package org.apache.jetspeed.security.mfa.portlets;

import java.io.IOException;
import java.io.NotSerializableException;
import java.util.Map;
import java.util.Random;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import javax.portlet.PortletConfig;
import javax.portlet.PortletException;
import javax.portlet.PortletRequest;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;
import org.apache.jetspeed.CommonPortletServices;
import org.apache.jetspeed.audit.AuditActivity;
import org.apache.jetspeed.login.LoginConstants;
import org.apache.jetspeed.request.RequestContext;
import org.apache.jetspeed.security.AuthenticatedUser;
import org.apache.jetspeed.security.AuthenticationProvider;
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityAttribute;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserCredential;
import org.apache.jetspeed.security.UserManager;
import org.apache.jetspeed.security.mfa.impl.CaptchaImageResource;
import org.apache.jetspeed.security.mfa.util.QuestionFactory;
import org.apache.jetspeed.security.mfa.util.SecurityHelper;
import org.apache.portals.bridges.common.GenericServletPortlet;
import org.apache.portals.messaging.PortletMessaging;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:tomcat-portal.zip:webapps/j2-admin/WEB-INF/classes/org/apache/jetspeed/security/mfa/portlets/MFALogin.class */
public class MFALogin extends GenericServletPortlet {
    static final Logger logger = LoggerFactory.getLogger(MFALogin.class);
    private UserManager userManager;
    private AuditActivity audit;
    private AuthenticationProvider authorization;
    private QuestionFactory questionFactory;
    public static final String RETRYCOUNT = "mfaRetryCount";
    public static final String ERRORCODE = "mfaErrorCode";
    public static final String QUESTION_FACTORY = "mfaQuestionFactory";
    public static final String LOGIN_ENROLL_ACTIVITY = "login-enroll";
    public static final String VIEW = "mfa.view";
    public static final String USERBEAN = "userBean";
    public static final String STATUS_MESSAGE = "statusMsg";
    protected static final int SUCCESS1 = 0;
    protected static final int SUCCESS2 = 1;
    protected static final int SUCCESS3 = 2;
    protected static final int FAILURE1 = 3;
    protected static final int FAILURE2 = 4;
    private Random rand = new Random();
    private int cookieLifetime = 172800;
    private int maxNumberOfAuthenticationFailures = 3;
    protected String[][] SUCCESS1_MAP = {new String[]{"one", "/WEB-INF/view/mfa/login3.jsp"}, new String[]{"two", "/WEB-INF/view/mfa/login3.jsp"}, new String[]{"three", "/WEB-INF/view/mfa/login3.jsp"}, new String[]{"enroll", "/WEB-INF/view/mfa/enroll-login.jsp"}, new String[]{"enroll-login", "/WEB-INF/view/mfa/enroll.jsp"}, new String[]{"loggedon", "/WEB-INF/view/mfa/loggedon.jsp"}, new String[]{"restart", "/WEB-INF/view/mfa/login1.jsp"}};
    protected String[][] SUCCESS2_MAP = {new String[]{"one", "/WEB-INF/view/mfa/login2.jsp"}};
    protected String[][] SUCCESS3_MAP = {new String[]{"one", "/WEB-INF/view/mfa/enroll-login.jsp"}};
    protected String[][] FAILURE1_MAP = {new String[]{"one", "/WEB-INF/view/mfa/login1.jsp"}, new String[]{"two", "/WEB-INF/view/mfa/login1.jsp"}, new String[]{"three", "/WEB-INF/view/mfa/login3.jsp"}, new String[]{"enroll", "/WEB-INF/view/mfa/enroll.jsp"}, new String[]{"enroll-login", "/WEB-INF/view/mfa/enroll-login.jsp"}};
    protected String[][] FAILURE2_MAP = {new String[]{"one", "/WEB-INF/view/mfa/login2.jsp"}, new String[]{"two", "/WEB-INF/view/mfa/login1.jsp"}, new String[]{"enroll", "/WEB-INF/view/mfa/login1.jsp"}, new String[]{"enroll-login", "/WEB-INF/view/mfa/login4.jsp"}, new String[]{"three", "/WEB-INF/view/mfa/login4.jsp"}};
    protected String[][][] TRANSITIONS = {this.SUCCESS1_MAP, this.SUCCESS2_MAP, this.SUCCESS3_MAP, this.FAILURE1_MAP, this.FAILURE2_MAP};

    @Override // org.apache.portals.bridges.common.GenericServletPortlet, javax.portlet.GenericPortlet, javax.portlet.Portlet
    public void init(PortletConfig portletConfig) throws PortletException {
        super.init(portletConfig);
        this.userManager = (UserManager) getPortletContext().getAttribute(CommonPortletServices.CPS_USER_MANAGER_COMPONENT);
        if (null == this.userManager) {
            throw new PortletException("Failed to find the User Manager on portlet initialization");
        }
        this.audit = (AuditActivity) getPortletContext().getAttribute(CommonPortletServices.CPS_AUDIT_ACTIVITY);
        if (null == this.audit) {
            throw new PortletException("Failed to find the Audit Activity on portlet initialization");
        }
