package org.opencms.db;

import java.util.Date;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.opencms.file.CmsObject;
import org.opencms.file.CmsResource;
import org.opencms.file.CmsUser;
import org.opencms.main.CmsLog;
import org.opencms.main.OpenCms;
import org.opencms.security.CmsAuthentificationException;
import org.opencms.security.CmsRole;
import org.opencms.security.CmsRoleViolationException;
import org.opencms.security.CmsUserDisabledException;
import org.opencms.util.CmsStringUtil;
import org.opencms.xml.containerpage.CmsFormatterBean;

/* loaded from: input_file:org/opencms/db/CmsLoginManager.class */
public class CmsLoginManager {
    public static final long DEFAULT_TOKEN_LIFETIME = 86400000;
    public static final int DISABLE_MINUTES_DEFAULT = 15;
    public static final boolean ENABLE_SECURITY_DEFAULT = false;
    public static final String KEY_SEPARATOR = "_";
    public static final int MAX_BAD_ATTEMPTS_DEFAULT = 3;
    protected static Map<String, Set<CmsUserData>> TEMP_DISABLED_USER;
    private static final Log LOG = CmsLog.getLog(CmsLoginManager.class);
    protected int m_disableMillis;
    protected int m_disableMinutes;
    protected boolean m_enableSecurity;
    protected int m_maxBadAttempts;
    protected Map<String, CmsUserData> m_storage;
    protected String m_tokenLifetimeStr;
    private CmsLoginMessage m_beforeLoginMessage;
    private CmsLoginMessage m_loginMessage;
    private String m_logoutUri;
    private String m_maxInactive;
    private String m_passwordChangeInterval;
    private boolean m_requireOrgUnit;
    private String m_userDateCheckInterval;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opencms/db/CmsLoginManager$CmsUserData.class */
    public class CmsUserData {
        private long m_disableTimeStart;
        private int m_invalidLoginCount = 1;

        protected CmsUserData() {
        }

        protected Integer getInvalidLoginCount() {
            return new Integer(this.m_invalidLoginCount);
        }

        protected Date getReleaseDate() {
            return new Date(this.m_disableTimeStart + CmsLoginManager.this.m_disableMillis + 1);
        }

        protected void increaseInvalidLoginCount() {
            this.m_invalidLoginCount++;
            if (this.m_invalidLoginCount < CmsLoginManager.this.m_maxBadAttempts || this.m_disableTimeStart != 0) {
                return;
            }
            this.m_disableTimeStart = System.currentTimeMillis();
        }

        protected boolean isDisabled() {
            if (this.m_disableTimeStart > 0 && System.currentTimeMillis() - this.m_disableTimeStart > CmsLoginManager.this.m_disableMillis) {
                this.m_disableTimeStart = 0L;
            }
            return this.m_disableTimeStart > 0;
        }

        protected void reset() {
            this.m_disableTimeStart = 0L;
            this.m_invalidLoginCount = 0;
        }
    }

    public CmsLoginManager(int i, int i2, boolean z, String str, String str2, String str3, String str4, boolean z2, String str5) {
        this.m_maxBadAttempts = i2;
        if (TEMP_DISABLED_USER == null) {
            TEMP_DISABLED_USER = new Hashtable();
        }
        if (this.m_maxBadAttempts >= 0) {
            this.m_disableMinutes = i;
            this.m_disableMillis = i * 60 * CmsFormatterBean.DEFAULT_CONFIGURATION_RANK;
            this.m_storage = new Hashtable();
        }
        this.m_enableSecurity = z;
        this.m_tokenLifetimeStr = str;
        this.m_maxInactive = str2;
        this.m_passwordChangeInterval = str3;
        this.m_userDateCheckInterval = str4;
        this.m_requireOrgUnit = z2;
        this.m_logoutUri = str5;
    }

    private static String createStorageKey(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        stringBuffer.append(KEY_SEPARATOR);
        stringBuffer.append(str2);
        return stringBuffer.toString();
    }

    public boolean canLockBecauseOfInactivity(CmsObject cmsObject, CmsUser cmsUser) {
        return (cmsUser.isManaged() || cmsUser.isWebuser() || OpenCms.getDefaultUsers().isDefaultUser(cmsUser.getName()) || OpenCms.getRoleManager().hasRole(cmsObject, cmsUser.getName(), CmsRole.ROOT_ADMIN)) ? false : true;
    }

    public boolean checkInactive(CmsUser cmsUser) {
        if (this.m_maxInactive == null) {
            return false;
        }
        try {
            if (cmsUser.getLastlogin() == 0) {
                return false;
            }
            return System.currentTimeMillis() - cmsUser.getLastlogin() > CmsStringUtil.parseDuration(this.m_maxInactive, CmsResource.DATE_EXPIRED_DEFAULT);
        } catch (Exception e) {
            LOG.warn(e.getLocalizedMessage(), e);
            return false;
        }
    }

