package co.pishfa.security.service;

import co.pishfa.accelerate.cdi.CdiUtils;
import co.pishfa.accelerate.context.SessionContext;
import co.pishfa.accelerate.storage.service.DefaultFileService;
import co.pishfa.accelerate.ui.UiService;
import co.pishfa.security.LoggedInEvent;
import co.pishfa.security.entity.audit.AuditLevel;
import co.pishfa.security.entity.authentication.SecurityPolicy;
import co.pishfa.security.entity.authentication.User;
import co.pishfa.security.exception.AccountDisabledException;
import co.pishfa.security.exception.AuthenticationException;
import co.pishfa.security.exception.ChangePasswordException;
import co.pishfa.security.exception.NoUserException;
import co.pishfa.security.exception.ReLoginException;
import co.pishfa.security.exception.WrongPasswordException;
import co.pishfa.security.repo.UserRepo;
import java.lang.annotation.Annotation;
import java.util.Calendar;
import java.util.Date;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Event;
import javax.inject.Inject;
import javax.persistence.NoResultException;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:co/pishfa/security/service/Authenticator.class */
public class Authenticator {

    @Inject
    protected Logger log;

    @Inject
    protected UserRepo userRepo;

    @Inject
    protected AuditService auditService;

    @Inject
    protected AuthenticationService authenticationService;

    @Inject
    protected Event<LoggedInEvent> userLoggedInEvent;

    @Inject
    protected SecurityConfig securityConfig;

    @Inject
    protected SessionContext sessionContext;

    @Inject
    private UiService uiService;

    @Inject
    private OnlineUserService onlineUserService;

    public static Authenticator getInstance() {
        return (Authenticator) CdiUtils.getInstance(Authenticator.class, new Annotation[0]);
    }

    public void authenticate(String str, String str2) throws AuthenticationException {
        User user = null;
        try {
            try {
                try {
                    User findByName = this.userRepo.findByName(str);
                    SecurityPolicy securityPolicyInherited = findByName.getDomain().getSecurityPolicyInherited();
                    if (this.securityConfig.isSecurityEnabled()) {
                        checkAllowedToLogin(findByName, securityPolicyInherited);
                        if ((!this.securityConfig.isSsoEnabled() || "true".equals(this.sessionContext.get(SecurityConstants.SESSION_LOCAL_LOGIN, String.class))) && !this.authenticationService.hashPassword(str2).equals(findByName.getLoginInfo().getPasswordHash())) {
                            throw new WrongPasswordException();
                        }
                    }
                    successfulLogin(findByName, securityPolicyInherited);
                    if (findByName != null) {
                        findByName.getLoginInfo().setLastLoginTime(new Date());
                        findByName.getLoginInfo().setLastUrl(this.uiService.getRequest().getRemoteAddr());
                        this.userRepo.edit(findByName);
                        if (findByName.needToChangePassword()) {
                            throw new ChangePasswordException();
                        }
                    }
                } catch (NoResultException e) {
                    throw new NoUserException();
                }
            } catch (AuthenticationException e2) {
                if (0 != 0) {
                    unsuccessfulLogin(null, null);
                }
                throw e2;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                user.getLoginInfo().setLastLoginTime(new Date());
                user.getLoginInfo().setLastUrl(this.uiService.getRequest().getRemoteAddr());
                this.userRepo.edit(null);
                if (user.needToChangePassword()) {
                    throw new ChangePasswordException();
                }
            }
            throw th;
        }
    }

    public void unsuccessfulLogin(User user, SecurityPolicy securityPolicy) {
        int loginAttempts = user.getLoginInfo().getLoginAttempts();
        SecurityPolicy.LoginFailAction loginFailAction = securityPolicy.getLoginFailAction();
        if (loginAttempts <= securityPolicy.getNumberOfFailedTries() || loginFailAction == SecurityPolicy.LoginFailAction.NOTHING) {
            user.getLoginInfo().setLoginAttempts(loginAttempts + 1);
            return;
        }
        if (loginFailAction == SecurityPolicy.LoginFailAction.DISABLE_ACCOUNT) {
            user.getActivation().setEnabled(false);
            user.getLoginInfo().setLoginAttempts(0);
        }
        this.auditService.audit(user, SecurityConstants.ACTION_USER_LOGIN_MORE_THAN_ALLOWED, (String) null, AuditLevel.WARN);
    }

    protected void successfulLogin(User user, SecurityPolicy securityPolicy) {
        user.getLoginInfo().setLoginAttempts(0);
        this.uiService.getSession().setMaxInactiveInterval(securityPolicy.getSessionTimeout());
        DefaultFileService.getInstance().getUrl(user.getImage());
        this.userLoggedInEvent.fire(new LoggedInEvent(user));
    }

    public void checkAllowedToLogin(User user, SecurityPolicy securityPolicy) {
        if (!user.isActive()) {
            throw new AccountDisabledException();
        }
        if (securityPolicy.isPreventMultipleLogin() && this.onlineUserService.isOnline(user)) {
            throw new ReLoginException();
        }
        if (securityPolicy.getLoginFailAction() != SecurityPolicy.LoginFailAction.DISABLE_LIMITED_TIME || user.getLoginInfo().getLoginAttempts() <= securityPolicy.getNumberOfFailedTries()) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.add(12, -securityPolicy.getWaitTimeForRelogin());
        if (!calendar.getTime().after(user.getLoginInfo().getLastLoginTime())) {
            throw new AccountDisabledException();
        }
        user.getLoginInfo().setLoginAttempts(0);
    }
}
