package weblogic.security.acl;

import java.io.IOException;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import javafx.fxml.FXMLLoader;
import weblogic.cluster.ClusterService;
import weblogic.cluster.ClusterServices;
import weblogic.cluster.MulticastSession;
import weblogic.logging.LogOutputStream;
import weblogic.management.Admin;
import weblogic.management.configuration.PasswordPolicyMBean;
import weblogic.management.configuration.ServerDebugMBean;
import weblogic.management.configuration.ServerMBean;
import weblogic.security.SecurityLogger;
import weblogic.server.Server;
import weblogic.utils.AssertionError;

/* loaded from: input_file:weblogic.jar:weblogic/security/acl/PasswordGuessing.class */
public final class PasswordGuessing {
    private static LogOutputStream log;
    private static Hashtable master_invalid_login = new Hashtable();
    private static Vector unused_cache = new Vector();
    private int unused_cache_size;
    private long timestamp_of_current_check;
    private int lockout_threshold;
    private long lockout_duration;
    private int lockout_duration_min;
    private long lockout_reset_duration;
    private int lockout_gc_threshold;
    private static int sequence_number;
    private static int failure_sequence_number;
    private static int unlock_sequence_number;
    private static String this_server_name;
    private boolean lockout_enabled = false;
    private boolean debug = false;
    private ClusterServices clusterServices = null;
    private MulticastSession multicastSession = null;

    public PasswordGuessing() {
        init();
    }

    void init() {
        ServerMBean localServer = Admin.getInstance().getLocalServer();
        if (localServer != null) {
            this_server_name = localServer.getName();
        }
        PasswordPolicyMBean passwordPolicy = Server.getSecurityConfig().getPasswordPolicy();
        this.lockout_enabled = passwordPolicy.isLockoutEnabled();
        this.lockout_threshold = passwordPolicy.getLockoutThreshold();
        this.lockout_duration_min = passwordPolicy.getLockoutDuration();
        this.lockout_duration = this.lockout_duration_min * 60 * 1000;
        this.lockout_reset_duration = passwordPolicy.getLockoutResetDuration() * 60 * 1000;
        this.lockout_gc_threshold = passwordPolicy.getLockoutGCThreshold();
        this.unused_cache_size = passwordPolicy.getLockoutCacheSize();
        ServerDebugMBean serverDebug = Admin.getInstance().getLocalServer().getServerDebug();
        if (serverDebug != null) {
            this.debug = serverDebug.getDebugSecurityPasswordPolicy();
        }
        log = weblogic.security.SecurityService.getSecurityService().getSecurityLog();
        if (log == null) {
            log = new LogOutputStream("Security-Crypto");
        }
        if (this.debug) {
            log.debug(new StringBuffer().append("PasswordPolicy settings LockoutEnabled=").append(this.lockout_enabled).append(" LockoutThreshold=").append(this.lockout_threshold).append(" LockoutDuration=").append(this.lockout_duration_min).append(" LockoutResetDuration=").append((this.lockout_reset_duration / 60) / 1000).append(" LockoutGCThreshold=").append(this.lockout_gc_threshold).append(" LockoutCacheSize=").append(this.unused_cache_size).append(" Debug=").append(this.debug).toString());
        }
        createMulticastSession();
    }

    public boolean isLocked(String str) {
        if (!this.lockout_enabled || master_invalid_login.size() == 0) {
            return false;
        }
        setTimestampOfCurrentCheck();
        if (!master_invalid_login.containsKey(str)) {
            return false;
        }
        InvalidLogin invalidLogin = (InvalidLogin) master_invalid_login.get(str);
        long lockedTimestamp = invalidLogin.getLockedTimestamp();
        if (lockedTimestamp == 0) {
            if (!this.debug) {
                return false;
            }
            log.debug(new StringBuffer().append("User ").append(str).append(" is not yet locked").toString());
            return false;
        }
        Security.incrementLoginAttemptsWhileLockedTotalCount();
        Security.incrementInvalidLoginAttemptsTotalCount();
        if (getTimestampOfCurrentCheck() < lockedTimestamp + this.lockout_duration) {
            if (!this.debug) {
                return true;
            }
            log.debug(new StringBuffer().append("User ").append(str).append(" is still locked").toString());
            return true;
        }
        clearInvalidLoginRecord(invalidLogin);
        Security.incrementUnlockedUsersTotalCount();
        Security.decrementLockedUsersCurrentCount();
        SecurityLogger.logLockoutExpiredInfo(str);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void logFailure(String str) {
        failure_sequence_number++;
        LoginFailureRecord logFailure = logFailure(this_server_name, failure_sequence_number, getTimestampOfCurrentCheck(), str);
        if (logFailure != null) {
            sequence_number++;
            SecurityMessage securityMessage = new SecurityMessage(sequence_number, logFailure);
            if (this.debug) {
                log.debug(new StringBuffer().append("About to multicast login failure for user ").append(str).append(" ").append(securityMessage.toString()).toString());
            }
            try {
                if (createMulticastSession()) {
                    this.multicastSession.send(securityMessage);
                    if (this.debug) {
                        log.debug("Sent multicast for login failure");
                    }
                }
            } catch (IOException e) {
                SecurityLogger.logSendingLoginFailure(e.toString());
            }
        }
    }

