package org.owasp.esapi.reference;

import java.io.Serializable;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Set;
import javax.servlet.http.HttpSession;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.EncoderConstants;
import org.owasp.esapi.HTTPUtilities;
import org.owasp.esapi.Logger;
import org.owasp.esapi.User;
import org.owasp.esapi.errors.AuthenticationAccountsException;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.AuthenticationHostException;
import org.owasp.esapi.errors.AuthenticationLoginException;
import org.owasp.esapi.errors.EncryptionException;

/* loaded from: input_file:BOOT-INF/lib/esapi-2.5.2.0.jar:org/owasp/esapi/reference/DefaultUser.class */
public class DefaultUser implements User, Serializable {
    private static final long serialVersionUID = 1;
    private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionIdleTimeoutLength();
    private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionAbsoluteTimeoutLength();
    long accountId;
    private String accountName;
    private String lastHostAddress;
    private Locale locale;
    private static final int MAX_ROLE_LENGTH = 250;
    private final transient Logger logger = ESAPI.getLogger("DefaultUser");
    private String screenName = "";
    private String csrfToken = resetCSRFToken();
    private Set<String> roles = new HashSet();
    private boolean locked = false;
    private boolean loggedIn = true;
    private boolean enabled = false;
    private Date lastPasswordChangeTime = new Date(0);
    private Date lastLoginTime = new Date(0);
    private Date lastFailedLoginTime = new Date(0);
    private Date expirationTime = new Date(Long.MAX_VALUE);
    private transient Set<HttpSession> sessions = new HashSet();
    private transient HashMap eventMap = new HashMap();
    private int failedLoginCount = 0;

    public DefaultUser(String str) {
        this.accountId = 0L;
        this.accountName = "";
        this.accountName = str.toLowerCase();
        while (true) {
            long abs = Math.abs(ESAPI.randomizer().getRandomLong());
            if (ESAPI.authenticator().getUser(abs) == null && abs != 0) {
                this.accountId = abs;
                return;
            }
        }
    }

    @Override // org.owasp.esapi.User
    public void addRole(String str) throws AuthenticationException {
        String lowerCase = str.toLowerCase();
        if (!ESAPI.validator().isValidInput("addRole", lowerCase, "RoleName", 250, false)) {
            throw new AuthenticationAccountsException("Add role failed", "Attempt to add invalid role " + lowerCase + " to " + getAccountName());
        }
        this.roles.add(lowerCase);
        this.logger.info(Logger.SECURITY_SUCCESS, "Role " + lowerCase + " added to " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public void addRoles(Set<String> set) throws AuthenticationException {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            addRole(it.next());
        }
    }

    @Override // org.owasp.esapi.User
    public void changePassword(String str, String str2, String str3) throws AuthenticationException, EncryptionException {
        ESAPI.authenticator().changePassword(this, str, str2, str3);
    }

    @Override // org.owasp.esapi.User
    public void disable() {
        this.enabled = false;
        this.logger.info(Logger.SECURITY_SUCCESS, "Account disabled: " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public void enable() {
        this.enabled = true;
        this.logger.info(Logger.SECURITY_SUCCESS, "Account enabled: " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public long getAccountId() {
        return this.accountId;
    }

    @Override // org.owasp.esapi.User
    public String getAccountName() {
        return this.accountName;
    }

    @Override // org.owasp.esapi.User
    public String getCSRFToken() {
        return this.csrfToken;
    }

    @Override // org.owasp.esapi.User
    public Date getExpirationTime() {
        return (Date) this.expirationTime.clone();
    }

    @Override // org.owasp.esapi.User
    public int getFailedLoginCount() {
        return this.failedLoginCount;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setFailedLoginCount(int i) {
        this.failedLoginCount = i;
    }

    @Override // org.owasp.esapi.User
    public Date getLastFailedLoginTime() {
        return (Date) this.lastFailedLoginTime.clone();
    }

    @Override // org.owasp.esapi.User
    public String getLastHostAddress() {
        return this.lastHostAddress == null ? "unknown" : this.lastHostAddress;
    }

