package tigase.auth;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
import java.util.logging.Level;
import java.util.logging.Logger;
import tigase.eventbus.EventBus;
import tigase.eventbus.HandleEvent;
import tigase.kernel.DefaultTypesConverter;
import tigase.kernel.TypesConverter;
import tigase.kernel.beans.Bean;
import tigase.kernel.beans.Initializable;
import tigase.kernel.beans.Inject;
import tigase.kernel.beans.UnregisterAware;
import tigase.map.ClusterMapFactory;
import tigase.server.xmppsession.SessionManager;
import tigase.stats.ComponentStatisticsProvider;
import tigase.stats.StatisticsList;
import tigase.vhosts.VHostItem;
import tigase.xmpp.XMPPResourceConnection;
import tigase.xmpp.jid.BareJID;

@Bean(name = "brute-force-locker", parent = SessionManager.class, active = true)
/* loaded from: input_file:tigase/auth/BruteForceLockerBean.class */
public class BruteForceLockerBean implements Initializable, UnregisterAware, ComponentStatisticsProvider {
    private static final String ANY = "*";
    private static final String LOCK_ENABLED_KEY = "brute-force-lock-enabled";
    private static final String LOCK_AFTER_FAILS_KEY = "brute-force-lock-after-fails";
    private static final String LOCK_DISABLE_ACCOUNT_FAILS_KEY = "brute-force-disable-after-fails";
    private static final String LOCK_TIME_KEY = "brute-force-lock-time";
    private static final String LOCK_PERIOD_TIME_KEY = "brute-force-period-time";
    private static final String LOCK_MODE_KEY = "brute-force-mode";
    private static final String MAP_TYPE = "brute-force-invalid-logins";
    private final Logger log = Logger.getLogger(getClass().getName());
    private final Map<String, StatHolder> otherStatHolders = new ConcurrentHashMap();
    private final StatHolder statHolder = new StatHolder();

    @Inject
    private EventBus eventBus;
    private Map<Key, Value> map;

    @Inject
    private SessionManager sessionManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:tigase/auth/BruteForceLockerBean$Key.class */
    public static class Key implements TypesConverter.Parcelable {
        private String domain;
        private String ip;
        private String jid;

        public Key() {
        }

        public Key(String str, String str2, String str3) {
            this.ip = str;
            this.jid = str2;
            this.domain = str3;
        }

        @Override // tigase.kernel.TypesConverter.Parcelable
        public String[] encodeToStrings() {
            return new String[]{this.jid, this.ip, this.domain};
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Key key = (Key) obj;
            if (this.domain.equals(key.domain) && this.ip.equals(key.ip)) {
                return this.jid.equals(key.jid);
            }
            return false;
        }

        @Override // tigase.kernel.TypesConverter.Parcelable
        public void fillFromString(String[] strArr) {
            this.jid = strArr[0];
            this.ip = strArr[1];
            this.domain = strArr[2];
        }

        public String getIp() {
            return this.ip;
        }

        public void setIp(String str) {
            this.ip = str;
        }

        public String getJid() {
            return this.jid;
        }

        public void setJid(String str) {
            this.jid = str;
        }

        public int hashCode() {
            return (31 * ((31 * this.domain.hashCode()) + this.ip.hashCode())) + this.jid.hashCode();
        }

        public boolean isJIDPresent() {
            return (this.jid == null || this.jid.equals(BruteForceLockerBean.ANY)) ? false : true;
        }

        public String toString() {
            return "Key[ip=" + this.ip + ", jid=" + this.jid + ", domain=" + this.domain + "]";
        }
    }

    /* loaded from: input_file:tigase/auth/BruteForceLockerBean$LoginLockedException.class */
    public static class LoginLockedException extends Exception {
    }

    /* loaded from: input_file:tigase/auth/BruteForceLockerBean$Mode.class */
    public enum Mode {
        Ip,
        IpJid,
        Jid
    }