        this.authorization = (AuthenticationProvider) getPortletContext().getAttribute(CommonPortletServices.CPS_AUTHENTICATION_PROVIDER);
        if (null == this.authorization) {
            throw new PortletException("Failed to find the Authorization Provider on portlet initialization");
        }
        String initParameter = getInitParameter("cookieLifetime");
        String initParameter2 = getInitParameter("maxNumberOfAuthenticationFailures");
        if (initParameter != null) {
            try {
                this.cookieLifetime = Integer.parseInt(initParameter);
                this.maxNumberOfAuthenticationFailures = Integer.parseInt(initParameter2);
            } catch (NumberFormatException e) {
            }
        }
        this.questionFactory = new QuestionFactory(getInitParameter("randomQuestions"));
    }

    @Override // org.apache.portals.bridges.common.GenericServletPortlet, javax.portlet.GenericPortlet
    public void doView(RenderRequest renderRequest, RenderResponse renderResponse) throws PortletException, IOException {
        renderResponse.setContentType("text/html");
        String str = (String) PortletMessaging.receive(renderRequest, VIEW);
        if (renderRequest.getUserPrincipal() != null) {
            str = setView(renderRequest, "loggedon", 0);
            renderRequest.setAttribute("ViewPage", str);
        } else if (str != null) {
            Integer num = (Integer) SecurityHelper.getRequestContext(renderRequest).getSessionAttribute(LoginConstants.ERRORCODE);
            if (num != null && (num.equals(LoginConstants.ERROR_USER_DISABLED) || num.equals(LoginConstants.ERROR_CREDENTIAL_DISABLED))) {
                str = setView(renderRequest, "three", 4);
            }
            renderRequest.setAttribute("ViewPage", str);
        } else {
            renderRequest.setAttribute("ViewPage", getDefaultViewPage());
        }
        StatusMessage statusMessage = (StatusMessage) PortletMessaging.consume(renderRequest, "statusMsg");
        if (statusMessage != null) {
            renderRequest.setAttribute("statusMsg", statusMessage);
        }
        if (str == null || str.equals("one")) {
            clearLoginMessages(renderRequest);
        }
        renderRequest.setAttribute(QUESTION_FACTORY, this.questionFactory);
        super.doView(renderRequest, renderResponse);
    }

    protected String setView(PortletRequest portletRequest, String str, int i) throws PortletException {
        String[][] strArr = this.TRANSITIONS[i];
        String str2 = "/WEB-INF/view/mfa/login1.jsp";
        int i2 = 0;
        while (true) {
            if (i2 >= strArr.length) {
                break;
            }
            if (strArr[i2][0].equals(str)) {
                try {
                    PortletMessaging.publish(portletRequest, VIEW, strArr[i2][1]);
                    str2 = strArr[i2][1];
                    break;
                } catch (Exception e) {
                    throw new PortletException(e);
                }
            }
            i2++;
        }
        return str2;
    }

    @Override // org.apache.portals.bridges.common.GenericServletPortlet, javax.portlet.GenericPortlet, javax.portlet.Portlet
    public void processAction(ActionRequest actionRequest, ActionResponse actionResponse) throws PortletException, IOException {
        String parameter = actionRequest.getParameter("phase");
        UserBean userBean = (UserBean) actionRequest.getPortletSession().getAttribute(USERBEAN, 1);
        if (userBean == null || parameter == null) {
            return;
        }
        if (parameter.equals("one")) {
            String parameter2 = actionRequest.getParameter("captcha");
            String parameter3 = actionRequest.getParameter("username");
            if (SecurityHelper.isEmpty(parameter2) || !userBean.getCaptcha().equals(parameter2)) {
                PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("The text entered does not match the displayed text.", "portlet-msg-error"));
                setView(actionRequest, parameter, 3);
                return;
            }
            if (!this.userManager.userExists(parameter3)) {
                userBean.setInvalidUser(true);
                userBean.setQuestion(this.questionFactory.getRandomQuestion());
                PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("The text entered does not match the displayed text.", "portlet-msg-error"));
                setView(actionRequest, parameter, 1);
                return;
            }
            try {
                User user = this.userManager.getUser(parameter3);
                userBean.setUsername(parameter3);
                userBean.setUser(user);
