package org.n52.security.service.authentication.audit;

import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.n52.security.authentication.AccountLockedException;
import org.n52.security.authentication.AuthenticationException;
import org.n52.security.authentication.Credential;

/* loaded from: input_file:org/n52/security/service/authentication/audit/AccountLockingAuthenticationEventListener.class */
public class AccountLockingAuthenticationEventListener extends AbstractAuthenticationEventListener {
    private static final Log LOG;
    private CredentialLogService m_logService;
    private List m_lockRules = new ArrayList();
    private List m_userAccountLockedNotifications = new ArrayList();
    static Class class$org$n52$security$service$authentication$audit$AccountLockingAuthenticationEventListener;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/n52/security/service/authentication/audit/AccountLockingAuthenticationEventListener$LogStrategy.class */
    public interface LogStrategy {
        void updateLogEntry(CredentialLogEntry credentialLogEntry);
    }

    @Override // org.n52.security.service.authentication.audit.AbstractAuthenticationEventListener
    public void onLogin(AuthenticationEvent authenticationEvent) {
        if (authenticationEvent.isUserAuthenticated()) {
            logThreadSafe(authenticationEvent, new LogStrategy(this) { // from class: org.n52.security.service.authentication.audit.AccountLockingAuthenticationEventListener.1
                private final AccountLockingAuthenticationEventListener this$0;

                {
                    this.this$0 = this;
                }

                @Override // org.n52.security.service.authentication.audit.AccountLockingAuthenticationEventListener.LogStrategy
                public void updateLogEntry(CredentialLogEntry credentialLogEntry) {
                    credentialLogEntry.resetConsecutiveFails();
                }
            });
        }
    }

    @Override // org.n52.security.service.authentication.audit.AbstractAuthenticationEventListener
    public void onLoginError(AuthenticationExceptionEvent authenticationExceptionEvent) throws AuthenticationException {
        logThreadSafe(authenticationExceptionEvent, new LogStrategy(this) { // from class: org.n52.security.service.authentication.audit.AccountLockingAuthenticationEventListener.2
            private final AccountLockingAuthenticationEventListener this$0;

            {
                this.this$0 = this;
            }

            @Override // org.n52.security.service.authentication.audit.AccountLockingAuthenticationEventListener.LogStrategy
            public void updateLogEntry(CredentialLogEntry credentialLogEntry) {
                credentialLogEntry.increaseConsecutiveFail();
            }
        });
    }

    private void logThreadSafe(AuthenticationEvent authenticationEvent, LogStrategy logStrategy) {
        boolean z = false;
        int i = 1;
        while (true) {
            if (!z && i > 1) {
                return;
            }
            try {
                logEventPerCredential(authenticationEvent, logStrategy);
                z = false;
                LOG.debug(new StringBuffer().append("Log entry updated successfully with attempt #").append(i).toString());
            } catch (ConcurrentCredentialLogModificationException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Log entry update failed due to concurrent modifications. Retrying...");
                    z = true;
                }
            }
            i++;
        }
    }

    private void logEventPerCredential(AuthenticationEvent authenticationEvent, LogStrategy logStrategy) throws ConcurrentCredentialLogModificationException {
        CredentialLockRuleEnforcementResult credentialLockRuleEnforcementResult = new CredentialLockRuleEnforcementResult();
        Iterator it = authenticationEvent.getCredentials().iterator();
        while (it.hasNext()) {
            credentialLockRuleEnforcementResult = updateLogEntry(authenticationEvent, logStrategy, credentialLockRuleEnforcementResult, (Credential) it.next());
        }
        if (credentialLockRuleEnforcementResult.hasException()) {
            throw credentialLockRuleEnforcementResult.getFirstException();
        }
    }

    private CredentialLockRuleEnforcementResult updateLogEntry(AuthenticationEvent authenticationEvent, LogStrategy logStrategy, CredentialLockRuleEnforcementResult credentialLockRuleEnforcementResult, Credential credential) throws ConcurrentCredentialLogModificationException {
        CredentialLogEntry logEntry = this.m_logService.getLogEntry(credential);
        logEntry.setLastAttempt(authenticationEvent.getTimestamp());
        logStrategy.updateLogEntry(logEntry);
        checkLockRelease(logEntry);
        if (logEntry.isLocked()) {
            credentialLockRuleEnforcementResult.addException(new AccountLockedException("Account locked due to previous failing attempts"));
        }
        CredentialLockRuleEnforcementResult enforceRules = enforceRules(logEntry, credentialLockRuleEnforcementResult);
        this.m_logService.saveLogEntry(logEntry);
        return enforceRules;
    }

