package org.apache.catalina.realm;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.catalina.LifecycleException;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.joda.time.DateTimeConstants;

/* loaded from: input_file:WEB-INF/lib-provided/tomcat-embed-core-8.5.35.jar:org/apache/catalina/realm/LockOutRealm.class */
public class LockOutRealm extends CombinedRealm {
    private static final Log log = LogFactory.getLog((Class<?>) LockOutRealm.class);
    protected static final String name = "LockOutRealm";
    protected int failureCount = 5;
    protected int lockOutTime = 300;
    protected int cacheSize = 1000;
    protected int cacheRemovalWarningTime = DateTimeConstants.SECONDS_PER_HOUR;
    protected Map<String, LockRecord> failedUsers = null;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib-provided/tomcat-embed-core-8.5.35.jar:org/apache/catalina/realm/LockOutRealm$LockRecord.class */
    public static class LockRecord {
        private final AtomicInteger failures = new AtomicInteger(0);
        private long lastFailureTime = 0;

        protected LockRecord() {
        }

        public int getFailures() {
            return this.failures.get();
        }

        public void setFailures(int i) {
            this.failures.set(i);
        }

        public long getLastFailureTime() {
            return this.lastFailureTime;
        }

        public void registerFailure() {
            this.failures.incrementAndGet();
            this.lastFailureTime = System.currentTimeMillis();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.catalina.realm.CombinedRealm, org.apache.catalina.realm.RealmBase, org.apache.catalina.util.LifecycleBase
    public void startInternal() throws LifecycleException {
        this.failedUsers = new LinkedHashMap<String, LockRecord>(this.cacheSize, 0.75f, true) { // from class: org.apache.catalina.realm.LockOutRealm.1
            private static final long serialVersionUID = 1;

            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry<String, LockRecord> entry) {
                if (size() <= LockOutRealm.this.cacheSize) {
                    return false;
                }
                long currentTimeMillis = (System.currentTimeMillis() - entry.getValue().getLastFailureTime()) / 1000;
                if (currentTimeMillis >= LockOutRealm.this.cacheRemovalWarningTime) {
                    return true;
                }
                LockOutRealm.log.warn(RealmBase.sm.getString("lockOutRealm.removeWarning", entry.getKey(), Long.valueOf(currentTimeMillis)));
                return true;
            }
        };
        super.startInternal();
    }

    @Override // org.apache.catalina.realm.CombinedRealm, org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        return filterLockedAccounts(str, super.authenticate(str, str2, str3, str4, str5, str6, str7, str8));
    }

    @Override // org.apache.catalina.realm.CombinedRealm, org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(String str, String str2) {
        return filterLockedAccounts(str, super.authenticate(str, str2));
    }

    @Override // org.apache.catalina.realm.CombinedRealm, org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(X509Certificate[] x509CertificateArr) {
        String str = null;
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            str = x509CertificateArr[0].getSubjectDN().getName();
        }
        return filterLockedAccounts(str, super.authenticate(x509CertificateArr));
    }

    @Override // org.apache.catalina.realm.CombinedRealm, org.apache.catalina.realm.RealmBase, org.apache.catalina.Realm
    public Principal authenticate(GSSContext gSSContext, boolean z) {
        if (!gSSContext.isEstablished()) {
            return null;
        }
        try {
            return filterLockedAccounts(gSSContext.getSrcName().toString(), super.authenticate(gSSContext, z));
        } catch (GSSException e) {
            log.warn(sm.getString("realmBase.gssNameFail"), e);
            return null;
        }
    }

    private Principal filterLockedAccounts(String str, Principal principal) {
        if (principal == null && isAvailable()) {
            registerAuthFailure(str);
        }
        if (isLocked(str)) {
            log.warn(sm.getString("lockOutRealm.authLockedUser", str));
            return null;
        }
        if (principal != null) {
            registerAuthSuccess(str);
        }
        return principal;
    }

    public void unlock(String str) {
        registerAuthSuccess(str);
    }

    public boolean isLocked(String str) {
        LockRecord lockRecord;
        synchronized (this) {
            lockRecord = this.failedUsers.get(str);
        }
        return lockRecord != null && lockRecord.getFailures() >= this.failureCount && (System.currentTimeMillis() - lockRecord.getLastFailureTime()) / 1000 < ((long) this.lockOutTime);
    }

    private synchronized void registerAuthSuccess(String str) {
        this.failedUsers.remove(str);
    }

    private void registerAuthFailure(String str) {
        LockRecord lockRecord;
        synchronized (this) {
            if (this.failedUsers.containsKey(str)) {
                lockRecord = this.failedUsers.get(str);
                if (lockRecord.getFailures() >= this.failureCount && (System.currentTimeMillis() - lockRecord.getLastFailureTime()) / 1000 > this.lockOutTime) {
                    lockRecord.setFailures(0);
                }
            } else {
                lockRecord = new LockRecord();
                this.failedUsers.put(str, lockRecord);
            }
        }
        lockRecord.registerFailure();
    }

    public int getFailureCount() {
        return this.failureCount;
    }

    public void setFailureCount(int i) {
        this.failureCount = i;
    }

    public int getLockOutTime() {
        return this.lockOutTime;
    }

    @Override // org.apache.catalina.realm.CombinedRealm, org.apache.catalina.realm.RealmBase
    protected String getName() {
        return name;
    }

    public void setLockOutTime(int i) {
        this.lockOutTime = i;
    }

    public int getCacheSize() {
        return this.cacheSize;
    }

    public void setCacheSize(int i) {
        this.cacheSize = i;
    }

    public int getCacheRemovalWarningTime() {
        return this.cacheRemovalWarningTime;
    }

    public void setCacheRemovalWarningTime(int i) {
        this.cacheRemovalWarningTime = i;
    }
}
