package tigase.db.jdbc;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.SQLIntegrityConstraintViolationException;
import java.util.Map;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import tigase.auth.SaslPLAIN;
import tigase.conf.Configurable;
import tigase.db.AuthRepository;
import tigase.db.AuthorizationException;
import tigase.db.DBInitException;
import tigase.db.DataRepository;
import tigase.db.RepositoryFactory;
import tigase.db.TigaseDBException;
import tigase.db.UserExistsException;
import tigase.db.UserNotFoundException;
import tigase.util.Algorithms;
import tigase.util.Base64;
import tigase.util.TigaseStringprepException;
import tigase.xmpp.BareJID;

/* loaded from: input_file:tigase/db/jdbc/TigaseCustomAuth.class */
public class TigaseCustomAuth implements AuthRepository {
    private static final Logger log = Logger.getLogger(TigaseCustomAuth.class.getName());
    public static final String DEF_CONNVALID_KEY = "conn-valid-query";
    public static final String DEF_INITDB_KEY = "init-db-query";
    public static final String DEF_ADDUSER_KEY = "add-user-query";
    public static final String DEF_DELUSER_KEY = "del-user-query";
    public static final String DEF_GETPASSWORD_KEY = "get-password-query";
    public static final String DEF_UPDATEPASSWORD_KEY = "update-password-query";
    public static final String DEF_USERLOGIN_KEY = "user-login-query";
    public static final String DEF_USERLOGOUT_KEY = "user-logout-query";
    public static final String DEF_USERS_COUNT_KEY = "users-count-query";
    public static final String DEF_USERS_DOMAIN_COUNT_KEY = "users-domain-count-query";
    public static final String DEF_NONSASL_MECHS_KEY = "non-sasl-mechs";
    public static final String DEF_SASL_MECHS_KEY = "sasl-mechs";
    public static final String NO_QUERY = "none";
    public static final String DEF_INITDB_QUERY = "{ call TigInitdb() }";
    public static final String DEF_ADDUSER_QUERY = "{ call TigAddUserPlainPw(?, ?) }";
    public static final String DEF_DELUSER_QUERY = "{ call TigRemoveUser(?) }";
    public static final String DEF_GETPASSWORD_QUERY = "{ call TigGetPassword(?) }";
    public static final String DEF_UPDATEPASSWORD_QUERY = "{ call TigUpdatePasswordPlainPwRev(?, ?) }";
    public static final String DEF_USERLOGIN_QUERY = "{ call TigUserLoginPlainPw(?, ?) }";
    public static final String DEF_USERLOGOUT_QUERY = "{ call TigUserLogout(?) }";
    public static final String DEF_USERS_COUNT_QUERY = "{ call TigAllUsersCount() }";
    public static final String DEF_USERS_DOMAIN_COUNT_QUERY = "select count(*) from tig_users where user_id like ?";
    public static final String DEF_NONSASL_MECHS = "password";
    public static final String DEF_SASL_MECHS = "PLAIN";
    public static final String SP_STARTS_WITH = "{ call";
    private DataRepository data_repo = null;
    private String initdb_query = DEF_INITDB_QUERY;
    private String getpassword_query = DEF_GETPASSWORD_QUERY;
    private String deluser_query = DEF_DELUSER_QUERY;
    private String adduser_query = DEF_ADDUSER_QUERY;
    private String updatepassword_query = DEF_UPDATEPASSWORD_QUERY;
    private String userlogin_query = DEF_USERLOGIN_QUERY;
    private String userdomaincount_query = DEF_USERS_DOMAIN_COUNT_QUERY;
    private String userlogout_query = null;
    private String userscount_query = DEF_USERS_COUNT_QUERY;
    private boolean userlogin_active = false;
    private String[] sasl_mechs = "PLAIN".split(",");
    private String[] nonsasl_mechs = "password".split(",");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tigase/db/jdbc/TigaseCustomAuth$SaslCallbackHandler.class */
    public class SaslCallbackHandler implements CallbackHandler {
        private Map<String, Object> options;