    @Override // org.owasp.esapi.User
    public Date getLastLoginTime() {
        return (Date) this.lastLoginTime.clone();
    }

    @Override // org.owasp.esapi.User
    public Date getLastPasswordChangeTime() {
        return (Date) this.lastPasswordChangeTime.clone();
    }

    @Override // java.security.Principal
    public String getName() {
        return getAccountName();
    }

    @Override // org.owasp.esapi.User
    public Set<String> getRoles() {
        return Collections.unmodifiableSet(this.roles);
    }

    @Override // org.owasp.esapi.User
    public String getScreenName() {
        return this.screenName;
    }

    @Override // org.owasp.esapi.User
    public void addSession(HttpSession httpSession) {
        this.sessions.add(httpSession);
    }

    @Override // org.owasp.esapi.User
    public void removeSession(HttpSession httpSession) {
        this.sessions.remove(httpSession);
    }

    @Override // org.owasp.esapi.User
    public Set getSessions() {
        return this.sessions;
    }

    @Override // org.owasp.esapi.User
    public void incrementFailedLoginCount() {
        this.failedLoginCount++;
    }

    @Override // org.owasp.esapi.User
    public boolean isAnonymous() {
        return false;
    }

    @Override // org.owasp.esapi.User
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.owasp.esapi.User
    public boolean isExpired() {
        return getExpirationTime().before(new Date());
    }

    @Override // org.owasp.esapi.User
    public boolean isInRole(String str) {
        return this.roles.contains(str.toLowerCase());
    }

    @Override // org.owasp.esapi.User
    public boolean isLocked() {
        return this.locked;
    }

    @Override // org.owasp.esapi.User
    public boolean isLoggedIn() {
        return this.loggedIn;
    }

    @Override // org.owasp.esapi.User
    public boolean isSessionAbsoluteTimeout() {
        HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
        if (session == null) {
            return true;
        }
        return new Date().after(new Date(session.getCreationTime() + ABSOLUTE_TIMEOUT_LENGTH));
    }

    @Override // org.owasp.esapi.User
    public boolean isSessionTimeout() {
        HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
        if (session == null) {
            return true;
        }
        return new Date().after(new Date(session.getLastAccessedTime() + IDLE_TIMEOUT_LENGTH));
    }

    @Override // org.owasp.esapi.User
    public void lock() {
        this.locked = true;
        this.logger.info(Logger.SECURITY_SUCCESS, "Account locked: " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public void loginWithPassword(String str) throws AuthenticationException {
        if (str == null || str.equals("")) {
            setLastFailedLoginTime(new Date());
            incrementFailedLoginCount();
            throw new AuthenticationLoginException("Login failed", "Missing password: " + this.accountName);
        }
        if (!isEnabled()) {
            setLastFailedLoginTime(new Date());
            incrementFailedLoginCount();
            throw new AuthenticationLoginException("Login failed", "Disabled user attempt to login: " + this.accountName);
        }
        if (isLocked()) {
            setLastFailedLoginTime(new Date());
            incrementFailedLoginCount();
            throw new AuthenticationLoginException("Login failed", "Locked user attempt to login: " + this.accountName);
        }
        if (isExpired()) {
            setLastFailedLoginTime(new Date());
            incrementFailedLoginCount();
            throw new AuthenticationLoginException("Login failed", "Expired user attempt to login: " + this.accountName);
        }
        logout();
        if (!verifyPassword(str)) {
            this.loggedIn = false;
            setLastFailedLoginTime(new Date());
            incrementFailedLoginCount();
            if (getFailedLoginCount() >= ESAPI.securityConfiguration().getAllowedLoginAttempts()) {
                lock();
            }
            throw new AuthenticationLoginException("Login failed", "Incorrect password provided for " + getAccountName());
        }
        this.loggedIn = true;
        ESAPI.httpUtilities().changeSessionIdentifier(ESAPI.currentRequest());
        ESAPI.authenticator().setCurrentUser(this);
        setLastLoginTime(new Date());
        setLastHostAddress(ESAPI.httpUtilities().getCurrentRequest().getRemoteAddr());
        this.logger.trace(Logger.SECURITY_SUCCESS, "User logged in: " + this.accountName);
    }

