package net.lukemurphey.nsia;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.sql.SQLException;
import net.lukemurphey.nsia.Authentication;
import net.lukemurphey.nsia.UserManagement;
import net.lukemurphey.nsia.eventlog.EventLogField;
import net.lukemurphey.nsia.eventlog.EventLogMessage;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:net/lukemurphey/nsia/LocalPasswordAuthentication.class */
public class LocalPasswordAuthentication extends Authentication {
    private static long DEFAULT_AUTHENTICATION_ATTEMPT_LIMIT = 4;
    private static long DEFAULT_AUTHENTICATION_AGGREGATION_PERIOD_SECONDS = 3600;
    private static long SECONDS_AUTHENTICATION_DELAY = 1;

    public LocalPasswordAuthentication(Application application) {
        super(application);
    }

    public Authentication.AuthenticationResult authenticate(String str, PasswordAuthenticationValidator passwordAuthenticationValidator, ClientData clientData) throws NoSuchAlgorithmException, SQLException, InputValidationException, NoDatabaseConnectionException, NumericalOverflowException {
        UserManagement userManagement = new UserManagement(this.appRes);
        try {
            UserManagement.UserDescriptor userDescriptor = userManagement.getUserDescriptor(str);
            long currentTimeMillis = System.currentTimeMillis();
            if (userDescriptor == null) {
                incrementAuthenticationFailedCount(str, this.appRes.getApplicationConfiguration().getAuthenticationAttemptAggregationCount());
                timedDelay(currentTimeMillis, SECONDS_AUTHENTICATION_DELAY);
                return new Authentication.AuthenticationResult(3, null);
            }
            if (userDescriptor.getAccountStatus() == UserManagement.AccountStatus.ADMINISTRATIVELY_LOCKED) {
                timedDelay(currentTimeMillis, SECONDS_AUTHENTICATION_DELAY);
                return new Authentication.AuthenticationResult(5, null);
            }
            if (userDescriptor.getAccountStatus() == UserManagement.AccountStatus.BRUTE_FORCE_LOCKED) {
                timedDelay(currentTimeMillis, SECONDS_AUTHENTICATION_DELAY);
                return new Authentication.AuthenticationResult(6, null);
            }
            if (userDescriptor.getAccountStatus() == UserManagement.AccountStatus.DISABLED) {
                timedDelay(currentTimeMillis, SECONDS_AUTHENTICATION_DELAY);
                return new Authentication.AuthenticationResult(4, null);
            }
            boolean isAccountBruteForceLocked = isAccountBruteForceLocked(userDescriptor.getUserName());
            String PBKDF2 = PBKDF2(userDescriptor.getPasswordHashAlgorithm(), passwordAuthenticationValidator.getPassword(), userDescriptor.getPasswordHashSalt(), userDescriptor.getPasswordHashIterationCount());
            SessionManagement sessionManagement = new SessionManagement(this.appRes);
            if (!PBKDF2.matches(userDescriptor.getPasswordHash())) {
                if (isAccountBruteForceLocked) {
                    timedDelay(currentTimeMillis, SECONDS_AUTHENTICATION_DELAY);
                    return new Authentication.AuthenticationResult(6, null);
                }
                incrementAuthenticationFailedCount(userDescriptor.getUserName(), this.appRes.getApplicationConfiguration().getAuthenticationAttemptAggregationCount());
                timedDelay(currentTimeMillis, SECONDS_AUTHENTICATION_DELAY);
                return new Authentication.AuthenticationResult(2, null);
            }
            if (isAccountBruteForceLocked) {
                timedDelay(currentTimeMillis, SECONDS_AUTHENTICATION_DELAY);
                return new Authentication.AuthenticationResult(6, null);
            }
            if (userDescriptor.getPasswordHashIterationCount() != this.appRes.getApplicationConfiguration().getHashIterations()) {
                userManagement.changePassword(userDescriptor.getUserID(), passwordAuthenticationValidator.getPassword());
            }
            clearAuthenticationFailedCount(str);
            return new Authentication.AuthenticationResult(0, sessionManagement.createSession(userDescriptor.getUserID(), clientData));
        } catch (NotFoundException e) {
            return new Authentication.AuthenticationResult(3, null);
        }
    }

