package com.urbancode.anthill3.domain.security;

import com.urbancode.anthill3.domain.authentication.HttpLoginCallbackHandler;
import com.urbancode.anthill3.domain.authentication.LoginConfiguration;
import com.urbancode.anthill3.domain.persistent.PersistenceException;
import com.urbancode.anthill3.domain.persistent.PersistenceRuntimeException;
import com.urbancode.anthill3.domain.singleton.serversettings.ServerSettings;
import com.urbancode.anthill3.domain.singleton.serversettings.ServerSettingsFactory;
import com.urbancode.anthill3.persistence.UnitOfWork;
import java.security.Principal;
import java.util.Set;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.jfree.util.Log;

/* loaded from: input_file:com/urbancode/anthill3/domain/security/JAASAuthenticator.class */
public class JAASAuthenticator extends Authenticator {
    private static Logger log = Logger.getLogger(JAASAuthenticator.class);
    private static final int ATTEMPTS_LEFT_AT_COUNTDOWN_START = 3;
    protected static final String DEFAULT_LOGIN_REJECT_MSG = "Invalid user credentials.";
    protected static final String DEFAULT_LOCKED_OUT_MSG = "You have exceeded the number of allowed login attempts. Please contact your AnthillPro administrator to log in again.";

    @Override // com.urbancode.anthill3.domain.security.Authenticator
    public User authenticateUser(HttpServletRequest httpServletRequest, String str, String str2) throws AuthorizationException {
        User user = null;
        RealmAuthenticationLookupContext realmAuthenticationLookupContext = new RealmAuthenticationLookupContext();
        realmAuthenticationLookupContext.bind();
        try {
            if (httpServletRequest != null && str == null && str2 == null) {
                try {
                    try {
                        String header = httpServletRequest.getHeader(BasicAuthenticationParser.AUTHORIZATION_HEADER);
                        if (StringUtils.isNotEmpty(header)) {
                            BasicAuthenticationParser basicAuthenticationParser = new BasicAuthenticationParser();
                            basicAuthenticationParser.parseHeaderValue(header);
                            str = basicAuthenticationParser.getName();
                            str2 = basicAuthenticationParser.getPassword();
                        }
                    } catch (Exception e) {
                        throw new AuthorizationException(e.getMessage(), e);
                    }
                } catch (AuthorizationException e2) {
                    incrementFailedAttemptsForUsers(realmAuthenticationLookupContext);
                    throw e2;
                } catch (LoginException e3) {
                    if (StringUtils.isNotEmpty(str)) {
                        log.warn("Failed login attempt for user " + str);
                        if (log.isDebugEnabled()) {
                            log.debug("Cause of previous warning: " + e3, e3);
                        }
                    }
                    String message = e3.getMessage();
                    if (!StringUtils.containsIgnoreCase(message, "all modules ignored")) {
                        incrementFailedAttemptsForUsers(realmAuthenticationLookupContext);
                        User firstUser = realmAuthenticationLookupContext.getFirstUser();
                        if (firstUser != null) {
                            assertLockoutChecks(firstUser, true);
                        }
                        throw new AuthorizationException(message, e3);
                    }
                    realmAuthenticationLookupContext.unbind();
                }
            }
            LoginContext loginContext = new LoginContext(httpServletRequest != null && Boolean.valueOf(httpServletRequest.getParameter("secondaryAuth")).booleanValue() ? LoginConfiguration.SECONDARY_REALMS : "Anthill3", new HttpLoginCallbackHandler(httpServletRequest, str, str2));
            loginContext.login();
            for (Principal principal : loginContext.getSubject().getPrincipals()) {
                if (principal instanceof User) {
                    try {
                        user = (User) principal;
                        assertLockoutChecks(user, false);
                        break;
                    } catch (AuthorizationException e4) {
                    }
                }
            }
            if (user == null) {
                throw new LoginException("User Principal not found after login");
            }
            assertLockoutChecks(user, false);
            UnitOfWork.getCurrent().setUser(user);
            resetFailedAttemptsForUser(user);
            realmAuthenticationLookupContext.unbind();
            return user;
        } catch (Throwable th) {
            realmAuthenticationLookupContext.unbind();
            throw th;
        }
    }

    @Override // com.urbancode.anthill3.domain.security.Authenticator
    public User authenticateGuest() throws AuthorizationException {
        try {
            User guestUser = UserFactory.getGuestUser();
            UnitOfWork.getCurrent().setUser(guestUser);
            return guestUser;
        } catch (PersistenceException e) {
            throw new AuthorizationException(e);
        }
    }

    private void incrementFailedAttemptsForUsers(RealmAuthenticationLookupContext realmAuthenticationLookupContext) {
        Set<User> failedUsers = realmAuthenticationLookupContext.getFailedUsers();
        if (failedUsers.isEmpty()) {
            return;
        }
        for (User user : failedUsers) {
            if (user != null) {
                try {
                    UserFactory.getInstance().incrementUserLoginFailures(user);
                } catch (PersistenceException e) {
                    Log.debug("Unable to increment User " + user.getName() + "'s authentication failures.");
                    throw new PersistenceRuntimeException(e);
                }
            }
        }
    }

    private void resetFailedAttemptsForUser(User user) {
        if (user != null) {
            try {
                UserFactory.getInstance().resetUserLoginFailures(user);
            } catch (PersistenceException e) {
                Log.debug("Unable to reset User " + user.getName() + "'s authentication failures.");
                throw new PersistenceRuntimeException(e);
            }
        }
    }

    private void assertLockoutChecks(User user, boolean z) throws AuthorizationException {
        try {
            ServerSettings restore = ServerSettingsFactory.getInstance().restore();
            User user2 = (User) UnitOfWork.getCurrent().reload((UnitOfWork) user);
            String format = String.format("%s has had %d consecutive failed login attempts and has been throttled.", user2.getName(), Integer.valueOf(user2.getFailedLoginAttempts()));
            int i = 4;
            if (restore.getLockoutAttempts() != null) {
                i = restore.getLockoutAttempts().intValue() - user2.getFailedLoginAttempts();
            }
            if (user2.isLockedOut()) {
                throw new AuthorizationException(DEFAULT_LOCKED_OUT_MSG);
            }
            if (user2.isThrottled() || (z && i <= 3)) {
                long intValue = restore.getThrottleWaitMinutes().intValue();
                Object[] objArr = new Object[2];
                objArr[0] = Long.valueOf(intValue);
                objArr[1] = intValue == 1 ? "" : "s";
                String format2 = String.format("Please wait %d minute%s and try again.", objArr);
                Object[] objArr2 = new Object[2];
                objArr2[0] = Integer.valueOf(i);
                objArr2[1] = i == 1 ? "" : "s";
                String format3 = String.format("You have only %d login attempt%s remaining before being locked out of the system.", objArr2);
                StringBuilder sb = new StringBuilder();
                sb.append(DEFAULT_LOGIN_REJECT_MSG);
                if (user2.isThrottled()) {
                    sb.append(" ");
                    sb.append(format2);
                }
                if (i <= 3) {
                    sb.append(" ");
                    sb.append(format3);
                }
                log.warn(format);
                throw new AuthorizationException(sb.toString());
            }
        } catch (PersistenceException e) {
            throw new PersistenceRuntimeException(e.getMessage(), e);
        }
    }
}
