package org.neo4j.server.security.auth;

import java.time.Clock;
import java.time.Duration;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicInteger;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.internal.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.impl.security.User;

/* loaded from: input_file:org/neo4j/server/security/auth/RateLimitedAuthenticationStrategy.class */
public class RateLimitedAuthenticationStrategy implements AuthenticationStrategy {
    private final Clock clock;
    private final long lockDurationMs;
    private final int maxFailedAttempts;
    private final ConcurrentMap<String, AuthenticationMetadata> authenticationData;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/neo4j/server/security/auth/RateLimitedAuthenticationStrategy$AuthenticationMetadata.class */
    public class AuthenticationMetadata {
        private final AtomicInteger failedAuthAttempts = new AtomicInteger();
        private long lastFailedAttemptTime;

        private AuthenticationMetadata() {
        }

        boolean authenticationPermitted() {
            return RateLimitedAuthenticationStrategy.this.maxFailedAttempts <= 0 || this.failedAuthAttempts.get() < RateLimitedAuthenticationStrategy.this.maxFailedAttempts || RateLimitedAuthenticationStrategy.this.clock.millis() >= this.lastFailedAttemptTime + RateLimitedAuthenticationStrategy.this.lockDurationMs;
        }

        void authSuccess() {
            this.failedAuthAttempts.set(0);
        }

        void authFailed() {
            this.failedAuthAttempts.incrementAndGet();
            this.lastFailedAttemptTime = RateLimitedAuthenticationStrategy.this.clock.millis();
        }
    }

    public RateLimitedAuthenticationStrategy(Clock clock, Config config) {
        this(clock, (Duration) config.get(GraphDatabaseSettings.auth_lock_time), ((Integer) config.get(GraphDatabaseSettings.auth_max_failed_attempts)).intValue());
    }

    RateLimitedAuthenticationStrategy(Clock clock, Duration duration, int i) {
        this.authenticationData = new ConcurrentHashMap();
        this.clock = clock;
        this.lockDurationMs = duration.toMillis();
        this.maxFailedAttempts = i;
    }

    @Override // org.neo4j.server.security.auth.AuthenticationStrategy
    public AuthenticationResult authenticate(User user, byte[] bArr) {
        AuthenticationMetadata authMetadataFor = authMetadataFor(user.name());
        if (!authMetadataFor.authenticationPermitted()) {
            return AuthenticationResult.TOO_MANY_ATTEMPTS;
        }
        if (user.credential().value().matchesPassword(bArr)) {
            authMetadataFor.authSuccess();
            return AuthenticationResult.SUCCESS;
        }
        authMetadataFor.authFailed();
        return AuthenticationResult.FAILURE;
    }

    private AuthenticationMetadata authMetadataFor(String str) {
        AuthenticationMetadata authenticationMetadata = this.authenticationData.get(str);
        if (authenticationMetadata == null) {
            authenticationMetadata = new AuthenticationMetadata();
            AuthenticationMetadata putIfAbsent = this.authenticationData.putIfAbsent(str, authenticationMetadata);
            if (putIfAbsent != null) {
                authenticationMetadata = putIfAbsent;
            }
        }
        return authenticationMetadata;
    }
}
