                hVar.setResponseCode(EtkDataDocument.DOCUMENT_TIMEOUT_ON_CHECKICON);
                hVar.dxj();
            }
        } catch (Throwable th) {
            hVar.dxj();
            throw th;
        }
    }

    private ae a(String str, String str2, ConfigBase configBase, de.docware.util.sql.pool.a aVar) {
        try {
            List<? extends de.docware.util.sql.b.c> b = new ae(null, str, null, null).b(aVar, (de.docware.util.sql.h) null, false, "U_NAME");
            if (b.size() == 1) {
                ae aeVar = (ae) b.get(0);
                if (!aeVar.isActive()) {
                    de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLP, LogType.ERROR, "User '" + str + "' is inactive");
                } else if (v.cGm().cGo().isGuestUser(configBase, aeVar.getUserName())) {
                    de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLP, LogType.ERROR, "User '" + str + "' is a guest user");
                } else {
                    if (a(aeVar, str2, aVar, configBase)) {
                        return aeVar;
                    }
                    de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLP, LogType.ERROR, "User '" + str + "' not logged in (user or password is wrong");
                }
            } else if (b.size() == 0) {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLP, LogType.ERROR, "No user found for username '" + str + "' for OCI validation");
            } else {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLP, LogType.ERROR, "To many matches for username '" + str + "' with " + b.size());
            }
            return null;
        } catch (SQLException e) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLP, LogType.ERROR, e);
            return null;
        }
    }

    private boolean a(ae aeVar, String str, de.docware.util.sql.pool.a aVar, ConfigBase configBase) throws SQLException {
        de.docware.framework.combimodules.useradmin.config.c.f passwordPolicySettingForUser = de.docware.framework.combimodules.useradmin.config.c.c.getPasswordPolicySettingForUser(aeVar.getUserId(), configBase, aVar);
        if (passwordPolicySettingForUser == null || passwordPolicySettingForUser.loginTryHandleFailedAttempts(aeVar.getUserId(), aVar)) {
            return v.cGn().iL(aeVar.getUserId(), str);
        }
        de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLP, LogType.ERROR, "User '" + aeVar.getUserName() + "' is blocked due password policy");
        return false;
    }

    private void a(de.docware.framework.modules.gui.app.b.a aVar, j jVar) {
        String[] strArr = (String[]) jVar.dum().getParameterMap().getOrDefault("FUNCTION", new String[0]);
        if (strArr == null || strArr.length <= 0 || !"VALIDATE".equals(strArr[0])) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.DEBUG, "Unsupported OCI method or missing: '" + ((strArr == null || strArr.length <= 0) ? "<missing>" : strArr[0]) + "' and should be VALIDATE");
            jVar.dun().setResponseCode(400);
            return;
        }
        String[] strArr2 = (String[]) jVar.dum().getParameterMap().getOrDefault("HOOK_URL", new String[0]);
        if (strArr2 == null || strArr2.length <= 0) {
            return;
        }
        String str = strArr2[0];
        List<a> cy = cy(jVar.dum().getParameterMap());
        if (cy.size() <= 0) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, "No data found for OCI validation");
            return;
        }
        c a = aVar.a(jVar, cy);
        if (a == null) {
            de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, "Missing result data object");
            jVar.dun().setResponseCode(EtkDataDocument.DOCUMENT_TIMEOUT_ON_CHECKICON);
        } else {
            if (a.dur().size() <= 0) {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, "No result for the client (but had " + cy.size() + " materials in request)");
                jVar.dun().setResponseCode(404);
                return;
            }
            try {
                jVar.dun().uA(false).write(a(a, str).getBytes(StandardCharsets.UTF_8));
                jVar.dun().setResponseCode(GenericResponseDTO.RESPONSE_CODE_EXCEPTION);
            } catch (IOException e) {
                de.docware.framework.modules.gui.misc.logger.b.a(de.docware.framework.modules.gui.misc.logger.a.pLF, LogType.ERROR, e);
                jVar.dun().setResponseCode(EtkDataDocument.DOCUMENT_TIMEOUT_ON_CHECKICON);
            }
        }
    }

    private String a(c cVar, String str) {
        StringBuilder append = new StringBuilder("<!DOCTYPE html>\n<html lang=\"de\">\n  <head>\n    <meta charset=\"utf-8\">\n  </head>\n  <body>\n    <form id=\"ociForm\" action=\"").append(str).append("\" method=\"POST\">\n");
        List<b> dur = cVar.dur();
        for (int i = 1; i <= dur.size(); i++) {
            b bVar = dur.get(i - 1);
            for (int i2 = 0; i2 < cVar.duq(); i2++) {
                append.append("<input type=\"hidden\" value=\"").append(bVar.lG(i2)).append("\" name=\"").append(cVar.lH(i2) + "[" + i + "]").append("\">\n");
            }
        }
        append.append("      <h2>Formular da</h2>");
        append.append("    </form>\n<script type=\"text/javascript\">\n  function autoSubmitOciForm() {\n    var form = document.getElementById(\"ociForm\");\n    form.submit();\n  }\n  window.onload = autoSubmitOciForm;\n</script>\n  </body>\n</html>");
        return append.toString();
    }

    private List<a> cy(Map map) {
        return map.containsKey("PRODUCTID") ? cA(map) : map.containsKey("PRODUCTID[1]") ? cz(map) : Collections.emptyList();
    }

    private List<a> cz(Map map) {
        ArrayList arrayList = new ArrayList();
        for (int i = 1; map.containsKey("PRODUCTID[" + i + "]"); i++) {
            arrayList.add(new a(((String[]) map.get("PRODUCTID[" + i + "]"))[0], ((String[]) map.get("QUANTITY[" + i + "]"))[0]));
        }
        return arrayList;
    }

    private List<a> cA(Map map) {
        return Collections.singletonList(new a(((String[]) map.get("PRODUCTID"))[0], ((String[]) map.get("QUANTITY"))[0]));
    }
}