    private void checkLockRelease(CredentialLogEntry credentialLogEntry) {
        if (lockedByTimeout(credentialLogEntry) || lockedWithoutTimeout(credentialLogEntry)) {
            return;
        }
        credentialLogEntry.setLocked(false);
    }

    private boolean lockedByTimeout(CredentialLogEntry credentialLogEntry) {
        return credentialLogEntry.isLocked() && new Date().before(credentialLogEntry.getLockTimeout());
    }

    private boolean lockedWithoutTimeout(CredentialLogEntry credentialLogEntry) {
        return credentialLogEntry.isLocked() && credentialLogEntry.getLockTimeout() == null;
    }

    private CredentialLockRuleEnforcementResult enforceRules(CredentialLogEntry credentialLogEntry, CredentialLockRuleEnforcementResult credentialLockRuleEnforcementResult) throws AuthenticationException {
        for (CredentialLockRule credentialLockRule : this.m_lockRules) {
            if (credentialLockRule.isBrokenBy(credentialLogEntry)) {
                actOnBrokenRule(credentialLogEntry, credentialLockRule);
                credentialLockRuleEnforcementResult.addException(new AccountLockedException("Access to your account was just locked due to too many login failures."));
            }
        }
        return credentialLockRuleEnforcementResult;
    }

    private void actOnBrokenRule(CredentialLogEntry credentialLogEntry, CredentialLockRule credentialLockRule) {
        if (credentialLogEntry.isLocked()) {
            return;
        }
        credentialLogEntry.setLocked(true);
        credentialLogEntry.setLockTimeout(new Date(System.currentTimeMillis() + credentialLockRule.getLockTimeoutMillisecs()));
        try {
            handleNotifications(credentialLogEntry, credentialLockRule.getLockTimeoutMillisecs());
        } catch (Exception e) {
            LOG.error("For some reason lock notifications could not be executed");
        }
    }

    private void handleNotifications(CredentialLogEntry credentialLogEntry, long j) {
        if (isUsernamePasswordCredentialType(credentialLogEntry)) {
            doNotification(createUserLockedNotificationEvent(credentialLogEntry, j));
        }
    }

    private boolean isUsernamePasswordCredentialType(CredentialLogEntry credentialLogEntry) {
        return credentialLogEntry.getCredentialType().equals(CredentialLookup.USERNAME_CREDENTIAL_IDENTIFIER);
    }

    private UserAccountLockedNotificationEvent createUserLockedNotificationEvent(CredentialLogEntry credentialLogEntry, long j) {
        return new UserAccountLockedNotificationEvent(credentialLogEntry.getCredentialString(), j);
    }

    private void doNotification(UserAccountLockedNotificationEvent userAccountLockedNotificationEvent) {
        Iterator it = this.m_userAccountLockedNotifications.iterator();
        while (it.hasNext()) {
            ((UserAccountLockedNotification) it.next()).execute(userAccountLockedNotificationEvent);
        }
    }

    public void setLogService(CredentialLogService credentialLogService) {
        this.m_logService = credentialLogService;
    }

    public CredentialLogService getLogService() {
        return this.m_logService;
    }

    public void setLockRules(List list) {
        this.m_lockRules = new ArrayList(list);
    }

    public List getLockRules() {
        return new ArrayList(this.m_lockRules);
    }

    public void addLockRule(CredentialLockRule credentialLockRule) {
        this.m_lockRules.add(credentialLockRule);
    }

    public List getUserAccountLockedNotifications() {
        return this.m_userAccountLockedNotifications;
    }

    public void setUserAccountLockedNotifications(List list) {
        this.m_userAccountLockedNotifications = list;
    }

    public void addUserAccountLockedNotification(UserAccountLockedNotification userAccountLockedNotification) {
        this.m_userAccountLockedNotifications.add(userAccountLockedNotification);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$n52$security$service$authentication$audit$AccountLockingAuthenticationEventListener == null) {
            cls = class$("org.n52.security.service.authentication.audit.AccountLockingAuthenticationEventListener");
            class$org$n52$security$service$authentication$audit$AccountLockingAuthenticationEventListener = cls;
        } else {
            cls = class$org$n52$security$service$authentication$audit$AccountLockingAuthenticationEventListener;
        }
        LOG = LogFactory.getLog(cls);
    }
}
