package org.keycloak.services.managers;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;
import org.jboss.logging.Logger;
import org.keycloak.ClientConnection;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UsernameLoginFailureModel;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.0-final.jar:org/keycloak/services/managers/BruteForceProtector.class */
public class BruteForceProtector implements Runnable {
    protected static Logger logger = Logger.getLogger(BruteForceProtector.class);
    protected KeycloakSessionFactory factory;
    protected volatile long failures;
    protected volatile long lastFailure;
    protected volatile long totalTime;
    public static final int TRANSACTION_SIZE = 20;
    protected volatile boolean run = true;
    protected int maxDeltaTimeSeconds = 43200;
    protected CountDownLatch shutdownLatch = new CountDownLatch(1);
    protected LinkedBlockingQueue<LoginEvent> queue = new LinkedBlockingQueue<>();

    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.0-final.jar:org/keycloak/services/managers/BruteForceProtector$FailedLogin.class */
    protected class FailedLogin extends LoginEvent {
        protected final CountDownLatch latch;

        public FailedLogin(String str, String str2, String str3) {
            super(str, str2, str3);
            this.latch = new CountDownLatch(1);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.0-final.jar:org/keycloak/services/managers/BruteForceProtector$LoginEvent.class */
    public abstract class LoginEvent implements Comparable<LoginEvent> {
        protected final String realmId;
        protected final String username;
        protected final String ip;

        protected LoginEvent(String str, String str2, String str3) {
            this.realmId = str;
            this.username = str2;
            this.ip = str3;
        }

        @Override // java.lang.Comparable
        public int compareTo(LoginEvent loginEvent) {
            return this.username.compareTo(loginEvent.username);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.0-final.jar:org/keycloak/services/managers/BruteForceProtector$ShutdownEvent.class */
    protected class ShutdownEvent extends LoginEvent {
        public ShutdownEvent() {
            super(null, null, null);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/keycloak-services-1.0-final.jar:org/keycloak/services/managers/BruteForceProtector$SuccessfulLogin.class */
    protected class SuccessfulLogin extends LoginEvent {
        public SuccessfulLogin(String str, String str2, String str3) {
            super(str, str2, str3);
        }
    }

    public BruteForceProtector(KeycloakSessionFactory keycloakSessionFactory) {
        this.factory = keycloakSessionFactory;
    }

    public void failure(KeycloakSession keycloakSession, LoginEvent loginEvent) {
        logger.debug("failure");
        RealmModel realmModel = getRealmModel(keycloakSession, loginEvent);
        logFailure(loginEvent);
        UsernameLoginFailureModel userModel = getUserModel(keycloakSession, loginEvent);
        if (userModel == null) {
            userModel = keycloakSession.sessions().addUserLoginFailure(realmModel, loginEvent.username);
        }
        userModel.setLastIPFailure(loginEvent.ip);
        long currentTimeMillis = System.currentTimeMillis();
        long lastFailure = userModel.getLastFailure();
        long j = 0;
        if (lastFailure > 0) {
            j = currentTimeMillis - lastFailure;
        }
        userModel.setLastFailure(currentTimeMillis);
        if (j > 0 && j > realmModel.getMaxDeltaTimeSeconds() * 1000) {
            userModel.clearFailures();
        }
        userModel.incrementFailures();
        logger.debugv("new num failures: {0}", Integer.valueOf(userModel.getNumFailures()));
        int waitIncrementSeconds = realmModel.getWaitIncrementSeconds() * (userModel.getNumFailures() / realmModel.getFailureFactor());
        logger.debugv("waitSeconds: {0}", Integer.valueOf(waitIncrementSeconds));
        logger.debugv("deltaTime: {0}", Long.valueOf(j));
        if (waitIncrementSeconds == 0 && lastFailure > 0 && j < realmModel.getQuickLoginCheckMilliSeconds()) {
            logger.debugv("quick login, set min wait seconds", new Object[0]);
            waitIncrementSeconds = realmModel.getMinimumQuickLoginWaitSeconds();
        }
        if (waitIncrementSeconds > 0) {
            int min = ((int) (currentTimeMillis / 1000)) + Math.min(realmModel.getMaxFailureWaitSeconds(), waitIncrementSeconds);
            logger.debugv("set notBefore: {0}", Integer.valueOf(min));
            userModel.setFailedLoginNotBefore(min);
        }
    }

    protected UsernameLoginFailureModel getUserModel(KeycloakSession keycloakSession, LoginEvent loginEvent) {
        UsernameLoginFailureModel userLoginFailure;
        RealmModel realmModel = getRealmModel(keycloakSession, loginEvent);
        if (realmModel == null || (userLoginFailure = keycloakSession.sessions().getUserLoginFailure(realmModel, loginEvent.username)) == null) {
            return null;
        }
        return userLoginFailure;
    }