    public boolean checkPassword(int i, PasswordAuthenticationValidator passwordAuthenticationValidator) throws NoSuchAlgorithmException, SQLException, InputValidationException, NoDatabaseConnectionException, NumericalOverflowException, NotFoundException {
        UserManagement.UserDescriptor userDescriptor = new UserManagement(this.appRes).getUserDescriptor(i);
        return userDescriptor != null && PBKDF2(userDescriptor.getPasswordHashAlgorithm(), passwordAuthenticationValidator.getPassword(), userDescriptor.getPasswordHashSalt(), (long) userDescriptor.getPasswordHashIterationCount()).matches(userDescriptor.getPasswordHash());
    }

    public boolean isAccountBruteForceLocked(String str) throws NoDatabaseConnectionException, SQLException {
        long j = DEFAULT_AUTHENTICATION_ATTEMPT_LIMIT;
        try {
            j = this.appRes.getApplicationConfiguration().getAuthenticationAttemptLimit();
        } catch (SQLException e) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e);
        } catch (InputValidationException e2) {
            this.appRes.logEvent(EventLogMessage.EventType.SYSTEM_PARAMETER_NAME_ILLEGAL, new EventLogField(EventLogField.FieldName.PARAMETER, "Security.MaximumAuthenticationAttemptLimit"));
        } catch (NoDatabaseConnectionException e3) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.DATABASE_FAILURE, e3);
        }
        long j2 = DEFAULT_AUTHENTICATION_AGGREGATION_PERIOD_SECONDS;
        try {
            j2 = this.appRes.getApplicationConfiguration().getAuthenticationAttemptAggregationCount();
        } catch (SQLException e4) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.SQL_EXCEPTION, e4);
        } catch (InputValidationException e5) {
            this.appRes.logEvent(EventLogMessage.EventType.SYSTEM_PARAMETER_NAME_ILLEGAL, new EventLogField(EventLogField.FieldName.PARAMETER, "Security.AuthenticationAttemptAggregationPeriod"));
        } catch (NoDatabaseConnectionException e6) {
            this.appRes.logExceptionEvent(EventLogMessage.EventType.DATABASE_FAILURE, e6);
        }
        return getAuthenticationFailedCount(str, j2) >= j;
    }

    public static String generateRandomPassword(int i) throws NoSuchAlgorithmException {
        if (i < 8) {
            throw new IllegalArgumentException("The length of the generated password must be greater than 7 characters");
        }
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        StringBuffer stringBuffer = new StringBuffer(i);
        for (int i2 = 0; i2 < i; i2++) {
            int nextInt = secureRandom.nextInt(61);
            if (nextInt < 10) {
                stringBuffer.append((char) (nextInt + 48));
            } else if (nextInt < 36) {
                stringBuffer.append((char) (nextInt + 55));
            } else {
                stringBuffer.append((char) (nextInt + 61));
            }
        }
        return stringBuffer.toString();
    }

    public static String PBKDF2(String str, String str2, String str3, long j) throws NoSuchAlgorithmException {
        if (str == null) {
            throw new IllegalArgumentException("The hash algorithm cannot be null");
        }
        if (j < 1) {
            throw new IllegalArgumentException("The iteration count for PBKDF2 must be greater than 0");
        }
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        byte[] bytes = (String.valueOf(str2) + str3).getBytes();
        for (int i = 0; i < j; i++) {
            bytes = messageDigest.digest(bytes);
        }
        return new String(Hex.encodeHex(bytes));
    }

    public static String generateSalt(int i) throws NoSuchAlgorithmException, SQLException, InputValidationException, NoDatabaseConnectionException {
        if (i == 0) {
            throw new IllegalArgumentException("Salt creation failed since the given length is invalid");
        }
        byte[] bArr = new byte[i / 2];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        return new String(Hex.encodeHex(bArr));
    }
}
