package com.hack23.cia.service.impl.action.application.access;

import com.hack23.cia.model.internal.application.system.impl.ApplicationActionEvent_;
import com.hack23.cia.model.internal.application.system.impl.ApplicationConfiguration;
import com.hack23.cia.model.internal.application.system.impl.ApplicationOperationType;
import com.hack23.cia.model.internal.application.system.impl.ApplicationSession;
import com.hack23.cia.model.internal.application.system.impl.ApplicationSession_;
import com.hack23.cia.model.internal.application.system.impl.ConfigurationGroup;
import com.hack23.cia.model.internal.application.user.impl.UserAccount_;
import com.hack23.cia.service.api.action.common.ServiceResponse;
import com.hack23.cia.service.data.api.ApplicationActionEventDAO;
import com.hack23.cia.service.data.api.ApplicationConfigurationService;
import com.hack23.cia.service.data.api.ApplicationSessionDAO;
import com.hack23.cia.service.data.api.UserDAO;
import com.hack23.cia.service.impl.action.application.access.LoginBlockedAccess;
import java.util.Date;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.persistence.metamodel.SingularAttribute;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Transactional(propagation = Propagation.REQUIRED)
@Service
/* loaded from: input_file:com/hack23/cia/service/impl/action/application/access/LoginBlockedAccessImpl.class */
public final class LoginBlockedAccessImpl implements LoginBlockedAccess {
    private static final int DEFAULT_MAX_LOGINS = 5;
    private static final int DEFAULT_MAX_LOGINS_BY_IP = 10;
    private static final int ONE_HOUR = 3600000;
    private static final String DEFAULT_MAX_LOGIN_ATTEMPTS = "5";
    private static final String APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_IP = "application.authentication.allow.max.recent.failed.logins.by.ip";
    private static final String APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_SESSION = "application.authentication.allow.max.recent.failed.logins.by.session";
    private static final String BLOCKS_LOGIN_ATTEMPTS = "Blocks login attempts";
    private static final String LOGIN_BLOCKER = "LoginBlocker";
    private static final String MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_IP = "Max failed login attempts recent hour per ip";
    private static final String MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_SESSION = "Max failed login attempts recent hour per session";
    private static final String MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_USER = "Max failed login attempts recent hour per user";
    private static final String APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_USER = "application.authentication.allow.max.recent.failed.logins.by.user";
    private static final String BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED = "Blocks any login attempts after this number is reached";
    private static final String LOGIN_BLOCK_SETTINGS = "LoginBlock settings:{}";
    private static final String BLOCKED_BY_MORE_THAN_5_RECENT_LOGIN_ATTEMPTS_BY_THIS_IP = "Blocked by more than 5 recent login attempts by this ip";
    private static final String BLOCKED_BY_MORE_THAN_5_LOGIN_ATTEMPTS_BY_THIS_SESSION = "Blocked by more than 5 login attempts by this session";
    private static final String BLOCKED_BY_MORE_THAN_5_RECENT_LOGIN_ATTEMPTS_BY_THIS_USER = "Blocked by more than 5 recent login attempts by this user";
    private static final Logger LOGGER = LoggerFactory.getLogger(LoginBlockedAccessImpl.class);

    @Autowired
    private UserDAO userDAO;

    @Autowired
    private ApplicationSessionDAO applicationSessionDAO;

    @Autowired
    private ApplicationActionEventDAO applicationActionEventDAO;

    @Autowired
    private ApplicationConfigurationService applicationConfigurationService;

    @PostConstruct
    public void initSettings() {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("system.init", "n/a", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ADMIN"})));
        LOGGER.info(LOGIN_BLOCK_SETTINGS, this.applicationConfigurationService.checkValueOrLoadDefault(MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_USER, BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED, ConfigurationGroup.AUTHENTICATION, LoginBlockedAccessImpl.class.getSimpleName(), LOGIN_BLOCKER, BLOCKS_LOGIN_ATTEMPTS, APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_USER, DEFAULT_MAX_LOGIN_ATTEMPTS));
        LOGGER.info(LOGIN_BLOCK_SETTINGS, this.applicationConfigurationService.checkValueOrLoadDefault(MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_SESSION, BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED, ConfigurationGroup.AUTHENTICATION, LoginBlockedAccessImpl.class.getSimpleName(), LOGIN_BLOCKER, BLOCKS_LOGIN_ATTEMPTS, APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_SESSION, DEFAULT_MAX_LOGIN_ATTEMPTS));
        LOGGER.info(LOGIN_BLOCK_SETTINGS, this.applicationConfigurationService.checkValueOrLoadDefault(MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_IP, BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED, ConfigurationGroup.AUTHENTICATION, LoginBlockedAccessImpl.class.getSimpleName(), LOGIN_BLOCKER, BLOCKS_LOGIN_ATTEMPTS, APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_IP, DEFAULT_MAX_LOGIN_ATTEMPTS));
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
    }