        private SaslCallbackHandler(Map<String, Object> map) {
            this.options = null;
            this.options = map;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            BareJID bareJID = null;
            for (int i = 0; i < callbackArr.length; i++) {
                if (TigaseCustomAuth.log.isLoggable(Level.FINEST)) {
                    TigaseCustomAuth.log.log(Level.FINEST, "Callback: {0}", callbackArr[i].getClass().getSimpleName());
                }
                if (callbackArr[i] instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callbackArr[i];
                    String str = (String) this.options.get(AuthRepository.REALM_KEY);
                    if (str != null) {
                        realmCallback.setText(str);
                    }
                    if (TigaseCustomAuth.log.isLoggable(Level.FINEST)) {
                        TigaseCustomAuth.log.log(Level.FINEST, "RealmCallback: {0}", str);
                    }
                } else if (callbackArr[i] instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callbackArr[i];
                    String name = nameCallback.getName();
                    if (name == null) {
                        name = nameCallback.getDefaultName();
                    }
                    bareJID = BareJID.bareJIDInstanceNS(name, (String) this.options.get(AuthRepository.REALM_KEY));
                    this.options.put(AuthRepository.USER_ID_KEY, bareJID);
                    if (TigaseCustomAuth.log.isLoggable(Level.FINEST)) {
                        TigaseCustomAuth.log.log(Level.FINEST, "NameCallback: {0}", name);
                    }
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[i];
                    try {
                        String password = TigaseCustomAuth.this.getPassword(bareJID);
                        passwordCallback.setPassword(password.toCharArray());
                        if (TigaseCustomAuth.log.isLoggable(Level.FINEST)) {
                            TigaseCustomAuth.log.log(Level.FINEST, "PasswordCallback: {0}", password);
                        }
                    } catch (Exception e) {
                        throw new IOException("Password retrieving problem.", e);
                    }
                } else {
                    if (!(callbackArr[i] instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callbackArr[i];
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    if (TigaseCustomAuth.log.isLoggable(Level.FINEST)) {
                        TigaseCustomAuth.log.log(Level.FINEST, "AuthorizeCallback: authenId: {0}", authenticationID);
                    }
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (TigaseCustomAuth.log.isLoggable(Level.FINEST)) {
                        TigaseCustomAuth.log.log(Level.FINEST, "AuthorizeCallback: authorId: {0}", authorizationID);
                    }
                    if (authenticationID.equals(authorizationID)) {
                        authorizeCallback.setAuthorized(true);
                    }
                }
            }
        }
    }

    @Override // tigase.db.AuthRepository
    public void addUser(BareJID bareJID, String str) throws UserExistsException, TigaseDBException {
        if (this.adduser_query == null) {
            return;
        }
        ResultSet resultSet = null;
        try {
            try {
                try {
                    PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, this.adduser_query);
                    synchronized (preparedStatement) {
                        preparedStatement.setString(1, bareJID.toString());
                        preparedStatement.setString(2, str);
                        if (preparedStatement.execute()) {
                            resultSet = preparedStatement.getResultSet();
                        }
                    }
                } catch (SQLIntegrityConstraintViolationException e) {
                    throw new UserExistsException("Error while adding user to repository, user exists?", e);
                }
            } catch (SQLException e2) {
                throw new TigaseDBException("Problem accessing repository.", e2);
            }
        } finally {
            this.data_repo.release(null, resultSet);
        }
    }

    @Override // tigase.db.AuthRepository
    @Deprecated
    public boolean digestAuth(BareJID bareJID, String str, String str2, String str3) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        if (this.userlogin_active) {
            throw new AuthorizationException("Not supported.");
        }
        try {
            String hexDigest = Algorithms.hexDigest(str2, getPassword(bareJID), str3);
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "Comparing passwords, given: {0}, db: {1}", new Object[]{str, hexDigest});
            }
            return str.equals(hexDigest);
        } catch (NoSuchAlgorithmException e) {
            throw new AuthorizationException("No such algorithm.", e);
        }
    }

    @Override // tigase.db.AuthRepository
    public String getResourceUri() {
        return this.data_repo.getResourceUri();
    }

    @Override // tigase.db.AuthRepository
    public long getUsersCount() {
        if (this.userscount_query == null) {
            return -1L;
        }
        ResultSet resultSet = null;
        try {
            long j = -1;
            PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(null, this.userscount_query);
            synchronized (preparedStatement) {
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    j = resultSet.getLong(1);
                }
            }
            long j2 = j;
            this.data_repo.release(null, resultSet);
            return j2;
        } catch (SQLException e) {
            this.data_repo.release(null, resultSet);
            return -1L;
        } catch (Throwable th) {
            this.data_repo.release(null, resultSet);
            throw th;
        }
    }