    @Override // org.owasp.esapi.User
    public void logout() {
        ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
        HttpSession session = ESAPI.currentRequest().getSession(false);
        if (session != null) {
            removeSession(session);
            session.invalidate();
        }
        ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getHttpSessionIdName());
        this.loggedIn = false;
        this.logger.info(Logger.SECURITY_SUCCESS, "Logout successful");
        ESAPI.authenticator().setCurrentUser(User.ANONYMOUS);
    }

    @Override // org.owasp.esapi.User
    public void removeRole(String str) {
        this.roles.remove(str.toLowerCase());
        this.logger.trace(Logger.SECURITY_SUCCESS, "Role " + str + " removed from " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public String resetCSRFToken() {
        this.csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
        return this.csrfToken;
    }

    private void setAccountId(long j) {
        this.accountId = j;
    }

    @Override // org.owasp.esapi.User
    public void setAccountName(String str) {
        String accountName = getAccountName();
        this.accountName = str.toLowerCase();
        if (accountName != null) {
            if (accountName.equals("")) {
                accountName = "[nothing]";
            }
            this.logger.info(Logger.SECURITY_SUCCESS, "Account name changed from " + accountName + " to " + getAccountName());
        }
    }

    @Override // org.owasp.esapi.User
    public void setExpirationTime(Date date) {
        this.expirationTime = new Date(date.getTime());
        this.logger.info(Logger.SECURITY_SUCCESS, "Account expiration time set to " + date + " for " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public void setLastFailedLoginTime(Date date) {
        this.lastFailedLoginTime = date;
        this.logger.info(Logger.SECURITY_SUCCESS, "Set last failed login time to " + date + " for " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public void setLastHostAddress(String str) throws AuthenticationHostException {
        if (this.lastHostAddress != null && !this.lastHostAddress.equals(str)) {
            throw new AuthenticationHostException("Host change", "User session just jumped from " + this.lastHostAddress + " to " + str);
        }
        this.lastHostAddress = str;
    }

    @Override // org.owasp.esapi.User
    public void setLastLoginTime(Date date) {
        this.lastLoginTime = date;
        this.logger.info(Logger.SECURITY_SUCCESS, "Set last successful login time to " + date + " for " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public void setLastPasswordChangeTime(Date date) {
        this.lastPasswordChangeTime = date;
        this.logger.info(Logger.SECURITY_SUCCESS, "Set last password change time to " + date + " for " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public void setRoles(Set<String> set) throws AuthenticationException {
        this.roles = new HashSet();
        addRoles(set);
        this.logger.info(Logger.SECURITY_SUCCESS, "Adding roles " + set + " to " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public void setScreenName(String str) {
        this.screenName = str;
        this.logger.info(Logger.SECURITY_SUCCESS, "ScreenName changed to " + str + " for " + getAccountName());
    }

    @Override // java.security.Principal
    public String toString() {
        return "USER:" + this.accountName;
    }

    @Override // org.owasp.esapi.User
    public void unlock() {
        this.locked = false;
        this.failedLoginCount = 0;
        this.logger.info(Logger.SECURITY_SUCCESS, "Account unlocked: " + getAccountName());
    }

    @Override // org.owasp.esapi.User
    public boolean verifyPassword(String str) {
        return ESAPI.authenticator().verifyPassword(this, str);
    }

    public final Object clone() throws CloneNotSupportedException {
        throw new CloneNotSupportedException();
    }

    @Override // org.owasp.esapi.User
    public Locale getLocale() {
        return this.locale;
    }

    @Override // org.owasp.esapi.User
    public void setLocale(Locale locale) {
        this.locale = locale;
    }

    @Override // org.owasp.esapi.User
    public HashMap getEventMap() {
        return this.eventMap;
    }
}