                UserCredential userCredential = null;
                try {
                    userCredential = SecurityHelper.getCredential(this.userManager, user);
                } catch (SecurityException e) {
                }
                if (userCredential != null && !userCredential.isEnabled()) {
                    userBean.setInvalidUser(true);
                    setView(actionRequest, parameter, 1);
                    userBean.setQuestion(this.questionFactory.getRandomQuestion());
                    PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("The account has been disabled.", "portlet-msg-error"));
                    return;
                }
                userBean.setUser(user);
                userBean.setUsername(parameter3);
                Cookie mFACookie = SecurityHelper.getMFACookie(actionRequest, parameter3);
                if (mFACookie == null) {
                    if (generateQuestionAndAnswer(userBean)) {
                        setView(actionRequest, parameter, 1);
                        return;
                    } else {
                        setView(actionRequest, parameter, 2);
                        return;
                    }
                }
                Map<String, SecurityAttribute> attributeMap = userBean.getUser().getSecurityAttributes().getAttributeMap();
                if (mFACookie.getValue().equals(getUserAttribute(attributeMap, "user.cookie", parameter3))) {
                    userBean.setHasCookie(true);
                    userBean.setPassPhrase(getUserAttribute(attributeMap, "user.passphrase", ""));
                    setView(actionRequest, parameter, 0);
                    return;
                } else {
                    userBean.setHasCookie(false);
                    if (generateQuestionAndAnswer(userBean)) {
                        setView(actionRequest, parameter, 1);
                        return;
                    } else {
                        setView(actionRequest, parameter, 2);
                        return;
                    }
                }
            } catch (Exception e2) {
                PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("User not accessible.", "portlet-msg-error"));
                userBean.setInvalidUser(true);
                userBean.setQuestion(this.questionFactory.getRandomQuestion());
                setView(actionRequest, parameter, 1);
                return;
            }
        }
        if (parameter.equals("two")) {
            if (userBean.isInvalidUser()) {
                PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("Invalid User.", "portlet-msg-error"));
                setView(actionRequest, parameter, 3);
                return;
            }
            if (userBean.getUser() == null) {
                PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("User not accessible.", "portlet-msg-error"));
                setView(actionRequest, parameter, 3);
                return;
            }
            String parameter4 = actionRequest.getParameter("answer");
            userBean.setPublicTerminal(actionRequest.getParameter("publicTerminal") != null);
            Map<String, SecurityAttribute> attributeMap2 = userBean.getUser().getSecurityAttributes().getAttributeMap();
            int parseInt = Integer.parseInt(getUserAttribute(attributeMap2, "user.question.failures", "0"));
            if (!SecurityHelper.isEmpty(parameter4) && parameter4.equalsIgnoreCase(userBean.getAnswer())) {
                try {
                    userBean.setPassPhrase(getUserAttribute(attributeMap2, "user.passphrase", ""));
                    userBean.getUser().getSecurityAttributes().getAttribute("user.question.failures", true).setStringValue("0");
                    this.userManager.updateUser(userBean.getUser());
                } catch (Exception e3) {
                }
                setView(actionRequest, parameter, 0);
                return;
            }
            int i = parseInt + 1;
            if (i < this.maxNumberOfAuthenticationFailures) {
                try {
                    userBean.getUser().getSecurityAttributes().getAttribute("user.question.failures", true).setStringValue(Integer.toString(i));
                    this.userManager.updateUser(userBean.getUser());
                } catch (SecurityException e4) {
                }
                PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("Invalid answer to question.", "portlet-msg-error"));
                setView(actionRequest, parameter, 3);
                return;
            }
            try {
                RequestContext requestContext = SecurityHelper.getRequestContext(actionRequest);