    public void checkInvalidLogins(String str, String str2) throws CmsAuthentificationException {
        if (this.m_maxBadAttempts < 0) {
            return;
        }
        CmsUserData cmsUserData = this.m_storage.get(createStorageKey(str, str2));
        if (cmsUserData != null && cmsUserData.isDisabled()) {
            Set<CmsUserData> set = TEMP_DISABLED_USER.get(str);
            if (set == null) {
                set = new HashSet();
            }
            set.add(cmsUserData);
            TEMP_DISABLED_USER.put(str, set);
            throw new CmsUserDisabledException(org.opencms.security.Messages.get().container(org.opencms.security.Messages.ERR_LOGIN_FAILED_TEMP_DISABLED_4, new Object[]{str, str2, cmsUserData.getReleaseDate(), cmsUserData.getInvalidLoginCount()}));
        }
        if ((!TEMP_DISABLED_USER.containsKey(str) || !(cmsUserData != null)) || !TEMP_DISABLED_USER.get(str).contains(cmsUserData)) {
            return;
        }
        TEMP_DISABLED_USER.get(str).remove(cmsUserData);
        if (TEMP_DISABLED_USER.get(str).isEmpty()) {
            TEMP_DISABLED_USER.remove(str);
        }
    }

    public void checkLoginAllowed() throws CmsAuthentificationException {
        if (this.m_loginMessage != null && this.m_loginMessage.isLoginCurrentlyForbidden()) {
            throw new CmsAuthentificationException(org.opencms.security.Messages.get().container(org.opencms.security.Messages.ERR_LOGIN_FAILED_WITH_MESSAGE_1, this.m_loginMessage.getMessage()));
        }
    }

    public CmsLoginMessage getBeforeLoginMessage() {
        return this.m_beforeLoginMessage;
    }

    public int getDisableMinutes() {
        return this.m_disableMinutes;
    }

    public CmsLoginMessage getLoginMessage() {
        return this.m_loginMessage;
    }

    public String getLogoutUri() {
        return this.m_logoutUri;
    }

    public int getMaxBadAttempts() {
        return this.m_maxBadAttempts;
    }

    public String getMaxInactive() {
        return this.m_maxInactive;
    }

    public long getPasswordChangeInterval() {
        return this.m_passwordChangeInterval == null ? CmsResource.DATE_EXPIRED_DEFAULT : CmsStringUtil.parseDuration(this.m_passwordChangeInterval, CmsResource.DATE_EXPIRED_DEFAULT);
    }

    public String getPasswordChangeIntervalStr() {
        return this.m_passwordChangeInterval;
    }

    public long getTokenLifetime() {
        if (this.m_tokenLifetimeStr == null) {
            return 86400000L;
        }
        return CmsStringUtil.parseDuration(this.m_tokenLifetimeStr, 86400000L);
    }

    public String getTokenLifetimeStr() {
        return this.m_tokenLifetimeStr;
    }

    public long getUserDataCheckInterval() {
        return this.m_userDateCheckInterval == null ? CmsResource.DATE_EXPIRED_DEFAULT : CmsStringUtil.parseDuration(this.m_userDateCheckInterval, CmsResource.DATE_EXPIRED_DEFAULT);
    }

    public String getUserDataCheckIntervalStr() {
        return this.m_userDateCheckInterval;
    }

    public boolean isEnableSecurity() {
        return this.m_enableSecurity;
    }

    public boolean isOrgUnitRequired() {
        return this.m_requireOrgUnit;
    }

    public boolean isPasswordReset(CmsObject cmsObject, CmsUser cmsUser) {
        return (cmsUser.isManaged() || cmsUser.isWebuser() || OpenCms.getDefaultUsers().isDefaultUser(cmsUser.getName()) || cmsUser.getAdditionalInfo().get(CmsUserSettings.ADDITIONAL_INFO_PASSWORD_RESET) == null) ? false : true;
    }

    public boolean isUserLocked(CmsUser cmsUser) {
        Iterator<String> it = getKeysForUser(cmsUser).iterator();
        while (it.hasNext()) {
            CmsUserData cmsUserData = this.m_storage.get(it.next());
            if (cmsUserData != null && cmsUserData.isDisabled()) {
                return true;
            }
        }
        return false;
    }

    public boolean isUserTempDisabled(String str) {
        Set<CmsUserData> set = TEMP_DISABLED_USER.get(str);
        if (set == null) {
            return false;
        }
        for (CmsUserData cmsUserData : set) {
            if (!cmsUserData.isDisabled()) {
                set.remove(cmsUserData);
            }
        }
        if (set.size() > 0) {
            TEMP_DISABLED_USER.put(str, set);
            return true;
        }
        TEMP_DISABLED_USER.remove(str);
        return false;
    }