    /* loaded from: input_file:tigase/auth/BruteForceLockerBean$StatHolder.class */
    public static class StatHolder implements TypesConverter.Parcelable {
        private final Map<String, Integer> ips = new ConcurrentHashMap();
        private final Map<BareJID, Integer> jids = new ConcurrentHashMap();
        private final DefaultTypesConverter typesConverter = new DefaultTypesConverter();

        public Map<String, Integer> getIps() {
            return this.ips;
        }

        public Map<BareJID, Integer> getJids() {
            return this.jids;
        }

        public void clear() {
            this.ips.clear();
            this.jids.clear();
        }

        public int addIP(String str) {
            return add(this.ips, str, 1);
        }

        public int addJID(BareJID bareJID) {
            return add(this.jids, bareJID, 1);
        }

        public int addIP(String str, int i) {
            return add(this.ips, str, i);
        }

        public int addJID(BareJID bareJID, int i) {
            return add(this.jids, bareJID, i);
        }

        @Override // tigase.kernel.TypesConverter.Parcelable
        public String[] encodeToStrings() {
            String[] strArr = new String[2 + (this.ips.size() * 2) + (this.jids.size() * 2)];
            strArr[0] = String.valueOf(this.ips.size());
            strArr[1] = String.valueOf(this.jids.size());
            fillTab(this.ips, strArr, 2);
            fillTab(this.jids, strArr, 2 + (this.ips.size() * 2));
            return strArr;
        }

        @Override // tigase.kernel.TypesConverter.Parcelable
        public void fillFromString(String[] strArr) {
            try {
                int parseInt = Integer.parseInt(strArr[0]);
                int parseInt2 = Integer.parseInt(strArr[1]);
                this.ips.clear();
                this.ips.putAll(read(strArr, 2, parseInt, str -> {
                    return str;
                }));
                this.jids.clear();
                this.jids.putAll(read(strArr, 2 + (parseInt * 2), parseInt2, BareJID::bareJIDInstanceNS));
            } catch (Exception e) {
                throw new RuntimeException("Cannot decode parcel: " + Arrays.toString(strArr), e);
            }
        }

        private <T> HashMap<T, Integer> read(String[] strArr, int i, int i2, Function<String, T> function) {
            HashMap<T, Integer> hashMap = new HashMap<>();
            for (int i3 = 0; i3 < i2; i3++) {
                hashMap.put(function.apply(strArr[i + (2 * i3)]), Integer.valueOf(Integer.parseInt(strArr[i + (2 * i3) + 1])));
            }
            return hashMap;
        }

        private <T> void fillTab(Map<T, Integer> map, String[] strArr, int i) {
            int i2 = i;
            for (Map.Entry<T, Integer> entry : map.entrySet()) {
                String obj = entry.getKey().toString();
                Integer value = entry.getValue();
                strArr[i2] = obj;
                strArr[i2 + 1] = String.valueOf(value);
                i2 += 2;
            }
        }

        private <T> int add(Map<T, Integer> map, T t, int i) {
            int intValue;
            synchronized (map) {
                Integer num = map.get(t);
                Integer valueOf = Integer.valueOf((num == null ? 0 : num.intValue()) + i);
                map.put(t, valueOf);
                intValue = valueOf.intValue();
            }
            return intValue;
        }
    }

    /* loaded from: input_file:tigase/auth/BruteForceLockerBean$StatisticsEmitEvent.class */
    public static class StatisticsEmitEvent implements Serializable {
        private String nodeName;
        private StatHolder statHolder;

        public StatisticsEmitEvent() {
        }

        public StatisticsEmitEvent(String str, StatHolder statHolder) {
            this.nodeName = str;
            this.statHolder = statHolder;
        }

        public String getNodeName() {
            return this.nodeName;
        }

        public void setNodeName(String str) {
            this.nodeName = str;
        }

        public StatHolder getStatHolder() {
            return this.statHolder;
        }

        public void setStatHolder(StatHolder statHolder) {
            this.statHolder = statHolder;
        }
    }

    /* loaded from: input_file:tigase/auth/BruteForceLockerBean$Value.class */
    public static class Value implements TypesConverter.Parcelable {
        private int badLoginCounter;
        private String domain;
        private long invalidateAtTime;
        private String ip;
        private BareJID jid;

        public Value() {
        }

        public Value(String str, String str2, BareJID bareJID) {
            this.domain = str;
            this.ip = str2;
            this.jid = bareJID;
        }

