package org.redpill.alfresco.ldap.scripts.person;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.web.scripts.person.ChangePasswordPost;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.MutableAuthenticationService;
import org.apache.log4j.Logger;
import org.json.JSONException;
import org.json.JSONObject;
import org.redpill.alfresco.ldap.service.LdapUserService;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.extensions.surf.util.Content;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.util.Assert;

/* loaded from: input_file:org/redpill/alfresco/ldap/scripts/person/CustomChangePasswordPost.class */
public class CustomChangePasswordPost extends ChangePasswordPost implements InitializingBean {
    private static final Logger LOG = Logger.getLogger(CustomChangePasswordPost.class);
    private static final String PARAM_NEWPW = "newpw";
    private static final String PARAM_OLDPW = "oldpw";
    protected String syncZoneId;
    protected LdapUserService ldapUserService;
    protected AuthorityService authorityService;
    protected MutableAuthenticationService authenticationService;

    protected Map<String, Object> executeImpl(WebScriptRequest webScriptRequest, Status status) {
        String extensionPath = webScriptRequest.getExtensionPath();
        Content content = webScriptRequest.getContent();
        if (content == null) {
            throw new WebScriptException(500, "Missing POST body.");
        }
        try {
            JSONObject jSONObject = new JSONObject(content.getContent());
            String str = null;
            boolean hasAdminAuthority = this.authorityService.hasAdminAuthority();
            if (!hasAdminAuthority || extensionPath.equalsIgnoreCase(this.authenticationService.getCurrentUserName())) {
                if (!jSONObject.has(PARAM_OLDPW) || jSONObject.getString(PARAM_OLDPW).length() == 0) {
                    throw new WebScriptException(400, "Old password 'oldpw' is a required POST parameter.");
                }
                str = jSONObject.getString(PARAM_OLDPW);
            }
            if (!jSONObject.has(PARAM_NEWPW) || jSONObject.getString(PARAM_NEWPW).length() == 0) {
                throw new WebScriptException(400, "New password 'newpw' is a required POST parameter.");
            }
            String string = jSONObject.getString(PARAM_NEWPW);
            if (this.authorityService.getAuthorityZones(extensionPath).contains("AUTH.EXT." + this.syncZoneId)) {
                this.ldapUserService.changePassword(extensionPath, str, string);
                if (LOG.isDebugEnabled()) {
                    LOG.debug(String.format("Password changed for user '%s' in zone '%s'.", extensionPath, this.syncZoneId));
                }
            } else {
                if (LOG.isDebugEnabled()) {
                    LOG.debug(String.format("'%s' is not an ldap user. Forwarding request to " + ChangePasswordPost.class.getName(), extensionPath));
                }
                super.executeImpl(webScriptRequest, status);
            }
            if (!hasAdminAuthority || extensionPath.equalsIgnoreCase(this.authenticationService.getCurrentUserName())) {
                this.authenticationService.updateAuthentication(extensionPath, str.toCharArray(), string.toCharArray());
            } else {
                this.authenticationService.setAuthentication(extensionPath, string.toCharArray());
            }
            HashMap hashMap = new HashMap(1, 1.0f);
            hashMap.put("success", Boolean.TRUE);
            return hashMap;
        } catch (AuthenticationException e) {
            throw new WebScriptException(401, "Do not have appropriate auth or wrong auth details provided.");
        } catch (IOException e2) {
            throw new WebScriptException(500, "Unable to retrieve POST body: " + e2.getMessage());
        } catch (JSONException e3) {
            throw new WebScriptException(500, "Unable to parse JSON POST body: " + e3.getMessage());
        }
    }

    public void setSyncZoneId(String str) {
        this.syncZoneId = str;
    }

    public void setLdapUserService(LdapUserService ldapUserService) {
        this.ldapUserService = ldapUserService;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
        super.setAuthorityService(authorityService);
    }

    public void setAuthenticationService(MutableAuthenticationService mutableAuthenticationService) {
        this.authenticationService = mutableAuthenticationService;
        super.setAuthenticationService(mutableAuthenticationService);
    }

    public void afterPropertiesSet() throws Exception {
        Assert.hasText(this.syncZoneId);
        Assert.notNull(this.ldapUserService);
        Assert.notNull(this.authorityService);
        Assert.notNull(this.authenticationService);
    }
}