    LoginFailureRecord logFailure(String str, int i, long j, String str2) {
        InvalidLogin invalidLogin;
        if (!this.lockout_enabled) {
            return null;
        }
        if (this.debug) {
            log.debug(new StringBuffer().append("Login failure for user ").append(str2).toString());
        }
        if (str.equals(this_server_name)) {
            Security.incrementInvalidLoginAttemptsTotalCount();
        }
        if (master_invalid_login.containsKey(str2)) {
            invalidLogin = (InvalidLogin) master_invalid_login.get(str2);
        } else {
            if (unused_cache.size() > 0) {
                if (this.debug) {
                    log.debug("Retrieving unused invalid login from the cache");
                }
                invalidLogin = (InvalidLogin) unused_cache.elementAt(0);
                unused_cache.removeElementAt(0);
                invalidLogin.setName(str2);
            } else {
                invalidLogin = new InvalidLogin(str2);
            }
            master_invalid_login.put(invalidLogin.getName(), invalidLogin);
        }
        if (master_invalid_login.size() > Security.getInvalidLoginUsersHighCount()) {
            Security.setInvalidLoginUsersHighCount(master_invalid_login.size());
        }
        LoginFailureRecord loginFailureRecord = new LoginFailureRecord(str, i, j, str2);
        invalidLogin.addFailure(loginFailureRecord);
        cleanOutStaleFailureRecords(invalidLogin);
        if (this.debug) {
            log.debug(new StringBuffer().append("User ").append(str2).append(" has ").append(invalidLogin.getFailureCount()).append(" failures").toString());
        }
        if (invalidLogin.getFailureCount() >= this.lockout_threshold) {
            SecurityLogger.logLockingUser(str2, invalidLogin.getFailureCount(), this.lockout_duration_min);
            Security.incrementUserLockoutTotalCount();
            Security.incrementLockedUsersCurrentCount();
            invalidLogin.setLockedTimestamp(j);
        }
        garbageCollectInvalidLoginRecords();
        return loginFailureRecord;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void logSuccess(String str) {
        if (unlockLocal(str)) {
            unlock_sequence_number++;
            UnlockUserRecord unlockUserRecord = new UnlockUserRecord(this_server_name, unlock_sequence_number, getTimestampOfCurrentCheck(), str);
            sequence_number++;
            SecurityMessage securityMessage = new SecurityMessage(sequence_number, unlockUserRecord);
            if (this.debug) {
                log.debug(new StringBuffer().append("About to multicast unlock user: ").append(str).append(" ").append(securityMessage.toString()).toString());
            }
            try {
                if (createMulticastSession()) {
                    this.multicastSession.send(securityMessage);
                    if (this.debug) {
                        log.debug("Sent multicast for unlock user");
                    }
                }
            } catch (IOException e) {
                if (str == null) {
                    SecurityLogger.logBroadcastUnlockUserFailure(FXMLLoader.NULL_KEYWORD, e.toString());
                } else {
                    SecurityLogger.logBroadcastUnlockUserFailure(str, e.toString());
                }
            }
        }
    }

