package com.sun.identity.common;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.am.util.AMSendMail;
import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Locale;
import com.iplanet.sso.SSOException;
import com.sun.identity.authentication.spi.AMAuthCallBackException;
import com.sun.identity.authentication.spi.AMAuthCallBackImpl;
import java.text.MessageFormat;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import javax.mail.MessagingException;

/* loaded from: input_file:115766-09/SUNWamsdk/reloc/SUNWam/lib/am_sdk.jar:com/sun/identity/common/ISAccountLockout.class */
public class ISAccountLockout {
    private static final String USER_STATUS_ATTR = "inetuserstatus";
    private static final String USER_ACTIVE = "Active";
    private static final String USER_INACTIVE = "Inactive";
    private static final String SPACE_DELIM = " ";
    private static final String PIPE_DELIM = "|";
    private static final String FROM_ADDRESS = "lockOutEmailFrom";
    private static final String EMAIL_SUBJECT = "lockOutEmailSub";
    private static final String EMAIL_MESSAGE = "lockOutEmailMsg";
    private boolean failureLockoutMode;
    private boolean memoryLocking;
    private long failureLockoutTime;
    private int failureLockoutCount;
    private String lockoutNotification;
    private int lockoutUserWarning;
    private long failureLockoutDuration;
    private String lockoutAttrValue;
    private String lockoutAttrName;
    private String bundleName;
    static Debug debug = Debug.getInstance("amAccountLockout");
    private int userWarningCount = 0;
    private AMAuthCallBackImpl callbackImpl = null;

    public ISAccountLockout(boolean z, long j, int i, String str, int i2, String str2, String str3, long j2, String str4) {
        this.failureLockoutMode = false;
        this.memoryLocking = false;
        this.failureLockoutTime = 300L;
        this.failureLockoutCount = 5;
        this.lockoutNotification = null;
        this.lockoutUserWarning = 3;
        this.failureLockoutDuration = 0L;
        this.lockoutAttrValue = null;
        this.lockoutAttrName = null;
        this.bundleName = null;
        this.failureLockoutMode = z;
        this.failureLockoutTime = j;
        this.failureLockoutCount = i;
        this.lockoutNotification = str;
        this.lockoutUserWarning = i2;
        this.lockoutAttrName = str2;
        this.lockoutAttrValue = str3;
        this.failureLockoutDuration = j2;
        if (j2 > 0) {
            this.memoryLocking = true;
        }
        this.bundleName = str4;
    }

    public boolean isLockoutEnabled() {
        return this.failureLockoutMode && this.failureLockoutCount > 0 && this.failureLockoutTime > 0;
    }

    public boolean isMemoryLocking() {
        return this.memoryLocking;
    }

    public AccountLockoutInfo invalidPasswd(AMUser aMUser, AccountLockoutInfo accountLockoutInfo) {
        int i;
        String dn = aMUser.getDN();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("userDN : ").append(dn).toString());
            debug.message(new StringBuffer().append("acinfo : ").append(accountLockoutInfo).toString());
        }
        if (accountLockoutInfo != null && accountLockoutInfo.isLockout() && !this.memoryLocking) {
            accountLockoutInfo = null;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (accountLockoutInfo != null) {
            long lastFailTime = accountLockoutInfo.getLastFailTime();
            int failCount = accountLockoutInfo.getFailCount();
            if (lastFailTime + this.failureLockoutTime <= currentTimeMillis) {
                debug.message("restart time and count");
                accountLockoutInfo.setFailCount(1);
                accountLockoutInfo.setLastFailTime(currentTimeMillis);
                i = 1;
            } else if (failCount >= this.failureLockoutCount - 1) {
                i = failCount + 1;
                accountLockoutInfo.setFailCount(i);
                accountLockoutInfo.setLockoutAt(currentTimeMillis);
                if (this.failureLockoutDuration > 0) {
                    accountLockoutInfo.setLockout(true);
                } else {
                    accountLockoutInfo.setLockout(false);
                }
                try {
                    if (debug.messageEnabled()) {
                        debug.message(new StringBuffer().append("lock outuser: userDN=").append(dn).toString());
                        debug.message(new StringBuffer().append("failCount =").append(i).toString());
                        debug.message(new StringBuffer().append("failureLockoutCount=").append(this.failureLockoutCount).toString());
                    }
                    if (aMUser != null && i == this.failureLockoutCount) {
                        String str = null;
                        if (this.memoryLocking) {
                            str = accountLockoutInfo.getUserToken();
                        } else {
                            inactivateUserAccount(aMUser);
                        }
                        if (str == null) {
                            str = dn;
                        }
                        sendLockOutNotice(str);
                        try {
                            this.callbackImpl = AMAuthCallBackImpl.getInstance(aMUser.getOrganizationDN());
                        } catch (AMException e) {
                            if (debug.getState() >= 1) {
                                debug.error("invalidPasswd : unable to get org DN for current user.", e);
                            }
                        } catch (SSOException e2) {
                            if (debug.getState() >= 1) {
                                debug.error("invalidPasswd : unable to get org DN for current user.", e2);
                            }
                        } catch (AMAuthCallBackException e3) {
                            if (debug.getState() >= 1) {
                                debug.error("invalidPasswd : unable to get AMAuthCallBackImpl instance", e3);
                            }
                        }
                        this.callbackImpl.processedAccounttLockout(new Long(currentTimeMillis), str);
                    }
                } catch (AMAuthCallBackException e4) {
                    if (debug.getState() >= 1) {
                        debug.error("invalidPasswd : error from callback module", e4);
                    }
                } catch (Exception e5) {
                    debug.message("Error activating account/sendingnotification ", e5);
                }
            } else {
                i = failCount + 1;
                accountLockoutInfo.setFailCount(i);
            }
        } else {
            debug.message("First failure... :");
            accountLockoutInfo = new AccountLockoutInfo();
            accountLockoutInfo.setFailCount(1);
            accountLockoutInfo.setLastFailTime(currentTimeMillis);
            i = 1;
        }
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("InvalidPasswd: user: userDN =").append(dn).append("\n\tfailCount = ").append(i).append("\n\tloginFailureLockoutCount = ").append(this.failureLockoutCount).append("\n\tloginLockoutUserWarning = ").append(this.lockoutUserWarning).toString());
        }
        setWarningCount(i, this.failureLockoutCount);
        accountLockoutInfo.setWarningCount(this.userWarningCount);
        return accountLockoutInfo;
    }

