package org.apache.iotdb.db.security;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.security.Principal;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.security.sasl.AuthenticationException;
import org.apache.iotdb.db.utils.AuthUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/security/LoginCacheManager.class */
public final class LoginCacheManager {
    private static final Logger LOG = LoggerFactory.getLogger(LoginCacheManager.class);
    private static final int MAX_SIZE = 1000;
    private final Cache<String, LoginUserInfo> userPassWordCache;
    private final Cache<String, Integer> loginFailTimes = CacheBuilder.newBuilder().maximumSize(1000).build();
    private final Cache<String, Boolean> lockupUser;
    private int lockupTimes;
    private int lockupDuration;
    private int cacheTTL;
    private boolean lockupEnabled;

    public LoginCacheManager(LoginManagerConfig loginManagerConfig) {
        this.lockupTimes = loginManagerConfig.getLockupMaxTimes();
        this.lockupDuration = loginManagerConfig.getLockupDuration();
        this.cacheTTL = loginManagerConfig.getCacheTtl();
        this.lockupEnabled = loginManagerConfig.isLockupEnabled();
        this.userPassWordCache = CacheBuilder.newBuilder().maximumSize(1000L).expireAfterAccess(this.cacheTTL, TimeUnit.SECONDS).build();
        this.lockupUser = CacheBuilder.newBuilder().maximumSize(1000L).expireAfterAccess(this.lockupDuration, TimeUnit.SECONDS).build();
    }

    private synchronized void recordSuccess(String str, String str2, Principal principal) {
        if (this.cacheTTL > 0) {
            this.userPassWordCache.put(str, new LoginUserInfo(str, str2, principal));
        }
    }

    private synchronized void recordFail(String str) {
        if (this.lockupEnabled) {
            Integer num = (Integer) this.loginFailTimes.getIfPresent(str);
            if (num == null) {
                this.loginFailTimes.put(str, 1);
                return;
            }
            Integer valueOf = Integer.valueOf(num.intValue() + 1);
            if (valueOf.intValue() < this.lockupTimes) {
                this.loginFailTimes.put(str, valueOf);
            } else {
                this.lockupUser.put(str, Boolean.TRUE);
                this.loginFailTimes.invalidate(str);
            }
        }
    }

    private synchronized Optional<LoginUserInfo> getCachePassWord(String str) {
        LoginUserInfo loginUserInfo = (LoginUserInfo) this.userPassWordCache.getIfPresent(str);
        return loginUserInfo == null ? Optional.empty() : Optional.of(loginUserInfo);
    }

    public synchronized boolean isUserLockUp(String str) {
        return this.lockupUser.getIfPresent(str) != null;
    }

    public void recordFailQuietly(String str) {
        try {
            recordFail(str);
            LOG.debug("Recording fail login to cache, user is {}", str);
        } catch (Exception e) {
            LOG.error("Failed to record a failed login to cache", e);
        }
    }

    public void addUserToCacheQuietly(String str, String str2, Principal principal) {
        try {
            recordSuccess(str, AuthUtils.encryptPassword(str2), principal);
            LOG.debug("Recording success login to cache, user is {}", str);
            this.loginFailTimes.invalidate(str);
        } catch (Exception e) {
            LOG.error("Failed to record a success login to cache", e);
        }
    }

    public Optional<Principal> getPrincipalIfPresent(String str, String str2) throws AuthenticationException {
        Optional<LoginUserInfo> cachePassWord = getCachePassWord(str);
        if (!cachePassWord.isPresent()) {
            return Optional.empty();
        }
        try {
            LoginUserInfo loginUserInfo = cachePassWord.get();
            if (AuthUtils.validatePassword(str2, loginUserInfo.getEncryptPassWord())) {
                return loginUserInfo.getPrincipal() == null ? Optional.empty() : Optional.of(loginUserInfo.getPrincipal());
            }
            throw new AuthenticationException("user or password incorrect.");
        } catch (Exception e) {
            return Optional.empty();
        }
    }
}