    private boolean unlockLocal(String str) {
        if (!this.lockout_enabled || master_invalid_login.size() == 0) {
            return false;
        }
        if (str == null) {
            throw new AssertionError("Received a null user name");
        }
        if (!master_invalid_login.containsKey(str)) {
            return false;
        }
        InvalidLogin invalidLogin = (InvalidLogin) master_invalid_login.get(str);
        if (invalidLogin == null) {
            throw new AssertionError("Hashtable has the key but can't get the entry");
        }
        long lockedTimestamp = invalidLogin.getLockedTimestamp();
        if (this.debug) {
            log.debug(new StringBuffer().append("Unlocked user or successful login").append(str).append(" cleaning out old invalid login record").toString());
        }
        InvalidLogin invalidLogin2 = (InvalidLogin) master_invalid_login.remove(str);
        invalidLogin2.erase();
        if (unused_cache.size() < this.unused_cache_size) {
            if (this.debug) {
                log.debug("Putting unused invalid login record in cache");
            }
            unused_cache.addElement(invalidLogin2);
        }
        if (lockedTimestamp == 0) {
            return true;
        }
        Security.incrementUnlockedUsersTotalCount();
        Security.decrementLockedUsersCurrentCount();
        return true;
    }

    private void cleanOutStaleFailureRecords(InvalidLogin invalidLogin) {
        if (invalidLogin == null) {
            return;
        }
        Vector failures = invalidLogin.getFailures();
        if (failures == null) {
            throw new AssertionError("Inconsistent InvalidLogin record");
        }
        if (failures.size() == 0) {
            return;
        }
        for (int i = 0; i < failures.size(); i++) {
            if (getTimestampOfCurrentCheck() - ((LoginFailureRecord) failures.elementAt(i)).timestamp <= this.lockout_reset_duration) {
                return;
            }
            if (this.debug) {
                log.debug("Discarding stale login failure record");
            }
            failures.removeElementAt(i);
        }
    }

    private void garbageCollectInvalidLoginRecords() {
        LoginFailureRecord loginFailureRecord;
        long currentTimeMillis = System.currentTimeMillis();
        int size = master_invalid_login.size();
        if (size == 0 || size < this.lockout_gc_threshold) {
            if (this.debug) {
                log.debug("InvalidLogin Record GC not needed");
                return;
            }
            return;
        }
        Enumeration elements = master_invalid_login.elements();
        while (elements.hasMoreElements()) {
            InvalidLogin invalidLogin = (InvalidLogin) elements.nextElement();
            if (invalidLogin == null) {
                throw new AssertionError("Enumerator returned a null element for a key");
            }
            if (invalidLogin.getLockedTimestamp() == 0 && (loginFailureRecord = (LoginFailureRecord) invalidLogin.getLatestFailure()) != null && loginFailureRecord.eventTime() < currentTimeMillis - this.lockout_reset_duration) {
                if (this.debug) {
                    log.debug(new StringBuffer().append("Garbage collecting InvalidLogin record for user: ").append(invalidLogin.getName()).toString());
                }
                clearInvalidLoginRecord(invalidLogin);
            }
        }
        if (this.debug) {
            log.debug(new StringBuffer().append("InvalidLogin Record GC done: ").append(size - master_invalid_login.size()).append(" records garbage collected").toString());
        }
    }

    private void clearInvalidLoginRecord(InvalidLogin invalidLogin) {
        InvalidLogin invalidLogin2 = (InvalidLogin) master_invalid_login.remove(invalidLogin.getName());
        invalidLogin2.erase();
        if (unused_cache.size() < this.unused_cache_size) {
            if (this.debug) {
                log.debug("Putting unused invalid login record in cache");
            }
            unused_cache.addElement(invalidLogin2);
        }
    }

    private long getTimestampOfCurrentCheck() {
        if (this.timestamp_of_current_check == 0) {
            setTimestampOfCurrentCheck();
        }
        return this.timestamp_of_current_check;
    }

    private void setTimestampOfCurrentCheck() {
        this.timestamp_of_current_check = System.currentTimeMillis();
    }

