package org.owasp.esapi;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.owasp.esapi.errors.AuthenticationAccountsException;
import org.owasp.esapi.errors.AuthenticationCredentialsException;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.AuthenticationLoginException;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.interfaces.ILogger;
import org.owasp.esapi.interfaces.IUser;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/User.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/User.class */
public class User implements IUser, Serializable {
    private static final long serialVersionUID = 1;
    private static final Logger logger = Logger.getLogger("ESAPI", "User");
    private boolean dirty;
    private boolean isFirstRequest;
    private String accountName;
    private String screenName;
    private String hashedPassword;
    private List oldPasswordHashes;
    private String rememberToken;
    private String csrfToken;
    private Set roles;
    private boolean locked;
    private boolean loggedIn;
    private boolean enabled;
    private String lastHostAddress;
    private Date lastPasswordChangeTime;
    private Date lastLoginTime;
    private Date lastFailedLoginTime;
    private Date expirationTime;
    private int failedLoginCount;
    private Map events;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:ESAPI/build/classes/org/owasp/esapi/User$Event.class
     */
    /* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/User$Event.class */
    public class Event {
        public String key;
        public Stack times = new Stack();
        public long count = 0;

        public Event(String str) {
            this.key = str;
        }

        public void increment(int i, long j) throws IntrusionException {
            Date date = new Date();
            this.times.add(0, date);
            while (this.times.size() > i) {
                this.times.remove(this.times.size() - 1);
            }
            if (this.times.size() == i) {
                if (date.getTime() - ((Date) this.times.get(i - 1)).getTime() < j * 1000) {
                    throw new IntrusionException();
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User() {
        this.dirty = false;
        this.isFirstRequest = true;
        this.accountName = "";
        this.screenName = "";
        this.hashedPassword = "";
        this.oldPasswordHashes = new ArrayList();
        this.rememberToken = "";
        this.csrfToken = "";
        this.roles = new HashSet();
        this.locked = false;
        this.loggedIn = true;
        this.enabled = false;
        this.lastPasswordChangeTime = new Date();
        this.lastLoginTime = new Date();
        this.lastFailedLoginTime = new Date();
        this.expirationTime = new Date(Long.MAX_VALUE);
        this.failedLoginCount = 0;
        this.events = new HashMap();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User(String str) {
        this.dirty = false;
        this.isFirstRequest = true;
        this.accountName = "";
        this.screenName = "";
        this.hashedPassword = "";
        this.oldPasswordHashes = new ArrayList();
        this.rememberToken = "";
        this.csrfToken = "";
        this.roles = new HashSet();
        this.locked = false;
        this.loggedIn = true;
        this.enabled = false;
        this.lastPasswordChangeTime = new Date();
        this.lastLoginTime = new Date();
        this.lastFailedLoginTime = new Date();
        this.expirationTime = new Date(Long.MAX_VALUE);
        this.failedLoginCount = 0;
        this.events = new HashMap();
        String[] split = str.split("\\|");
        this.accountName = split[0].trim().toLowerCase();
        this.hashedPassword = split[1].trim();
        this.roles.addAll(Arrays.asList(split[2].trim().toLowerCase().split(",")));
        this.locked = !"unlocked".equalsIgnoreCase(split[3].trim());
        this.enabled = "enabled".equalsIgnoreCase(split[4].trim());
        this.rememberToken = split[5].trim();
        resetCSRFToken();
        this.oldPasswordHashes.addAll(Arrays.asList(split[6].trim().split(",")));
        this.lastHostAddress = split[7].trim();
        this.lastPasswordChangeTime = new Date(Long.parseLong(split[8].trim()));
        this.lastLoginTime = new Date(Long.parseLong(split[9].trim()));
        this.lastFailedLoginTime = new Date(Long.parseLong(split[10].trim()));
        this.expirationTime = new Date(Long.parseLong(split[11].trim()));
        this.failedLoginCount = Integer.parseInt(split[12].trim());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public User(String str, String str2) {
        this.dirty = false;
        this.isFirstRequest = true;
        this.accountName = "";
        this.screenName = "";
        this.hashedPassword = "";
        this.oldPasswordHashes = new ArrayList();
        this.rememberToken = "";
        this.csrfToken = "";
        this.roles = new HashSet();
        this.locked = false;
        this.loggedIn = true;
        this.enabled = false;
        this.lastPasswordChangeTime = new Date();
        this.lastLoginTime = new Date();
        this.lastFailedLoginTime = new Date();
        this.expirationTime = new Date(Long.MAX_VALUE);
        this.failedLoginCount = 0;
        this.events = new HashMap();
        this.accountName = str.toLowerCase();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public User(String str, String str2, String str3) throws AuthenticationException {
        this.dirty = false;
        this.isFirstRequest = true;
        this.accountName = "";
        this.screenName = "";
        this.hashedPassword = "";
        this.oldPasswordHashes = new ArrayList();
        this.rememberToken = "";
        this.csrfToken = "";
        this.roles = new HashSet();
        this.locked = false;
        this.loggedIn = true;
        this.enabled = false;
        this.lastPasswordChangeTime = new Date();
        this.lastLoginTime = new Date();
        this.lastFailedLoginTime = new Date();
        this.expirationTime = new Date(Long.MAX_VALUE);
        this.failedLoginCount = 0;
        this.events = new HashMap();
        Authenticator.getInstance().verifyAccountNameStrength(str);
        if (str2 == null) {
            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account " + str + " with a null password");
        }
        Authenticator.getInstance().verifyPasswordStrength(str2, null);
        if (!str2.equals(str3)) {
            throw new AuthenticationCredentialsException("Passwords do not match", "Passwords for " + str + " do not match");
        }
        this.accountName = str.toLowerCase();
        setHashedPassword(Encryptor.getInstance().hash(str2, this.accountName));
        this.expirationTime = new Date(System.currentTimeMillis() + 7776000000L);
        logger.logCritical(ILogger.SECURITY, "Account created successfully: " + str);
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void addRole(String str) throws AuthenticationException {
        String lowerCase = str.toLowerCase();
        if (!Validator.getInstance().isValidDataFromBrowser("RoleName", lowerCase)) {
            throw new AuthenticationAccountsException("Add role failed", "Attempt to add invalid role " + lowerCase + " to " + getAccountName());
        }
        setDirty(true);
        this.roles.add(lowerCase);
        logger.logCritical(ILogger.SECURITY, "Role " + lowerCase + " added to " + getAccountName());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void addRoles(Set set) throws AuthenticationException {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            addRole((String) it.next());
        }
    }