                User user2 = this.userManager.getUser(userBean.getUsername());
                PasswordCredential passwordCredential = this.userManager.getPasswordCredential(user2);
                passwordCredential.setEnabled(false);
                this.userManager.storePasswordCredential(passwordCredential);
                SecurityHelper.updateCredentialInSession(requestContext, passwordCredential);
                userBean.setUser(user2);
                userBean.getUser().getSecurityAttributes().getAttributeMap();
                user2.getSecurityAttributes().getAttribute("user.question.failures", true).setStringValue("0");
                this.userManager.updateUser(user2);
                this.audit.logUserActivity(userBean.getUsername(), requestContext.getRequest().getRemoteAddr(), AuditActivity.USER_DISABLE, "Failed question and answer limit reached");
            } catch (Exception e5) {
            }
            PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("Disabling user after too many failed questions.", "portlet-msg-error"));
            setView(actionRequest, parameter, 4);
            return;
        }
        if (!parameter.equals("enroll")) {
            if (parameter.equals("enroll-login")) {
                String username = userBean.getUsername();
                String parameter5 = actionRequest.getParameter(LoginConstants.PASSWORD);
                if (SecurityHelper.isEmpty(parameter5)) {
                    SecurityHelper.getRequestContext(actionRequest).setSessionAttribute(ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
                    setView(actionRequest, parameter, 3);
                    return;
                }
                if (SecurityHelper.isEmpty(userBean.getPassPhrase())) {
                    boolean z = false;
                    try {
                        this.authorization.authenticate(username, parameter5);
                        z = true;
                    } catch (SecurityException e6) {
                    }
                    if (!z) {
                        failedLoginProcessing(actionRequest, parameter, username, userBean);
                        return;
                    }
                    userBean.setPassword(parameter5);
                    setView(actionRequest, parameter, 0);
                    clearLoginMessages(actionRequest);
                    return;
                }
                return;
            }
            if (!parameter.equals("three")) {
                if (parameter.equals("restart")) {
                    clearLoginMessages(actionRequest);
                    setView(actionRequest, parameter, 0);
                    return;
                }
                return;
            }
            String parameter6 = actionRequest.getParameter("redirect");
            String username2 = userBean.getUsername();
            String parameter7 = actionRequest.getParameter(LoginConstants.PASSWORD);
            if (SecurityHelper.isEmpty(parameter7) || SecurityHelper.isEmpty(parameter6)) {
                SecurityHelper.getRequestContext(actionRequest).setSessionAttribute(ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
                setView(actionRequest, parameter, 3);
                return;
            }
            boolean z2 = false;
            try {
                this.authorization.authenticate(username2, parameter7);
                z2 = true;
            } catch (SecurityException e7) {
            }
            if (!z2) {
                failedLoginProcessing(actionRequest, parameter, username2, userBean);
                return;
            }
            userBean.setPassword(parameter7);
            setView(actionRequest, parameter, 0);
            clearLoginMessages(actionRequest);
            if (!userBean.isHasCookie() && !userBean.isPublicTerminal()) {
                SecurityHelper.addMFACookie(actionRequest, username2, getUserAttribute(userBean.getUser().getSecurityAttributes().getAttributeMap(), "user.cookie", username2), this.cookieLifetime);
                userBean.setHasCookie(true);
            }
            setView(actionRequest, parameter, 0);
            redirect(actionRequest, actionResponse, parameter6, username2, parameter7);
            return;
        }
        boolean z3 = false;
        String password = userBean.getPassword();
        if (userBean.getUser() != null && password != null) {
            AuthenticatedUser authenticatedUser = null;
            try {
                authenticatedUser = this.authorization.authenticate(userBean.getUsername(), password);
            } catch (SecurityException e8) {
