package com.zimbra.cs.service.account;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.AccountConstants;
import com.zimbra.common.soap.Element;
import com.zimbra.common.util.ZimbraCookie;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AttributeFlag;
import com.zimbra.cs.account.AttributeManager;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.account.auth.AuthContext;
import com.zimbra.cs.service.AuthProvider;
import com.zimbra.cs.service.PreAuthServlet;
import com.zimbra.cs.service.UserServlet;
import com.zimbra.cs.session.Session;
import com.zimbra.cs.util.AccountUtil;
import com.zimbra.cs.util.SkinUtil;
import com.zimbra.soap.SoapEngine;
import com.zimbra.soap.SoapServlet;
import com.zimbra.soap.ZimbraSoapContext;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/zimbra/cs/service/account/Auth.class */
public class Auth extends AccountDocumentHandler {
    @Override // com.zimbra.soap.DocumentHandler
    public Element handle(Element element, Map<String, Object> map) throws ServiceException {
        Domain domain;
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        Provisioning provisioning = Provisioning.getInstance();
        Element optionalElement = element.getOptionalElement(UserServlet.QP_AUTHTOKEN);
        if (optionalElement != null) {
            try {
                AuthToken authToken = AuthProvider.getAuthToken(optionalElement.getText());
                addAccountToLogContextByAuthToken(provisioning, authToken);
                if (checkPasswordSecurity(map)) {
                    return doResponse(element, authToken, zimbraSoapContext, map, AuthProvider.validateAuthToken(provisioning, authToken, false));
                }
                throw ServiceException.INVALID_REQUEST("clear text password is not allowed", (Throwable) null);
            } catch (AuthTokenException e) {
                throw ServiceException.AUTH_REQUIRED();
            }
        }
        Element element2 = element.getElement("account");
        String text = element2.getText();
        String str = text;
        String attribute = element2.getAttribute(PreAuthServlet.PARAM_BY, Provisioning.AccountBy.name.name());
        Element optionalElement2 = element.getOptionalElement(PreAuthServlet.PARAM_PREAUTH);
        String attribute2 = element.getAttribute("password", (String) null);
        Element optionalElement3 = element.getOptionalElement("virtualHost");
        String lowerCase = optionalElement3 == null ? null : optionalElement3.getText().toLowerCase();
        Provisioning.AccountBy fromString = Provisioning.AccountBy.fromString(attribute);
        if (fromString == Provisioning.AccountBy.name && lowerCase != null && str.indexOf(64) == -1 && (domain = provisioning.get(Provisioning.DomainBy.virtualHostname, lowerCase)) != null) {
            str = str + "@" + domain.getName();
        }
        Account account = provisioning.get(fromString, str);
        if (account == null) {
            throw AccountServiceException.AuthFailedServiceException.AUTH_FAILED(str, text, "account not found");
        }
        AccountUtil.addAccountToLogContext(provisioning, account.getId(), "name", "id", null);
        if (!checkPasswordSecurity(map)) {
            throw ServiceException.INVALID_REQUEST("clear text password is not allowed", (Throwable) null);
        }
        long j = 0;
        HashMap hashMap = new HashMap();
        hashMap.put(AuthContext.AC_ORIGINATING_CLIENT_IP, map.get(SoapEngine.ORIG_REQUEST_IP));
        hashMap.put(AuthContext.AC_ACCOUNT_NAME_PASSEDIN, text);
        hashMap.put(AuthContext.AC_USER_AGENT, zimbraSoapContext.getUserAgent());
        if (attribute2 != null) {
            provisioning.authAccount(account, attribute2, AuthContext.Protocol.soap, hashMap);
        } else {
            if (optionalElement2 == null) {
                throw ServiceException.INVALID_REQUEST("must specify password", (Throwable) null);
            }
            long attributeLong = optionalElement2.getAttributeLong(PreAuthServlet.PARAM_TIMESTAMP);
            j = optionalElement2.getAttributeLong(PreAuthServlet.PARAM_EXPIRES, 0L);
            provisioning.preAuthAccount(account, str, attribute, attributeLong, j, optionalElement2.getTextTrim(), hashMap);
        }
        return doResponse(element, j == 0 ? AuthProvider.getAuthToken(account) : AuthProvider.getAuthToken(account, j), zimbraSoapContext, map, account);
    }