    public void addSecurityEvent(String str) throws IntrusionException {
        Event event = (Event) this.events.get(str);
        if (event == null) {
            event = new Event(str);
            this.events.put(str, event);
        }
        Threshold quota = SecurityConfiguration.getInstance().getQuota(str);
        if (quota.count > 0) {
            event.increment(quota.count, quota.interval);
        }
    }

    protected void changePassword(String str, String str2) {
        setLastPasswordChangeTime(new Date());
        setHashedPassword(Authenticator.getInstance().hashPassword(str, getAccountName()));
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "Password changed for user: " + getAccountName());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void changePassword(String str, String str2, String str3) throws AuthenticationException {
        if (!this.hashedPassword.equals(Authenticator.getInstance().hashPassword(str, getAccountName()))) {
            throw new AuthenticationCredentialsException("Password change failed", "Authentication failed for password chanage on user: " + getAccountName());
        }
        if (str2 == null || str3 == null || !str2.equals(str3)) {
            throw new AuthenticationCredentialsException("Password change failed", "Passwords do not match for password change on user: " + getAccountName());
        }
        Authenticator.getInstance().verifyPasswordStrength(str2, str);
        setLastPasswordChangeTime(new Date());
        String hashPassword = Authenticator.getInstance().hashPassword(str2, this.accountName);
        if (this.oldPasswordHashes.contains(hashPassword)) {
            throw new AuthenticationCredentialsException("Password change failed", "Password change matches a recent password for user: " + getAccountName());
        }
        setHashedPassword(hashPassword);
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "Password changed for user: " + getAccountName());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void disable() {
        this.enabled = false;
        setDirty(true);
        logger.logSpecial("Account disabled: " + getAccountName(), null);
    }

