package com.enginframe.server.authorization;

import com.enginframe.acl.AuthorizationChecks;
import com.enginframe.common.utils.Utils;
import com.enginframe.common.utils.log.Log;
import com.enginframe.common.utils.log.LogFactory;
import com.enginframe.server.enterprise.AccountDataStructureProvider;
import com.google.common.collect.EvictingQueue;
import com.hazelcast.core.IMap;
import com.hazelcast.security.permission.ActionConstants;
import java.util.concurrent.TimeUnit;

/* JADX WARN: Classes with same name are omitted:
  input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/server/authorization/DefaultAccountLocker.class
  input_file:kernel/ef_root/agent/agent.jar:com/enginframe/server/authorization/DefaultAccountLocker.class
 */
/* loaded from: input_file:com/enginframe/server/authorization/DefaultAccountLocker.class */
public class DefaultAccountLocker implements AccountLocker {
    private static final String EF_LOCKOUT_AFTER_TRIALS_PROP = "ef.account.lockout.after.trials";
    private static final String EF_LOCKOUT_TIME_USERS_PROP = "ef.account.lockout.time.users";
    private static final String EF_LOCKOUT_TIME_ADMINS_PROP = "ef.account.lockout.time.admins";
    private static final int DEFAULT_LOCKOUT_AFTER_TRIALS = 6;
    private static final int DEFAULT_LOCKOUT_TIME_USERS = 30;
    private static final int DEFAULT_LOCKOUT_TIME_ADMINS = 30;
    private static final long TRIALS_PERIOD_MS = TimeUnit.SECONDS.toMillis(60);
    private final IMap<String, EvictingQueue<Long>> failedLoginsMap;

    public DefaultAccountLocker(AccountDataStructureProvider accountDataStructureProvider) {
        this.failedLoginsMap = accountDataStructureProvider.getFailedLogins();
    }

    @Override // com.enginframe.server.authorization.AccountLocker
    public boolean isLocked(String str) {
        return isLocked((EvictingQueue) this.failedLoginsMap.get(str), getLockoutTime(str));
    }

    private boolean isLocked(EvictingQueue<Long> evictingQueue, long j) {
        return evictingQueue != null && evictingQueue.remainingCapacity() == 0 && j > 0;
    }

    @Override // com.enginframe.server.authorization.AccountLocker
    public void recordFailedLogin(String str) {
        if (Utils.isVoid(str)) {
            return;
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            long lockoutTime = getLockoutTime(str);
            boolean z = false;
            boolean z2 = false;
            if (this.failedLoginsMap.tryLock(str, 20L, TimeUnit.SECONDS)) {
                try {
                    EvictingQueue<Long> queue = getQueue(str);
                    z = isLocked(queue, lockoutTime);
                    if (!z) {
                        queue.add(Long.valueOf(currentTimeMillis));
                        long longValue = queue.peek().longValue();
                        if (queue.remainingCapacity() != 0 || currentTimeMillis - longValue > TRIALS_PERIOD_MS || lockoutTime <= 0) {
                            if (queue.remainingCapacity() == 0) {
                                queue.poll();
                            }
                            this.failedLoginsMap.set(str, queue, TRIALS_PERIOD_MS, TimeUnit.MILLISECONDS);
                        } else {
                            this.failedLoginsMap.set(str, queue, lockoutTime, TimeUnit.MILLISECONDS);
                            z2 = true;
                        }
                    }
                    this.failedLoginsMap.unlock(str);
                } catch (Throwable th) {
                    this.failedLoginsMap.unlock(str);
                    throw th;
                }
            } else {
                getLog().error(String.format("Couldn't acquire lock for account (%s), timeout (%d) seconds", str, 20));
            }
            if (z) {
                return;
            }
            if (z2) {
                getLog().error(String.format("Account for user (%s) has been locked for (%d) minutes", str, Long.valueOf(TimeUnit.MILLISECONDS.toMinutes(lockoutTime))));
            } else {
                getLog().info(String.format("Record failed login for user (%s), timestamp (%d) ms", str, Long.valueOf(currentTimeMillis)));
            }
        } catch (InterruptedException unused) {
            getLog().warn("Current thread has been interrupted");
        }
    }

    @Override // com.enginframe.server.authorization.AccountLocker
    public void resetFailedLogins(String str) {
        if (Utils.isVoid(str)) {
            return;
        }
        this.failedLoginsMap.delete(str);
        getLog().debug(String.format("Resetting failed account logins for user (%s)", str));
    }

    private long getLockoutTime(String str) {
        return TimeUnit.MINUTES.toMillis(AuthorizationChecks.checkAuthorization(str, "admin-only", ActionConstants.ACTION_READ) ? getLockoutTimeAdmins() : getLockoutTimeUsers());
    }

    private EvictingQueue<Long> getQueue(String str) {
        EvictingQueue<Long> evictingQueue = (EvictingQueue) this.failedLoginsMap.get(str);
        if (evictingQueue == null) {
            evictingQueue = EvictingQueue.create(getLockoutTrials());
        }
        return evictingQueue;
    }

    private int getLockoutTrials() {
        return getIntProperty(EF_LOCKOUT_AFTER_TRIALS_PROP, 6);
    }

    private int getLockoutTimeUsers() {
        return getIntProperty(EF_LOCKOUT_TIME_USERS_PROP, 30);
    }

    private int getLockoutTimeAdmins() {
        return getIntProperty(EF_LOCKOUT_TIME_ADMINS_PROP, 30);
    }

    private int getIntProperty(String str, int i) {
        int i2;
        try {
            i2 = Integer.parseInt(Utils.getProperty(str, new StringBuilder().append(i).toString()));
        } catch (NumberFormatException unused) {
            getLog().error(String.format("Invalid value for property (%s). Using default (%d)", str, Integer.valueOf(i)));
            i2 = i;
        }
        return i2;
    }

    private Log getLog() {
        return LogFactory.getLog(getClass());
    }
}