    @Override // tigase.db.AuthRepository
    public long getUsersCount(String str) {
        if (this.userdomaincount_query == null) {
            return -1L;
        }
        ResultSet resultSet = null;
        try {
            long j = -1;
            PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(null, this.userdomaincount_query);
            synchronized (preparedStatement) {
                preparedStatement.setString(1, "%@" + str);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    j = resultSet.getLong(1);
                }
            }
            long j2 = j;
            this.data_repo.release(null, resultSet);
            return j2;
        } catch (SQLException e) {
            this.data_repo.release(null, resultSet);
            return -1L;
        } catch (Throwable th) {
            this.data_repo.release(null, resultSet);
            throw th;
        }
    }

    @Override // tigase.db.AuthRepository
    public void initRepository(String str, Map<String, String> map) throws DBInitException {
        try {
            this.data_repo = RepositoryFactory.getDataRepository(null, str, map);
            this.initdb_query = getParamWithDef(map, DEF_INITDB_KEY, DEF_INITDB_QUERY);
            if (this.initdb_query != null) {
                this.data_repo.initPreparedStatement(this.initdb_query, this.initdb_query);
            }
            this.adduser_query = getParamWithDef(map, DEF_ADDUSER_KEY, DEF_ADDUSER_QUERY);
            if (this.adduser_query != null) {
                this.data_repo.initPreparedStatement(this.adduser_query, this.adduser_query);
            }
            this.deluser_query = getParamWithDef(map, DEF_DELUSER_KEY, DEF_DELUSER_QUERY);
            if (this.deluser_query != null) {
                this.data_repo.initPreparedStatement(this.deluser_query, this.deluser_query);
            }
            this.getpassword_query = getParamWithDef(map, DEF_GETPASSWORD_KEY, null);
            if (this.getpassword_query != null) {
                this.data_repo.initPreparedStatement(this.getpassword_query, this.getpassword_query);
            }
            this.updatepassword_query = getParamWithDef(map, DEF_UPDATEPASSWORD_KEY, DEF_UPDATEPASSWORD_QUERY);
            if (this.updatepassword_query != null) {
                this.data_repo.initPreparedStatement(this.updatepassword_query, this.updatepassword_query);
            }
            this.userlogin_query = getParamWithDef(map, DEF_USERLOGIN_KEY, DEF_USERLOGIN_QUERY);
            if (this.userlogin_query != null) {
                this.data_repo.initPreparedStatement(this.userlogin_query, this.userlogin_query);
                this.userlogin_active = true;
            }
            this.userlogout_query = getParamWithDef(map, DEF_USERLOGOUT_KEY, DEF_USERLOGOUT_QUERY);
            if (this.userlogout_query != null) {
                this.data_repo.initPreparedStatement(this.userlogout_query, this.userlogout_query);
            }
            this.userscount_query = getParamWithDef(map, DEF_USERS_COUNT_KEY, DEF_USERS_COUNT_QUERY);
            if (this.userscount_query != null) {
                this.data_repo.initPreparedStatement(this.userscount_query, this.userscount_query);
            }
            this.userdomaincount_query = getParamWithDef(map, DEF_USERS_DOMAIN_COUNT_KEY, DEF_USERS_DOMAIN_COUNT_QUERY);
            if (this.userdomaincount_query != null) {
                this.data_repo.initPreparedStatement(this.userdomaincount_query, this.userdomaincount_query);
            }
            this.nonsasl_mechs = getParamWithDef(map, DEF_NONSASL_MECHS_KEY, "password").split(",");
            this.sasl_mechs = getParamWithDef(map, DEF_SASL_MECHS_KEY, "PLAIN").split(",");
            if (map != null && map.get("init-db") != null) {
                initDb();
            }
        } catch (Exception e) {
            this.data_repo = null;
            throw new DBInitException("Problem initializing jdbc connection: " + str, e);
        }
    }

    @Override // tigase.db.AuthRepository
    public void logout(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
        if (this.userlogout_query == null) {
            return;
        }
        try {
            PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, this.userlogout_query);
            if (preparedStatement != null) {
                synchronized (preparedStatement) {
                    preparedStatement.setString(1, bareJID.toString());
                    preparedStatement.execute();
                }
            }
        } catch (SQLException e) {
            throw new TigaseDBException("Problem accessing repository.", e);
        }
    }

