package com.amarsoft.awe.security;

import jbo.awe.USER_INFO;

import com.amarsoft.are.ARE;
import com.amarsoft.are.jbo.BizObject;
import com.amarsoft.are.jbo.BizObjectManager;
import com.amarsoft.are.jbo.BizObjectQuery;
import com.amarsoft.are.jbo.JBOFactory;
import com.amarsoft.are.lang.DataElement;
import com.amarsoft.are.log.Log;
import com.amarsoft.are.security.MessageDigest;
import com.amarsoft.awe.security.pwdrule.PasswordRuleManager;
import com.amarsoft.awe.util.Transaction;

public final class LogonValidate
{
  private int errorCode;

  protected boolean isLogonSuccessful(LogonUser asUser, PasswordRuleManager pwm, Transaction sqlca)
  {
    boolean isSucc = true;
    try {
      String state = getUserState(asUser, sqlca);
      if (!(userIsExist(asUser, sqlca))) {
        isSucc = false;
        setErrorCode(10);
      } else if (!(state.equals("1"))) {
        isSucc = false;
        if (state.equals("0"))
          setErrorCode(11);
        else if (state.equals("2"))
          setErrorCode(12);
      }
      else if ((pwm != null) && (!(pwm.isAccept(asUser, asUser.getUserPassword())))) {
        isSucc = false;
        setErrorCode(pwm.getErrorCode());
      }
    } catch (Exception e) {
      ARE.getLog().error("Logon error", e);
    }
    return isSucc;
  }

  @SuppressWarnings("deprecation")
  private boolean userIsExist(LogonUser asUser, Transaction sqlca)
    throws Exception
  {
//    boolean isExist = false;
//    String pwdMD5 = MessageDigest.getDigestAsUpperHexString("MD5", asUser.getUserPassword());
//    BizObjectQuery bq = JBOFactory.createBizObjectQuery("jbo.awe.USER_INFO", "userId=:UserID and password=:Password");
//    bq.setParameter("UserID", asUser.getUserId()).setParameter("Password", pwdMD5);
//    isExist = bq.getTotalCount() > 0;
//    return isExist;
    String pwdMD5 = MessageDigest.getDigestAsUpperHexString("MD5", asUser.getUserPassword());
    BizObjectManager bom = JBOFactory.getBizObjectManager(USER_INFO.CLASS_NAME);
    BizObject bo =  bom.createQuery("userId=:UserID").setParameter("UserID", asUser.getUserId()).getSingleResult(false);
    
    if (null == bo) return false;
    String pwd = bo.getAttribute("PASSWORD") == null ? "" : bo.getAttribute("PASSWORD").toString();
    if (!pwd.equals(pwdMD5)) return false;
    else return true;
  }

  private String getUserState(LogonUser asUser, Transaction sqlca)
    throws Exception
  {
    String state = null;
    BizObjectQuery bq = JBOFactory.createBizObjectQuery("jbo.awe.USER_INFO", "userID=:UserID");
    BizObject bo = bq.setParameter("UserID", asUser.getUserId()).getSingleResult(false);
    if (bo != null) state = bo.getAttribute("status").getString();
    return state;
  }

  public int getErrorCode()
  {
    return this.errorCode;
  }

  public void setErrorCode(int errorCode) {
    this.errorCode = errorCode;
  }
}