    private Element doResponse(Element element, AuthToken authToken, ZimbraSoapContext zimbraSoapContext, Map<String, Object> map, Account account) throws ServiceException {
        String[] unicodeMultiAttr;
        Session updateAuthenticatedAccount;
        Element createElement = zimbraSoapContext.createElement(AccountConstants.AUTH_RESPONSE);
        authToken.encodeAuthResp(createElement, false);
        authToken.encode((HttpServletResponse) map.get(SoapServlet.SERVLET_RESPONSE), false, ZimbraCookie.secureCookie((HttpServletRequest) map.get(SoapServlet.SERVLET_REQUEST)));
        createElement.addAttribute("lifetime", authToken.getExpires() - System.currentTimeMillis(), Element.Disposition.CONTENT);
        boolean onLocalServer = Provisioning.onLocalServer(account);
        if (onLocalServer && (updateAuthenticatedAccount = updateAuthenticatedAccount(zimbraSoapContext, authToken, map, true)) != null) {
            ZimbraSoapContext.encodeSession(createElement, updateAuthenticatedAccount.getSessionId(), updateAuthenticatedAccount.getSessionType());
        }
        String attr = Provisioning.getInstance().getLocalServer().getAttr(ZAttrProvisioning.A_zimbraMailReferMode, Provisioning.MAIL_REFER_MODE_WRONGHOST);
        if (Provisioning.MAIL_REFER_MODE_ALWAYS.equals(attr) || (Provisioning.MAIL_REFER_MODE_WRONGHOST.equals(attr) && !onLocalServer)) {
            createElement.addAttribute("refer", account.getAttr(ZAttrProvisioning.A_zimbraMailHost), Element.Disposition.CONTENT);
        }
        Element optionalElement = element.getOptionalElement("prefs");
        if (optionalElement != null) {
            GetPrefs.handle(optionalElement, createElement.addUniqueElement("prefs"), account);
        }
        Element optionalElement2 = element.getOptionalElement("attrs");
        if (optionalElement2 != null) {
            Element addUniqueElement = createElement.addUniqueElement("attrs");
            Set<String> attrsWithFlag = AttributeManager.getInstance().getAttrsWithFlag(AttributeFlag.accountInfo);
            Iterator elementIterator = optionalElement2.elementIterator("attr");
            while (elementIterator.hasNext()) {
                String attribute = ((Element) elementIterator.next()).getAttribute("name");
                if (attribute != null && attrsWithFlag.contains(attribute) && (unicodeMultiAttr = account.getUnicodeMultiAttr(attribute)) != null) {
                    GetInfo.doAttr(addUniqueElement, attribute, unicodeMultiAttr);
                }
            }
        }
        Element optionalElement3 = element.getOptionalElement("requestedSkin");
        String chooseSkin = SkinUtil.chooseSkin(account, optionalElement3 != null ? optionalElement3.getText() : null);
        ZimbraLog.webclient.debug("chooseSkin() returned " + chooseSkin);
        if (chooseSkin != null) {
            createElement.addElement("skin").setText(chooseSkin);
        }
        return createElement;
    }

    @Override // com.zimbra.soap.DocumentHandler
    public boolean needsAuth(Map<String, Object> map) {
        return false;
    }

    public static void addAccountToLogContextByAuthToken(Provisioning provisioning, AuthToken authToken) {
        String accountId = authToken.getAccountId();
        if (accountId != null) {
            AccountUtil.addAccountToLogContext(provisioning, accountId, "name", "id", null);
        }
        String adminAccountId = authToken.getAdminAccountId();
        if (adminAccountId == null || adminAccountId.equals(accountId)) {
            return;
        }
        AccountUtil.addAccountToLogContext(provisioning, adminAccountId, "aname", "aid", null);
    }
}
