package tigase.db.jdbc;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.SQLIntegrityConstraintViolationException;
import java.sql.Statement;
import java.util.Map;
import java.util.TreeMap;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import tigase.conf.Configurable;
import tigase.db.AuthorizationException;
import tigase.db.DBInitException;
import tigase.db.TigaseDBException;
import tigase.db.UserAuthRepository;
import tigase.db.UserExistsException;
import tigase.db.UserNotFoundException;
import tigase.server.sreceiver.sysmon.ResourceMonitorIfc;
import tigase.util.Algorithms;
import tigase.util.Base64;
import tigase.util.JIDUtils;

/* loaded from: input_file:tigase/db/jdbc/TigaseCustomAuth.class */
public class TigaseCustomAuth implements UserAuthRepository {
    private static final Logger log = Logger.getLogger(Configurable.TIGASE_CUSTOM_AUTH_REPO_CLASS_PROP_VAL);
    public static final String DEF_CONNVALID_KEY = "conn-valid-query";
    public static final String DEF_INITDB_KEY = "init-db-query";
    public static final String DEF_ADDUSER_KEY = "add-user-query";
    public static final String DEF_DELUSER_KEY = "del-user-query";
    public static final String DEF_GETPASSWORD_KEY = "get-password-query";
    public static final String DEF_UPDATEPASSWORD_KEY = "update-password-query";
    public static final String DEF_USERLOGIN_KEY = "user-login-query";
    public static final String DEF_USERLOGOUT_KEY = "user-logout-query";
    public static final String DEF_NONSASL_MECHS_KEY = "non-sasl-mechs";
    public static final String DEF_SASL_MECHS_KEY = "sasl-mechs";
    public static final String DEF_CONNVALID_QUERY = "select 1";
    public static final String DEF_INITDB_QUERY = "{ call TigInitdb() }";
    public static final String DEF_ADDUSER_QUERY = "{ call TigAddUserPlainPw(?, ?) }";
    public static final String DEF_DELUSER_QUERY = "{ call TigRemoveUser(?) }";
    public static final String DEF_GETPASSWORD_QUERY = "{ call TigGetPassword(?) }";
    public static final String DEF_UPDATEPASSWORD_QUERY = "{ call TigUpdatePasswordPlainPwRev(?, ?) }";
    public static final String DEF_USERLOGIN_QUERY = "{ call TigUserLoginPlainPw(?, ?) }";
    public static final String DEF_USERLOGOUT_QUERY = "{ call TigUserLogout(?) }";
    public static final String DEF_NONSASL_MECHS = "password";
    public static final String DEF_SASL_MECHS = "PLAIN";
    public static final String SP_STARTS_WITH = "{ call";
    private String convalid_query = "select 1";
    private String initdb_query = DEF_INITDB_QUERY;
    private String adduser_query = DEF_ADDUSER_QUERY;
    private String deluser_query = DEF_DELUSER_QUERY;
    private String getpassword_query = DEF_GETPASSWORD_QUERY;
    private String updatepassword_query = DEF_UPDATEPASSWORD_QUERY;
    private String userlogin_query = DEF_USERLOGIN_QUERY;
    private String userlogout_query = DEF_USERLOGOUT_QUERY;
    private String[] nonsasl_mechs = DEF_NONSASL_MECHS.split(",");
    private String[] sasl_mechs = "PLAIN".split(",");
    private String db_conn = null;
    private Connection conn = null;
    private PreparedStatement init_db = null;
    private PreparedStatement add_user = null;
    private PreparedStatement remove_user = null;
    private PreparedStatement get_pass = null;
    private PreparedStatement update_pass = null;
    private PreparedStatement user_login = null;
    private PreparedStatement user_logout = null;
    private PreparedStatement conn_valid_st = null;
    private long lastConnectionValidated = 0;
    private long connectionValidateInterval = ResourceMonitorIfc.INTERVAL_1MIN;
    private boolean online_status = false;
    private boolean userlogin_active = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tigase/db/jdbc/TigaseCustomAuth$SaslCallbackHandler.class */
    public class SaslCallbackHandler implements CallbackHandler {
        private Map<String, Object> options;

