package com.atlassian.confluence.security.login;

import com.atlassian.confluence.impl.vcache.SynchronousExternalCache;
import com.atlassian.confluence.security.persistence.dao.UserLoginInfoDao;
import com.atlassian.confluence.security.persistence.dao.hibernate.UserLoginInfo;
import com.atlassian.confluence.setup.DefaultBootstrapManager;
import com.atlassian.confluence.setup.settings.Settings;
import com.atlassian.confluence.setup.settings.SettingsManager;
import com.atlassian.confluence.setup.settings.beans.LoginManagerSettings;
import com.atlassian.confluence.user.AuthenticatorOverwrite;
import com.atlassian.confluence.user.ConfluenceUser;
import com.atlassian.confluence.user.UserAccessor;
import com.atlassian.confluence.web.context.StaticHttpContext;
import com.atlassian.core.util.Clock;
import com.atlassian.user.User;
import com.atlassian.vcache.VCacheFactory;
import com.google.common.base.Preconditions;
import java.util.Date;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.jcip.annotations.GuardedBy;
import net.jcip.annotations.Immutable;
import net.jcip.annotations.ThreadSafe;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:com/atlassian/confluence/security/login/DefaultLoginManager.class */
public class DefaultLoginManager implements LoginManager {
    private static final int DEFAULT_FAILED_LOGIN_ATTEMPTS_THRESHOLD = 3;
    private static final Logger log = LoggerFactory.getLogger(DefaultLoginManager.class);
    private static final String CACHE_NAME = DefaultLoginManager.class.getName();
    private final UserAccessor userAccessor;
    private final SettingsManager settingsManager;
    private final Clock clock;
    private final UserLoginInfoDao loginInfoDao;

    @GuardedBy(DefaultBootstrapManager.LOCK_FILE_NAME)
    private final SynchronousExternalCache<Integer> loginAttemptsCache;
    private final Object lock = new Object();

    @Immutable
    /* loaded from: input_file:com/atlassian/confluence/security/login/DefaultLoginManager$DefaultLoginInfo.class */
    private static final class DefaultLoginInfo implements LoginInfo {
        private final boolean requiresElevatedSecurityCheck;
        private final UserLoginInfo userLoginInfo;

        DefaultLoginInfo(UserLoginInfo userLoginInfo, boolean z) {
            this.userLoginInfo = userLoginInfo;
            this.requiresElevatedSecurityCheck = z;
        }

        @Override // com.atlassian.confluence.security.login.LoginInfo
        public boolean requiresElevatedSecurityCheck() {
            return this.requiresElevatedSecurityCheck;
        }

        @Override // com.atlassian.confluence.security.login.HistoricalLoginInfo
        public int getCurrentFailedLoginCount() {
            return this.userLoginInfo.getCurrentFailedLoginCount();
        }

        @Override // com.atlassian.confluence.security.login.HistoricalLoginInfo
        public int getTotalFailedLoginCount() {
            return this.userLoginInfo.getTotalFailedLoginCount();
        }

        @Override // com.atlassian.confluence.security.login.HistoricalLoginInfo
        public Date getLastSuccessfulLoginDate() {
            return this.userLoginInfo.getLastSuccessfulLoginDate();
        }

        @Override // com.atlassian.confluence.security.login.HistoricalLoginInfo
        public Date getLastFailedLoginDate() {
            return this.userLoginInfo.getLastFailedLoginDate();
        }

        @Override // com.atlassian.confluence.security.login.HistoricalLoginInfo
        public Date getPreviousSuccessfulLoginDate() {
            return this.userLoginInfo.getPreviousSuccessfulLoginDate();
        }
    }