        @Override // tigase.kernel.TypesConverter.Parcelable
        public String[] encodeToStrings() {
            return new String[]{Integer.toString(this.badLoginCounter), Long.toString(this.invalidateAtTime)};
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Value value = (Value) obj;
            return this.badLoginCounter == value.badLoginCounter && this.invalidateAtTime == value.invalidateAtTime;
        }

        @Override // tigase.kernel.TypesConverter.Parcelable
        public void fillFromString(String[] strArr) {
            this.badLoginCounter = Integer.valueOf(strArr[0]).intValue();
            this.invalidateAtTime = Long.valueOf(strArr[1]).longValue();
        }

        public int getBadLoginCounter() {
            return this.badLoginCounter;
        }

        public void setBadLoginCounter(int i) {
            this.badLoginCounter = i;
        }

        public long getInvalidateAtTime() {
            return this.invalidateAtTime;
        }

        public void setInvalidateAtTime(long j) {
            this.invalidateAtTime = j;
        }

        public int hashCode() {
            return (31 * this.badLoginCounter) + ((int) (this.invalidateAtTime ^ (this.invalidateAtTime >>> 32)));
        }
    }

    public static String getClientIp(XMPPResourceConnection xMPPResourceConnection) {
        try {
            return (String) Optional.ofNullable(xMPPResourceConnection.getConnectionId()).map((v0) -> {
                return v0.getResource();
            }).map(str -> {
                return str.split("_")[2];
            }).orElse(null);
        } catch (Exception e) {
            return null;
        }
    }

    public void addInvalidLogin(XMPPResourceConnection xMPPResourceConnection, String str, BareJID bareJID) {
        addInvalidLogin(xMPPResourceConnection, str, bareJID, System.currentTimeMillis());
    }

    public void addInvalidLogin(XMPPResourceConnection xMPPResourceConnection, String str, BareJID bareJID, long j) {
        if (str == null) {
            if (this.log.isLoggable(Level.FINEST)) {
                this.log.finest("IP is null. Skip adding entry.");
                return;
            }
            return;
        }
        if (this.map == null) {
            this.log.warning("Brute Force Locker is no initialized yet!");
            return;
        }
        Key createKey = createKey(xMPPResourceConnection, str, bareJID);
        Value value = this.map.get(createKey);
        if (value == null) {
            value = new Value(xMPPResourceConnection != null ? xMPPResourceConnection.getDomain().getVhost().toString() : null, str, bareJID);
            value.setBadLoginCounter(0);
            if (this.log.isLoggable(Level.FINEST)) {
                this.log.finest("Entry didn't exists. Create new one.");
            }
        }
        if (value.getInvalidateAtTime() < j) {
            if (this.log.isLoggable(Level.FINEST)) {
                this.log.finest("Entry exists and is old, reset counter.");
            }
            value.setBadLoginCounter(0);
        }
        value.setBadLoginCounter(value.getBadLoginCounter() + 1);
        if (value.getBadLoginCounter() <= (xMPPResourceConnection == null ? 3L : ((Long) xMPPResourceConnection.getDomain().getData(LOCK_AFTER_FAILS_KEY)).longValue())) {
            value.setInvalidateAtTime(j + ((xMPPResourceConnection == null ? 10L : ((Long) xMPPResourceConnection.getDomain().getData(LOCK_PERIOD_TIME_KEY)).longValue()) * 1000));
        } else {
            value.setInvalidateAtTime(j + ((xMPPResourceConnection == null ? 10L : ((Long) xMPPResourceConnection.getDomain().getData(LOCK_TIME_KEY)).longValue()) * 1000));
        }
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.finest("New invalidate time for " + createKey + " == " + value.getInvalidateAtTime() + "; getBadLoginCounter == " + value.getBadLoginCounter());
        }
        this.map.put(createKey, value);
        addToStatistic(value);
    }

    public boolean canUserBeDisabled(XMPPResourceConnection xMPPResourceConnection, String str, BareJID bareJID) {
        Value value;
        Key createKey = createKey(xMPPResourceConnection, str, bareJID);
        if (!createKey.isJIDPresent() || (value = this.map.get(createKey)) == null) {
            return false;
        }
        long longValue = xMPPResourceConnection == null ? 20L : ((Long) xMPPResourceConnection.getDomain().getData(LOCK_DISABLE_ACCOUNT_FAILS_KEY)).longValue();
        return longValue != 0 && ((long) value.getBadLoginCounter()) > longValue;
    }