    @Override // com.hack23.cia.service.impl.action.application.access.LoginBlockedAccess
    public LoginBlockedAccess.LoginBlockResult isBlocked(String str, String str2) {
        LoginBlockResultImpl loginBlockResultImpl = new LoginBlockResultImpl();
        blockByUserFailedLoginAttempts(str2, loginBlockResultImpl);
        blockBySessionOrIpFailedLoginAttempts(str, loginBlockResultImpl);
        return loginBlockResultImpl;
    }

    private void blockByUserFailedLoginAttempts(String str, LoginBlockResultImpl loginBlockResultImpl) {
        if (this.userDAO.findFirstByProperty(UserAccount_.email, str) != null) {
            ApplicationConfiguration checkValueOrLoadDefault = this.applicationConfigurationService.checkValueOrLoadDefault(MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_USER, BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED, ConfigurationGroup.AUTHENTICATION, LoginBlockedAccessImpl.class.getSimpleName(), LOGIN_BLOCKER, BLOCKS_LOGIN_ATTEMPTS, APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_USER, DEFAULT_MAX_LOGIN_ATTEMPTS);
            List findListByPropertyBeforeDate = this.applicationActionEventDAO.findListByPropertyBeforeDate(new Date(System.currentTimeMillis() - 3600000), ApplicationActionEvent_.createdDate, new Object[]{str, ApplicationOperationType.AUTHENTICATION, ServiceResponse.ServiceResult.FAILURE.toString()}, new SingularAttribute[]{ApplicationActionEvent_.elementId, ApplicationActionEvent_.applicationOperation, ApplicationActionEvent_.applicationMessage});
            if (findListByPropertyBeforeDate == null || findListByPropertyBeforeDate.size() <= NumberUtils.toInt(checkValueOrLoadDefault.getPropertyValue(), DEFAULT_MAX_LOGINS)) {
                return;
            }
            loginBlockResultImpl.setBlocked(true);
            loginBlockResultImpl.addMessages(BLOCKED_BY_MORE_THAN_5_RECENT_LOGIN_ATTEMPTS_BY_THIS_USER);
        }
    }

    private void blockBySessionOrIpFailedLoginAttempts(String str, LoginBlockResultImpl loginBlockResultImpl) {
        ApplicationSession findFirstByProperty = this.applicationSessionDAO.findFirstByProperty(ApplicationSession_.sessionId, str);
        if (findFirstByProperty != null) {
            if (this.applicationActionEventDAO.findListByProperty(new Object[]{str, ApplicationOperationType.AUTHENTICATION, ServiceResponse.ServiceResult.FAILURE.toString()}, new SingularAttribute[]{ApplicationActionEvent_.sessionId, ApplicationActionEvent_.applicationOperation, ApplicationActionEvent_.applicationMessage}).size() > NumberUtils.toInt(this.applicationConfigurationService.checkValueOrLoadDefault(MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_SESSION, BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED, ConfigurationGroup.AUTHENTICATION, LoginBlockedAccessImpl.class.getSimpleName(), LOGIN_BLOCKER, BLOCKS_LOGIN_ATTEMPTS, APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_SESSION, DEFAULT_MAX_LOGIN_ATTEMPTS).getPropertyValue(), DEFAULT_MAX_LOGINS)) {
                loginBlockResultImpl.setBlocked(true);
                loginBlockResultImpl.addMessages(BLOCKED_BY_MORE_THAN_5_LOGIN_ATTEMPTS_BY_THIS_SESSION);
            }
            List list = this.applicationActionEventDAO.findListByPropertyInList(ApplicationActionEvent_.sessionId, this.applicationSessionDAO.findListByPropertyBeforeDate(new Date(System.currentTimeMillis() - 3600000), ApplicationSession_.createdDate, new Object[]{findFirstByProperty.getIpInformation()}, new SingularAttribute[]{ApplicationSession_.ipInformation}).stream().map((v0) -> {
                return v0.getSessionId();
            }).toList().toArray(new Object[0])).stream().filter(applicationActionEvent -> {
                return applicationActionEvent.getApplicationOperation() == ApplicationOperationType.AUTHENTICATION && applicationActionEvent.getApplicationMessage().equals(ServiceResponse.ServiceResult.FAILURE.toString());
            }).toList();
            ApplicationConfiguration checkValueOrLoadDefault = this.applicationConfigurationService.checkValueOrLoadDefault(MAX_FAILED_LOGIN_ATTEMPTS_RECENT_HOUR_PER_IP, BLOCKS_ANY_LOGIN_ATTEMPTS_AFTER_THIS_NUMBER_IS_REACHED, ConfigurationGroup.AUTHENTICATION, LoginBlockedAccessImpl.class.getSimpleName(), LOGIN_BLOCKER, BLOCKS_LOGIN_ATTEMPTS, APPLICATION_AUTHENTICATION_ALLOW_MAX_RECENT_FAILED_LOGINS_BY_IP, DEFAULT_MAX_LOGIN_ATTEMPTS);
            if (list == null || list.size() <= NumberUtils.toInt(checkValueOrLoadDefault.getPropertyValue(), DEFAULT_MAX_LOGINS_BY_IP)) {
                return;
            }
            loginBlockResultImpl.setBlocked(true);
            loginBlockResultImpl.addMessages(BLOCKED_BY_MORE_THAN_5_RECENT_LOGIN_ATTEMPTS_BY_THIS_IP);
        }
    }
}
