package org.owasp.esapi.reference;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.poi.ss.util.CellUtil;
import org.eclipse.jdt.internal.compiler.impl.CompilerOptions;
import org.owasp.esapi.Authenticator;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.EncoderConstants;
import org.owasp.esapi.Logger;
import org.owasp.esapi.Randomizer;
import org.owasp.esapi.StringUtilities;
import org.owasp.esapi.User;
import org.owasp.esapi.errors.AuthenticationAccountsException;
import org.owasp.esapi.errors.AuthenticationCredentialsException;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.EncryptionException;

/* loaded from: input_file:fk-ui-war-3.0.27.war:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/reference/FileBasedAuthenticator.class */
public class FileBasedAuthenticator extends AbstractAuthenticator {
    private static volatile Authenticator singletonInstance;
    private static final int MAX_ACCOUNT_NAME_LENGTH = 250;
    private final Logger logger = ESAPI.getLogger(org.opensaml.ws.wstrust.Authenticator.ELEMENT_LOCAL_NAME);
    private File userDB = null;
    private long checkInterval = 60000;
    private long lastModified = 0;
    private long lastChecked = 0;
    private Map<Long, User> userMap = new HashMap();
    private Map<User, List<String>> passwordMap = new Hashtable();

    public static Authenticator getInstance() {
        if (singletonInstance == null) {
            synchronized (FileBasedAuthenticator.class) {
                if (singletonInstance == null) {
                    singletonInstance = new FileBasedAuthenticator();
                }
            }
        }
        return singletonInstance;
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length != 3) {
            System.out.println("Usage: Authenticator accountname password role");
            return;
        }
        FileBasedAuthenticator fileBasedAuthenticator = new FileBasedAuthenticator();
        String lowerCase = strArr[0].toLowerCase();
        String str = strArr[1];
        String str2 = strArr[2];
        DefaultUser defaultUser = (DefaultUser) fileBasedAuthenticator.getUser(strArr[0]);
        if (defaultUser != null) {
            System.err.println("User account " + defaultUser.getAccountName() + " already exists!");
            return;
        }
        DefaultUser defaultUser2 = new DefaultUser(lowerCase);
        fileBasedAuthenticator.setHashedPassword(defaultUser2, fileBasedAuthenticator.hashPassword(str, lowerCase));
        defaultUser2.addRole(str2);
        defaultUser2.enable();
        defaultUser2.unlock();
        fileBasedAuthenticator.userMap.put(Long.valueOf(defaultUser2.getAccountId()), defaultUser2);
        System.out.println("New user created: " + lowerCase);
        fileBasedAuthenticator.saveUsers();
        System.out.println("User account " + defaultUser2.getAccountName() + " updated");
    }

    private void setHashedPassword(User user, String str) {
        List<String> allHashedPasswords = getAllHashedPasswords(user, true);
        allHashedPasswords.add(0, str);
        if (allHashedPasswords.size() > ESAPI.securityConfiguration().getMaxOldPasswordHashes()) {
            allHashedPasswords.remove(allHashedPasswords.size() - 1);
        }
        this.logger.info(Logger.SECURITY_SUCCESS, "New hashed password stored for " + user.getAccountName());
    }

    String getHashedPassword(User user) {
        return getAllHashedPasswords(user, false).get(0);
    }

    void setOldPasswordHashes(User user, List<String> list) {
        List<String> allHashedPasswords = getAllHashedPasswords(user, true);
        if (allHashedPasswords.size() > 1) {
            allHashedPasswords.removeAll(allHashedPasswords.subList(1, allHashedPasswords.size() - 1));
        }
        allHashedPasswords.addAll(list);
    }

    List<String> getAllHashedPasswords(User user, boolean z) {
        List<String> list = this.passwordMap.get(user);
        if (list != null) {
            return list;
        }
        if (!z) {
            throw new RuntimeException("No hashes found for " + user.getAccountName() + ". Is User.hashcode() and equals() implemented correctly?");
        }
        ArrayList arrayList = new ArrayList();
        this.passwordMap.put(user, arrayList);
        return arrayList;
    }

