package com.fitbank.ibanking.security;

import com.fitbank.common.ApplicationDates;
import com.fitbank.common.Helper;
import com.fitbank.common.crypto.Decrypt;
import com.fitbank.common.exception.FitbankCommitableException;
import com.fitbank.common.exception.FitbankException;
import com.fitbank.common.hb.UtilHB;
import com.fitbank.common.logger.FitbankLogger;
import com.fitbank.dto.management.Detail;
import com.fitbank.hb.persistence.gene.Tsystemparametercompany;
import com.fitbank.hb.persistence.gene.TsystemparametercompanyKey;
import com.fitbank.hb.persistence.safe.Tusersesion;
import com.fitbank.hb.persistence.safe.TusersesionKey;
import com.fitbank.security.SecurityCommand;
import java.sql.Date;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.List;
import org.hibernate.SQLQuery;
import org.hibernate.Session;
import org.hibernate.Transaction;

/* loaded from: input_file:com/fitbank/ibanking/security/VerifyPassword.class */
public class VerifyPassword extends SecurityCommand {
    private static final String SQL_PASSWORDUSUARIO = "select count(*) from TUSUARIOPASSWORD pa where pa.fhasta =:fhasta and cusuario=:user and password=:pass";
    private static final String PASS = "select password from TUSUARIOPASSWORD pa where pa.fhasta =:fhasta and cusuario=:user";
    private static final String HQL_SESSION = "SELECT t FROM com.fitbank.hb.persistence.safe.Tusersesion t WHERE  t.pk.fhasta = :fhasta AND    t.pk.cusuario = :cusuario ";
    private static final String SQL_EXPIREDPASSWORD = "select count(*) from TUSUARIOPASSWORD pa where pa.fhasta =:fhasta and cusuario=:user and password=:pass AND nvl(FCADUCIDADPASSWORD,to_date('1999-12-31','yyyy-mm-dd')) < sysdate";
    public static final String SQL_ACCDATE = "select fcontable from tsucursalfechacontable where csucursal=0 and fhasta=:fhasta";

    private void blockUser(String str) throws Exception {
        Session auxiliarSession = Helper.getAuxiliarSession();
        Transaction beginTransaction = auxiliarSession.beginTransaction();
        try {
            Timestamp dBTimestamp = ApplicationDates.getDBTimestamp();
            SQLQuery createSQLQuery = auxiliarSession.createSQLQuery("insert into tusuarios(cusuario, fhasta, fdesde, ctipousuario, cpersona, alias, cestatususuario, cidioma, esoficial, escajero, numerodiasvigencia, permitecambio, aceptado,\tesboveda, observaciones) select cusuario, systimestamp,fdesde, ctipousuario, cpersona, alias, cestatususuario, cidioma, esoficial, escajero, numerodiasvigencia, permitecambio, aceptado, esboveda, observaciones  from tusuarios where fhasta=:fhasta and cusuario=:user");
            createSQLQuery.setString("user", str);
            createSQLQuery.setTimestamp("fhasta", dBTimestamp);
            createSQLQuery.executeUpdate();
            SQLQuery createSQLQuery2 = auxiliarSession.createSQLQuery("update tusuarios set fdesde=:fdesde,cestatususuario=:estado where cusuario=:user and fhasta=:fhasta");
            createSQLQuery2.setString("user", str);
            createSQLQuery2.setString("estado", "INA");
            createSQLQuery2.setTimestamp("fdesde", dBTimestamp);
            createSQLQuery2.setTimestamp("fhasta", ApplicationDates.DEFAULT_EXPIRY_TIMESTAMP);
            createSQLQuery2.executeUpdate();
            beginTransaction.commit();
        } catch (Exception e) {
            try {
                beginTransaction.rollback();
            } catch (Exception e2) {
            }
            Helper.closeAuxiliarSession();
            throw e;
        }
    }

    public Detail execute(Detail detail) throws Exception {
        if (detail.getSessionid() == null) {
            detail.setSessionid(detail.getUser() + detail.getIpaddress() + ApplicationDates.getInstance().getDataBaseTimestamp());
        }
        if (verifyUserPassword(detail.getUser(), detail.getPassword())) {
            verifyExpiredPassword(detail);
            detail.findFieldByNameCreate("FECHACONTABLE").setValue(getAccountingDate());
            return detail;
        }
        if (!setMaxTimes(detail.getUser(), detail.getTerminal(), getMaxTimes(detail.getCompany()), detail.getSessionid())) {
            throw new FitbankCommitableException("SEC003", "PASSWORD INCORRECTO", new Object[]{detail.getUser()});
        }
        blockUser(detail.getUser());
        throw new FitbankCommitableException("SEC013", "USUARIO BLOQUEADO, NUMERO MAXIMO DE INTENTOS EXCEDIDO", new Object[0]);
    }

