package com.techempower.gemini.pyxis;

import com.techempower.data.ConnectionMonitor;
import com.techempower.data.DatabaseAffinity;
import com.techempower.gemini.Context;
import com.techempower.gemini.GeminiApplication;
import com.techempower.gemini.ResponseCookie;
import com.techempower.gemini.manager.BasicManager;
import com.techempower.gemini.pyxis.listener.EmptySecurityListener;
import com.techempower.gemini.pyxis.password.PasswordProposal;
import com.techempower.helper.DateHelper;
import com.techempower.helper.StringHelper;
import com.techempower.helper.ThreadHelper;
import com.techempower.scheduler.ScheduledEvent;
import com.techempower.scheduler.Scheduler;
import com.techempower.util.EnhancedProperties;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.Calendar;
import java.util.Objects;
import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/techempower/gemini/pyxis/LoginTokenManager.class */
public class LoginTokenManager extends BasicManager<GeminiApplication> {
    private static final int TOKEN_DIGITS = 30;
    private static final String DEFAULT_DATABASE_TABLE_NAME = "logintoken";
    private static final boolean DEFAULT_COOKIE_SECURE = true;
    private static final int DEFAULT_COOKIE_EXPIRATION_IN_DAYS = 5;
    private static final int DEFAULT_MAX_TOKENS_PER_USER = 50;
    private static final boolean DEFAULT_PURGE_EVENT_ENABLED = true;
    private static final int DEFAULT_PURGE_EVENT_MAX_TOKEN_AGE_IN_DAYS = 365;
    private static final int DEFAULT_PURGE_EVENT_INTERVAL_IN_DAYS = 5;
    private static final int DEFAULT_PURGE_EVENT_HOUR = 5;
    private static final int DEFAULT_PURGE_EVENT_MINUTE = 30;
    private static final boolean DEFAULT_ONE_TIME_USE_TOKENS = true;
    private String databaseTableName;
    private boolean cookieSecure;
    private int maxTokensPerUser;
    private int tokenExpirationInDays;
    private boolean purgeEventEnabled;
    private int purgeEventMaxTokenAgeInDays;
    private int purgeEventIntervalInDays;
    private int purgeEventHour;
    private int purgeEventMinute;
    private boolean oneTimeUseTokens;
    private final PurgeEvent purgeEvent;
    private final ClearTokensOnPasswordChange clearTokenListener;
    private final Logger log;

    /* loaded from: input_file:com/techempower/gemini/pyxis/LoginTokenManager$ClearTokensOnPasswordChange.class */
    private final class ClearTokensOnPasswordChange extends EmptySecurityListener {
        private ClearTokensOnPasswordChange() {
        }

        @Override // com.techempower.gemini.pyxis.listener.EmptySecurityListener, com.techempower.gemini.pyxis.listener.SecurityListener
        public void passwordChanged(PasswordProposal passwordProposal) {
            LoginTokenManager.this.clearAllTokensForUser(passwordProposal.username);
        }
    }

    /* loaded from: input_file:com/techempower/gemini/pyxis/LoginTokenManager$PurgeEvent.class */
    private final class PurgeEvent extends ScheduledEvent {
        private PurgeEvent() {
            super("Login Token Purge Event", "Periodically removes old authentication tokens from the data store.");
        }

        @Override // com.techempower.scheduler.ScheduledEvent
        public long getDefaultScheduledTime() {
            Calendar startOfDay = DateHelper.getStartOfDay();
            startOfDay.add(6, LoginTokenManager.this.purgeEventIntervalInDays);
            startOfDay.set(11, LoginTokenManager.this.purgeEventHour);
            startOfDay.set(12, LoginTokenManager.this.purgeEventMinute);
            return startOfDay.getTimeInMillis();
        }

        @Override // com.techempower.scheduler.ScheduledEvent
        public boolean requiresOwnThread() {
            return true;
        }

        @Override // com.techempower.scheduler.ScheduledEvent
        public void execute(Scheduler scheduler, boolean z) {
            try {
                try {
                    LoginTokenManager.this.purgeTokens(LoginTokenManager.this.purgeEventMaxTokenAgeInDays);
                    scheduler.scheduleEvent(this, getDefaultScheduledTime());
                } catch (SQLException e) {
                    LoginTokenManager.this.log.warn("{} had an exception during scheduled execution.", getName(), e);
                    scheduler.scheduleEvent(this, getDefaultScheduledTime());
                }
            } catch (Throwable th) {
                scheduler.scheduleEvent(this, getDefaultScheduledTime());
                throw th;
            }
        }
    }