    public DefaultLoginManager(SettingsManager settingsManager, UserAccessor userAccessor, VCacheFactory vCacheFactory, Clock clock, UserLoginInfoDao userLoginInfoDao) {
        this.settingsManager = (SettingsManager) Preconditions.checkNotNull(settingsManager, "SettingsManager cannot be null");
        this.userAccessor = (UserAccessor) Preconditions.checkNotNull(userAccessor, "UserAccessor cannot be null");
        this.loginInfoDao = (UserLoginInfoDao) Preconditions.checkNotNull(userLoginInfoDao, "UserLoginInfoDao cannot be null");
        this.clock = clock;
        this.loginAttemptsCache = SynchronousExternalCache.synchronousStableReadExternalCache(vCacheFactory, CACHE_NAME, Integer.class);
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    @Deprecated
    public void onFailedLoginAttempt(String str) {
        onFailedLoginAttempt(str, null);
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    public void onFailedLoginAttempt(String str, HttpServletRequest httpServletRequest) {
        recordLoginFailure(str, httpServletRequest);
        ConfluenceUser userByName = this.userAccessor.getUserByName(str);
        if (null != userByName) {
            UserLoginInfo findOrCreateUserLoginInfoForUser = this.loginInfoDao.findOrCreateUserLoginInfoForUser(userByName);
            findOrCreateUserLoginInfoForUser.failedLogin(this.clock.getCurrentDate());
            this.loginInfoDao.saveOrUpdate(findOrCreateUserLoginInfoForUser);
        } else {
            String cacheKey = cacheKey(str);
            synchronized (this.lock) {
                this.loginAttemptsCache.put(cacheKey, Integer.valueOf(1 + this.loginAttemptsCache.get(cacheKey, () -> {
                    return 0;
                }).intValue()));
            }
        }
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    @Deprecated
    public void onSuccessfulLoginAttempt(String str) {
        onSuccessfulLoginAttempt(str, null);
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    public void onSuccessfulLoginAttempt(String str, HttpServletRequest httpServletRequest) {
        log.debug("Successful login attempt for user '{}'", str);
        ConfluenceUser userByName = this.userAccessor.getUserByName(str);
        if (null == userByName) {
            log.error("Can not retrieve the user '{}' to set the successful login information (last login date).", str);
            return;
        }
        UserLoginInfo findOrCreateUserLoginInfoForUser = this.loginInfoDao.findOrCreateUserLoginInfoForUser(userByName);
        findOrCreateUserLoginInfoForUser.successfulLogin(this.clock.getCurrentDate());
        this.loginInfoDao.saveOrUpdate(findOrCreateUserLoginInfoForUser);
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    public boolean isElevatedSecurityCheckEnabled() {
        LoginManagerSettings loginManagerSettings = getLoginManagerSettings();
        return (null == loginManagerSettings || !loginManagerSettings.isEnableElevatedSecurityCheck() || AuthenticatorOverwrite.isPasswordConfirmationDisabled()) ? false : true;
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    public LoginResult authenticate(String str, String str2) {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return LoginResult.AUTHENTICATION_FAILED;
        }
        if (null == this.userAccessor.getUserByName(str)) {
            onFailedLoginAttempt(str, null);
            return LoginResult.AUTHENTICATION_FAILED;
        }
        boolean requiresElevatedSecurityCheck = requiresElevatedSecurityCheck(str);
        if (!this.userAccessor.authenticate(str, str2)) {
            onFailedLoginAttempt(str, null);
            return LoginResult.AUTHENTICATION_FAILED;
        }
        if (requiresElevatedSecurityCheck) {
            onFailedLoginAttempt(str, null);
            return LoginResult.OK_WITH_ELEVATED_SECURITY_CHECK_REQUIRED;
        }
        onSuccessfulLoginAttempt(str, null);
        return LoginResult.OK;
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    public boolean requiresElevatedSecurityCheck(String str) {
        return isElevatedSecurityCheckEnabled() && getCurrentFailedLoginCount(str) >= getLoginAttemptsThreshold();
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    public void resetFailedLoginCount(User user) {
        UserLoginInfo findOrCreateUserLoginInfoForUser = this.loginInfoDao.findOrCreateUserLoginInfoForUser(user);
        findOrCreateUserLoginInfoForUser.resetFailedLoginCount();
        this.loginInfoDao.saveOrUpdate(findOrCreateUserLoginInfoForUser);
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    @Nullable
    public LoginInfo getLoginInfo(String str) {
        ConfluenceUser userByName = this.userAccessor.getUserByName(str);
        if (null == userByName) {
            return null;
        }
        return new DefaultLoginInfo(this.loginInfoDao.findOrCreateUserLoginInfoForUser(userByName), requiresElevatedSecurityCheck(str));
    }

    @Override // com.atlassian.confluence.security.login.LoginManager
    @Nullable
    public LoginInfo getLoginInfo(User user) {
        if (null == user) {
            return null;
        }
        return new DefaultLoginInfo(this.loginInfoDao.findOrCreateUserLoginInfoForUser(user), requiresElevatedSecurityCheck(user.getName()));
    }

    private int getLoginAttemptsThreshold() {
        LoginManagerSettings loginManagerSettings = getLoginManagerSettings();
        if (null != loginManagerSettings) {
            return loginManagerSettings.getLoginAttemptsThreshold();
        }
        return 3;
    }

    private int getCurrentFailedLoginCount(String str) {
        int intValue;
        ConfluenceUser userByName = this.userAccessor.getUserByName(str);
        if (null != userByName) {
            return this.loginInfoDao.findOrCreateUserLoginInfoForUser(userByName).getCurrentFailedLoginCount();
        }
        synchronized (this.lock) {
            intValue = this.loginAttemptsCache.get(cacheKey(str)).orElse(0).intValue();
        }
        return intValue;
    }

    @Nullable
    private LoginManagerSettings getLoginManagerSettings() {
        Settings globalSettings;
        if (null == this.settingsManager || null == (globalSettings = this.settingsManager.getGlobalSettings())) {
            return null;
        }
        return globalSettings.getLoginManagerSettings();
    }

    private void recordLoginFailure(String str, HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            httpServletRequest = new StaticHttpContext().getRequest();
        }
        StringBuilder append = new StringBuilder("\nFailed login attempt for user '").append(str).append("':\n");
        if (httpServletRequest != null) {
            append.append("  Request URL: ").append(httpServletRequest.getRequestURL()).append("\n");
            append.append("  User-Agent: ").append(httpServletRequest.getHeader("User-Agent")).append("\n");
            append.append("  Remote Address: ").append(httpServletRequest.getRemoteAddr()).append("\n");
            if (httpServletRequest.getHeader("X-Forwarded-For") != null) {
                append.append("  X-Forwarded-For: ").append(httpServletRequest.getHeader("X-Forwarded-For")).append("\n");
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(append.toString());
        } else if (log.isInfoEnabled() && requiresElevatedSecurityCheck(str)) {
            log.info(append.toString());
        }
    }

    private static String cacheKey(String str) {
        return null == str ? "" : StringUtils.left(str, 200);
    }
}
