package tigase.db.jdbc;

import java.io.IOException;
import java.math.BigDecimal;
import java.security.NoSuchAlgorithmException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Map;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import tigase.conf.Configurable;
import tigase.db.AuthRepository;
import tigase.db.AuthorizationException;
import tigase.db.DBInitException;
import tigase.db.DataRepository;
import tigase.db.RepositoryFactory;
import tigase.db.TigaseDBException;
import tigase.db.UserExistsException;
import tigase.db.UserNotFoundException;
import tigase.util.Algorithms;
import tigase.util.Base64;
import tigase.xmpp.BareJID;

/* loaded from: input_file:tigase/db/jdbc/DrupalWPAuth.class */
public class DrupalWPAuth implements AuthRepository {
    private static final Logger log = Logger.getLogger(DrupalWPAuth.class.getName());
    private static final String[] non_sasl_mechs = {"password"};
    private static final String[] sasl_mechs = {TigaseCustomAuth.DEF_SASL_MECHS};
    public static final String DRUPAL_USERS_TBL = "users";
    public static final String DRUPAL_NAME_FLD = "name";
    public static final String DRUPAL_PASS_FLD = "pass";
    public static final String DRUPAL_STATUS_FLD = "status";
    public static final int DRUPAL_OK_STATUS_VAL = 1;
    public static final String WP_USERS_TBL = "wp_users";
    public static final String WP_NAME_FLD = "user_login";
    public static final String WP_PASS_FLD = "user_pass";
    public static final String WP_STATUS_FLD = "user_status";
    public static final int WP_OK_STATUS_VAL = 0;
    private static final String SELECT_PASSWORD_QUERY_KEY = "select-password-drupal-wp-query-key";
    private static final String SELECT_STATUS_QUERY_KEY = "select-status-drupal-wp-query-key";
    private static final String INSERT_USER_QUERY_KEY = "insert-user-drupal-wp-query-key";
    private static final String UPDATE_LAST_LOGIN_QUERY_KEY = "update-last-login-drupal-wp-query-key";
    private static final String UPDATE_ONLINE_STATUS_QUERY_KEY = "update-online-status-drupal-wp-query-key";
    private DataRepository data_repo = null;
    private String name_fld = "name";
    private String users_tbl = DRUPAL_USERS_TBL;
    private int status_val = 1;
    private String status_fld = DRUPAL_STATUS_FLD;
    private String pass_fld = "pass";
    private boolean online_status = false;
    private boolean last_login = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tigase/db/jdbc/DrupalWPAuth$SaslCallbackHandler.class */
    public class SaslCallbackHandler implements CallbackHandler {
        private Map<String, Object> options;

        private SaslCallbackHandler(Map<String, Object> map) {
            this.options = null;
            this.options = map;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            BareJID bareJID = null;
            for (int i = 0; i < callbackArr.length; i++) {
                if (DrupalWPAuth.log.isLoggable(Level.FINEST)) {
                    DrupalWPAuth.log.log(Level.FINEST, "Callback: {0}", callbackArr[i].getClass().getSimpleName());
                }
                if (callbackArr[i] instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callbackArr[i];
                    String str = (String) this.options.get(AuthRepository.REALM_KEY);
                    if (str != null) {
                        realmCallback.setText(str);
                    }
                    if (DrupalWPAuth.log.isLoggable(Level.FINEST)) {
                        DrupalWPAuth.log.log(Level.FINEST, "RealmCallback: {0}", str);
                    }
                } else if (callbackArr[i] instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callbackArr[i];
                    String name = nameCallback.getName();
                    if (name == null) {
                        name = nameCallback.getDefaultName();
                    }
                    bareJID = BareJID.bareJIDInstanceNS(name, (String) this.options.get(AuthRepository.REALM_KEY));
                    this.options.put(AuthRepository.USER_ID_KEY, bareJID);
                    if (DrupalWPAuth.log.isLoggable(Level.FINEST)) {
                        DrupalWPAuth.log.log(Level.FINEST, "NameCallback: {0}", name);
                    }
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[i];
                    try {
                        String password = DrupalWPAuth.this.getPassword(bareJID);
                        passwordCallback.setPassword(password.toCharArray());
                        if (DrupalWPAuth.log.isLoggable(Level.FINEST)) {
                            DrupalWPAuth.log.log(Level.FINEST, "PasswordCallback: {0}", password);
                        }
                    } catch (Exception e) {
                        throw new IOException("Password retrieving problem.", e);
                    }
                } else {
                    if (!(callbackArr[i] instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callbackArr[i];
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (DrupalWPAuth.log.isLoggable(Level.FINEST)) {
                        DrupalWPAuth.log.log(Level.FINEST, "AuthorizeCallback: authenId: {0}", authenticationID);
                        DrupalWPAuth.log.log(Level.FINEST, "AuthorizeCallback: authorId: {0}", authorizationID);
                    }
                    authorizeCallback.setAuthorized(true);
                }
            }
        }
    }