    /* loaded from: input_file:com/techempower/gemini/pyxis/LoginTokenManager$TokenValidation.class */
    public static final class TokenValidation {
        private static final TokenValidation FAILURE = new TokenValidation(false, null);
        private final boolean valid;
        private final String username;

        private TokenValidation(boolean z, String str) {
            this.valid = z;
            this.username = str;
        }

        public boolean isValid() {
            return this.valid;
        }

        public String getUsername() {
            return this.username;
        }

        public boolean isAttempt() {
            return this.username != null;
        }

        public String toString() {
            return "TokenValidation [" + this.username + "; " + (this.valid ? "valid" : "invalid") + "]";
        }
    }

    public LoginTokenManager(GeminiApplication geminiApplication) {
        super(geminiApplication);
        this.databaseTableName = DEFAULT_DATABASE_TABLE_NAME;
        this.cookieSecure = true;
        this.maxTokensPerUser = 50;
        this.tokenExpirationInDays = 5;
        this.purgeEventEnabled = true;
        this.purgeEventMaxTokenAgeInDays = DEFAULT_PURGE_EVENT_MAX_TOKEN_AGE_IN_DAYS;
        this.purgeEventIntervalInDays = 5;
        this.purgeEventHour = 5;
        this.purgeEventMinute = 30;
        this.oneTimeUseTokens = true;
        this.log = LoggerFactory.getLogger(getClass());
        this.purgeEvent = new PurgeEvent();
        this.clearTokenListener = new ClearTokensOnPasswordChange();
    }

    @Override // com.techempower.gemini.manager.BasicManager, com.techempower.util.Configurable
    public void configure(EnhancedProperties enhancedProperties) {
        Objects.requireNonNull(enhancedProperties);
        security().removeListener(this.clearTokenListener);
        security().addListener(this.clearTokenListener);
        EnhancedProperties.Focus focus = enhancedProperties.focus("LoginTokenManager.");
        this.databaseTableName = focus.get("DatabaseTableName", DEFAULT_DATABASE_TABLE_NAME);
        this.cookieSecure = focus.getBoolean("CookieSecure", true);
        this.maxTokensPerUser = focus.getInt("MaxTokensPerUser", 50, 1, Integer.MAX_VALUE);
        if (focus.has("MaxTokenAgeInDays")) {
            this.tokenExpirationInDays = focus.getInt("MaxTokenAgeInDays", DEFAULT_PURGE_EVENT_MAX_TOKEN_AGE_IN_DAYS, 0, Integer.MAX_VALUE);
            this.log.info("LoginTokenManager.MaxTokenAgeInDays is deprecated. Use LoginTokenManager.TokenExpirationInDays instead.");
        }
        this.tokenExpirationInDays = focus.getInt("TokenExpirationInDays", DEFAULT_PURGE_EVENT_MAX_TOKEN_AGE_IN_DAYS, 0, Integer.MAX_VALUE);
        this.purgeEventEnabled = focus.getBoolean("PurgeEvent.Enabled", true);
        this.purgeEventMaxTokenAgeInDays = focus.getInt("PurgeEvent.MaxTokenAgeInDays", DEFAULT_PURGE_EVENT_MAX_TOKEN_AGE_IN_DAYS, 0, Integer.MAX_VALUE);
        this.purgeEventIntervalInDays = focus.getInt("PurgeEvent.IntervalInDays", 5, 1, Integer.MAX_VALUE);
        this.purgeEventHour = focus.getInt("PurgeEvent.Hour", 5, 0, 23);
        this.purgeEventMinute = focus.getInt("PurgeEvent.Minute", 30, 0, 59);
        this.oneTimeUseTokens = focus.getBoolean("OneTimeUseTokens", true);
        app().getScheduler().removeEvent(this.purgeEvent);
        if (this.purgeEventEnabled) {
            app().getScheduler().scheduleEvent(this.purgeEvent);
        }
        this.log.info("Configured {}", this);
    }