                this.audit.logUserActivity(userBean.getUsername(), SecurityHelper.getRequestContext(actionRequest).getRequest().getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "PortalFilter");
            }
            if (authenticatedUser != null) {
                String parameter8 = actionRequest.getParameter("question1");
                String parameter9 = actionRequest.getParameter("question2");
                String parameter10 = actionRequest.getParameter("question3");
                String parameter11 = actionRequest.getParameter("answer1");
                String parameter12 = actionRequest.getParameter("answer2");
                String parameter13 = actionRequest.getParameter("answer3");
                String parameter14 = actionRequest.getParameter("passphrase");
                if (SecurityHelper.isEmpty(parameter11) || SecurityHelper.isEmpty(parameter12) || SecurityHelper.isEmpty(parameter13)) {
                    PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("Please enter a valid answer for all 3 questions.", "portlet-msg-error"));
                    setView(actionRequest, parameter, 3);
                    return;
                }
                if (SecurityHelper.isEmpty(parameter14)) {
                    PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("Please enter a valid pass phrase.", "portlet-msg-error"));
                    setView(actionRequest, parameter, 3);
                    return;
                }
                if (parameter8.equals(parameter9) || parameter8.equals(parameter10) || parameter9.equals(parameter10)) {
                    PortletMessaging.publish(actionRequest, "statusMsg", new StatusMessage("Please select a unique question in all cases.", "portlet-msg-error"));
                    setView(actionRequest, parameter, 3);
                    return;
                }
                User user3 = userBean.getUser();
                try {
                    user3.getSecurityAttributes().getAttribute("user.question.1", true).setStringValue(parameter8);
                    user3.getSecurityAttributes().getAttribute("user.question.2", true).setStringValue(parameter9);
                    user3.getSecurityAttributes().getAttribute("user.question.3", true).setStringValue(parameter10);
                    user3.getSecurityAttributes().getAttribute("user.answer.1", true).setStringValue(parameter11);
                    user3.getSecurityAttributes().getAttribute("user.answer.2", true).setStringValue(parameter12);
                    user3.getSecurityAttributes().getAttribute("user.answer.3", true).setStringValue(parameter13);
                    user3.getSecurityAttributes().getAttribute("user.passphrase", true).setStringValue(parameter14);
                    user3.getSecurityAttributes().getAttribute("user.cookie", true).setStringValue(CaptchaImageResource.randomString(8, 16));
                    this.userManager.updateUser(user3);
                    z3 = true;
                } catch (SecurityException e9) {
                    z3 = false;
                    this.audit.logUserActivity(userBean.getUsername(), SecurityHelper.getRequestContext(actionRequest).getRequest().getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "Exception updating attributes");
                    setView(actionRequest, parameter, 4);
                }
                if (z3) {
                    String username3 = userBean.getUsername();
                    String parameter15 = actionRequest.getParameter("redirect");
                    this.audit.logUserActivity(username3, SecurityHelper.getRequestContext(actionRequest).getRequest().getRemoteAddr(), LOGIN_ENROLL_ACTIVITY, "enrolling user with questions and passphrase");
                    redirect(actionRequest, actionResponse, parameter15, username3, password);
                }
            }
        }
        if (z3) {
            return;
        }
        this.audit.logUserActivity(userBean.getUsername(), SecurityHelper.getRequestContext(actionRequest).getRequest().getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "Unauthorized Attribute Modification Attempt.");
        setView(actionRequest, parameter, 4);
    }

    private void failedLoginProcessing(ActionRequest actionRequest, String str, String str2, UserBean userBean) throws NotSerializableException, PortletException {
        int i = 3;
        try {
            User user = this.userManager.getUser(str2);
            UserCredential userCredential = null;
            try {
                userCredential = SecurityHelper.getCredential(this.userManager, user);
            } catch (SecurityException e) {
            }