    protected String dump(Collection collection) {
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            stringBuffer.append((String) it.next());
            if (it.hasNext()) {
                stringBuffer.append(",");
            }
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void enable() {
        this.enabled = true;
        setDirty(true);
        logger.logSpecial("Account enabled: " + getAccountName(), null);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj != null && getClass().equals(obj.getClass())) {
            return this.accountName.equals(((User) obj).accountName);
        }
        return false;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public String getAccountName() {
        return this.accountName;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public String getCSRFToken() {
        return this.csrfToken;
    }

    public Date getExpirationTime() {
        return (Date) this.expirationTime.clone();
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public int getFailedLoginCount() {
        return this.failedLoginCount;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getHashedPassword() {
        return this.hashedPassword;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public Date getLastFailedLoginTime() {
        return (Date) this.lastFailedLoginTime.clone();
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public String getLastHostAddress() {
        return this.lastHostAddress;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public Date getLastLoginTime() {
        return (Date) this.lastLoginTime.clone();
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public Date getLastPasswordChangeTime() {
        return (Date) this.lastPasswordChangeTime.clone();
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public String getRememberToken() {
        return this.rememberToken;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public Set getRoles() {
        return Collections.unmodifiableSet(this.roles);
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public String getScreenName() {
        return this.screenName;
    }

    public int hashCode() {
        return this.accountName.hashCode();
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void incrementFailedLoginCount() {
        this.failedLoginCount++;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isAnonymous() {
        return getAccountName().equals("anonymous");
    }

    public boolean isDirty() {
        return this.dirty;
    }

    public void setDirty(boolean z) {
        this.dirty = z;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isExpired() {
        return getExpirationTime().before(new Date());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isInRole(String str) {
        return this.roles.contains(str.toLowerCase());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isLocked() {
        return this.locked;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isLoggedIn() {
        return this.loggedIn;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isSessionAbsoluteTimeout(HttpSession httpSession) {
        return new Date().after(new Date(httpSession.getCreationTime() + 7200000));
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isSessionTimeout(HttpSession httpSession) {
        return new Date().after(new Date(httpSession.getLastAccessedTime() + 1200000));
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void lock() {
        this.locked = true;
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "Account locked: " + getAccountName());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void loginWithPassword(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (str == null || str.isEmpty()) {
            setLastFailedLoginTime(new Date());
            throw new AuthenticationLoginException("Login failed", "Missing password: " + this.accountName);
        }
        if (!isEnabled()) {
            setLastFailedLoginTime(new Date());
            throw new AuthenticationLoginException("Login failed", "Disabled user attempt to login: " + this.accountName);
        }
        if (isLocked()) {
            setLastFailedLoginTime(new Date());
            throw new AuthenticationLoginException("Login failed", "Locked user attempt to login: " + this.accountName);
        }
        if (isExpired()) {
            setLastFailedLoginTime(new Date());
            throw new AuthenticationLoginException("Login failed", "Expired user attempt to login: " + this.accountName);
        }
        if (!isAnonymous()) {
            logout(httpServletRequest, httpServletResponse);
        }
        if (!verifyPassword(str)) {
            throw new AuthenticationLoginException("Login failed", "Login attempt as " + getAccountName() + " failed");
        }
        this.loggedIn = true;
        HTTPUtilities.getInstance().changeSessionIdentifier().setAttribute("ESAPIUserSessionKey", getAccountName());
        Authenticator.getInstance().setCurrentUser(this);
        setLastLoginTime(new Date());
        setLastHostAddress(httpServletRequest.getRemoteHost());
        logger.logTrace(ILogger.SECURITY, "User logged in: " + this.accountName);
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Authenticator authenticator = Authenticator.getInstance();
        if (authenticator.getCurrentUser().isAnonymous()) {
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        HTTPUtilities.getInstance().killCookie("JSESSIONID");
        this.loggedIn = false;
        logger.logSuccess(ILogger.SECURITY, "Logout successful");
        authenticator.setCurrentUser(Authenticator.getInstance().anonymous);
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void removeRole(String str) {
        this.roles.remove(str.toLowerCase());
        setDirty(true);
        logger.logTrace(ILogger.SECURITY, "Role " + str + " removed from " + getAccountName());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public String resetCSRFToken() {
        this.csrfToken = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        return this.csrfToken;
    }