    @Override // com.techempower.gemini.manager.BasicManager
    public String toString() {
        return String.format("%s{databaseTableName=%s, cookieSecure=%s, oneTimeUseTokens=%s, tokenExpirationInDays=%s, maxTokensPerUser=%s, purgeEventEnabled=%s, purgeEventMaxTokenAgeInDays=%s, purgeEventIntervalInDays=%s, purgeEventHour=%s, purgeEventMinute=%s}", getClass().getSimpleName(), this.databaseTableName, Boolean.valueOf(this.cookieSecure), Boolean.valueOf(this.oneTimeUseTokens), Integer.valueOf(this.tokenExpirationInDays), Integer.valueOf(this.maxTokensPerUser), Boolean.valueOf(this.purgeEventEnabled), Integer.valueOf(this.purgeEventMaxTokenAgeInDays), Integer.valueOf(this.purgeEventIntervalInDays), Integer.valueOf(this.purgeEventHour), Integer.valueOf(this.purgeEventMinute));
    }

    private String enquote(String str) {
        Objects.requireNonNull(str);
        String identifierQuoteString = app().getConnectorFactory().getIdentifierQuoteString();
        return identifierQuoteString + str + identifierQuoteString;
    }

    private String generateToken() {
        return StringHelper.secureRandomString.alphanumeric(30);
    }

    private String generateCookieValue(String str, String str2) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        return str + "|" + str2;
    }

    private String generateTokenHash(String str, String str2) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        return BCrypt.hashpw(generateCookieValue(str, str2), BCrypt.gensalt());
    }

    private String generateCookieName() {
        return app().getVersion().getProductCode() + "-automatic-login";
    }

    private String generateTimestamp() {
        return new Timestamp(System.currentTimeMillis()).toString();
    }

    private ResponseCookie generateCookie(String str, String str2) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        ResponseCookie responseCookie = new ResponseCookie(str, str2);
        responseCookie.setAge(this.tokenExpirationInDays * 60 * 60 * 24);
        responseCookie.setPath(app().getInfrastructure().getUrl());
        if (this.cookieSecure) {
            responseCookie.setSecure(true);
        }
        return responseCookie;
    }

    private void purgeTokens(int i) throws SQLException {
        Calendar startOfDay = DateHelper.getStartOfDay();
        startOfDay.add(6, (-1) * i);
        String timestamp = new Timestamp(startOfDay.getTimeInMillis()).toString();
        ConnectionMonitor connectionMonitor = app().getConnectorFactory().getConnectionMonitor();
        try {
            PreparedStatement prepareStatement = connectionMonitor.getConnection().prepareStatement("DELETE FROM " + enquote(this.databaseTableName) + " WHERE " + enquote("created") + " < ?;");
            try {
                prepareStatement.setString(1, timestamp);
                int executeUpdate = prepareStatement.executeUpdate();
                if (prepareStatement != null) {
                    prepareStatement.close();
                }
                if (connectionMonitor != null) {
                    connectionMonitor.close();
                }
                this.log.info("Purged {} stale tokens.", Integer.valueOf(executeUpdate));
            } finally {
            }
        } catch (Throwable th) {
            if (connectionMonitor != null) {
                try {
                    connectionMonitor.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void clearCookie(Context context, PyxisUser pyxisUser) {
        Objects.requireNonNull(context);
        if (pyxisUser != null) {
            this.log.trace("Deleting automatic login cookie for {} [{}].", pyxisUser.getUserUsername(), Long.valueOf(pyxisUser.getId()));
        } else {
            this.log.trace("Deleting automatic login cookie for null user.");
        }
        context.cookies().remove(generateCookieName());
    }

