package org.apache.james.imap.processor;

import com.google.common.base.Preconditions;
import java.util.Optional;
import org.apache.james.imap.api.ImapCommand;
import org.apache.james.imap.api.ImapSessionUtils;
import org.apache.james.imap.api.display.HumanReadableText;
import org.apache.james.imap.api.message.request.ImapRequest;
import org.apache.james.imap.api.message.response.StatusResponseFactory;
import org.apache.james.imap.api.process.ImapProcessor;
import org.apache.james.imap.api.process.ImapSession;
import org.apache.james.imap.main.PathConverter;
import org.apache.james.mailbox.MailboxManager;
import org.apache.james.mailbox.MailboxSession;
import org.apache.james.mailbox.exception.BadCredentialsException;
import org.apache.james.mailbox.exception.MailboxException;
import org.apache.james.mailbox.exception.MailboxExistsException;
import org.apache.james.mailbox.exception.NotAdminException;
import org.apache.james.mailbox.exception.UserDoesNotExistException;
import org.apache.james.mailbox.model.MailboxPath;
import org.apache.james.metrics.api.MetricFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/protocols-imap-3.3.0.jar:org/apache/james/imap/processor/AbstractAuthProcessor.class */
public abstract class AbstractAuthProcessor<M extends ImapRequest> extends AbstractMailboxProcessor<M> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractAuthProcessor.class);
    private static final String ATTRIBUTE_NUMBER_OF_FAILURES = "org.apache.james.imap.processor.imap4rev1.NUMBER_OF_FAILURES";
    private static final int MAX_FAILURES = 3;

    /* loaded from: input_file:WEB-INF/lib/protocols-imap-3.3.0.jar:org/apache/james/imap/processor/AbstractAuthProcessor$AuthenticationAttempt.class */
    protected static class AuthenticationAttempt {
        private final Optional<String> delegateUserName;
        private final String authenticationId;
        private final String password;

        public AuthenticationAttempt(Optional<String> optional, String str, String str2) {
            this.delegateUserName = optional;
            this.authenticationId = str;
            this.password = str2;
        }

        public boolean isDelegation() {
            return this.delegateUserName.isPresent() && !this.delegateUserName.get().equals(this.authenticationId);
        }

        public Optional<String> getDelegateUserName() {
            return this.delegateUserName;
        }

        public String getAuthenticationId() {
            return this.authenticationId;
        }

        public String getPassword() {
            return this.password;
        }
    }

    public AbstractAuthProcessor(Class<M> cls, ImapProcessor imapProcessor, MailboxManager mailboxManager, StatusResponseFactory statusResponseFactory, MetricFactory metricFactory) {
        super(cls, imapProcessor, mailboxManager, statusResponseFactory, metricFactory);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doAuth(AuthenticationAttempt authenticationAttempt, ImapSession imapSession, String str, ImapCommand imapCommand, ImapProcessor.Responder responder, HumanReadableText humanReadableText) {
        Preconditions.checkArgument(!authenticationAttempt.isDelegation());
        try {
            boolean z = false;
            if (authenticationAttempt.getAuthenticationId() == null) {
                z = true;
            }
            if (!z) {
                MailboxManager mailboxManager = getMailboxManager();
                try {
                    MailboxSession login = mailboxManager.login(authenticationAttempt.getAuthenticationId(), authenticationAttempt.getPassword());
                    imapSession.authenticated();
                    imapSession.setAttribute(ImapSessionUtils.MAILBOX_SESSION_ATTRIBUTE_SESSION_KEY, login);
                    provisionInbox(imapSession, mailboxManager, login);
                    okComplete(imapCommand, str, responder);
                } catch (BadCredentialsException e) {
                    z = true;
                }
            }
            if (z) {
                manageFailureCount(imapSession, str, imapCommand, responder, humanReadableText);
            }
        } catch (MailboxException e2) {
            LOGGER.error("Error encountered while login", (Throwable) e2);
            no(imapCommand, str, responder, HumanReadableText.GENERIC_FAILURE_DURING_PROCESSING);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doAuthWithDelegation(AuthenticationAttempt authenticationAttempt, ImapSession imapSession, String str, ImapCommand imapCommand, ImapProcessor.Responder responder, HumanReadableText humanReadableText) {
        Preconditions.checkArgument(authenticationAttempt.isDelegation());
        try {
            boolean z = false;
            if (authenticationAttempt.getAuthenticationId() == null) {
                z = true;
            }
            if (!z) {
                MailboxManager mailboxManager = getMailboxManager();
                try {
                    MailboxSession loginAsOtherUser = mailboxManager.loginAsOtherUser(authenticationAttempt.getAuthenticationId(), authenticationAttempt.getPassword(), authenticationAttempt.getDelegateUserName().get());
                    imapSession.authenticated();
                    imapSession.setAttribute(ImapSessionUtils.MAILBOX_SESSION_ATTRIBUTE_SESSION_KEY, loginAsOtherUser);
                    provisionInbox(imapSession, mailboxManager, loginAsOtherUser);
                    okComplete(imapCommand, str, responder);
                } catch (BadCredentialsException e) {
                    z = true;
                }
            }
            if (z) {
                manageFailureCount(imapSession, str, imapCommand, responder, humanReadableText);
            }
        } catch (NotAdminException e2) {
            LOGGER.info("User {} is not an admin", authenticationAttempt.getDelegateUserName(), e2);
            no(imapCommand, str, responder, HumanReadableText.NOT_AN_ADMIN);
        } catch (UserDoesNotExistException e3) {
            LOGGER.info("User {} does not exist", authenticationAttempt.getAuthenticationId(), e3);
            no(imapCommand, str, responder, HumanReadableText.USER_DOES_NOT_EXIST);
        } catch (MailboxException e4) {
            LOGGER.info("Login failed", (Throwable) e4);
            no(imapCommand, str, responder, HumanReadableText.GENERIC_FAILURE_DURING_PROCESSING);
        }
    }

    private void provisionInbox(ImapSession imapSession, MailboxManager mailboxManager, MailboxSession mailboxSession) throws MailboxException {
        MailboxPath buildFullPath = PathConverter.forSession(imapSession).buildFullPath("INBOX");
        if (mailboxManager.mailboxExists(buildFullPath, mailboxSession)) {
            LOGGER.debug("INBOX exists. No need to create it.");
            return;
        }
        try {
            LOGGER.info("Provisioning INBOX. {} created.", mailboxManager.createMailbox(buildFullPath, mailboxSession));
        } catch (MailboxExistsException e) {
            LOGGER.warn("Mailbox INBOX created by concurrent call. Safe to ignore this exception.");
        }
    }

    protected void manageFailureCount(ImapSession imapSession, String str, ImapCommand imapCommand, ImapProcessor.Responder responder, HumanReadableText humanReadableText) {
        Integer num = (Integer) imapSession.getAttribute(ATTRIBUTE_NUMBER_OF_FAILURES);
        int intValue = num == null ? 1 : num.intValue() + 1;
        if (intValue < 3) {
            imapSession.setAttribute(ATTRIBUTE_NUMBER_OF_FAILURES, Integer.valueOf(intValue));
            no(imapCommand, str, responder, humanReadableText);
        } else {
            LOGGER.info("Too many authentication failures. Closing connection.");
            bye(responder, HumanReadableText.TOO_MANY_FAILURES);
            imapSession.logout();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AuthenticationAttempt delegation(String str, String str2, String str3) {
        return new AuthenticationAttempt(Optional.of(str), str2, str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AuthenticationAttempt noDelegation(String str, String str2) {
        return new AuthenticationAttempt(Optional.empty(), str, str2);
    }
}