    List<String> getOldPasswordHashes(User user) {
        List<String> allHashedPasswords = getAllHashedPasswords(user, false);
        return allHashedPasswords.size() > 1 ? Collections.unmodifiableList(allHashedPasswords.subList(1, allHashedPasswords.size() - 1)) : Collections.emptyList();
    }

    private FileBasedAuthenticator() {
    }

    @Override // org.owasp.esapi.Authenticator
    public synchronized User createUser(String str, String str2, String str3) throws AuthenticationException {
        loadUsersIfNecessary();
        if (str == null) {
            throw new AuthenticationAccountsException("Account creation failed", "Attempt to create user with null accountName");
        }
        if (getUser(str) != null) {
            throw new AuthenticationAccountsException("Account creation failed", "Duplicate user creation denied for " + str);
        }
        verifyAccountNameStrength(str);
        if (str2 == null) {
            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account " + str + " with a null password");
        }
        DefaultUser defaultUser = new DefaultUser(str);
        verifyPasswordStrength(null, str2, defaultUser);
        if (!str2.equals(str3)) {
            throw new AuthenticationCredentialsException("Passwords do not match", "Passwords for " + str + " do not match");
        }
        try {
            setHashedPassword(defaultUser, hashPassword(str2, str));
            this.userMap.put(Long.valueOf(defaultUser.getAccountId()), defaultUser);
            this.logger.info(Logger.SECURITY_SUCCESS, "New user created: " + str);
            saveUsers();
            return defaultUser;
        } catch (EncryptionException e) {
            throw new AuthenticationException("Internal error", "Error hashing password for " + str, e);
        }
    }

    @Override // org.owasp.esapi.Authenticator
    public String generateStrongPassword() {
        return generateStrongPassword("");
    }

    private String generateStrongPassword(String str) {
        Randomizer randomizer = ESAPI.randomizer();
        int randomInteger = randomizer.getRandomInteger(4, 6);
        String str2 = randomizer.getRandomString(randomInteger, EncoderConstants.CHAR_PASSWORD_LETTERS) + randomizer.getRandomString(1, EncoderConstants.CHAR_PASSWORD_SPECIALS) + randomizer.getRandomString(7 - randomInteger, EncoderConstants.CHAR_PASSWORD_DIGITS);
        return StringUtilities.getLevenshteinDistance(str, str2) > 5 ? str2 : generateStrongPassword(str);
    }

    @Override // org.owasp.esapi.Authenticator
    public void changePassword(User user, String str, String str2, String str3) throws AuthenticationException {
        String accountName = user.getAccountName();
        try {
            if (!getHashedPassword(user).equals(hashPassword(str, accountName))) {
                throw new AuthenticationCredentialsException("Password change failed", "Authentication failed for password change on user: " + accountName);
            }
            if (str2 == null || str3 == null || !str2.equals(str3)) {
                throw new AuthenticationCredentialsException("Password change failed", "Passwords do not match for password change on user: " + accountName);
            }
            verifyPasswordStrength(str, str2, user);
            user.setLastPasswordChangeTime(new Date());
            String hashPassword = hashPassword(str2, accountName);
            if (getOldPasswordHashes(user).contains(hashPassword)) {
                throw new AuthenticationCredentialsException("Password change failed", "Password change matches a recent password for user: " + accountName);
            }
            setHashedPassword(user, hashPassword);
            this.logger.info(Logger.SECURITY_SUCCESS, "Password changed for user: " + accountName);
            saveUsers();
        } catch (EncryptionException e) {
            throw new AuthenticationException("Password change failed", "Encryption exception changing password for " + accountName, e);
        }
    }

    @Override // org.owasp.esapi.Authenticator
    public boolean verifyPassword(User user, String str) {
        String accountName = user.getAccountName();
        try {
            if (hashPassword(str, accountName).equals(getHashedPassword(user))) {
                user.setLastLoginTime(new Date());
                ((DefaultUser) user).setFailedLoginCount(0);
                this.logger.info(Logger.SECURITY_SUCCESS, "Password verified for " + accountName);
                return true;
            }
        } catch (EncryptionException e) {
            this.logger.fatal(Logger.SECURITY_FAILURE, "Encryption error verifying password for " + accountName);
        }
        this.logger.fatal(Logger.SECURITY_FAILURE, "Password verification failed for " + accountName);
        return false;
    }

    @Override // org.owasp.esapi.Authenticator
    public String generateStrongPassword(User user, String str) {
        String generateStrongPassword = generateStrongPassword(str);
        if (generateStrongPassword != null) {
            this.logger.info(Logger.SECURITY_SUCCESS, "Generated strong password for " + user.getAccountName());
        }
        return generateStrongPassword;
    }