    public void createAndPersistToken(Context context, final String str) {
        Objects.requireNonNull(context);
        Objects.requireNonNull(str);
        final String generateToken = generateToken();
        ThreadHelper.submit(new Runnable() { // from class: com.techempower.gemini.pyxis.LoginTokenManager.1
            @Override // java.lang.Runnable
            public void run() {
                ConnectionMonitor connectionMonitor;
                ConnectionMonitor connectionMonitor2;
                try {
                    connectionMonitor2 = LoginTokenManager.this.app().getConnectorFactory().getConnectionMonitor();
                } catch (SQLException e) {
                    LoginTokenManager.this.log.warn("Error while persisting new token for user: {}", str, e);
                }
                try {
                    PreparedStatement prepareStatement = connectionMonitor2.getConnection().prepareStatement("INSERT INTO " + LoginTokenManager.this.enquote(LoginTokenManager.this.databaseTableName) + " (" + LoginTokenManager.this.enquote("username") + ", " + LoginTokenManager.this.enquote("tokenhash") + ", " + LoginTokenManager.this.enquote("created") + ") VALUES (?, ?, ?);");
                    try {
                        prepareStatement.setString(1, str);
                        prepareStatement.setString(2, LoginTokenManager.this.generateTokenHash(str, generateToken));
                        prepareStatement.setString(3, LoginTokenManager.this.generateTimestamp());
                        prepareStatement.executeUpdate();
                        if (prepareStatement != null) {
                            prepareStatement.close();
                        }
                        if (connectionMonitor2 != null) {
                            connectionMonitor2.close();
                        }
                        if (LoginTokenManager.this.app().getConnectorFactory().getDatabaseAffinity() != DatabaseAffinity.MS_SQL_SERVER) {
                            try {
                                connectionMonitor = LoginTokenManager.this.app().getConnectorFactory().getConnectionMonitor();
                                try {
                                    prepareStatement = connectionMonitor.getConnection().prepareStatement("DELETE FROM " + LoginTokenManager.this.enquote(LoginTokenManager.this.databaseTableName) + " WHERE " + LoginTokenManager.this.enquote("username") + " = ? AND " + LoginTokenManager.this.enquote("created") + " NOT IN (SELECT * FROM (SELECT " + LoginTokenManager.this.enquote("created") + " FROM " + LoginTokenManager.this.enquote(LoginTokenManager.this.databaseTableName) + " WHERE " + LoginTokenManager.this.enquote("username") + "=? ORDER BY " + LoginTokenManager.this.enquote("created") + " DESC LIMIT ?) AS t);");
                                    try {
                                        prepareStatement.setString(1, str);
                                        prepareStatement.setString(2, str);
                                        prepareStatement.setInt(3, LoginTokenManager.this.maxTokensPerUser);
                                        prepareStatement.executeUpdate();
                                        if (prepareStatement != null) {
                                            prepareStatement.close();
                                        }
                                        if (connectionMonitor != null) {
                                            connectionMonitor.close();
                                        }
                                        return;
                                    } finally {
                                    }
                                } finally {
                                }
                            } catch (SQLException e2) {
                                LoginTokenManager.this.log.warn("Error while trimming excess tokens for user: {}", str, e2);
                                return;
                            }
                        }
                        try {
                            connectionMonitor = LoginTokenManager.this.app().getConnectorFactory().getConnectionMonitor();
                            try {
                                prepareStatement = connectionMonitor.getConnection().prepareStatement("DELETE FROM " + LoginTokenManager.this.enquote(LoginTokenManager.this.databaseTableName) + " WHERE " + LoginTokenManager.this.enquote("username") + " = ? AND " + LoginTokenManager.this.enquote("created") + " NOT IN (SELECT TOP " + LoginTokenManager.this.maxTokensPerUser + " " + LoginTokenManager.this.enquote("created") + " FROM " + LoginTokenManager.this.enquote(LoginTokenManager.this.databaseTableName) + " WHERE " + LoginTokenManager.this.enquote("username") + "=? ORDER BY " + LoginTokenManager.this.enquote("created") + " DESC);");
                                try {
                                    prepareStatement.setString(1, str);
                                    prepareStatement.setString(2, str);
                                    prepareStatement.executeUpdate();
                                    if (prepareStatement != null) {
                                        prepareStatement.close();
                                    }
                                    if (connectionMonitor != null) {
                                        connectionMonitor.close();
                                    }
                                } finally {
                                }
                            } finally {
                                if (connectionMonitor != null) {
                                    try {
                                        connectionMonitor.close();
                                    } catch (Throwable th) {
                                        th.addSuppressed(th);
                                    }
                                }
                            }
                        } catch (SQLException e3) {
                            LoginTokenManager.this.log.warn("Error while trimming excess tokens for user: {}", str, e3);
                        }
                    } finally {
                        if (prepareStatement != null) {
                            try {
                                prepareStatement.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                    }
                } finally {
                    if (connectionMonitor2 != null) {
                        try {
                            connectionMonitor2.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    }
                }
            }
        });
        context.cookies().put(generateCookie(generateCookieName(), generateCookieValue(str, generateToken)));
    }