    public void removeLoginMessage(CmsObject cmsObject) throws CmsRoleViolationException {
        OpenCms.getRoleManager().checkRole(cmsObject, CmsRole.ROOT_ADMIN);
        this.m_loginMessage = null;
    }

    public boolean requiresPasswordChange(CmsObject cmsObject, CmsUser cmsUser) {
        String str;
        if (cmsUser.isManaged() || cmsUser.isWebuser() || OpenCms.getDefaultUsers().isDefaultUser(cmsUser.getName()) || OpenCms.getRoleManager().hasRole(cmsObject, cmsUser.getName(), CmsRole.ROOT_ADMIN) || (str = (String) cmsUser.getAdditionalInfo().get(CmsUserSettings.ADDITIONAL_INFO_LAST_PASSWORD_CHANGE)) == null) {
            return false;
        }
        return System.currentTimeMillis() - Long.parseLong(str) > getPasswordChangeInterval();
    }

    public boolean requiresUserDataCheck(CmsObject cmsObject, CmsUser cmsUser) {
        if (cmsUser.isManaged() || cmsUser.isWebuser() || OpenCms.getDefaultUsers().isDefaultUser(cmsUser.getName()) || OpenCms.getRoleManager().hasRole(cmsObject, cmsUser.getName(), CmsRole.ROOT_ADMIN)) {
            return false;
        }
        String str = (String) cmsUser.getAdditionalInfo().get(CmsUserSettings.ADDITIONAL_INFO_LAST_USER_DATA_CHECK);
        if (str == null) {
            return !CmsStringUtil.isEmptyOrWhitespaceOnly(getUserDataCheckIntervalStr());
        }
        return System.currentTimeMillis() - Long.parseLong(str) > getUserDataCheckInterval();
    }

    public void resetUserTempDisable(String str) {
        Set<CmsUserData> set = TEMP_DISABLED_USER.get(str);
        if (set == null) {
            return;
        }
        Iterator<CmsUserData> it = set.iterator();
        while (it.hasNext()) {
            it.next().reset();
        }
        TEMP_DISABLED_USER.remove(str);
    }

    public void setBeforeLoginMessage(CmsObject cmsObject, CmsLoginMessage cmsLoginMessage) throws CmsRoleViolationException {
        if (OpenCms.getRunLevel() >= 3) {
            OpenCms.getRoleManager().checkRole(cmsObject, CmsRole.ROOT_ADMIN);
        }
        this.m_beforeLoginMessage = cmsLoginMessage;
        if (this.m_beforeLoginMessage != null) {
            this.m_beforeLoginMessage.setFrozen();
        }
    }

    public void setLoginMessage(CmsObject cmsObject, CmsLoginMessage cmsLoginMessage) throws CmsRoleViolationException {
        if (OpenCms.getRunLevel() >= 3) {
            OpenCms.getRoleManager().checkRole(cmsObject, CmsRole.ROOT_ADMIN);
        }
        this.m_loginMessage = cmsLoginMessage;
        if (this.m_loginMessage != null) {
            this.m_loginMessage.setFrozen();
        }
    }

    public void unlockUser(CmsObject cmsObject, CmsUser cmsUser) throws CmsRoleViolationException {
        OpenCms.getRoleManager().checkRole(cmsObject, CmsRole.ACCOUNT_MANAGER.forOrgUnit(cmsObject.getRequestContext().getOuFqn()));
        Iterator<String> it = getKeysForUser(cmsUser).iterator();
        while (it.hasNext()) {
            this.m_storage.remove(it.next());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addInvalidLogin(String str, String str2) {
        if (this.m_maxBadAttempts < 0) {
            return;
        }
        String createStorageKey = createStorageKey(str, str2);
        CmsUserData cmsUserData = this.m_storage.get(createStorageKey);
        if (cmsUserData != null) {
            cmsUserData.increaseInvalidLoginCount();
        } else {
            this.m_storage.put(createStorageKey, new CmsUserData());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeInvalidLogins(String str, String str2) {
        if (this.m_maxBadAttempts < 0) {
            return;
        }
        this.m_storage.remove(createStorageKey(str, str2));
    }

    private Set<String> getKeysForUser(CmsUser cmsUser) {
        HashSet hashSet = new HashSet();
        Iterator<Map.Entry<String, CmsUserData>> it = this.m_storage.entrySet().iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            if (cmsUser.getName().equals(key.substring(0, key.lastIndexOf(KEY_SEPARATOR)))) {
                hashSet.add(key);
            }
        }
        return hashSet;
    }
}