    @Override // org.owasp.esapi.Authenticator
    public synchronized User getUser(long j) {
        if (j == 0) {
            return User.ANONYMOUS;
        }
        loadUsersIfNecessary();
        return this.userMap.get(Long.valueOf(j));
    }

    @Override // org.owasp.esapi.Authenticator
    public synchronized User getUser(String str) {
        if (str == null) {
            return User.ANONYMOUS;
        }
        loadUsersIfNecessary();
        for (User user : this.userMap.values()) {
            if (user.getAccountName().equalsIgnoreCase(str)) {
                return user;
            }
        }
        return null;
    }

    @Override // org.owasp.esapi.Authenticator
    public synchronized Set getUserNames() {
        loadUsersIfNecessary();
        HashSet hashSet = new HashSet();
        Iterator<User> it = this.userMap.values().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getAccountName());
        }
        return hashSet;
    }

    @Override // org.owasp.esapi.Authenticator
    public String hashPassword(String str, String str2) throws EncryptionException {
        return ESAPI.encryptor().hash(str, str2.toLowerCase());
    }

    protected void loadUsersIfNecessary() {
        if (this.userDB == null) {
            this.userDB = ESAPI.securityConfiguration().getResourceFile("users.txt");
        }
        if (this.userDB == null) {
            this.userDB = new File(System.getProperty("user.home") + "/.esapi", "users.txt");
            try {
                if (!this.userDB.createNewFile()) {
                    throw new IOException("Unable to create the user file");
                }
                this.logger.warning(Logger.SECURITY_SUCCESS, "Created " + this.userDB.getAbsolutePath());
            } catch (IOException e) {
                this.logger.fatal(Logger.SECURITY_FAILURE, "Could not create " + this.userDB.getAbsolutePath(), e);
            }
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - this.lastChecked < this.checkInterval) {
            return;
        }
        this.lastChecked = currentTimeMillis;
        if (this.lastModified == this.userDB.lastModified()) {
            return;
        }
        loadUsersImmediately();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:27:0x0129
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    protected void loadUsersImmediately() {
        /*
            Method dump skipped, instructions count: 353
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owasp.esapi.reference.FileBasedAuthenticator.loadUsersImmediately():void");
    }

    private DefaultUser createUser(String str) throws AuthenticationException {
        String[] split = str.split(" *\\| *");
        long parseLong = Long.parseLong(split[0]);
        String str2 = split[1];
        verifyAccountNameStrength(str2);
        DefaultUser defaultUser = new DefaultUser(str2);
        defaultUser.accountId = parseLong;
        String str3 = split[2];
        verifyPasswordStrength(null, str3, defaultUser);
        setHashedPassword(defaultUser, str3);
        for (String str4 : split[3].toLowerCase().split(" *, *")) {
            if (!"".equals(str4)) {
                defaultUser.addRole(str4);
            }
        }
        if (!"unlocked".equalsIgnoreCase(split[4])) {
            defaultUser.lock();
        }
        if (CompilerOptions.ENABLED.equalsIgnoreCase(split[5])) {
            defaultUser.enable();
        } else {
            defaultUser.disable();
        }
        defaultUser.resetCSRFToken();
        setOldPasswordHashes(defaultUser, Arrays.asList(split[6].split(" *, *")));
        defaultUser.setLastHostAddress("null".equals(split[7]) ? null : split[7]);
        defaultUser.setLastPasswordChangeTime(new Date(Long.parseLong(split[8])));
        defaultUser.setLastLoginTime(new Date(Long.parseLong(split[9])));
        defaultUser.setLastFailedLoginTime(new Date(Long.parseLong(split[10])));
        defaultUser.setExpirationTime(new Date(Long.parseLong(split[11])));
        defaultUser.setFailedLoginCount(Integer.parseInt(split[12]));
        return defaultUser;
    }

    @Override // org.owasp.esapi.Authenticator
    public synchronized void removeUser(String str) throws AuthenticationException {
        loadUsersIfNecessary();
        User user = getUser(str);
        if (user == null) {
            throw new AuthenticationAccountsException("Remove user failed", "Can't remove invalid accountName " + str);
        }
        this.userMap.remove(Long.valueOf(user.getAccountId()));
        this.logger.info(Logger.SECURITY_SUCCESS, "Removing user " + user.getAccountName());
        this.passwordMap.remove(user);
        saveUsers();
    }