        private SaslCallbackHandler(Map<String, Object> map) {
            this.options = null;
            this.options = map;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            String str = null;
            for (int i = 0; i < callbackArr.length; i++) {
                TigaseCustomAuth.log.finest("Callback: " + callbackArr[i].getClass().getSimpleName());
                if (callbackArr[i] instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callbackArr[i];
                    String str2 = (String) this.options.get(UserAuthRepository.REALM_KEY);
                    if (str2 != null) {
                        realmCallback.setText(str2);
                    }
                    TigaseCustomAuth.log.finest("RealmCallback: " + str2);
                } else if (callbackArr[i] instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callbackArr[i];
                    String name = nameCallback.getName();
                    if (name == null) {
                        name = nameCallback.getDefaultName();
                    }
                    str = JIDUtils.getNodeID(name, (String) this.options.get(UserAuthRepository.REALM_KEY));
                    this.options.put(UserAuthRepository.USER_ID_KEY, str);
                    TigaseCustomAuth.log.finest("NameCallback: " + name);
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[i];
                    try {
                        String password = TigaseCustomAuth.this.getPassword(str);
                        passwordCallback.setPassword(password.toCharArray());
                        TigaseCustomAuth.log.finest("PasswordCallback: " + password);
                    } catch (Exception e) {
                        throw new IOException("Password retrieving problem.", e);
                    }
                } else {
                    if (!(callbackArr[i] instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callbackArr[i];
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    TigaseCustomAuth.log.finest("AuthorizeCallback: authenId: " + authenticationID);
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    TigaseCustomAuth.log.finest("AuthorizeCallback: authorId: " + authorizationID);
                    if (authenticationID.equals(authorizationID)) {
                        authorizeCallback.setAuthorized(true);
                    }
                }
            }
        }
    }

    private PreparedStatement prepareQuery(String str) throws SQLException {
        return str.startsWith(SP_STARTS_WITH) ? this.conn.prepareCall(str) : this.conn.prepareStatement(str);
    }

    private void initPreparedStatements() throws SQLException {
        this.conn_valid_st = prepareQuery(this.convalid_query);
        this.init_db = prepareQuery(this.initdb_query);
        this.add_user = prepareQuery(this.adduser_query);
        this.remove_user = prepareQuery(this.deluser_query);
        this.get_pass = prepareQuery(this.getpassword_query);
        this.update_pass = prepareQuery(this.updatepassword_query);
        this.user_login = prepareQuery(this.userlogin_query);
        this.user_logout = prepareQuery(this.userlogout_query);
    }

    private boolean checkConnection() throws SQLException {
        ResultSet resultSet = null;
        try {
            try {
                synchronized (this.conn_valid_st) {
                    long currentTimeMillis = System.currentTimeMillis();
                    if (currentTimeMillis - this.lastConnectionValidated >= this.connectionValidateInterval) {
                        resultSet = this.conn_valid_st.executeQuery();
                        this.lastConnectionValidated = currentTimeMillis;
                    }
                }
                release(null, resultSet);
                return true;
            } catch (Exception e) {
                initRepo();
                release(null, null);
                return true;
            }
        } catch (Throwable th) {
            release(null, null);
            throw th;
        }
    }

    private void release(Statement statement, ResultSet resultSet) {
        if (resultSet != null) {
            try {
                resultSet.close();
            } catch (SQLException e) {
            }
        }
        if (statement != null) {
            try {
                statement.close();
            } catch (SQLException e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getPassword(String str) throws TigaseDBException, UserNotFoundException {
        ResultSet executeQuery;
        String string;
        try {
            try {
                checkConnection();
                synchronized (this.get_pass) {
                    this.get_pass.setString(1, JIDUtils.getNodeID(str));
                    executeQuery = this.get_pass.executeQuery();
                    if (!executeQuery.next()) {
                        throw new UserNotFoundException("User does not exist: " + str);
                    }
                    string = executeQuery.getString(1);
                }
                release(null, executeQuery);
                return string;
            } catch (SQLException e) {
                throw new TigaseDBException("Problem with retrieving user password.", e);
            }
        } catch (Throwable th) {
            release(null, null);
            throw th;
        }
    }

    @Override // tigase.db.UserAuthRepository
    public void queryAuth(Map<String, Object> map) {
        String str = (String) map.get(UserAuthRepository.PROTOCOL_KEY);
        if (str.equals(UserAuthRepository.PROTOCOL_VAL_NONSASL)) {
            map.put(UserAuthRepository.RESULT_KEY, this.nonsasl_mechs);
        }
        if (str.equals(UserAuthRepository.PROTOCOL_VAL_SASL)) {
            map.put(UserAuthRepository.RESULT_KEY, this.sasl_mechs);
        }
    }

    private void initRepo() throws SQLException {
        synchronized (this.db_conn) {
            this.conn = DriverManager.getConnection(this.db_conn);
            initPreparedStatements();
        }
    }

    private String getParamWithDef(Map<String, String> map, String str, String str2) {
        if (map == null) {
            return str2;
        }
        String str3 = map.get(str);
        if (str3 != null) {
            log.config("Custom query loaded for '" + str + "': '" + str3 + "'");
        } else {
            log.config("Default query loaded for '" + str + "': '" + str2 + "'");
        }
        return str3 != null ? str3.trim() : str2;
    }

