package org.igoweb.igoweb.jsp.tags;

import java.io.IOException;
import java.security.SecureRandom;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.JspTagException;
import javax.servlet.jsp.tagext.SimpleTagSupport;
import org.igoweb.igoweb.Config;
import org.igoweb.igoweb.shared.User;
import org.igoweb.igoweb.shared.jsp.JspBundle;
import org.igoweb.igoweb.shared.server.Mailer;
import org.igoweb.util.DbConn;
import org.igoweb.util.LockOrder;
import org.igoweb.util.ThreadPool;

/* loaded from: input_file:org/igoweb/igoweb/jsp/tags/PasswordSendTag.class */
public class PasswordSendTag extends SimpleTagSupport {
    public static final int MYSQL_ER_DUP_ENTRY = 1062;
    public static final String STATUS_SENT = "sent";
    public static final String STATUS_NO_ACCOUNT = "noAccount";
    public static final String STATUS_BAD_EMAIL = "badEmail";
    public static final String STATUS_RETRY = "retry";
    public static final long REQUEST_REPEAT_TIME = 86400000;
    public static final int SOURCE_LIMIT_MAX = 5;
    private String varName;
    public static final String MAILER_KEY = PasswordSendTag.class.getName() + ":mailer";
    public static final String SOURCE_LIMITER_KEY = PasswordSendTag.class.getName() + ":sourceLimiter";
    public static final SecureRandom rand = new SecureRandom();

    /* loaded from: input_file:org/igoweb/igoweb/jsp/tags/PasswordSendTag$SourceLimiter.class */
    public static class SourceLimiter {
        private final HashMap<String, Integer> sources = new HashMap<>();
        private final ThreadPool threadPool;
        private int limit;
        private long period;
        static final /* synthetic */ boolean $assertionsDisabled;

        public SourceLimiter(ThreadPool threadPool, int i, long j) {
            this.threadPool = threadPool;
            this.limit = i;
            this.period = j;
        }

        public boolean add(final String str) {
            if (!$assertionsDisabled && !LockOrder.testAcquire(this)) {
                throw new AssertionError();
            }
            synchronized (this) {
                Integer num = this.sources.get(str);
                if (num == null) {
                    this.sources.put(str, 1);
                } else {
                    int intValue = num.intValue();
                    if (intValue >= this.limit) {
                        return false;
                    }
                    this.sources.put(str, Integer.valueOf(intValue + 1));
                    this.threadPool.schedule(new Runnable() { // from class: org.igoweb.igoweb.jsp.tags.PasswordSendTag.SourceLimiter.1
                        @Override // java.lang.Runnable
                        public void run() {
                            SourceLimiter.this.remove(str);
                        }
                    }, this.period);
                }
                return true;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void remove(String str) {
            if (!$assertionsDisabled && !LockOrder.testAcquire(this)) {
                throw new AssertionError();
            }
            synchronized (this) {
                Integer num = this.sources.get(str);
                if (num == null) {
                    BaseTag.getLogger().severe("Missing limiter count for user " + str);
                } else {
                    int intValue = num.intValue();
                    if (intValue <= 1) {
                        this.sources.remove(str);
                    } else {
                        this.sources.put(str, Integer.valueOf(intValue - 1));
                    }
                }
            }
        }

        static {
            $assertionsDisabled = !PasswordSendTag.class.desiredAssertionStatus();
        }
    }

    public void doTag() throws JspException, IOException {
        getJspContext().setAttribute(this.varName, computeCase());
    }

    private String computeCase() throws JspTagException {
        BaseTag base = BaseTag.getBase(this);
        String userName = base.getUserName();
        if (userName == null || !User.nameValid(userName)) {
            return STATUS_NO_ACCOUNT;
        }
        String canonName = User.canonName(userName);
        DbConn dbConn = base.getDbConn(true);
        try {
            try {
                PreparedStatement preparedStatement = dbConn.get("SELECT id, name, personal_name, personal_email, locale  FROM accounts, accounts_active  WHERE canon_name = ? AND state = 'active'    AND account_id = id");
                preparedStatement.setString(1, canonName);
                ResultSet executeQuery = preparedStatement.executeQuery();
                if (!executeQuery.next()) {
                    dbConn.close(executeQuery);
                    return STATUS_NO_ACCOUNT;
                }
                int i = executeQuery.getInt("id");
                try {
                    Mailer.UserData userData = new Mailer.UserData(((JspBundle) ((Map) getJspContext().getAttribute(JspBundle.BUNDLE_MAP_KEY, 4)).get(executeQuery.getString("locale"))).bundle, executeQuery.getString("name"), executeQuery.getString("personal_email"), executeQuery.getString("personal_name"), -1);
                    executeQuery.close();
                    dbConn.execute("DELETE FROM accounts_password_reset  WHERE request_date < DATE_SUB(NOW(), INTERVAL 1 DAY)");
                    PreparedStatement preparedStatement2 = dbConn.get("INSERT INTO accounts_password_reset    (account_id, confirmation_key, request_date)  VALUES    (?, ?, NOW())");
                    preparedStatement2.setInt(1, i);
                    long nextLong = rand.nextLong() & Long.MAX_VALUE;
                    preparedStatement2.setLong(2, nextLong);
                    try {
                        preparedStatement2.executeUpdate();
                        SourceLimiter sourceLimiter = (SourceLimiter) getJspContext().getAttribute(SOURCE_LIMITER_KEY, 4);
                        String remoteAddr = getJspContext().getRequest().getRemoteAddr();
                        if (!sourceLimiter.add(remoteAddr)) {
                            BaseTag.getLogger().warning("Too many password reset requests from " + remoteAddr + "; refusing to send email for account " + userData.accountName);
                            dbConn.close(null);
                            return STATUS_RETRY;
                        }
                        sendEmail(userData, nextLong);
                        BaseTag.getLogger().fine("Got request to reset password of " + canonName + " from IP address " + remoteAddr + " - sent to " + userData.getFullAddress());
                        dbConn.close(null);
                        return STATUS_SENT;
                    } catch (SQLException e) {
                        if (e.getErrorCode() != 1062) {
                            throw e;
                        }
                        dbConn.close(null);
                        return STATUS_RETRY;
                    }
                } catch (Mailer.MailException e2) {
                    dbConn.close(executeQuery);
                    return STATUS_BAD_EMAIL;
                }
            } catch (Throwable th) {
                dbConn.close(null);
                throw th;
            }
        } catch (SQLException e3) {
            dbConn.error();
            throw new JspTagException(e3);
        }
    }

    private void sendEmail(Mailer.UserData userData, long j) throws JspTagException {
        String str = "http://" + Config.get(Config.WEB_HOST) + "/passwordReset.jsp?user=" + userData.accountName + "&amp;key=" + Long.toString(j, 16);
        try {
            ((Mailer) getJspContext().getAttribute(MAILER_KEY, 4)).send(userData, userData.bundle.str(TagRes.PASSWORD_RESET_TITLE), userData.bundle.str(TagRes.PASSWORD_RESET_EMAIL, new Object[]{userData.accountName, "<a href=\"" + str + "\">" + str + "</a>"}), true, true);
        } catch (Mailer.MailException e) {
            throw new JspTagException("Error sending email", e);
        }
    }

    public void setVar(String str) {
        this.varName = str;
    }
}