    /* JADX WARN: Code restructure failed: missing block: B:18:0x0099, code lost:
    
        r7.close();
        r6.lastModified = r6.userDB.lastModified();
        r6.lastChecked = r6.lastModified;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0092, code lost:
    
        throw r9;
     */
    /* JADX WARN: Removed duplicated region for block: B:15:0x00b0 A[REMOVE] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void saveUsers() throws org.owasp.esapi.errors.AuthenticationException {
        /*
            r6 = this;
            r0 = 0
            r7 = r0
            java.io.PrintWriter r0 = new java.io.PrintWriter     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r1 = r0
            java.io.FileWriter r2 = new java.io.FileWriter     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r3 = r2
            r4 = r6
            java.io.File r4 = r4.userDB     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r3.<init>(r4)     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r1.<init>(r2)     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r7 = r0
            r0 = r7
            java.lang.String r1 = "# This is the user file associated with the ESAPI library from http://www.owasp.org"
            r0.println(r1)     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r0 = r7
            java.lang.String r1 = "# accountId | accountName | hashedPassword | roles | locked | enabled | csrfToken | oldPasswordHashes | lastPasswordChangeTime | lastLoginTime | lastFailedLoginTime | expirationTime | failedLoginCount"
            r0.println(r1)     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r0 = r7
            r0.println()     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r0 = r6
            r1 = r7
            r0.saveUsers(r1)     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r0 = r7
            r0.flush()     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r0 = r6
            org.owasp.esapi.Logger r0 = r0.logger     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            org.owasp.esapi.Logger$EventType r1 = org.owasp.esapi.Logger.SECURITY_SUCCESS     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            java.lang.String r2 = "User file written to disk"
            r0.info(r1, r2)     // Catch: java.io.IOException -> L42 java.lang.Throwable -> L8d
            r0 = jsr -> L93
        L3f:
            goto Lb2
        L42:
            r8 = move-exception
            r0 = r6
            org.owasp.esapi.Logger r0 = r0.logger     // Catch: java.lang.Throwable -> L8d
            org.owasp.esapi.Logger$EventType r1 = org.owasp.esapi.Logger.SECURITY_FAILURE     // Catch: java.lang.Throwable -> L8d
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L8d
            r3 = r2
            r3.<init>()     // Catch: java.lang.Throwable -> L8d
            java.lang.String r3 = "Problem saving user file "
            java.lang.StringBuilder r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L8d
            r3 = r6
            java.io.File r3 = r3.userDB     // Catch: java.lang.Throwable -> L8d
            java.lang.String r3 = r3.getAbsolutePath()     // Catch: java.lang.Throwable -> L8d
            java.lang.StringBuilder r2 = r2.append(r3)     // Catch: java.lang.Throwable -> L8d
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> L8d
            r3 = r8
            r0.fatal(r1, r2, r3)     // Catch: java.lang.Throwable -> L8d
            org.owasp.esapi.errors.AuthenticationException r0 = new org.owasp.esapi.errors.AuthenticationException     // Catch: java.lang.Throwable -> L8d
            r1 = r0
            java.lang.String r2 = "Internal Error"
            java.lang.StringBuilder r3 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L8d
            r4 = r3
            r4.<init>()     // Catch: java.lang.Throwable -> L8d
            java.lang.String r4 = "Problem saving user file "
            java.lang.StringBuilder r3 = r3.append(r4)     // Catch: java.lang.Throwable -> L8d
            r4 = r6
            java.io.File r4 = r4.userDB     // Catch: java.lang.Throwable -> L8d
            java.lang.String r4 = r4.getAbsolutePath()     // Catch: java.lang.Throwable -> L8d
            java.lang.StringBuilder r3 = r3.append(r4)     // Catch: java.lang.Throwable -> L8d
            java.lang.String r3 = r3.toString()     // Catch: java.lang.Throwable -> L8d
            r4 = r8
            r1.<init>(r2, r3, r4)     // Catch: java.lang.Throwable -> L8d
            throw r0     // Catch: java.lang.Throwable -> L8d
        L8d:
            r9 = move-exception
            r0 = jsr -> L93
        L91:
            r1 = r9
            throw r1
        L93:
            r10 = r0
            r0 = r7
            if (r0 == 0) goto Lb0
            r0 = r7
            r0.close()
            r0 = r6
            r1 = r6
            java.io.File r1 = r1.userDB
            long r1 = r1.lastModified()
            r0.lastModified = r1
            r0 = r6
            r1 = r6
            long r1 = r1.lastModified
            r0.lastChecked = r1
        Lb0:
            ret r10
        Lb2:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owasp.esapi.reference.FileBasedAuthenticator.saveUsers():void");
    }

