package org.opennms.web.account.selfService;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.opennms.netmgt.config.UserFactory;
import org.opennms.netmgt.config.UserManager;
import org.opennms.netmgt.config.users.Password;
import org.opennms.netmgt.config.users.User;

/* loaded from: input_file:org/opennms/web/account/selfService/NewPasswordActionServlet.class */
public class NewPasswordActionServlet extends HttpServlet {
    private static final long serialVersionUID = 6803675433403988004L;

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            UserFactory.init();
            HttpSession session = httpServletRequest.getSession(false);
            UserManager userFactory = UserFactory.getInstance();
            User user = (User) session.getAttribute("user.newPassword.jsp");
            String parameter = httpServletRequest.getParameter("currentPassword");
            String parameter2 = httpServletRequest.getParameter("newPassword");
            if (!httpServletRequest.isUserInRole("ROLE_ADMIN") && user.getRoleCollection().contains("ROLE_READONLY")) {
                throw new ServletException("User " + user.getUserId() + " is read-only");
            }
            if (!userFactory.comparePasswords(user.getUserId(), parameter)) {
                getServletContext().getRequestDispatcher("/account/selfService/newPassword.jsp?action=redo").forward(httpServletRequest, httpServletResponse);
                return;
            }
            Password password = new Password();
            password.setContent(userFactory.encryptedPassword(parameter2, true));
            password.setSalt(true);
            user.setPassword(password);
            session.setAttribute("user.newPassword.jsp", user);
            try {
                userFactory.saveUser(user.getUserId(), user);
                getServletContext().getRequestDispatcher("/account/selfService/passwordChanged.jsp").forward(httpServletRequest, httpServletResponse);
            } catch (Throwable th) {
                throw new ServletException("Error saving user " + user.getUserId(), th);
            }
        } catch (Throwable th2) {
            throw new ServletException("NewPasswordActionServlet: Error initialising user factory." + th2);
        }
    }
}
