package org.owasp.esapi;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.owasp.esapi.errors.AuthenticationAccountsException;
import org.owasp.esapi.errors.AuthenticationCredentialsException;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.AuthenticationLoginException;
import org.owasp.esapi.interfaces.IAuthenticator;
import org.owasp.esapi.interfaces.ILogger;
import org.owasp.esapi.interfaces.IUser;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/Authenticator.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/Authenticator.class */
public class Authenticator implements IAuthenticator {
    protected static final String USER = "ESAPIUserSessionKey";
    private static Authenticator instance = new Authenticator();
    private static final Logger logger = Logger.getLogger("ESAPI", "Authenticator");
    private static long lastModified = 0;
    User anonymous = new User("anonymous", "anonymous");
    private HashMap userMap = new HashMap();
    private ThreadLocal currentUser = new ThreadLocal() { // from class: org.owasp.esapi.Authenticator.1
        private User user;

        {
            this.user = Authenticator.this.anonymous;
        }

        @Override // java.lang.ThreadLocal
        public Object get() {
            return this.user;
        }

        @Override // java.lang.ThreadLocal
        public void set(Object obj) {
            this.user = (User) obj;
        }
    };
    private ThreadLocal currentRequest = new ThreadLocal() { // from class: org.owasp.esapi.Authenticator.2
        private HttpServletRequest request = null;

        @Override // java.lang.ThreadLocal
        public Object get() {
            return this.request;
        }

        @Override // java.lang.ThreadLocal
        public void set(Object obj) {
            this.request = (HttpServletRequest) obj;
        }
    };
    private ThreadLocal currentResponse = new ThreadLocal() { // from class: org.owasp.esapi.Authenticator.3
        private HttpServletResponse response = null;

        @Override // java.lang.ThreadLocal
        public Object get() {
            return this.response;
        }

        @Override // java.lang.ThreadLocal
        public void set(Object obj) {
            this.response = (HttpServletResponse) obj;
        }
    };

    public static Authenticator getInstance() {
        instance.loadUsers();
        return instance;
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length != 3) {
            System.out.println("Usage: Authenticator username password role");
            return;
        }
        Authenticator authenticator = getInstance();
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        User user = authenticator.getUser(strArr[0]);
        if (user == null) {
            user = new User();
            user.setAccountName(str);
            authenticator.userMap.put(str.toLowerCase(), user);
            logger.logCritical(ILogger.SECURITY, "New user created: " + str);
        }
        user.setHashedPassword(getInstance().hashPassword(str2, str));
        user.addRole(str3);
        user.enable();
        user.unlock();
        authenticator.saveUsers();
        System.out.println("User account " + user + " updated");
    }

    private Authenticator() {
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public User createUser(String str, String str2, String str3) throws AuthenticationException {
        if (str == null) {
            throw new AuthenticationAccountsException("Account creation failed", "Attempt to create user with null accountName");
        }
        if (this.userMap.containsKey(str.toLowerCase())) {
            throw new AuthenticationAccountsException("Account creation failed", "Duplicate user creation denied for " + str);
        }
        User user = new User(str, str2, str3);
        this.userMap.put(str.toLowerCase(), user);
        logger.logCritical(ILogger.SECURITY, "New user created: " + str);
        return user;
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public boolean exists(String str) {
        return getUser(str) != null;
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public String generateStrongPassword() {
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_PASSWORD);
        try {
            verifyPasswordStrength(randomString, "");
            return randomString;
        } catch (AuthenticationException e) {
            logger.logCritical(ILogger.SECURITY, "Generated strong password");
            return generateStrongPassword();
        }
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public String generateStrongPassword(String str, IUser iUser) {
        String str2 = "";
        try {
            str2 = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_PASSWORD);
            verifyPasswordStrength(str2, str);
        } catch (AuthenticationException e) {
            logger.logDebug(ILogger.SECURITY, "Password generator created weak password: " + str2 + ". Regenerating.", e);
            str2 = generateStrongPassword(str, iUser);
        }
        logger.logCritical(ILogger.SECURITY, "Generated strong password for " + iUser.getAccountName());
        return str2;
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public User getCurrentUser() {
        User user = (User) this.currentUser.get();
        if (user == null) {
            user = this.anonymous;
        }
        return user;
    }

    public HttpServletRequest getCurrentRequest() {
        return (HttpServletRequest) this.currentRequest.get();
    }

    public HttpServletResponse getCurrentResponse() {
        return (HttpServletResponse) this.currentResponse.get();
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public User getUser(String str) {
        return (User) this.userMap.get(str.toLowerCase());
    }