    protected synchronized void saveUsers(PrintWriter printWriter) throws AuthenticationCredentialsException {
        for (String str : getUserNames()) {
            DefaultUser defaultUser = (DefaultUser) getUser(str);
            if (defaultUser == null || defaultUser.isAnonymous()) {
                throw new AuthenticationCredentialsException("Problem saving user", "Skipping save of user " + str);
            }
            printWriter.println(save(defaultUser));
        }
    }

    private String save(DefaultUser defaultUser) {
        StringBuilder sb = new StringBuilder();
        sb.append(defaultUser.getAccountId());
        sb.append(" | ");
        sb.append(defaultUser.getAccountName());
        sb.append(" | ");
        sb.append(getHashedPassword(defaultUser));
        sb.append(" | ");
        sb.append(dump(defaultUser.getRoles()));
        sb.append(" | ");
        sb.append(defaultUser.isLocked() ? CellUtil.LOCKED : "unlocked");
        sb.append(" | ");
        sb.append(defaultUser.isEnabled() ? CompilerOptions.ENABLED : "disabled");
        sb.append(" | ");
        sb.append(dump(getOldPasswordHashes(defaultUser)));
        sb.append(" | ");
        sb.append(defaultUser.getLastHostAddress());
        sb.append(" | ");
        sb.append(defaultUser.getLastPasswordChangeTime().getTime());
        sb.append(" | ");
        sb.append(defaultUser.getLastLoginTime().getTime());
        sb.append(" | ");
        sb.append(defaultUser.getLastFailedLoginTime().getTime());
        sb.append(" | ");
        sb.append(defaultUser.getExpirationTime().getTime());
        sb.append(" | ");
        sb.append(defaultUser.getFailedLoginCount());
        return sb.toString();
    }

    private String dump(Collection<String> collection) {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(",");
        }
        return collection.size() > 0 ? sb.toString().substring(0, sb.length() - 1) : "";
    }

    @Override // org.owasp.esapi.Authenticator
    public void verifyAccountNameStrength(String str) throws AuthenticationException {
        if (str == null) {
            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account with a null account name");
        }
        if (!ESAPI.validator().isValidInput("verifyAccountNameStrength", str, "AccountName", 250, false)) {
            throw new AuthenticationCredentialsException("Invalid account name", "New account name is not valid: " + str);
        }
    }

    @Override // org.owasp.esapi.Authenticator
    public void verifyPasswordStrength(String str, String str2, User user) throws AuthenticationException {
        if (str2 == null) {
            throw new AuthenticationCredentialsException("Invalid password", "New password cannot be null");
        }
        if (str != null) {
            int length = str.length();
            for (int i = 0; i < length - 2; i++) {
                if (str2.indexOf(str.substring(i, i + 3)) > -1) {
                    throw new AuthenticationCredentialsException("Invalid password", "New password cannot contain pieces of old password");
                }
            }
        }
        int i2 = 0;
        int i3 = 0;
        while (true) {
            if (i3 >= str2.length()) {
                break;
            }
            if (Arrays.binarySearch(EncoderConstants.CHAR_LOWERS, str2.charAt(i3)) >= 0) {
                i2 = 0 + 1;
                break;
            }
            i3++;
        }
        int i4 = 0;
        while (true) {
            if (i4 >= str2.length()) {
                break;
            }
            if (Arrays.binarySearch(EncoderConstants.CHAR_UPPERS, str2.charAt(i4)) >= 0) {
                i2++;
                break;
            }
            i4++;
        }
        int i5 = 0;
        while (true) {
            if (i5 >= str2.length()) {
                break;
            }
            if (Arrays.binarySearch(EncoderConstants.CHAR_DIGITS, str2.charAt(i5)) >= 0) {
                i2++;
                break;
            }
            i5++;
        }
        int i6 = 0;
        while (true) {
            if (i6 >= str2.length()) {
                break;
            }
            if (Arrays.binarySearch(EncoderConstants.CHAR_SPECIALS, str2.charAt(i6)) >= 0) {
                i2++;
                break;
            }
            i6++;
        }
        if (str2.length() * i2 < 16) {
            throw new AuthenticationCredentialsException("Invalid password", "New password is not long and complex enough");
        }
        if (user.getAccountName().equalsIgnoreCase(str2)) {
            throw new AuthenticationCredentialsException("Invalid password", "Password matches account name, irrespective of case");
        }
    }
}