    public void processSecurityMessage(int i, SecurityMulticastRecord securityMulticastRecord) {
        if (((securityMulticastRecord instanceof LoginFailureRecord) || (securityMulticastRecord instanceof UnlockUserRecord)) && !securityMulticastRecord.eventOrigin().equals(this_server_name)) {
            if (securityMulticastRecord instanceof LoginFailureRecord) {
                LoginFailureRecord loginFailureRecord = (LoginFailureRecord) securityMulticastRecord;
                if (this.debug) {
                    log.debug(new StringBuffer().append("Received a LoginFailureRecord: ").append(loginFailureRecord.toString()).toString());
                }
                logFailure(loginFailureRecord.eventOrigin(), loginFailureRecord.eventSequenceNumber(), loginFailureRecord.eventTime(), loginFailureRecord.userName());
                return;
            }
            if (securityMulticastRecord instanceof UnlockUserRecord) {
                UnlockUserRecord unlockUserRecord = (UnlockUserRecord) securityMulticastRecord;
                if (this.debug) {
                    log.debug(new StringBuffer().append("Received an UnlockUserRecord: ").append(unlockUserRecord.toString()).toString());
                }
                if (unlockLocal(unlockUserRecord.userName()) && this.debug) {
                    log.debug("Locked user has now been unlocked locally");
                }
            }
        }
    }

    public void runtimeClearLockout(String str) {
        if (str == null) {
            throw new AssertionError("Received a null user name");
        }
        if (str.equals("")) {
            if (this.debug) {
                log.debug("clearLockout was passed an empty user name");
            }
        } else if (this.lockout_enabled) {
            User currentUser = Security.getCurrentUser();
            if (!Security.hasPermission((Principal) currentUser, "weblogic.passwordpolicy", Security.getRealm().getPermission("unlockuser"), '.')) {
                Security.checkPermission((Principal) currentUser, "weblogic.passwordpolicy", Security.getRealm().getPermission("unlockuser"), '.');
            }
            logSuccess(str);
            SecurityLogger.logExplicitUserUnlockInfo(str);
        }
    }

    public long getLastLoginFailure(String str) {
        LoginFailureRecord loginFailureRecord;
        if (!this.lockout_enabled) {
            return 0L;
        }
        if (str == null) {
            throw new AssertionError("Received a null user name");
        }
        if (str.equals("")) {
            if (!this.debug) {
                return 0L;
            }
            log.debug("getLastLoginFailure was passed a null or empty user name");
            return 0L;
        }
        if (!master_invalid_login.containsKey(str)) {
            return 0L;
        }
        InvalidLogin invalidLogin = (InvalidLogin) master_invalid_login.get(str);
        if (invalidLogin == null) {
            throw new AssertionError("Inconsistent hashtable - key exists but not value");
        }
        Vector failures = invalidLogin.getFailures();
        if (failures == null) {
            throw new AssertionError("Inconsistent InvalidLogin record");
        }
        if (failures.size() == 0 || (loginFailureRecord = (LoginFailureRecord) failures.lastElement()) == null) {
            return 0L;
        }
        return loginFailureRecord.timestamp;
    }

    public int getLoginFailureCount(String str) {
        if (!this.lockout_enabled) {
            return 0;
        }
        if (str == null) {
            throw new AssertionError("Received a null user name");
        }
        if (str.equals("")) {
            if (!this.debug) {
                return 0;
            }
            log.debug("getLoginFailureCount was passed a null or empty user name");
            return 0;
        }
        if (!master_invalid_login.containsKey(str)) {
            return 0;
        }
        InvalidLogin invalidLogin = (InvalidLogin) master_invalid_login.get(str);
        if (invalidLogin == null) {
            throw new AssertionError("Inconsistent hashtable - key exists but not value");
        }
        Vector failures = invalidLogin.getFailures();
        if (failures == null) {
            return 0;
        }
        return failures.size();
    }

    private boolean createMulticastSession() {
        if (this.multicastSession != null) {
            return true;
        }
        this.clusterServices = ClusterService.getServices();
        if (this.clusterServices == null) {
            if (!this.debug) {
                return false;
            }
            log.debug("Can't create multicastSession because ClusterServices are unavailable");
            return false;
        }
        this.multicastSession = this.clusterServices.createMulticastSession(null, -1, false);
        if (this.multicastSession != null) {
            return true;
        }
        if (!this.debug) {
            return false;
        }
        log.debug("Can't create multicastSession even though ClusterServices are available");
        return false;
    }

    public boolean runtimeIsLocked(String str) {
        if (!this.lockout_enabled || master_invalid_login.size() == 0) {
            return false;
        }
        setTimestampOfCurrentCheck();
        return master_invalid_login.containsKey(str) && ((InvalidLogin) master_invalid_login.get(str)).getLockedTimestamp() != 0;
    }
}