    public void clearAll() {
        if (this.map == null) {
            this.log.warning("Brute Force Locker is no initialized yet!");
        } else {
            this.map.clear();
        }
    }

    public void clearOutdated() {
        clearOutdated(System.currentTimeMillis());
    }

    public void clearOutdated(long j) {
        if (this.map == null) {
            this.log.warning("Brute Force Locker is no initialized yet!");
            return;
        }
        HashSet hashSet = new HashSet();
        this.map.forEach((key, value) -> {
            if (value.getInvalidateAtTime() < j) {
                hashSet.add(key);
            }
        });
        hashSet.forEach(key2 -> {
            this.map.remove(key2);
        });
    }

    @Override // tigase.stats.StatisticsProviderIfc
    public void getStatistics(String str, StatisticsList statisticsList) {
        clearOutdated();
        String str2 = str + "/BruteForceLocker";
        Iterator it = new ArrayList(this.map.values()).iterator();
        while (it.hasNext()) {
            Value value = (Value) it.next();
            statisticsList.add(str2, "Present locks: " + value.jid + " from " + value.ip, value.badLoginCounter, Level.FINER);
        }
        StatHolder statHolder = new StatHolder();
        this.statHolder.ips.forEach((str3, num) -> {
            statHolder.addIP(str3, num.intValue());
        });
        this.statHolder.jids.forEach((bareJID, num2) -> {
            statHolder.addJID(bareJID, num2.intValue());
        });
        this.otherStatHolders.values().forEach(statHolder2 -> {
            statHolder2.ips.forEach((str4, num3) -> {
                statHolder.addIP(str4, num3.intValue());
            });
            statHolder2.jids.forEach((bareJID2, num4) -> {
                statHolder.addJID(bareJID2, num4.intValue());
            });
        });
        statHolder.ips.forEach((str4, num3) -> {
            statisticsList.add(str2, "From IP: " + str4, num3.intValue(), Level.INFO);
        });
        statHolder.jids.forEach((bareJID2, num4) -> {
            statisticsList.add(str2, "For JID: " + bareJID2, num4.intValue(), Level.INFO);
        });
    }

    @Override // tigase.kernel.beans.Initializable
    public void initialize() {
        this.map = ClusterMapFactory.get().createMap(MAP_TYPE, Key.class, Value.class, new String[0]);
        if (!$assertionsDisabled && this.map == null) {
            throw new AssertionError("Distributed Map is NULL!");
        }
        if (!$assertionsDisabled && this.sessionManager == null) {
            throw new AssertionError("SessionManager is NULL!");
        }
        if (this.eventBus != null) {
            this.eventBus.registerAll(this);
        }
    }

    public boolean isEnabled(XMPPResourceConnection xMPPResourceConnection) {
        return xMPPResourceConnection == null || ((Boolean) xMPPResourceConnection.getDomain().getData(LOCK_ENABLED_KEY)).booleanValue();
    }

    @HandleEvent(filter = HandleEvent.Type.remote)
    public void handleStatisticsEmitEvent(StatisticsEmitEvent statisticsEmitEvent) {
        if (statisticsEmitEvent.getNodeName() == null) {
            return;
        }
        this.otherStatHolders.put(statisticsEmitEvent.getNodeName(), statisticsEmitEvent.getStatHolder());
    }

    public boolean isLoginAllowed(XMPPResourceConnection xMPPResourceConnection, String str, BareJID bareJID) {
        return isLoginAllowed(xMPPResourceConnection, str, bareJID, System.currentTimeMillis());
    }

    public boolean isLoginAllowed(XMPPResourceConnection xMPPResourceConnection, String str, BareJID bareJID, long j) {
        if (str == null) {
            if (!this.log.isLoggable(Level.FINEST)) {
                return true;
            }
            this.log.finest("IP is null. Return true.");
            return true;
        }
        if (this.map == null) {
            this.log.warning("Brute Force Locker is no initialized yet!");
            return false;
        }
        Key createKey = createKey(xMPPResourceConnection, str, bareJID);
        Value value = this.map.get(createKey);
        if (value != null) {
            return isLoginAllowed(xMPPResourceConnection, createKey, value, j);
        }
        if (!this.log.isLoggable(Level.FINEST)) {
            return true;
        }
        this.log.finest("No entry for " + createKey + ". Return true.");
        return true;
    }