    @Override // tigase.db.AuthRepository
    public boolean otherAuth(Map<String, Object> map) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        String str = (String) map.get(AuthRepository.PROTOCOL_KEY);
        if (str.equals(AuthRepository.PROTOCOL_VAL_SASL)) {
            if (!((String) map.get(AuthRepository.MACHANISM_KEY)).equals("PLAIN")) {
                return saslAuth(map);
            }
            try {
                if (saslPlainAuth(map)) {
                    return true;
                }
                throw new AuthorizationException("Authentication failed.");
            } catch (TigaseStringprepException e) {
                throw new AuthorizationException("Stringprep failed for: " + map, e);
            }
        }
        if (str.equals(AuthRepository.PROTOCOL_VAL_NONSASL)) {
            String str2 = (String) map.get("password");
            BareJID bareJID = (BareJID) map.get(AuthRepository.USER_ID_KEY);
            if (str2 != null) {
                return plainAuth(bareJID, str2);
            }
            String str3 = (String) map.get(AuthRepository.DIGEST_KEY);
            if (str3 != null) {
                return digestAuth(bareJID, str3, (String) map.get(AuthRepository.DIGEST_ID_KEY), SaslPLAIN.ENCRYPTION_SHA);
            }
        }
        throw new AuthorizationException("Protocol is not supported.");
    }

    @Override // tigase.db.AuthRepository
    @Deprecated
    public boolean plainAuth(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        if (this.userlogin_active) {
            return userLoginAuth(bareJID, str);
        }
        String password = getPassword(bareJID);
        return (str == null || password == null || !password.equals(str)) ? false : true;
    }

    @Override // tigase.db.AuthRepository
    public void queryAuth(Map<String, Object> map) {
        String str = (String) map.get(AuthRepository.PROTOCOL_KEY);
        if (str.equals(AuthRepository.PROTOCOL_VAL_NONSASL)) {
            map.put(AuthRepository.RESULT_KEY, this.nonsasl_mechs);
        }
        if (str.equals(AuthRepository.PROTOCOL_VAL_SASL)) {
            map.put(AuthRepository.RESULT_KEY, this.sasl_mechs);
        }
    }

    @Override // tigase.db.AuthRepository
    public void removeUser(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
        if (this.deluser_query == null) {
            return;
        }
        try {
            PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, this.deluser_query);
            synchronized (preparedStatement) {
                preparedStatement.setString(1, bareJID.toString());
                preparedStatement.execute();
            }
        } catch (SQLException e) {
            throw new TigaseDBException("Problem accessing repository.", e);
        }
    }

    @Override // tigase.db.AuthRepository
    public void updatePassword(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException {
        if (this.updatepassword_query == null) {
            return;
        }
        try {
            PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, this.updatepassword_query);
            synchronized (preparedStatement) {
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, bareJID.toString());
                preparedStatement.execute();
            }
        } catch (SQLException e) {
            throw new TigaseDBException("Problem accessing repository.", e);
        }
    }

    protected String getParamWithDef(Map<String, String> map, String str, String str2) {
        if (map == null) {
            return str2;
        }
        String str3 = map.get(str);
        if (str3 != null) {
            log.log(Level.CONFIG, "Custom query loaded for ''{0}'': ''{1}''", new Object[]{str, str3});
        } else {
            str3 = str2;
            log.log(Level.CONFIG, "Default query loaded for ''{0}'': ''{1}''", new Object[]{str, str2});
        }
        if (str3 != null) {
            str3 = str3.trim();
            if (str3.isEmpty() || str3.equals(NO_QUERY)) {
                str3 = null;
            }
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getPassword(BareJID bareJID) throws TigaseDBException, UserNotFoundException {
        ResultSet executeQuery;
        String string;
        if (this.getpassword_query == null) {
            return null;
        }
        try {
            try {
                PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, this.getpassword_query);
                synchronized (preparedStatement) {
                    preparedStatement.setString(1, bareJID.toString());
                    executeQuery = preparedStatement.executeQuery();
                    if (!executeQuery.next()) {
                        throw new UserNotFoundException("User does not exist: " + bareJID);
                    }
                    string = executeQuery.getString(1);
                }
                this.data_repo.release(null, executeQuery);
                return string;
            } catch (SQLException e) {
                throw new TigaseDBException("Problem with retrieving user password.", e);
            }
        } catch (Throwable th) {
            this.data_repo.release(null, null);
            throw th;
        }
    }