    @Override // tigase.db.UserAuthRepository
    public void initRepository(String str, Map<String, String> map) throws DBInitException {
        this.db_conn = str;
        this.convalid_query = getParamWithDef(map, DEF_CONNVALID_KEY, "select 1");
        this.initdb_query = getParamWithDef(map, DEF_INITDB_KEY, DEF_INITDB_QUERY);
        this.adduser_query = getParamWithDef(map, DEF_ADDUSER_KEY, DEF_ADDUSER_QUERY);
        this.deluser_query = getParamWithDef(map, DEF_DELUSER_KEY, DEF_DELUSER_QUERY);
        this.getpassword_query = getParamWithDef(map, DEF_GETPASSWORD_KEY, DEF_GETPASSWORD_QUERY);
        this.updatepassword_query = getParamWithDef(map, DEF_UPDATEPASSWORD_KEY, DEF_UPDATEPASSWORD_QUERY);
        if (map != null && map.get(DEF_USERLOGIN_KEY) != null) {
            this.userlogin_query = getParamWithDef(map, DEF_USERLOGIN_KEY, DEF_USERLOGIN_QUERY);
            this.userlogin_active = true;
        }
        this.userlogout_query = getParamWithDef(map, DEF_USERLOGOUT_KEY, DEF_USERLOGOUT_QUERY);
        this.nonsasl_mechs = getParamWithDef(map, DEF_NONSASL_MECHS_KEY, DEF_NONSASL_MECHS).split(",");
        this.sasl_mechs = getParamWithDef(map, DEF_SASL_MECHS_KEY, "PLAIN").split(",");
        try {
            initRepo();
            if (map != null && map.get("init-db") != null) {
                this.init_db.executeQuery();
            }
        } catch (SQLException e) {
            this.conn = null;
            throw new DBInitException("Problem initializing jdbc connection: " + this.db_conn, e);
        }
    }

    @Override // tigase.db.UserAuthRepository
    public String getResourceUri() {
        return this.db_conn;
    }

    private boolean userLoginAuth(String str, String str2) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        ResultSet executeQuery;
        try {
            try {
                checkConnection();
                synchronized (this.user_login) {
                    String nodeID = JIDUtils.getNodeID(str);
                    this.user_login.setString(1, nodeID);
                    this.user_login.setString(2, str2);
                    executeQuery = this.user_login.executeQuery();
                    if (executeQuery.next()) {
                        if (!nodeID.equals(executeQuery.getString(1))) {
                            log.fine("Login failed, for user: '" + nodeID + "', password: '" + str2 + "', from DB got: " + executeQuery.getString(1));
                        }
                    }
                    throw new UserNotFoundException("User does not exist: " + str);
                }
                release(null, executeQuery);
                return true;
            } catch (SQLException e) {
                throw new TigaseDBException("Problem accessing repository.", e);
            }
        } catch (Throwable th) {
            release(null, null);
            throw th;
        }
    }

    @Override // tigase.db.UserAuthRepository
    public boolean plainAuth(String str, String str2) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        if (this.userlogin_active) {
            return userLoginAuth(str, str2);
        }
        String password = getPassword(str);
        return (str2 == null || password == null || !password.equals(str2)) ? false : true;
    }

    @Override // tigase.db.UserAuthRepository
    public boolean digestAuth(String str, String str2, String str3, String str4) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        if (this.userlogin_active) {
            throw new AuthorizationException("Not supported.");
        }
        try {
            String hexDigest = Algorithms.hexDigest(str3, getPassword(str), str4);
            log.finest("Comparing passwords, given: " + str2 + ", db: " + hexDigest);
            return str2.equals(hexDigest);
        } catch (NoSuchAlgorithmException e) {
            throw new AuthorizationException("No such algorithm.", e);
        }
    }

    @Override // tigase.db.UserAuthRepository
    public boolean otherAuth(Map<String, Object> map) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        if (((String) map.get(UserAuthRepository.PROTOCOL_KEY)).equals(UserAuthRepository.PROTOCOL_VAL_SASL)) {
            return ((String) map.get(UserAuthRepository.MACHANISM_KEY)).equals("PLAIN") ? saslPlainAuth(map) : saslAuth(map);
        }
        throw new AuthorizationException("Protocol is not supported.");
    }