    @Override // tigase.db.AuthRepository
    public void addUser(BareJID bareJID, String str) throws UserExistsException, TigaseDBException {
        try {
            PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, INSERT_USER_QUERY_KEY);
            synchronized (preparedStatement) {
                preparedStatement.setString(1, bareJID.getLocalpart());
                preparedStatement.setString(2, Algorithms.hexDigest("", str, "MD5"));
                preparedStatement.executeUpdate();
            }
        } catch (NoSuchAlgorithmException e) {
            throw new TigaseDBException("Password encoding algorithm is not supported.", e);
        } catch (SQLException e2) {
            throw new UserExistsException("Error while adding user to repository, user exists?", e2);
        }
    }

    @Override // tigase.db.AuthRepository
    @Deprecated
    public boolean digestAuth(BareJID bareJID, String str, String str2, String str3) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        throw new AuthorizationException("Not supported.");
    }

    @Override // tigase.db.AuthRepository
    public String getResourceUri() {
        return this.data_repo.getResourceUri();
    }

    @Override // tigase.db.AuthRepository
    public long getUsersCount() {
        return -1L;
    }

    @Override // tigase.db.AuthRepository
    public long getUsersCount(String str) {
        return -1L;
    }

    @Override // tigase.db.AuthRepository
    public void initRepository(String str, Map<String, String> map) throws DBInitException {
        try {
            this.data_repo = RepositoryFactory.getDataRepository(null, str, map);
            if (str.contains("online_status=true")) {
                this.online_status = true;
            }
            if (str.contains("wp_mode=true")) {
                this.online_status = false;
                this.last_login = false;
                this.name_fld = WP_NAME_FLD;
                this.users_tbl = WP_USERS_TBL;
                this.status_val = 0;
                this.status_fld = WP_STATUS_FLD;
                this.pass_fld = WP_PASS_FLD;
                log.log(Level.INFO, "Initializing Wordpress repository: {0}", str);
            } else {
                log.log(Level.INFO, "Initializing Drupal repository: {0}", str);
            }
            this.data_repo.initPreparedStatement(SELECT_PASSWORD_QUERY_KEY, "select " + this.pass_fld + " from " + this.users_tbl + " where " + this.name_fld + " = ?");
            this.data_repo.initPreparedStatement(SELECT_STATUS_QUERY_KEY, "select " + this.status_fld + " from " + this.users_tbl + " where " + this.name_fld + " = ?");
            this.data_repo.initPreparedStatement(INSERT_USER_QUERY_KEY, "insert into " + this.users_tbl + " (" + this.name_fld + ", " + this.pass_fld + ", " + this.status_fld + ") values (?, ?, " + this.status_val + ")");
            this.data_repo.initPreparedStatement(UPDATE_LAST_LOGIN_QUERY_KEY, "update " + this.users_tbl + " set access=?, login=? where " + this.name_fld + " = ?");
            this.data_repo.initPreparedStatement(UPDATE_ONLINE_STATUS_QUERY_KEY, "update " + this.users_tbl + " set online_status=online_status+? where " + this.name_fld + " = ?");
            try {
                if (this.online_status) {
                    Statement createStatement = this.data_repo.createStatement(null);
                    createStatement.executeUpdate("update users set online_status = 0;");
                    createStatement.close();
                }
            } catch (SQLException e) {
                if (!e.getMessage().contains("'online_status'")) {
                    this.data_repo = null;
                    throw new DBInitException("Problem initializing jdbc connection: " + str, e);
                }
                try {
                    Statement createStatement2 = this.data_repo.createStatement(null);
                    createStatement2.executeUpdate("alter table users add online_status int default 0;");
                    createStatement2.close();
                } catch (SQLException e2) {
                    this.data_repo = null;
                    throw new DBInitException("Problem initializing jdbc connection: " + str, e2);
                }
            }
        } catch (Exception e3) {
            this.data_repo = null;
            throw new DBInitException("Problem initializing jdbc connection: " + str, e3);
        }
    }