    private int getMaxTimes(Integer num) throws Exception {
        return ((Tsystemparametercompany) Helper.getSession().get(Tsystemparametercompany.class, new TsystemparametercompanyKey(num, "MAXIMOINTENTOS", ApplicationDates.getDefaultExpiryTimestamp()))).getValornumerico().intValue();
    }

    private boolean setMaxTimes(String str, String str2, int i, String str3) throws Exception {
        Tusersesion verifyUserSession = verifyUserSession(str);
        if (verifyUserSession == null) {
            Tusersesion tusersesion = new Tusersesion(new TusersesionKey(str, ApplicationDates.DEFAULT_EXPIRY_TIMESTAMP, str3), ApplicationDates.getDBTimestamp(), str2);
            tusersesion.setNumerointentos(1);
            Helper.saveOrUpdate(tusersesion);
            return false;
        }
        int intValue = verifyUserSession.getNumerointentos().intValue() + 1;
        if (intValue >= i) {
            Helper.expire(verifyUserSession);
            return true;
        }
        verifyUserSession.setNumerointentos(Integer.valueOf(intValue));
        Helper.saveOrUpdate(verifyUserSession);
        return false;
    }

    public boolean verifyUserPassword(String str, String str2) throws Exception {
        String encriptaPassword = MD5.encriptaPassword(new Decrypt().decrypt(str2));
        try {
            SQLQuery createSQLQuery = Helper.getAuxiliarSession().createSQLQuery(SQL_PASSWORDUSUARIO);
            createSQLQuery.setString("user", str);
            createSQLQuery.setString("pass", encriptaPassword);
            createSQLQuery.setTimestamp("fhasta", ApplicationDates.DEFAULT_EXPIRY_TIMESTAMP);
            Object uniqueResult = createSQLQuery.uniqueResult();
            FitbankLogger.getLogger().error(uniqueResult);
            return new Integer(new StringBuilder().append("").append(uniqueResult).toString()).intValue() != 0;
        } catch (Exception e) {
            Helper.closeAuxiliarSession();
            throw e;
        }
    }

    private void verifyExpiredPassword(Detail detail) throws Exception {
        String encriptaPassword = MD5.encriptaPassword(new Decrypt().decrypt(detail.getPassword()));
        try {
            SQLQuery createSQLQuery = Helper.getAuxiliarSession().createSQLQuery(SQL_EXPIREDPASSWORD);
            createSQLQuery.setString("user", detail.getUser());
            createSQLQuery.setString("pass", encriptaPassword);
            createSQLQuery.setTimestamp("fhasta", ApplicationDates.DEFAULT_EXPIRY_TIMESTAMP);
            Object uniqueResult = createSQLQuery.uniqueResult();
            FitbankLogger.getLogger().error(uniqueResult);
            if (new Integer("" + uniqueResult).intValue() > 0) {
                throw new FitbankException("000001", "PASSWORD DEL USUARIO {0} NO VIGENTE", new Object[]{detail.getUser()});
            }
        } catch (Exception e) {
            Helper.closeAuxiliarSession();
            throw e;
        }
    }

    private Tusersesion verifyUserSession(String str) throws Exception {
        Tusersesion tusersesion = null;
        UtilHB utilHB = new UtilHB();
        utilHB.setSentence(HQL_SESSION);
        utilHB.setString("cusuario", str);
        utilHB.setTimestamp("fhasta", ApplicationDates.DEFAULT_EXPIRY_TIMESTAMP);
        List list = utilHB.getList(false);
        if (!list.isEmpty()) {
            tusersesion = (Tusersesion) list.get(0);
        }
        return tusersesion;
    }

    private String getAccountingDate() throws Exception {
        SQLQuery createSQLQuery = Helper.getAuxiliarSession().createSQLQuery("select fcontable from tsucursalfechacontable where csucursal=0 and fhasta=:fhasta");
        createSQLQuery.setTimestamp("fhasta", ApplicationDates.DEFAULT_EXPIRY_TIMESTAMP);
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
        Date date = (Date) createSQLQuery.uniqueResult();
        if (date != null) {
            return simpleDateFormat.format((java.util.Date) date);
        }
        return null;
    }

    public static void main(String[] strArr) {
        try {
            new Decrypt();
            System.out.println(MD5.encriptaPassword("dici2009"));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