    private void initDb() throws SQLException {
        if (this.initdb_query == null) {
            return;
        }
        PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(null, this.initdb_query);
        synchronized (preparedStatement) {
            preparedStatement.executeUpdate();
        }
    }

    private boolean saslAuth(Map<String, Object> map) throws AuthorizationException {
        try {
            SaslServer saslServer = (SaslServer) map.get("SaslServer");
            if (saslServer == null) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("javax.security.sasl.qop", "auth");
                saslServer = Sasl.createSaslServer((String) map.get(AuthRepository.MACHANISM_KEY), Configurable.STANZA_XMPP_ACK, (String) map.get(AuthRepository.SERVER_NAME_KEY), treeMap, new SaslCallbackHandler(map));
                map.put("SaslServer", saslServer);
            }
            String str = (String) map.get("data");
            byte[] decode = str != null ? Base64.decode(str) : new byte[0];
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "response: {0}", new String(decode));
            }
            byte[] evaluateResponse = saslServer.evaluateResponse(decode);
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "challenge: {0}", evaluateResponse != null ? new String(evaluateResponse) : "null");
            }
            map.put(AuthRepository.RESULT_KEY, (evaluateResponse == null || evaluateResponse.length <= 0) ? null : Base64.encode(evaluateResponse));
            return saslServer.isComplete();
        } catch (SaslException e) {
            throw new AuthorizationException("Sasl exception.", e);
        }
    }

    private boolean saslPlainAuth(Map<String, Object> map) throws UserNotFoundException, TigaseDBException, AuthorizationException, TigaseStringprepException {
        String str = (String) map.get("data");
        String str2 = (String) map.get(AuthRepository.REALM_KEY);
        map.put(AuthRepository.RESULT_KEY, null);
        byte[] decode = str != null ? Base64.decode(str) : new byte[0];
        int i = 0;
        while (decode[i] != 0 && i < decode.length) {
            i++;
        }
        new String(decode, 0, i);
        int i2 = i + 1;
        int i3 = i2;
        while (decode[i3] != 0 && i3 < decode.length) {
            i3++;
        }
        String str3 = new String(decode, i2, i3 - i2);
        int i4 = i3 + 1;
        BareJID bareJIDInstance = BareJID.parseJID(str3)[0] == null ? BareJID.bareJIDInstance(str3, str2) : BareJID.bareJIDInstance(str3);
        map.put(AuthRepository.USER_ID_KEY, bareJIDInstance);
        return plainAuth(bareJIDInstance, new String(decode, i4, decode.length - i4));
    }

    private boolean userLoginAuth(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        ResultSet executeQuery;
        if (this.userlogin_query == null) {
            return false;
        }
        try {
            try {
                try {
                    PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, this.userlogin_query);
                    synchronized (preparedStatement) {
                        preparedStatement.setString(1, bareJID.toString());
                        preparedStatement.setString(2, str);
                        executeQuery = preparedStatement.executeQuery();
                        boolean z = false;
                        if (executeQuery.next()) {
                            String string = executeQuery.getString(1);
                            if (string != null) {
                                z = bareJID.equals(BareJID.bareJIDInstance(string));
                            }
                            if (!z) {
                                if (log.isLoggable(Level.FINE)) {
                                    log.log(Level.FINE, "Login failed, for user: ''{0}'', password: ''{1}'', from DB got: {2}", new Object[]{bareJID, str, string});
                                }
                            }
                        }
                        throw new UserNotFoundException("User does not exist: " + bareJID + ", in database: " + getResourceUri());
                    }
                    this.data_repo.release(null, executeQuery);
                    return true;
                } catch (SQLException e) {
                    throw new TigaseDBException("Problem accessing repository.", e);
                }
            } catch (TigaseStringprepException e2) {
                throw new AuthorizationException("Stringprep failed for: " + ((String) null), e2);
            }
        } catch (Throwable th) {
            this.data_repo.release(null, null);
            throw th;
        }
    }
}