    public User getUserFromSession(HttpServletRequest httpServletRequest) {
        String str;
        User user;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (str = (String) session.getAttribute(USER)) == null || (user = getUser(str)) == null) {
            return null;
        }
        setCurrentUser(user);
        return user;
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public Set getUserNames() {
        TreeSet treeSet = new TreeSet(((HashMap) this.userMap.clone()).keySet());
        treeSet.remove("anonymous");
        return treeSet;
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public String hashPassword(String str, String str2) {
        return Encryptor.getInstance().hash(str, str2.toLowerCase());
    }

    private boolean isDirty() {
        Iterator it = this.userMap.values().iterator();
        while (it.hasNext()) {
            if (((User) it.next()).isDirty()) {
                return true;
            }
        }
        return false;
    }

    protected synchronized void loadUsers() {
        File file = new File(SecurityConfiguration.getInstance().getResourceDirectory(), "users.txt");
        if (file.lastModified() == lastModified || isDirty()) {
            return;
        }
        logger.logSpecial("Loading users from " + file.getAbsolutePath(), null);
        HashMap hashMap = new HashMap();
        hashMap.put(this.anonymous.getAccountName(), this.anonymous);
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new FileReader(file));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    if (readLine.length() > 0 && readLine.charAt(0) != '#') {
                        User user = new User(readLine);
                        if (!user.getAccountName().equals("anonymous")) {
                            if (hashMap.containsKey(user.getAccountName())) {
                                logger.logSpecial("Problem in user file. Skipping duplicate user: " + user, null);
                            }
                            hashMap.put(user.getAccountName(), user);
                        }
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                        logger.logSpecial("Failure closing user file: " + file.getAbsolutePath(), e);
                        return;
                    }
                }
                lastModified = file.lastModified();
                this.userMap = hashMap;
                logger.logSpecial("User file reloaded: " + (hashMap.size() - 1), null);
            } catch (Exception e2) {
                logger.logSpecial("Failure loading user file: " + file.getAbsolutePath(), e2);
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e3) {
                        logger.logSpecial("Failure closing user file: " + file.getAbsolutePath(), e3);
                        return;
                    }
                }
                lastModified = file.lastModified();
                this.userMap = hashMap;
                logger.logSpecial("User file reloaded: " + (hashMap.size() - 1), null);
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e4) {
                    logger.logSpecial("Failure closing user file: " + file.getAbsolutePath(), e4);
                    throw th;
                }
            }
            lastModified = file.lastModified();
            this.userMap = hashMap;
            logger.logSpecial("User file reloaded: " + (hashMap.size() - 1), null);
            throw th;
        }
    }

    private User loginWithUsernameAndPassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        String parameter = httpServletRequest.getParameter(SecurityConfiguration.getInstance().getUsernameParameterName());
        String parameter2 = httpServletRequest.getParameter(SecurityConfiguration.getInstance().getPasswordParameterName());
        User currentUser = getCurrentUser();
        if (currentUser != null && !currentUser.isAnonymous()) {
            logger.logWarning(ILogger.SECURITY, "auto-logout of " + currentUser);
            currentUser.logout(httpServletRequest, httpServletResponse);
        }
        if (parameter == null || parameter2 == null) {
            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed for " + parameter + " because of null username or password");
        }
        User user = getUser(parameter);
        if (user == null) {
            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed because user " + parameter + " doesn't exist");
        }
        user.loginWithPassword(parameter2, httpServletRequest, httpServletResponse);
        return user;
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public void removeUser(String str) throws AuthenticationException {
        if (getUser(str) == null) {
            throw new AuthenticationAccountsException("Remove user failed", "Can't remove invalid accountName " + str);
        }
        this.userMap.remove(str.toLowerCase());
        saveUsers();
        logger.logCritical(ILogger.SECURITY, "User " + str + " removed");
    }

    public synchronized void saveUsers() throws AuthenticationException {
        File file = new File(SecurityConfiguration.getInstance().getResourceDirectory(), "users.txt");
        PrintWriter printWriter = null;
        try {
            try {
                printWriter = new PrintWriter(new FileWriter(file));
                printWriter.println("# This is the user file associated with the ESAPI library from http://www.owasp.org");
                printWriter.println("# accountName | hashedPassword | roles | locked | enabled | rememberToken | csrfToken | oldPasswordHashes | lastPasswordChangeTime | lastLoginTime | lastFailedLoginTime | expirationTime | failedLoginCount");
                printWriter.println();
                saveUsers(printWriter);
                printWriter.flush();
                logger.logCritical(ILogger.SECURITY, "User file written to disk (" + getInstance().getUserNames().size() + ")");
                if (printWriter != null) {
                    printWriter.close();
                }
            } catch (IOException e) {
                throw new AuthenticationAccountsException("Save users failed", "Problem saving user file " + file.getAbsolutePath(), e);
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.close();
            }
            throw th;
        }
    }

