package tigase.db.jdbc;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import tigase.auth.mechanisms.AbstractSaslSCRAM;
import tigase.db.AuthRepository;
import tigase.db.AuthorizationException;
import tigase.db.Repository;
import tigase.db.Schema;
import tigase.db.TigaseDBException;
import tigase.db.UserExistsException;
import tigase.db.UserNotFoundException;
import tigase.db.util.RepositoryVersionAware;
import tigase.util.Base64;
import tigase.xmpp.jid.BareJID;

@Repository.SchemaId(id = Schema.SERVER_SCHEMA_ID, name = Schema.SERVER_SCHEMA_NAME)
/* loaded from: input_file:tigase/db/jdbc/TigaseSPAuth.class */
public class TigaseSPAuth extends TigaseCustomAuth implements RepositoryVersionAware {
    private static final Logger log = Logger.getLogger(TigaseSPAuth.class.getName());
    private static final SecureRandom random = new SecureRandom();

    private static final String encode(String str) throws InvalidKeyException, NoSuchAlgorithmException {
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        return encode(str, bArr);
    }

    private static final String encode(String str, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException {
        byte[] hi = AbstractSaslSCRAM.hi("SHA1", AbstractSaslSCRAM.normalize(str), bArr, 4096);
        byte[] bArr2 = new byte[bArr.length + hi.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(hi, 0, bArr2, bArr.length, hi.length);
        return Base64.encode(bArr2);
    }

    @Override // tigase.db.jdbc.TigaseCustomAuth, tigase.db.AuthRepository
    public void addUser(BareJID bareJID, String str) throws UserExistsException, TigaseDBException {
        try {
            super.addUser(bareJID, encode(str));
        } catch (Exception e) {
            log.log(Level.WARNING, "Can't add user " + bareJID, (Throwable) e);
        }
    }

    @Override // tigase.db.jdbc.TigaseCustomAuth, tigase.db.AuthRepository
    public boolean otherAuth(Map<String, Object> map) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        try {
            map.put("password", encodeWithUserSalt((BareJID) map.get(AuthRepository.USER_ID_KEY), (String) map.get("password")));
            return super.otherAuth(map);
        } catch (Exception e) {
            log.log(Level.WARNING, "Can't salt user password", (Throwable) e);
            throw new AuthorizationException("Can't salt user password", e);
        }
    }

    @Override // tigase.db.jdbc.TigaseCustomAuth, tigase.db.AuthRepository
    public void updatePassword(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException {
        try {
            super.updatePassword(bareJID, encode(str));
        } catch (Exception e) {
            log.log(Level.WARNING, "Can't update password for user " + bareJID, (Throwable) e);
        }
    }

    private String encodeWithUserSalt(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException, InvalidKeyException, NoSuchAlgorithmException {
        String password = getPassword(bareJID);
        if (password == null) {
            throw new UserNotFoundException("User " + bareJID + " not found.");
        }
        byte[] decode = Base64.decode(password);
        byte[] bArr = new byte[20];
        System.arraycopy(decode, 0, bArr, 0, bArr.length);
        return encode(str, bArr);
    }

    private boolean isPasswordValid(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException, InvalidKeyException, NoSuchAlgorithmException {
        String password = getPassword(bareJID);
        if (password == null) {
            throw new UserNotFoundException("User " + bareJID + " not found.");
        }
        byte[] decode = Base64.decode(password);
        byte[] bArr = new byte[20];
        byte[] bArr2 = new byte[20];
        System.arraycopy(decode, 0, bArr, 0, bArr.length);
        System.arraycopy(decode, bArr.length, bArr2, 0, bArr2.length);
        return Arrays.equals(bArr2, AbstractSaslSCRAM.hi("SHA1", AbstractSaslSCRAM.normalize(str), bArr, 4096));
    }
}