    @Override // tigase.db.UserAuthRepository
    public void logout(String str) throws UserNotFoundException, TigaseDBException {
        try {
            checkConnection();
            synchronized (this.user_logout) {
                this.user_logout.setString(1, JIDUtils.getNodeID(str));
                this.user_logout.execute();
            }
        } catch (SQLException e) {
            throw new TigaseDBException("Problem accessing repository.", e);
        }
    }

    @Override // tigase.db.UserAuthRepository
    public void addUser(String str, String str2) throws UserExistsException, TigaseDBException {
        ResultSet resultSet = null;
        try {
            try {
                checkConnection();
                synchronized (this.add_user) {
                    this.add_user.setString(1, JIDUtils.getNodeID(str));
                    this.add_user.setString(2, str2);
                    if (this.add_user.execute()) {
                        resultSet = this.add_user.getResultSet();
                    }
                }
            } catch (SQLIntegrityConstraintViolationException e) {
                throw new UserExistsException("Error while adding user to repository, user exists?", e);
            } catch (SQLException e2) {
                throw new TigaseDBException("Problem accessing repository.", e2);
            }
        } finally {
            release(null, resultSet);
        }
    }

    @Override // tigase.db.UserAuthRepository
    public void updatePassword(String str, String str2) throws UserNotFoundException, TigaseDBException {
        try {
            checkConnection();
            synchronized (this.update_pass) {
                this.update_pass.setString(1, str2);
                this.update_pass.setString(2, JIDUtils.getNodeID(str));
                this.update_pass.execute();
            }
        } catch (SQLException e) {
            throw new TigaseDBException("Problem accessing repository.", e);
        }
    }

    @Override // tigase.db.UserAuthRepository
    public void removeUser(String str) throws UserNotFoundException, TigaseDBException {
        try {
            checkConnection();
            synchronized (this.remove_user) {
                this.remove_user.setString(1, JIDUtils.getNodeID(str));
                this.remove_user.execute();
            }
        } catch (SQLException e) {
            throw new TigaseDBException("Problem accessing repository.", e);
        }
    }

    private String decodeString(byte[] bArr, int i) {
        int i2 = i;
        while (bArr[i2] != 0 && i2 < bArr.length) {
            i2++;
        }
        return new String(bArr, i, i2 - i);
    }

    private boolean saslPlainAuth(Map<String, Object> map) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        String str = (String) map.get("data");
        String str2 = (String) map.get(UserAuthRepository.REALM_KEY);
        map.put(UserAuthRepository.RESULT_KEY, null);
        byte[] decode = str != null ? Base64.decode(str) : new byte[0];
        int i = 0;
        while (decode[i] != 0 && i < decode.length) {
            i++;
        }
        new String(decode, 0, i);
        int i2 = i + 1;
        int i3 = i2;
        while (decode[i3] != 0 && i3 < decode.length) {
            i3++;
        }
        String str3 = new String(decode, i2, i3 - i2);
        int i4 = i3 + 1;
        String str4 = str3;
        if (JIDUtils.getNodeNick(str3) == null) {
            str4 = JIDUtils.getNodeID(str3, str2);
        }
        map.put(UserAuthRepository.USER_ID_KEY, str4);
        return plainAuth(str4, new String(decode, i4, decode.length - i4));
    }

    private boolean saslAuth(Map<String, Object> map) throws AuthorizationException {
        try {
            SaslServer saslServer = (SaslServer) map.get("SaslServer");
            if (saslServer == null) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("javax.security.sasl.qop", "auth");
                saslServer = Sasl.createSaslServer((String) map.get(UserAuthRepository.MACHANISM_KEY), "xmpp", (String) map.get(UserAuthRepository.SERVER_NAME_KEY), treeMap, new SaslCallbackHandler(map));
                map.put("SaslServer", saslServer);
            }
            String str = (String) map.get("data");
            byte[] decode = str != null ? Base64.decode(str) : new byte[0];
            log.finest("response: " + new String(decode));
            byte[] evaluateResponse = saslServer.evaluateResponse(decode);
            log.finest("challenge: " + (evaluateResponse != null ? new String(evaluateResponse) : "null"));
            map.put(UserAuthRepository.RESULT_KEY, (evaluateResponse == null || evaluateResponse.length <= 0) ? null : Base64.encode(evaluateResponse));
            return saslServer.isComplete();
        } catch (SaslException e) {
            throw new AuthorizationException("Sasl exception.", e);
        }
    }
}