    protected RealmModel getRealmModel(KeycloakSession keycloakSession, LoginEvent loginEvent) {
        RealmModel realm = keycloakSession.realms().getRealm(loginEvent.realmId);
        if (realm == null) {
            return null;
        }
        return realm;
    }

    public void start() {
        new Thread(this, "Brute Force Protector").start();
    }

    public void shutdown() {
        this.run = false;
        try {
            this.queue.offer(new ShutdownEvent());
            this.shutdownLatch.await(10L, TimeUnit.SECONDS);
        } catch (InterruptedException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        KeycloakSession create;
        ArrayList arrayList = new ArrayList(21);
        while (this.run) {
            try {
                try {
                    LoginEvent poll = this.queue.poll(2L, TimeUnit.SECONDS);
                    if (poll != null) {
                        try {
                            arrayList.add(poll);
                            this.queue.drainTo(arrayList, 20);
                            Collections.sort(arrayList);
                            create = this.factory.create();
                            create.getTransaction().begin();
                        } catch (Exception e) {
                            logger.error("Failed processing type", e);
                        }
                        try {
                            try {
                                Iterator it = arrayList.iterator();
                                while (it.hasNext()) {
                                    LoginEvent loginEvent = (LoginEvent) it.next();
                                    if (loginEvent instanceof FailedLogin) {
                                        failure(create, loginEvent);
                                    } else if (loginEvent instanceof ShutdownEvent) {
                                        this.run = false;
                                    }
                                }
                                create.getTransaction().commit();
                                Iterator it2 = arrayList.iterator();
                                while (it2.hasNext()) {
                                    LoginEvent loginEvent2 = (LoginEvent) it2.next();
                                    if (loginEvent2 instanceof FailedLogin) {
                                        ((FailedLogin) loginEvent2).latch.countDown();
                                    }
                                }
                                arrayList.clear();
                                create.close();
                            } catch (Exception e2) {
                                create.getTransaction().rollback();
                                throw e2;
                            }
                        } catch (Throwable th) {
                            Iterator it3 = arrayList.iterator();
                            while (it3.hasNext()) {
                                LoginEvent loginEvent3 = (LoginEvent) it3.next();
                                if (loginEvent3 instanceof FailedLogin) {
                                    ((FailedLogin) loginEvent3).latch.countDown();
                                }
                            }
                            arrayList.clear();
                            create.close();
                            throw th;
                        }
                    }
                } catch (InterruptedException e3) {
                }
            } finally {
                this.shutdownLatch.countDown();
            }
        }
    }

    protected void logSuccess(LoginEvent loginEvent) {
        logger.warn("login success for user " + loginEvent.username + " from ip " + loginEvent.ip);
    }

    protected void logFailure(LoginEvent loginEvent) {
        logger.warn("login failure for user " + loginEvent.username + " from ip " + loginEvent.ip);
        this.failures++;
        if (this.lastFailure > 0) {
            long currentTimeMillis = System.currentTimeMillis() - this.lastFailure;
            if (currentTimeMillis > this.maxDeltaTimeSeconds * 1000) {
                this.totalTime = 0L;
            } else {
                this.totalTime += currentTimeMillis;
            }
        }
    }

    public void successfulLogin(RealmModel realmModel, String str, ClientConnection clientConnection) {
        logger.info("successful login user: " + str + " from ip " + clientConnection.getRemoteAddr());
    }

    public void invalidUser(RealmModel realmModel, String str, ClientConnection clientConnection) {
        logger.warn("invalid user: " + str + " from ip " + clientConnection.getRemoteAddr());
    }

    public void failedLogin(RealmModel realmModel, String str, ClientConnection clientConnection) {
        try {
            FailedLogin failedLogin = new FailedLogin(realmModel.getId(), str, clientConnection.getRemoteAddr());
            this.queue.offer(failedLogin);
            failedLogin.latch.await(5L, TimeUnit.SECONDS);
        } catch (InterruptedException e) {
        }
    }

    public boolean isTemporarilyDisabled(KeycloakSession keycloakSession, RealmModel realmModel, String str) {
        int currentTimeMillis;
        UsernameLoginFailureModel userLoginFailure = keycloakSession.sessions().getUserLoginFailure(realmModel, str);
        if (userLoginFailure == null || (currentTimeMillis = (int) (System.currentTimeMillis() / 1000)) >= userLoginFailure.getFailedLoginNotBefore()) {
            return false;
        }
        logger.debugv("Current: {0} notBefore: {1}", Integer.valueOf(currentTimeMillis), Integer.valueOf(userLoginFailure.getFailedLoginNotBefore()));
        return true;
    }

    public long getFailures() {
        return this.failures;
    }

    public long getLastFailure() {
        return this.lastFailure;
    }
}
