package org.cloudfoundry.identity.uaa.authentication.manager;

import java.util.List;
import org.cloudfoundry.identity.uaa.audit.AuditEvent;
import org.cloudfoundry.identity.uaa.audit.AuditEventType;
import org.cloudfoundry.identity.uaa.audit.UaaAuditService;
import org.cloudfoundry.identity.uaa.authentication.manager.LoginPolicy;
import org.cloudfoundry.identity.uaa.provider.LockoutPolicy;
import org.cloudfoundry.identity.uaa.util.TimeService;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.20.0.jar:org/cloudfoundry/identity/uaa/authentication/manager/CommonLoginPolicy.class */
public class CommonLoginPolicy implements LoginPolicy {
    private final UaaAuditService auditService;
    private final LockoutPolicyRetriever lockoutPolicyRetriever;
    private final AuditEventType successEventType;
    private final AuditEventType failureEventType;
    private final TimeService timeService;
    private final boolean enabled;

    public CommonLoginPolicy(UaaAuditService uaaAuditService, LockoutPolicyRetriever lockoutPolicyRetriever, AuditEventType auditEventType, AuditEventType auditEventType2, TimeService timeService, boolean z) {
        this.auditService = uaaAuditService;
        this.lockoutPolicyRetriever = lockoutPolicyRetriever;
        this.successEventType = auditEventType;
        this.failureEventType = auditEventType2;
        this.timeService = timeService;
        this.enabled = z;
    }

    @Override // org.cloudfoundry.identity.uaa.authentication.manager.LoginPolicy
    public LoginPolicy.Result isAllowed(String str) {
        AuditEvent mostRecentFailure;
        int i = 0;
        if (this.enabled) {
            LockoutPolicy lockoutPolicy = this.lockoutPolicyRetriever.getLockoutPolicy();
            List<AuditEvent> find = this.auditService.find(str, this.timeService.getCurrentTimeMillis() - (lockoutPolicy.getCountFailuresWithin() * 1000), IdentityZoneHolder.get().getId());
            i = sequentialFailureCount(find);
            if (i >= lockoutPolicy.getLockoutAfterFailures() && (mostRecentFailure = mostRecentFailure(find)) != null && mostRecentFailure.getTime() > this.timeService.getCurrentTimeMillis() - (lockoutPolicy.getLockoutPeriodSeconds() * 1000)) {
                return new LoginPolicy.Result(false, i);
            }
        }
        return new LoginPolicy.Result(true, i);
    }

    private int sequentialFailureCount(List<AuditEvent> list) {
        int i = 0;
        for (AuditEvent auditEvent : list) {
            if (auditEvent.getType() != this.failureEventType) {
                if (auditEvent.getType() == this.successEventType) {
                    break;
                }
            } else {
                i++;
            }
        }
        return i;
    }

    private AuditEvent mostRecentFailure(List<AuditEvent> list) {
        for (AuditEvent auditEvent : list) {
            if (auditEvent.getType() == this.failureEventType) {
                return auditEvent;
            }
        }
        return null;
    }

    @Override // org.cloudfoundry.identity.uaa.authentication.manager.LoginPolicy
    public LockoutPolicyRetriever getLockoutPolicyRetriever() {
        return this.lockoutPolicyRetriever;
    }
}