    public String resetPassword() {
        String generateStrongPassword = Authenticator.getInstance().generateStrongPassword();
        changePassword(generateStrongPassword, generateStrongPassword);
        return generateStrongPassword;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public String resetRememberToken() throws AuthenticationException {
        this.rememberToken = Randomizer.getInstance().getRandomString(20, Encoder.CHAR_ALPHANUMERICS);
        logger.logTrace(ILogger.SECURITY, "New remember token generated for: " + getAccountName());
        setDirty(true);
        return this.rememberToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String save() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(this.accountName);
        stringBuffer.append(" | ");
        stringBuffer.append(getHashedPassword());
        stringBuffer.append(" | ");
        stringBuffer.append(dump(getRoles()));
        stringBuffer.append(" | ");
        stringBuffer.append(isLocked() ? "locked" : "unlocked");
        stringBuffer.append(" | ");
        stringBuffer.append(isEnabled() ? "enabled" : "disabled");
        stringBuffer.append(" | ");
        stringBuffer.append(getRememberToken());
        stringBuffer.append(" | ");
        stringBuffer.append(dump(this.oldPasswordHashes));
        stringBuffer.append(" | ");
        stringBuffer.append(getLastHostAddress());
        stringBuffer.append(" | ");
        stringBuffer.append(getLastPasswordChangeTime().getTime());
        stringBuffer.append(" | ");
        stringBuffer.append(getLastLoginTime().getTime());
        stringBuffer.append(" | ");
        stringBuffer.append(getLastFailedLoginTime().getTime());
        stringBuffer.append(" | ");
        stringBuffer.append(getExpirationTime().getTime());
        stringBuffer.append(" | ");
        stringBuffer.append(this.failedLoginCount);
        setDirty(false);
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void setAccountName(String str) {
        this.accountName = str.toLowerCase();
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "Account name changed from " + str + " to " + getAccountName());
    }

    public void setExpirationTime(Date date) {
        this.expirationTime = new Date(date.getTime());
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "Account expiration time set to " + date + " for " + getAccountName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHashedPassword(String str) {
        this.oldPasswordHashes.add(this.hashedPassword);
        if (this.oldPasswordHashes.size() > SecurityConfiguration.getInstance().getMaxOldPasswordHashes()) {
            this.oldPasswordHashes.remove(0);
        }
        this.hashedPassword = str;
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "New hashed password stored for " + getAccountName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setLastFailedLoginTime(Date date) {
        this.lastFailedLoginTime = date;
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "Set last failed login time to " + date + " for " + getAccountName());
    }

    private void setLastHostAddress(String str) {
        this.lastHostAddress = str;
        setDirty(true);
    }

    protected void setLastLoginTime(Date date) {
        this.lastLoginTime = date;
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "Set last successful login time to " + date + " for " + getAccountName());
    }

    protected void setLastPasswordChangeTime(Date date) {
        this.lastPasswordChangeTime = date;
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "Set last password change time to " + date + " for " + getAccountName());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void setRoles(Set set) throws AuthenticationException {
        this.roles = new HashSet();
        addRoles(set);
        logger.logCritical(ILogger.SECURITY, "Adding roles " + set + " to " + getAccountName());
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void setScreenName(String str) {
        this.screenName = str;
        setDirty(true);
        logger.logCritical(ILogger.SECURITY, "ScreenName changed to " + str + " for " + getAccountName());
    }

    public String toString() {
        return "USER:" + this.accountName;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public void unlock() {
        this.locked = false;
        setDirty(true);
        logger.logSpecial("Account unlocked: " + getAccountName(), null);
    }

    public boolean verifyPassword(String str) {
        if (Authenticator.getInstance().hashPassword(str, this.accountName).equals(this.hashedPassword)) {
            setLastLoginTime(new Date());
            this.failedLoginCount = 0;
            logger.logCritical(ILogger.SECURITY, "Password verified for " + getAccountName());
            return true;
        }
        logger.logCritical(ILogger.SECURITY, "Password verification failed for " + getAccountName());
        setLastFailedLoginTime(new Date());
        incrementFailedLoginCount();
        if (getFailedLoginCount() < SecurityConfiguration.getInstance().getAllowedLoginAttempts()) {
            return false;
        }
        lock();
        return false;
    }

    public void setFirstRequest(boolean z) {
        this.isFirstRequest = z;
    }

    @Override // org.owasp.esapi.interfaces.IUser
    public boolean isFirstRequest() {
        return this.isFirstRequest;
    }
}
