package com.adobe.idp.um.api;

import com.adobe.idp.common.errors.exception.IDPException;
import com.adobe.idp.common.errors.exception.IDPLoggedException;
import com.adobe.idp.common.infomodel.StoreId;
import com.adobe.idp.storeprovider.spi.StoreProvider;
import com.adobe.idp.taskmanager.dsc.client.task.TaskManagerConstants;
import com.adobe.idp.um.api.infomodel.Principal;
import com.adobe.idp.um.api.infomodel.PrincipalReference;
import com.adobe.idp.um.api.infomodel.User;
import com.adobe.idp.um.businesslogic.authentication.SPProxy;
import com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManager;
import com.adobe.idp.um.config.util.UMConfigManager;
import com.adobe.idp.um.dpl.DirectoryFactory;
import com.adobe.idp.um.entity.PrincipalEntity;
import com.adobe.idp.um.server.cache.UMCacheManager;
import com.adobe.idp.um.util.EJBUtil;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/adobe/idp/um/api/UMAuthenticationUtil.class */
public class UMAuthenticationUtil {
    public static final String authenticatedUserKey = "AUTHENTICATED_USER_KEY";
    public static final String storageProviderKey = "STORAGE_PROVIDER_KEY";
    public static final String preAuthUserKey = "PRE_AUTH_USER_KEY";
    public static final String provisionedUserListKey = "PROVISIONED_USER_LIST_KEY";
    public static final String authProviderTokens = "AUTH_PROVIDER_SPECIFIC_TOKENS";
    public static final String authProviderReturnTokens = "AUTH_PROVIDER_RETURN_TOKENS";

    public static User getPrincipal(String str, String str2) throws IDPException {
        DirectoryServicesManager directoryServicesManager = null;
        try {
            try {
                directoryServicesManager = EJBUtil.getDirectoryServicesManagerDefaultHome().create();
                User expandedAuthenticatedUser = directoryServicesManager.getExpandedAuthenticatedUser(str2, str, 2);
                EJBUtil.removeLocalEJBObject(directoryServicesManager);
                return expandedAuthenticatedUser;
            } catch (Exception e) {
                throw new IDPException("AuthenticationManagerBean", 12803, "Exception while getting principal from Directory manager", e);
            }
        } catch (Throwable th) {
            EJBUtil.removeLocalEJBObject(directoryServicesManager);
            throw th;
        }
    }

    public static User validateAuthenticatedPrincipal(Map map, String str, String str2) throws IDPException {
        Object obj = UMCacheManager.get(UMCacheConstants.principalCache, "" + str.toUpperCase() + TaskManagerConstants.VERSION_DELIMITER + str2);
        User principal = (obj == null || !((obj instanceof Principal) || (obj instanceof PrincipalReference))) ? getPrincipal(str, str2) : (User) obj;
        SPProxy sPProxy = (SPProxy) map.get(storageProviderKey);
        Set set = (Set) map.get(preAuthUserKey);
        if (set != null) {
            set.add(principal);
        }
        checkUserStatus(sPProxy, principal);
        return principal;
    }

    public static void checkUserStatus(StoreProvider storeProvider, User user) throws IDPException {
        checkUserStatus(new SPProxy(storeProvider), user);
    }

    public static void checkUserStatus(SPProxy sPProxy, User user) throws IDPException {
        PrincipalEntity findPrincipalEntity;
        checkUserState(user);
        Object obj = UMCacheManager.get(UMCacheConstants.principalEntityCache, user.getOid());
        if (obj == null || !(obj instanceof PrincipalEntity)) {
            findPrincipalEntity = DirectoryFactory.findPrincipalEntity(sPProxy.getSP(), new StoreId(user.getOid()));
            UMCacheManager.put(UMCacheConstants.principalEntityCache, user.getOid(), findPrincipalEntity);
        } else {
            findPrincipalEntity = (PrincipalEntity) obj;
        }
        if (!user.isLocked()) {
            if (findPrincipalEntity.getCountAuthFailure() > 0) {
                findPrincipalEntity.setCountAuthFailure(0);
                findPrincipalEntity.setLocked(false);
                sPProxy.getSP().save(findPrincipalEntity);
                UMCacheManager.invalidate(UMCacheConstants.principalEntityCache, user.getOid());
                return;
            }
            return;
        }
        Date timestampLastAuthFailure = findPrincipalEntity.getTimestampLastAuthFailure();
        if (timestampLastAuthFailure == null) {
            findPrincipalEntity.setCountAuthFailure(0);
            findPrincipalEntity.setLocked(false);
            sPProxy.getSP().save(findPrincipalEntity);
            return;
        }
        Calendar calendar = Calendar.getInstance();
        int accountUnLockMinutes = UMConfigManager.getAccountUnLockMinutes();
        calendar.setTime(timestampLastAuthFailure);
        calendar.add(12, accountUnLockMinutes);
        if (Calendar.getInstance().before(calendar)) {
            throw new IDPLoggedException("AuthenticationManagerBean", 12816, "Account of  " + user.getUserid() + " is locked because of too many unsuccessful attempts", true);
        }
        findPrincipalEntity.setCountAuthFailure(0);
        findPrincipalEntity.setLocked(false);
        sPProxy.getSP().save(findPrincipalEntity);
        String oid = user.getOid();
        String str = "" + user.getUserid().toUpperCase() + TaskManagerConstants.VERSION_DELIMITER + user.getDomainName();
        String str2 = "" + user.getCanonicalName().toUpperCase() + TaskManagerConstants.VERSION_DELIMITER + user.getDomainName();
        UMCacheManager.invalidate(UMCacheConstants.shallowPrincipalCache, oid);
        UMCacheManager.invalidate(UMCacheConstants.emailAliasCache, oid.toString());
        UMCacheManager.invalidate(UMCacheConstants.principalCache, oid);
        UMCacheManager.invalidate(UMCacheConstants.principalCache, str);
        UMCacheManager.invalidate(UMCacheConstants.principalCache, str2);
        UMCacheManager.invalidate(UMCacheConstants.principalEntityCache, oid);
    }

    public static void checkUserState(User user) throws IDPLoggedException {
        if ("OBSOLETE".equals(user.getStatus())) {
            throw new IDPLoggedException("AuthenticationManagerBean", 12817, "The user " + user.getUserid() + " is marked as Obsolete", true);
        }
        if (user.isDisabled()) {
            throw new IDPLoggedException("AuthenticationManagerBean", 12818, "The user " + user.getUserid() + " is disabled", true);
        }
    }

    public static boolean isUserStateValid(User user) {
        return ("OBSOLETE".equals(user.getStatus()) || user.isDisabled()) ? false : true;
    }
}