    @Override // tigase.db.AuthRepository
    public void logout(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
        updateOnlineStatus(bareJID, -1);
    }

    @Override // tigase.db.AuthRepository
    public boolean otherAuth(Map<String, Object> map) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        String str = (String) map.get(AuthRepository.PROTOCOL_KEY);
        if (!str.equals(AuthRepository.PROTOCOL_VAL_SASL)) {
            if (str.equals(AuthRepository.PROTOCOL_VAL_NONSASL)) {
                String str2 = (String) map.get("password");
                BareJID bareJID = (BareJID) map.get(AuthRepository.USER_ID_KEY);
                if (str2 != null) {
                    return plainAuth(bareJID, str2);
                }
                String str3 = (String) map.get(AuthRepository.DIGEST_KEY);
                if (str3 != null) {
                    return digestAuth(bareJID, str3, (String) map.get(AuthRepository.DIGEST_ID_KEY), "SHA");
                }
            }
            throw new AuthorizationException("Protocol is not supported: " + str);
        }
        String str4 = (String) map.get(AuthRepository.MACHANISM_KEY);
        try {
            if (!str4.equals(TigaseCustomAuth.DEF_SASL_MECHS)) {
                throw new AuthorizationException("Mechanism is not supported: " + str4);
            }
            boolean saslAuth = saslAuth(map);
            if (saslAuth) {
                BareJID bareJID2 = (BareJID) map.get(AuthRepository.USER_ID_KEY);
                if (!isActive(bareJID2)) {
                    throw new AuthorizationException("User account has been blocked.");
                }
                updateLastLogin(bareJID2);
                updateOnlineStatus(bareJID2, 1);
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "User authenticated: {0}", bareJID2);
                }
            } else if (log.isLoggable(Level.FINEST)) {
                log.finest("User NOT authenticated");
            }
            return saslAuth;
        } catch (Exception e) {
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "OTHER authentication error: ", (Throwable) e);
            }
            throw new AuthorizationException("Sasl exception.", e);
        }
    }

    @Override // tigase.db.AuthRepository
    @Deprecated
    public boolean plainAuth(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        try {
            if (!isActive(bareJID)) {
                throw new AuthorizationException("User account has been blocked.");
            }
            boolean equals = getPassword(bareJID).equals(Algorithms.hexDigest("", str, "MD5"));
            if (equals) {
                updateLastLogin(bareJID);
                updateOnlineStatus(bareJID, 1);
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "User authenticated: {0}", bareJID);
                }
            } else if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "User NOT authenticated: {0}", bareJID);
            }
            return equals;
        } catch (NoSuchAlgorithmException e) {
            throw new AuthorizationException("Password encoding algorithm is not supported.", e);
        } catch (SQLException e2) {
            throw new TigaseDBException("Problem accessing repository.", e2);
        }
    }

    @Override // tigase.db.AuthRepository
    public void queryAuth(Map<String, Object> map) {
        String str = (String) map.get(AuthRepository.PROTOCOL_KEY);
        if (str.equals(AuthRepository.PROTOCOL_VAL_NONSASL)) {
            map.put(AuthRepository.RESULT_KEY, non_sasl_mechs);
        }
        if (str.equals(AuthRepository.PROTOCOL_VAL_SASL)) {
            map.put(AuthRepository.RESULT_KEY, sasl_mechs);
        }
    }

    @Override // tigase.db.AuthRepository
    public void removeUser(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
        throw new TigaseDBException("Removing user is not supported.");
    }

