package org.eclipse.stardust.engine.core.security.audittrail;

import java.text.MessageFormat;
import java.util.Collections;
import java.util.Date;
import java.util.Map;
import org.eclipse.stardust.common.StringUtils;
import org.eclipse.stardust.common.config.Parameters;
import org.eclipse.stardust.common.config.ParametersFacade;
import org.eclipse.stardust.common.error.LoginFailedException;
import org.eclipse.stardust.common.error.ObjectNotFoundException;
import org.eclipse.stardust.common.log.LogManager;
import org.eclipse.stardust.common.log.Logger;
import org.eclipse.stardust.engine.api.runtime.BpmRuntimeError;
import org.eclipse.stardust.engine.api.runtime.LoginUtils;
import org.eclipse.stardust.engine.core.runtime.beans.Constants;
import org.eclipse.stardust.engine.core.runtime.beans.SynchronizationService;
import org.eclipse.stardust.engine.core.runtime.beans.UserBean;
import org.eclipse.stardust.engine.core.runtime.beans.removethis.SecurityProperties;
import org.eclipse.stardust.engine.core.security.utils.SecurityUtils;
import org.eclipse.stardust.engine.core.spi.security.ExternalLoginProvider;
import org.eclipse.stardust.engine.core.spi.security.ExternalLoginResult;
import org.eclipse.stardust.engine.runtime.utils.TimestampProviderUtils;

/* loaded from: input_file:lib/carnot-engine.jar:org/eclipse/stardust/engine/core/security/audittrail/AuditTrailLoginService.class */
public class AuditTrailLoginService implements ExternalLoginProvider {
    public static final Logger trace = LogManager.getLogger(AuditTrailLoginService.class);
    private String account;
    private String password;
    private UserBean user;
    private static final int DEFAULT_MAX_LOGIN_RETRIES = 3;
    private static final int DEFAULT_LOGIN_INVALIDATION_TIME = 1;
    private int invalidationTime = 0;
    private int maximumNumberLoginRetries;

    /* JADX WARN: Type inference failed for: r0v55, types: [long, org.eclipse.stardust.engine.core.runtime.beans.UserBean] */
    @Override // org.eclipse.stardust.engine.core.spi.security.ExternalLoginProvider
    public ExternalLoginResult login(String str, String str2, Map map) {
        this.account = str;
        this.password = str2;
        this.maximumNumberLoginRetries = Parameters.instance().getInteger(SecurityProperties.MAXIMUM_LOGIN_RETRIES_PROPERTY, 3);
        this.invalidationTime = Parameters.instance().getInteger(SecurityProperties.INVALIDATION_TIME_PROPERTY, 1);
        try {
            if (this.password == null || this.password.length() == 0) {
                throw new LoginFailedException(BpmRuntimeError.AUTHx_USER_PASSWORD_NOT_VALID.raise(getRealmQualifiedUserId(this.account, map)), 1);
            }
            try {
                Parameters instance = Parameters.instance();
                try {
                    ParametersFacade.pushLayer(instance, Collections.EMPTY_MAP).setProperty(SynchronizationService.PRP_DISABLE_SYNCHRONIZATION, Boolean.TRUE.toString());
                    this.user = (UserBean) LoginUtils.findLoginUser(this.account, map);
                    ParametersFacade.popLayer(instance);
                    long failedLoginCount = this.user.getFailedLoginCount();
                    if (LoginUtils.isUserExpired(this.user)) {
                        throw LoginUtils.createAccountExpiredException(this.user);
                    }
                    if (this.user.checkPassword(this.password)) {
                        if (!Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
                            if (!LoginUtils.isLoginUserWithoutTimestamp(this.user)) {
                                this.user.setLastLoginTime(TimestampProviderUtils.getTimeStamp());
                                SecurityUtils.updatePasswordHistory(this.user, str2);
                                if (SecurityUtils.isPasswordExpired(this.user)) {
                                    if (SecurityUtils.isUserDisabled(this.user)) {
                                        throw new LoginFailedException(BpmRuntimeError.AUTHx_USER_DISABLED_BY_PW_RULES.raise(getRealmQualifiedUserId(this.account, map)), 9);
                                    }
                                    throw new LoginFailedException(BpmRuntimeError.AUTHx_USER_ID_PASSWORD_EXPIRED.raise(getRealmQualifiedUserId(this.account, map)), 8);
                                }
                            }
                            this.user.setFailedLoginCount(0L);
                        }
                        trace.debug("logged in successfully.");
                        return ExternalLoginResult.testifySuccess();
                    }
                    if (!Parameters.instance().getBoolean(Constants.CARNOT_ARCHIVE_AUDITTRAIL, false)) {
                        ?? r0 = this.user;
                        r0.setFailedLoginCount(failedLoginCount + 1);
                        if (this.maximumNumberLoginRetries != 0 && r0 >= this.maximumNumberLoginRetries) {
                            if (this.invalidationTime == 0) {
                                this.user.setValidTo(TimestampProviderUtils.getTimeStamp());
                            } else {
                                Date date = new Date(TimestampProviderUtils.getTimeStampValue() + (this.invalidationTime * 1000 * 60));
                                if (this.user.getValidTo() == null || !this.user.getValidTo().before(date)) {
                                    this.user.setValidFrom(date);
                                } else {
                                    this.user.setValidFrom(TimestampProviderUtils.getTimeStamp());
                                }
                            }
                            this.user.setFailedLoginCount(0L);
                            throw new LoginFailedException(BpmRuntimeError.AUTHx_USER_TEMPORARILY_INVALIDATED.raise(getRealmQualifiedUserId(this.account, map)), 0);
                        }
                    }
                    throw new LoginFailedException(BpmRuntimeError.AUTHx_USER_PASSWORD_NOT_VALID.raise(getRealmQualifiedUserId(this.account, map)), 1);
                } catch (Throwable th) {
                    ParametersFacade.popLayer(instance);
                    throw th;
                }
            } catch (ObjectNotFoundException e) {
                throw new LoginFailedException(BpmRuntimeError.AUTHx_USER_PASSWORD_NOT_VALID.raise(getRealmQualifiedUserId(this.account, map)), 2);
            }
        } catch (LoginFailedException e2) {
            return ExternalLoginResult.testifyFailure(e2);
        }
    }

    private static String getRealmQualifiedUserId(String str, Map map) {
        String str2 = (String) map.get(SecurityProperties.REALM);
        return StringUtils.isEmpty(str2) ? MessageFormat.format("''{0}''", str) : MessageFormat.format("''{0}'' (Realm: ''{1}'')", str, str2);
    }
}