    public void sendLockOutNotice(String str) {
        if (this.lockoutNotification != null) {
            AMSendMail aMSendMail = new AMSendMail();
            StringTokenizer stringTokenizer = new StringTokenizer(this.lockoutNotification, " ");
            new StringBuffer();
            while (stringTokenizer.hasMoreTokens()) {
                StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), "|");
                String[] strArr = {stringTokenizer2.nextToken()};
                String str2 = null;
                String str3 = null;
                if (stringTokenizer2.hasMoreTokens()) {
                    str2 = stringTokenizer2.nextToken();
                    if (stringTokenizer2.hasMoreTokens()) {
                        str3 = stringTokenizer2.nextToken();
                    }
                }
                ResourceBundle resourceBundle = Locale.getResourceBundle(this.bundleName, str2);
                String string = resourceBundle.getString(FROM_ADDRESS);
                String string2 = resourceBundle.getString(EMAIL_SUBJECT);
                String format = MessageFormat.format(resourceBundle.getString(EMAIL_MESSAGE), str);
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("sendLockOutNotice:lockoutNotification=").append(this.lockoutNotification).append(" toAddress=").append(strArr).toString());
                }
                try {
                    aMSendMail.postMail(strArr, string2, format, string, str3);
                } catch (MessagingException e) {
                    debug.error("cannot email lockout notification:token ", e);
                }
            }
        }
    }

    public boolean isLockedOut(AccountLockoutInfo accountLockoutInfo) {
        boolean isLockout = accountLockoutInfo.isLockout();
        if (debug.messageEnabled()) {
            debug.message(new StringBuffer().append("isLockedOut : ").append(isLockout).toString());
        }
        if (accountLockoutInfo != null && isLockout) {
            long currentTimeMillis = System.currentTimeMillis();
            long lockoutAt = accountLockoutInfo.getLockoutAt();
            if (lockoutAt + this.failureLockoutDuration < currentTimeMillis) {
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("isLockedOut returns false. loginFailureLockoutDuration=").append(this.failureLockoutDuration).append(" lockOutTime=").append(lockoutAt).append(" now=").append(currentTimeMillis).toString());
                }
                isLockout = false;
            }
        }
        return isLockout;
    }

    private void inactivateUserAccount(AMUser aMUser) {
        debug.message("inactivateUseraccount");
        try {
            if (this.lockoutAttrName == null || this.lockoutAttrValue == null) {
                aMUser.setStringAttribute("inetuserstatus", USER_INACTIVE);
            } else {
                aMUser.setStringAttribute(this.lockoutAttrName, this.lockoutAttrValue);
            }
            aMUser.store();
        } catch (Exception e) {
            debug.error("Error inactivating user account");
        }
    }

    private void setWarningCount(int i, int i2) {
        this.userWarningCount = 0;
        if (i >= i2) {
            this.userWarningCount = -1;
        } else {
            if (this.lockoutUserWarning <= 0 || this.lockoutUserWarning >= i2 || i < this.lockoutUserWarning) {
                return;
            }
            this.userWarningCount = i2 - i;
        }
    }

    public boolean isAccountLocked(AMUser aMUser) {
        boolean z = false;
        if (!this.memoryLocking) {
            try {
                if (this.lockoutAttrName == null || this.lockoutAttrValue == null) {
                    if (aMUser.getStringAttribute("inetuserstatus").equals(USER_INACTIVE)) {
                        z = true;
                    }
                } else if (aMUser.getStringAttribute(this.lockoutAttrName).equals(this.lockoutAttrValue)) {
                    z = true;
                }
            } catch (Exception e) {
                debug.error("Error inactivating user account");
            }
        }
        if (debug.messageEnabled()) {
            if (z) {
                debug.message("Account is locked");
            } else {
                debug.message("Account is unlocked");
            }
        }
        return z;
    }
}