    @Override // tigase.kernel.beans.UnregisterAware
    public void beforeUnregister() {
        this.eventBus.unregisterAll(this);
    }

    @Override // tigase.stats.ComponentStatisticsProvider
    public void everyHour() {
    }

    @Override // tigase.stats.ComponentStatisticsProvider
    public void everyMinute() {
        this.eventBus.fire(new StatisticsEmitEvent(this.sessionManager.getComponentId().getDomain(), this.statHolder));
    }

    @Override // tigase.stats.ComponentStatisticsProvider
    public void everySecond() {
    }

    void setMap(HashMap<Key, Value> hashMap) {
        this.map = hashMap;
    }

    final Key createKey(XMPPResourceConnection xMPPResourceConnection, String str, BareJID bareJID) {
        return createKey(xMPPResourceConnection == null ? Mode.IpJid : Mode.valueOf((String) xMPPResourceConnection.getDomain().getData(LOCK_MODE_KEY)), xMPPResourceConnection, str, bareJID);
    }

    final Key createKey(Mode mode, XMPPResourceConnection xMPPResourceConnection, String str, BareJID bareJID) {
        String jid = xMPPResourceConnection == null ? ANY : xMPPResourceConnection.getDomain().getVhost().toString();
        switch (mode) {
            case Jid:
                return new Key(ANY, bareJID == null ? ANY : bareJID.toString(), jid);
            case Ip:
                return new Key(str == null ? ANY : str, ANY, jid);
            case IpJid:
                return new Key(str == null ? ANY : str, bareJID == null ? ANY : bareJID.toString(), jid);
            default:
                throw new RuntimeException("Unknown mode " + mode);
        }
    }

    private void addToStatistic(Value value) {
        this.statHolder.addIP(value.ip);
        this.statHolder.addJID(value.jid);
    }

    private boolean isLoginAllowed(XMPPResourceConnection xMPPResourceConnection, Key key, Value value, long j) {
        if (value.getInvalidateAtTime() < j) {
            this.map.remove(key);
            if (!this.log.isLoggable(Level.FINEST)) {
                return true;
            }
            this.log.finest("Entry existed, but was too old. Entry removed. Return true.");
            return true;
        }
        long longValue = xMPPResourceConnection == null ? 3L : ((Long) xMPPResourceConnection.getDomain().getData(LOCK_AFTER_FAILS_KEY)).longValue();
        boolean z = ((long) value.badLoginCounter) <= longValue;
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.finest("Entry exist. lockAfterFails=" + longValue + ", value.badLoginCounter=" + value.badLoginCounter + ", result=" + z);
        }
        return z;
    }

    static {
        $assertionsDisabled = !BruteForceLockerBean.class.desiredAssertionStatus();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new VHostItem.DataType(LOCK_ENABLED_KEY, "Brute Force Prevention Enabled", Boolean.class, Boolean.TRUE));
        arrayList.add(new VHostItem.DataType(LOCK_AFTER_FAILS_KEY, "Number of allowed invalid login", Long.class, (Object) 3L));
        arrayList.add(new VHostItem.DataType(LOCK_DISABLE_ACCOUNT_FAILS_KEY, "Disable account after failed login", Long.class, (Object) 20L));
        arrayList.add(new VHostItem.DataType(LOCK_PERIOD_TIME_KEY, "Failed login in period of time [sec]", Long.class, (Object) 60L));
        arrayList.add(new VHostItem.DataType(LOCK_TIME_KEY, "Lock time [sec]", Long.class, (Object) 60L));
        arrayList.add(new VHostItem.DataType(LOCK_MODE_KEY, "Brute Force Prevention Mode", (Class<? extends Enum<Mode>>) Mode.class, Mode.IpJid));
        VHostItem.registerData(arrayList);
    }
}