    protected synchronized void saveUsers(PrintWriter printWriter) {
        Iterator it = getUserNames().iterator();
        while (it.hasNext()) {
            User user = getUser((String) it.next());
            printWriter.println(user.save());
            System.out.println("SAVING: " + user);
        }
        logger.logSpecial("User file updated", null);
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public User login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        setCurrentHTTP(httpServletRequest, httpServletResponse);
        if (!HTTPUtilities.getInstance().isSecureChannel()) {
            logger.logCritical(ILogger.SECURITY, "Authentication attempt made over non-SSL connection. Check web.xml and server configuration");
        }
        User userFromSession = getUserFromSession(httpServletRequest);
        if (userFromSession == null) {
            userFromSession = loginWithUsernameAndPassword(httpServletRequest, httpServletResponse);
            userFromSession.setFirstRequest(true);
        } else {
            userFromSession.setFirstRequest(false);
        }
        if (userFromSession.isAnonymous()) {
            throw new AuthenticationLoginException("Login failed", "Anonymous user cannot be set to current user");
        }
        if (!userFromSession.isEnabled()) {
            userFromSession.setLastFailedLoginTime(new Date());
            throw new AuthenticationLoginException("Login failed", "Disabled user cannot be set to current user: " + userFromSession.getAccountName());
        }
        if (userFromSession.isLocked()) {
            userFromSession.setLastFailedLoginTime(new Date());
            throw new AuthenticationLoginException("Login failed", "Locked user cannot be set to current user: " + userFromSession.getAccountName());
        }
        if (userFromSession.isExpired()) {
            userFromSession.setLastFailedLoginTime(new Date());
            throw new AuthenticationLoginException("Login failed", "Expired user cannot be set to current user: " + userFromSession.getAccountName());
        }
        setCurrentUser(userFromSession);
        return userFromSession;
    }

    public void logout() {
        getCurrentUser().logout(getCurrentRequest(), getCurrentResponse());
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public void setCurrentUser(IUser iUser) {
        this.currentUser.set(iUser);
    }

    public void setCurrentHTTP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.currentRequest.set(httpServletRequest);
        this.currentResponse.set(httpServletResponse);
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public void verifyAccountNameStrength(String str) throws AuthenticationException {
        if (str == null) {
            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account with a null account name");
        }
        if (!Validator.getInstance().isValidDataFromBrowser("AccountName", str)) {
            throw new AuthenticationCredentialsException("Invalid account name", "New account name is not valid: " + str);
        }
    }

    @Override // org.owasp.esapi.interfaces.IAuthenticator
    public void verifyPasswordStrength(String str, String str2) throws AuthenticationException {
        String str3 = str2 == null ? "" : str2;
        int length = str3.length();
        for (int i = 0; i < length - 2; i++) {
            if (str.contains(str3.substring(i, i + 3))) {
                throw new AuthenticationCredentialsException("Invalid password", "New password cannot contain pieces of old password");
            }
        }
        int i2 = 0;
        int i3 = 0;
        while (true) {
            if (i3 >= str.length()) {
                break;
            }
            if (Arrays.binarySearch(Encoder.CHAR_LOWERS, str.charAt(i3)) > 0) {
                i2 = 0 + 1;
                break;
            }
            i3++;
        }
        int i4 = 0;
        while (true) {
            if (i4 >= str.length()) {
                break;
            }
            if (Arrays.binarySearch(Encoder.CHAR_UPPERS, str.charAt(i4)) > 0) {
                i2++;
                break;
            }
            i4++;
        }
        int i5 = 0;
        while (true) {
            if (i5 >= str.length()) {
                break;
            }
            if (Arrays.binarySearch(Encoder.CHAR_DIGITS, str.charAt(i5)) > 0) {
                i2++;
                break;
            }
            i5++;
        }
        int i6 = 0;
        while (true) {
            if (i6 >= str.length()) {
                break;
            }
            if (Arrays.binarySearch(Encoder.CHAR_SPECIALS, str.charAt(i6)) > 0) {
                i2++;
                break;
            }
            i6++;
        }
        if (str.length() * i2 < 16) {
            throw new AuthenticationCredentialsException("Invalid password", "New password is not long and complex enough");
        }
    }
}