            RequestContext requestContext = SecurityHelper.getRequestContext(actionRequest);
            if (userCredential != null) {
                userBean.setUser(user);
                HttpSession session = requestContext.getRequest().getSession(true);
                Integer num = (Integer) session.getAttribute(RETRYCOUNT);
                session.setAttribute(RETRYCOUNT, num == null ? new Integer(1) : new Integer(num.intValue() + 1));
                if (userCredential == null || !userCredential.isEnabled()) {
                    requestContext.setSessionAttribute(ERRORCODE, LoginConstants.ERROR_CREDENTIAL_DISABLED);
                    i = 4;
                } else if (userCredential.isExpired()) {
                    requestContext.setSessionAttribute(ERRORCODE, LoginConstants.ERROR_CREDENTIAL_EXPIRED);
                } else if (this.maxNumberOfAuthenticationFailures <= 1 || userCredential.getAuthenticationFailures() != this.maxNumberOfAuthenticationFailures - 1) {
                    requestContext.setSessionAttribute(ERRORCODE, LoginConstants.ERROR_INVALID_PASSWORD);
                } else {
                    requestContext.setSessionAttribute(ERRORCODE, LoginConstants.ERROR_FINAL_LOGIN_ATTEMPT);
                }
            }
            this.audit.logUserActivity(str2, requestContext.getRequest().getRemoteAddr(), AuditActivity.AUTHENTICATION_FAILURE, "MFA");
            setView(actionRequest, str, i);
        } catch (Exception e2) {
            logger.error("Failed to retrieve user, {}: {}", str2, e2.getMessage());
        }
    }

    private void clearLoginMessages(PortletRequest portletRequest) {
        HttpSession session = SecurityHelper.getRequestContext(portletRequest).getRequest().getSession(true);
        session.removeAttribute(RETRYCOUNT);
        session.removeAttribute(ERRORCODE);
        session.removeAttribute(LoginConstants.RETRYCOUNT);
        session.removeAttribute(LoginConstants.ERRORCODE);
    }

    private void redirect(ActionRequest actionRequest, ActionResponse actionResponse, String str, String str2, String str3) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str);
        if (!str.endsWith("/")) {
            stringBuffer.append("/");
        }
        stringBuffer.append("login/proxy");
        HttpSession session = SecurityHelper.getRequestContext(actionRequest).getRequest().getSession(true);
        session.setAttribute(LoginConstants.USERNAME, str2);
        session.setAttribute(LoginConstants.PASSWORD, str3);
        actionResponse.sendRedirect(stringBuffer.toString());
    }

    public boolean generateQuestionAndAnswer(UserBean userBean) {
        if (userBean.getUser() == null) {
            if (userBean.getUsername() == null) {
                return false;
            }
            try {
                this.userManager.getUser(userBean.getUsername());
            } catch (Exception e) {
                userBean.setQuestion(this.questionFactory.getRandomQuestion());
                return false;
            }
        }
        Map<String, SecurityAttribute> attributeMap = userBean.getUser().getSecurityAttributes().getAttributeMap();
        String[] strArr = new String[3];
        String[] strArr2 = new String[3];
        int i = 3;
        strArr[0] = getUserAttribute(attributeMap, "user.question.1", null);
        strArr2[0] = getUserAttribute(attributeMap, "user.answer.1", null);
        if (SecurityHelper.isEmpty(strArr[0]) || SecurityHelper.isEmpty(strArr2[0])) {
            return false;
        }
        strArr[1] = getUserAttribute(attributeMap, "user.question.2", null);
        strArr2[1] = getUserAttribute(attributeMap, "user.answer.2", null);
        if (SecurityHelper.isEmpty(strArr[1]) || SecurityHelper.isEmpty(strArr2[1])) {
            userBean.setQuestion(strArr[0]);
            userBean.setAnswer(strArr2[0]);
            return true;
        }
        strArr[2] = getUserAttribute(attributeMap, "user.question.3", null);
        strArr2[2] = getUserAttribute(attributeMap, "user.answer.3", null);
        if (SecurityHelper.isEmpty(strArr[2]) || SecurityHelper.isEmpty(strArr2[2])) {
            i = 2;
        }
        int nextInt = this.rand.nextInt(i);
        userBean.setQuestion(strArr[nextInt]);
        userBean.setAnswer(strArr2[nextInt]);
        return true;
    }

    private String getUserAttribute(Map<String, SecurityAttribute> map, String str, String str2) {
        String str3 = str2;
        SecurityAttribute securityAttribute = map.get(str);
        if (securityAttribute != null) {
            str3 = securityAttribute.getStringValue();
            if (str3 == null) {
                str3 = str2;
            }
        }
        return str3;
    }
}
