package org.cloudfoundry.identity.uaa.authentication.manager;

import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.audit.AuditEvent;
import org.cloudfoundry.identity.uaa.audit.AuditEventType;
import org.cloudfoundry.identity.uaa.audit.UaaAuditService;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-2.2.5.jar:org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicy.class */
public class PeriodLockoutPolicy implements AccountLoginPolicy {
    private final UaaAuditService auditService;
    private final Log logger = LogFactory.getLog(getClass());
    private int lockoutPeriodMs = 300000;
    private int lockoutAfterFailures = 5;
    private int countFailuresWithinMs = 3600000;

    public PeriodLockoutPolicy(UaaAuditService uaaAuditService) {
        this.auditService = uaaAuditService;
    }

    @Override // org.cloudfoundry.identity.uaa.authentication.manager.AccountLoginPolicy
    public boolean isAllowed(UaaUser uaaUser, Authentication authentication) throws AuthenticationException {
        AuditEvent mostRecentFailure;
        List<AuditEvent> find = this.auditService.find(uaaUser.getId(), System.currentTimeMillis() - this.countFailuresWithinMs);
        int sequentialFailureCount = sequentialFailureCount(find);
        if (sequentialFailureCount < this.lockoutAfterFailures || (mostRecentFailure = mostRecentFailure(find)) == null || mostRecentFailure.getTime() <= System.currentTimeMillis() - this.lockoutPeriodMs) {
            return true;
        }
        this.logger.warn("User " + uaaUser.getUsername() + " and id " + uaaUser.getId() + " has " + sequentialFailureCount + " failed logins within the last checking period.");
        return false;
    }

    private int sequentialFailureCount(List<AuditEvent> list) {
        int i = 0;
        for (AuditEvent auditEvent : list) {
            if (auditEvent.getType() != AuditEventType.UserAuthenticationFailure) {
                if (auditEvent.getType() == AuditEventType.UserAuthenticationSuccess) {
                    break;
                }
            } else {
                i++;
            }
        }
        return i;
    }

    public void setLockoutPeriodSeconds(int i) {
        this.lockoutPeriodMs = i * 1000;
    }

    public void setLockoutAfterFailures(int i) {
        this.lockoutAfterFailures = i;
    }

    public void setCountFailuresWithin(int i) {
        this.countFailuresWithinMs = i * 1000;
    }

    public int getLockoutPeriodSeconds() {
        return this.lockoutPeriodMs / 1000;
    }

    public int getLockoutAfterFailures() {
        return this.lockoutAfterFailures;
    }

    public int getCountFailuresWithin() {
        return this.countFailuresWithinMs / 1000;
    }

    private AuditEvent mostRecentFailure(List<AuditEvent> list) {
        for (AuditEvent auditEvent : list) {
            if (auditEvent.getType() == AuditEventType.UserAuthenticationFailure) {
                return auditEvent;
            }
        }
        return null;
    }
}