    @Override // tigase.db.AuthRepository
    public void updatePassword(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException {
        throw new TigaseDBException("Updating user password is not supported.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getPassword(BareJID bareJID) throws SQLException, UserNotFoundException {
        ResultSet executeQuery;
        String string;
        try {
            PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, SELECT_PASSWORD_QUERY_KEY);
            synchronized (preparedStatement) {
                preparedStatement.setString(1, bareJID.getLocalpart());
                executeQuery = preparedStatement.executeQuery();
                if (!executeQuery.next()) {
                    throw new UserNotFoundException("User does not exist: " + bareJID);
                }
                string = executeQuery.getString(1);
            }
            this.data_repo.release(null, executeQuery);
            return string;
        } catch (Throwable th) {
            this.data_repo.release(null, null);
            throw th;
        }
    }

    private boolean isActive(BareJID bareJID) throws SQLException, UserNotFoundException {
        ResultSet executeQuery;
        boolean z;
        try {
            PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, SELECT_STATUS_QUERY_KEY);
            synchronized (preparedStatement) {
                preparedStatement.setString(1, bareJID.getLocalpart());
                executeQuery = preparedStatement.executeQuery();
                if (!executeQuery.next()) {
                    throw new UserNotFoundException("User does not exist: " + bareJID);
                }
                z = executeQuery.getInt(1) == this.status_val;
            }
            this.data_repo.release(null, executeQuery);
            return z;
        } catch (Throwable th) {
            this.data_repo.release(null, null);
            throw th;
        }
    }

    private boolean saslAuth(Map<String, Object> map) throws AuthorizationException {
        try {
            SaslServer saslServer = (SaslServer) map.get("SaslServer");
            if (saslServer == null) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("javax.security.sasl.qop", "auth");
                treeMap.put("password-encryption", "MD5");
                saslServer = Sasl.createSaslServer((String) map.get(AuthRepository.MACHANISM_KEY), Configurable.STANZA_XMPP_ACK, (String) map.get(AuthRepository.SERVER_NAME_KEY), treeMap, new SaslCallbackHandler(map));
                map.put("SaslServer", saslServer);
            }
            String str = (String) map.get("data");
            byte[] evaluateResponse = saslServer.evaluateResponse(str != null ? Base64.decode(str) : new byte[0]);
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "challenge: {0}", evaluateResponse != null ? new String(evaluateResponse) : "null");
            }
            map.put(AuthRepository.RESULT_KEY, (evaluateResponse == null || evaluateResponse.length <= 0) ? null : Base64.encode(evaluateResponse));
            return saslServer.isComplete();
        } catch (SaslException e) {
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "SASL authentication error: ", e);
            }
            throw new AuthorizationException("Sasl exception.", e);
        } catch (Exception e2) {
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "SASL authentication error: ", (Throwable) e2);
            }
            throw new AuthorizationException("Sasl exception.", e2);
        }
    }

    private void updateLastLogin(BareJID bareJID) throws TigaseDBException {
        if (this.last_login) {
            try {
                PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, UPDATE_LAST_LOGIN_QUERY_KEY);
                synchronized (preparedStatement) {
                    BigDecimal bigDecimal = new BigDecimal(System.currentTimeMillis() / 1000);
                    preparedStatement.setBigDecimal(1, bigDecimal);
                    preparedStatement.setBigDecimal(2, bigDecimal);
                    preparedStatement.setString(3, bareJID.getLocalpart());
                    preparedStatement.executeUpdate();
                }
            } catch (SQLException e) {
                throw new TigaseDBException("Error accessing repository.", e);
            }
        }
    }

    private void updateOnlineStatus(BareJID bareJID, int i) throws TigaseDBException {
        if (this.online_status) {
            try {
                PreparedStatement preparedStatement = this.data_repo.getPreparedStatement(bareJID, UPDATE_ONLINE_STATUS_QUERY_KEY);
                synchronized (preparedStatement) {
                    preparedStatement.setInt(1, i);
                    preparedStatement.setString(2, bareJID.getLocalpart());
                    preparedStatement.executeUpdate();
                }
            } catch (SQLException e) {
                throw new TigaseDBException("Error accessing repository.", e);
            }
        }
    }
}