    public void clearAllTokensForUser(final String str) {
        Objects.requireNonNull(str);
        ThreadHelper.submit(new Runnable() { // from class: com.techempower.gemini.pyxis.LoginTokenManager.2
            @Override // java.lang.Runnable
            public void run() {
                LoginTokenManager.this.log.debug("Clearing all cookie login tokens for {}.", str);
                try {
                    ConnectionMonitor connectionMonitor = LoginTokenManager.this.app().getConnectorFactory().getConnectionMonitor();
                    try {
                        PreparedStatement prepareStatement = connectionMonitor.getConnection().prepareStatement("DELETE FROM " + LoginTokenManager.this.enquote(LoginTokenManager.this.databaseTableName) + " WHERE " + LoginTokenManager.this.enquote("username") + " = ?;");
                        try {
                            prepareStatement.setString(1, str);
                            prepareStatement.executeUpdate();
                            if (prepareStatement != null) {
                                prepareStatement.close();
                            }
                            if (connectionMonitor != null) {
                                connectionMonitor.close();
                            }
                        } catch (Throwable th) {
                            if (prepareStatement != null) {
                                try {
                                    prepareStatement.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } finally {
                    }
                } catch (SQLException e) {
                    LoginTokenManager.this.log.warn("Error while clearing tokens for user: {}", str, e);
                }
            }
        });
    }

    public TokenValidation validateAndUpdateToken(Context context) throws SQLException {
        Objects.requireNonNull(context);
        String generateCookieName = generateCookieName();
        String value = context.cookies().getValue(generateCookieName);
        if (value == null) {
            return TokenValidation.FAILURE;
        }
        int indexOf = value.indexOf(124);
        if (indexOf < 0 || indexOf == value.length() - 1) {
            this.log.debug("Prompting client to remove improperly formatted login token.");
            context.cookies().remove(generateCookieName);
            return TokenValidation.FAILURE;
        }
        String substring = value.substring(0, indexOf);
        ConnectionMonitor connectionMonitor = app().getConnectorFactory().getConnectionMonitor();
        try {
            PreparedStatement prepareStatement = connectionMonitor.getConnection().prepareStatement("SELECT " + enquote("id") + ", " + enquote("username") + ", " + enquote("tokenhash") + ", " + enquote("created") + " FROM " + enquote(this.databaseTableName) + " WHERE " + enquote("username") + " = ?;", 1003, 1008);
            try {
                prepareStatement.setString(1, substring);
                ResultSet executeQuery = prepareStatement.executeQuery();
                while (executeQuery.next()) {
                    try {
                        if (BCrypt.checkpw(value, executeQuery.getString("tokenhash"))) {
                            if (this.oneTimeUseTokens) {
                                String generateToken = generateToken();
                                executeQuery.updateString(3, generateTokenHash(substring, generateToken));
                                executeQuery.updateString(4, generateTimestamp());
                                executeQuery.updateRow();
                                context.cookies().put(generateCookie(generateCookieName, generateCookieValue(substring, generateToken)));
                            }
                            TokenValidation tokenValidation = new TokenValidation(true, substring);
                            if (executeQuery != null) {
                                executeQuery.close();
                            }
                            if (prepareStatement != null) {
                                prepareStatement.close();
                            }
                            if (connectionMonitor != null) {
                                connectionMonitor.close();
                            }
                            return tokenValidation;
                        }
                    } catch (Throwable th) {
                        if (executeQuery != null) {
                            try {
                                executeQuery.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                if (executeQuery != null) {
                    executeQuery.close();
                }
                if (prepareStatement != null) {
                    prepareStatement.close();
                }
                if (connectionMonitor != null) {
                    connectionMonitor.close();
                }
                this.log.debug("Prompting client to remove invalid token for {}.", substring);
                context.cookies().remove(generateCookieName);
                return new TokenValidation(false, substring);
            } catch (Throwable th3) {
                if (prepareStatement != null) {
                    try {
                        prepareStatement.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        } catch (Throwable th5) {
            if (connectionMonitor != null) {
                try {
                    connectionMonitor.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }
}
