package com.appiancorp.security.auth.forgotpassword;

import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.security.auth.token.UserToken;
import com.appiancorp.security.auth.token.UserTokenValidator;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.AdminSecurityConfiguration;
import com.appiancorp.suiteapi.common.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.personalization.User;
import com.appiancorp.suiteapi.personalization.UserService;
import java.sql.Timestamp;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/appiancorp/security/auth/forgotpassword/ForgotPasswordUserTokenValidator.class */
public class ForgotPasswordUserTokenValidator implements UserTokenValidator {
    private final UserService userService;
    private final AdminSecurityConfiguration adminSecurityConfiguration;
    private final ForgotPasswordUserValidator forgotPasswordUserValidator;
    private final SuiteConfiguration suiteConfiguration;

    public ForgotPasswordUserTokenValidator(UserService userService, AdminSecurityConfiguration adminSecurityConfiguration, ForgotPasswordUserValidator forgotPasswordUserValidator, SuiteConfiguration suiteConfiguration) {
        this.userService = userService;
        this.adminSecurityConfiguration = adminSecurityConfiguration;
        this.forgotPasswordUserValidator = forgotPasswordUserValidator;
        this.suiteConfiguration = suiteConfiguration;
    }

    @Override // com.appiancorp.security.auth.token.UserTokenValidator
    public void validate(UserToken userToken) throws Exception {
        validateForgotPasswordFeatureEnabled();
        validateHostname(userToken.getHostname());
        validateTokenTime(userToken.getTokenTime().longValue());
        String username = userToken.getUsername();
        try {
            User user = (User) SpringSecurityContextHelper.runAsAdmin(() -> {
                return this.userService.getUser(username);
            });
            this.forgotPasswordUserValidator.validate(user);
            validatePasswordHasNotBeenChangedSinceTokenCreation(user, userToken.getTokenTime().longValue());
        } catch (InvalidUserException e) {
            throw new ForgotPasswordException("Encountered an error trying to get a User for: " + username, (Exception) e);
        }
    }

    private void validateForgotPasswordFeatureEnabled() throws ForgotPasswordException {
        if (!this.adminSecurityConfiguration.isForgotPasswordEnabled().booleanValue()) {
            throw new ForgotPasswordException("Forgot Password feature is disabled");
        }
    }

    private void validateHostname(String str) throws ForgotPasswordException {
        if (!this.suiteConfiguration.getServerAndPort().equalsIgnoreCase(str)) {
            throw new ForgotPasswordException("Token is from the incorrect host: " + str);
        }
    }

    private void validateTokenTime(long j) throws ForgotPasswordException {
        long millis = j + TimeUnit.MINUTES.toMillis(this.adminSecurityConfiguration.getForgotPasswordTokenDurationInMinutes().intValue());
        if (millis < System.currentTimeMillis()) {
            throw new ForgotPasswordException("Token expired at: " + millis);
        }
        if (j > System.currentTimeMillis()) {
            throw new ForgotPasswordException("Token is from the future: " + j);
        }
    }

    private void validatePasswordHasNotBeenChangedSinceTokenCreation(User user, long j) throws ForgotPasswordException {
        Timestamp passwordModified = user.getPasswordModified();
        if (passwordModified == null) {
            return;
        }
        long time = passwordModified.getTime();
        if (time > j) {
            throw new ForgotPasswordException("User " + user.getUsername() + " changed password since token was sent. Password changed at " + time + ", token sent at " + j);
        }
    }
}
