package org.neo4j.server.security.auth;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicInteger;
import org.neo4j.helpers.Clock;
import org.neo4j.helpers.ThisShouldNotHappenError;
import org.neo4j.kernel.impl.util.BytePrinter;
import org.neo4j.kernel.impl.util.Charsets;
import org.neo4j.server.security.auth.exception.IllegalTokenException;
import org.neo4j.server.security.auth.exception.IllegalUsernameException;
import org.neo4j.server.security.auth.exception.TooManyAuthenticationAttemptsException;

/* loaded from: input_file:org/neo4j/server/security/auth/Authentication.class */
public class Authentication {
    private final AuthenticationMetadata unknownUser;
    private final Clock clock;
    private final int maxFailedAttempts;
    private final UserRepository users;
    private final String DIGEST_ALGO = "SHA-256";
    private final int failedAuthCooldownPeriod = 5000;
    private final SecureRandom rand = new SecureRandom();
    private final ConcurrentMap<String, AuthenticationMetadata> authenticationData = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/neo4j/server/security/auth/Authentication$AuthenticationMetadata.class */
    public class AuthenticationMetadata {
        private final String name;
        private final int maxFailedAttempts;
        private final long failedCooldownPeriod;
        private final Clock clock;
        private final AtomicInteger failedAuthAttempts = new AtomicInteger();
        private long lastFailedAttemptTime = 0;

        AuthenticationMetadata(String str, int i, long j, Clock clock) {
            this.name = str;
            this.maxFailedAttempts = i;
            this.failedCooldownPeriod = j;
            this.clock = clock;
        }

        public boolean authenticate(String str) throws TooManyAuthenticationAttemptsException {
            if (tooManyAuthAttemtps()) {
                throw new TooManyAuthenticationAttemptsException("Too many failed authentication requests. Please try again in 5 seconds.");
            }
            if (isCorrectPassword(str)) {
                this.failedAuthAttempts.set(0);
                return true;
            }
            this.failedAuthAttempts.incrementAndGet();
            this.lastFailedAttemptTime = this.clock.currentTimeMillis();
            return false;
        }

        private boolean tooManyAuthAttemtps() {
            return this.failedAuthAttempts.get() >= this.maxFailedAttempts && this.clock.currentTimeMillis() < this.lastFailedAttemptTime + this.failedCooldownPeriod;
        }

        protected boolean isCorrectPassword(String str) {
            User user = Authentication.this.users.get(this.name);
            if (user != null) {
                return Authentication.this.hash(user.credentials().salt(), str, user.credentials().digestAlgorithm()).equals(user.credentials().hash());
            }
            return false;
        }
    }

    /* loaded from: input_file:org/neo4j/server/security/auth/Authentication$UnknownUserMetadata.class */
    private class UnknownUserMetadata extends AuthenticationMetadata {
        UnknownUserMetadata(int i, long j, Clock clock) {
            super("Unknown", i, j, clock);
        }

        @Override // org.neo4j.server.security.auth.Authentication.AuthenticationMetadata
        protected boolean isCorrectPassword(String str) {
            return false;
        }
    }

    public Authentication(Clock clock, UserRepository userRepository, int i) {
        this.clock = clock;
        this.users = userRepository;
        this.maxFailedAttempts = i;
        this.unknownUser = new UnknownUserMetadata(i, 5000L, clock);
    }

    public boolean authenticate(String str, String str2) throws TooManyAuthenticationAttemptsException {
        return authMetadataFor(str).authenticate(str2);
    }

    public void setPassword(String str, String str2) throws IOException {
        User user = this.users.get(str);
        if (user == null) {
            throw new RuntimeException("No such user: " + str);
        }
        try {
            String randomSalt = randomSalt();
            this.users.save(user.augment().withCredentials(new Credentials(randomSalt, "SHA-256", hash(randomSalt, str2, "SHA-256"))).withRequiredPasswordChange(false).build());
        } catch (IllegalTokenException | IllegalUsernameException e) {
            throw new ThisShouldNotHappenError("Jake", "Token/username are not being modified.", e);
        }
    }

    public void requirePasswordChange(String str) throws IOException {
        User user = this.users.get(str);
        if (user == null) {
            throw new RuntimeException("No such user: " + str);
        }
        try {
            this.users.save(user.augment().withRequiredPasswordChange(true).build());
        } catch (IllegalTokenException | IllegalUsernameException e) {
            throw new ThisShouldNotHappenError("Jake", "Token/username are not being modified.", e);
        }
    }

    private AuthenticationMetadata authMetadataFor(String str) {
        if (str == null) {
            return this.unknownUser;
        }
        AuthenticationMetadata authenticationMetadata = this.authenticationData.get(str);
        if (authenticationMetadata == null) {
            if (this.users.get(str) != null) {
                authenticationMetadata = new AuthenticationMetadata(str, this.maxFailedAttempts, 5000L, this.clock);
                AuthenticationMetadata putIfAbsent = this.authenticationData.putIfAbsent(str, authenticationMetadata);
                if (putIfAbsent != null) {
                    authenticationMetadata = putIfAbsent;
                }
            } else {
                authenticationMetadata = this.unknownUser;
            }
        }
        return authenticationMetadata;
    }

    private String randomSalt() {
        byte[] bArr = new byte[16];
        this.rand.nextBytes(bArr);
        return BytePrinter.compactHex(bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String hash(String str, String str2, String str3) {
        try {
            byte[] bytes = (str + str2).getBytes(Charsets.UTF_8);
            MessageDigest messageDigest = MessageDigest.getInstance(str3);
            messageDigest.update(bytes, 0, bytes.length);
            return BytePrinter.compactHex(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Hash algorithm is not available on this platform: " + e.getMessage(), e);
        }
    }
}
