package tigase.db;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.util.Map;
import java.util.TreeMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import tigase.auth.XmppSaslException;
import tigase.conf.Configurable;
import tigase.db.AuthRepository;
import tigase.util.Algorithms;
import tigase.util.Base64;
import tigase.xmpp.jid.BareJID;

/* loaded from: input_file:tigase/db/AuthRepositoryImpl.class */
public class AuthRepositoryImpl implements AuthRepository {
    public static final String ACCOUNT_STATUS_KEY = "account_status";
    protected static final String DISABLED_KEY = "disabled";
    protected static final String PASSWORD_KEY = "password";
    private UserRepository repo;
    protected static final Logger log = Logger.getLogger("tigase.db.UserAuthRepositoryImpl");
    private static final String[] non_sasl_mechs = {"password", AuthRepository.DIGEST_KEY};
    private static final String[] sasl_mechs = {"PLAIN", "DIGEST-MD5", "CRAM-MD5"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tigase/db/AuthRepositoryImpl$SaslCallbackHandler.class */
    public class SaslCallbackHandler implements CallbackHandler {
        private Map<String, Object> options;

        private SaslCallbackHandler(Map<String, Object> map) {
            this.options = null;
            this.options = map;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            BareJID bareJID = null;
            for (int i = 0; i < callbackArr.length; i++) {
                if (AuthRepositoryImpl.log.isLoggable(Level.FINEST)) {
                    AuthRepositoryImpl.log.finest("Callback: " + callbackArr[i].getClass().getSimpleName());
                }
                if (callbackArr[i] instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callbackArr[i];
                    String str = (String) this.options.get(AuthRepository.REALM_KEY);
                    if (str != null) {
                        realmCallback.setText(str);
                    }
                    if (AuthRepositoryImpl.log.isLoggable(Level.FINEST)) {
                        AuthRepositoryImpl.log.finest("RealmCallback: " + str);
                    }
                } else if (callbackArr[i] instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callbackArr[i];
                    String name = nameCallback.getName();
                    if (name == null) {
                        name = nameCallback.getDefaultName();
                    }
                    bareJID = BareJID.bareJIDInstanceNS(name, (String) this.options.get(AuthRepository.REALM_KEY));
                    try {
                        AuthRepository.AccountStatus accountStatus = AuthRepositoryImpl.this.getAccountStatus(bareJID);
                        if (accountStatus.isInactive()) {
                            throw XmppSaslException.getExceptionFor(accountStatus);
                        }
                        this.options.put(AuthRepository.USER_ID_KEY, bareJID);
                        if (AuthRepositoryImpl.log.isLoggable(Level.FINEST)) {
                            AuthRepositoryImpl.log.finest("NameCallback: " + name);
                        }
                    } catch (TigaseDBException e) {
                        throw new IOException("Account Status retrieving problem.", e);
                    }
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[i];
                    try {
                        String password = AuthRepositoryImpl.this.getPassword(bareJID);
                        passwordCallback.setPassword(password.toCharArray());
                        if (AuthRepositoryImpl.log.isLoggable(Level.FINEST)) {
                            AuthRepositoryImpl.log.finest("PasswordCallback: " + password);
                        }
                    } catch (Exception e2) {
                        throw new IOException("Password retrieving problem.", e2);
                    }
                } else {
                    if (!(callbackArr[i] instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callbackArr[i];
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (AuthRepositoryImpl.log.isLoggable(Level.FINEST)) {
                        AuthRepositoryImpl.log.finest("AuthorizeCallback: authenId: " + authenticationID);
                        AuthRepositoryImpl.log.finest("AuthorizeCallback: authorId: " + authorizationID);
                    }
                    authorizeCallback.setAuthorized(true);
                }
            }
        }
    }

    public AuthRepositoryImpl(UserRepository userRepository) {
        this.repo = null;
        this.repo = userRepository;
    }

    @Override // tigase.db.AuthRepository
    public void loggedIn(BareJID bareJID) throws TigaseDBException {
    }

    @Override // tigase.db.AuthRepository
    public void addUser(BareJID bareJID, String str) throws UserExistsException, TigaseDBException {
        this.repo.addUser(bareJID);
        log.log(Level.FINE, "Repo user added: " + bareJID);
        updateCredential(bareJID, "default", str);
        log.log(Level.FINE, "Password updated: " + bareJID + ":" + str);
    }

    @Override // tigase.db.AuthRepository
    public boolean isMechanismSupported(String str, String str2) {
        return "PLAIN".equals(str2) ? true : true;
    }

    @Override // tigase.db.AuthRepository
    public String getResourceUri() {
        return this.repo.getResourceUri();
    }

    @Override // tigase.db.AuthRepository
    public long getActiveUsersCountIn(Duration duration) {
        return -1L;
    }

    @Override // tigase.db.AuthRepository
    public long getUsersCount() {
        return this.repo.getUsersCount();
    }

    @Override // tigase.db.AuthRepository
    public long getUsersCount(String str) {
        return this.repo.getUsersCount(str);
    }

    @Override // tigase.db.Repository
    @Deprecated
    public void initRepository(String str, Map<String, String> map) throws DBInitException {
    }

    @Override // tigase.db.AuthRepository
    public void logout(BareJID bareJID) {
    }

    @Override // tigase.db.AuthRepository
    public boolean otherAuth(Map<String, Object> map) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "otherAuth: {0}", map);
        }
        String str = (String) map.get(AuthRepository.PROTOCOL_KEY);
        if (str.equals(AuthRepository.PROTOCOL_VAL_SASL)) {
            return saslAuth(map);
        }
        if (str.equals(AuthRepository.PROTOCOL_VAL_NONSASL)) {
            String str2 = (String) map.get("password");
            BareJID bareJID = (BareJID) map.get(AuthRepository.USER_ID_KEY);
            if (str2 != null) {
                return plainAuth(bareJID, str2);
            }
            String str3 = (String) map.get(AuthRepository.DIGEST_KEY);
            if (str3 != null) {
                return digestAuth(bareJID, str3, (String) map.get(AuthRepository.DIGEST_ID_KEY), "SHA");
            }
        }
        throw new AuthorizationException("Protocol is not supported.");
    }

    @Override // tigase.db.AuthRepository
    public void queryAuth(Map<String, Object> map) {
        String str = (String) map.get(AuthRepository.PROTOCOL_KEY);
        if (str.equals(AuthRepository.PROTOCOL_VAL_NONSASL)) {
            map.put(AuthRepository.RESULT_KEY, non_sasl_mechs);
        }
        if (str.equals(AuthRepository.PROTOCOL_VAL_SASL)) {
            map.put(AuthRepository.RESULT_KEY, sasl_mechs);
        }
    }

    @Override // tigase.db.AuthRepository
    public void removeUser(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
        this.repo.removeUser(bareJID);
    }

    @Override // tigase.db.AuthRepository
    public void updatePassword(BareJID bareJID, String str) throws TigaseDBException {
        this.repo.setData(bareJID, "password", str);
    }

    @Override // tigase.db.AuthRepository
    public String getPassword(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
        return this.repo.getData(bareJID, "password");
    }

    @Override // tigase.db.AuthRepository
    public AuthRepository.AccountStatus getAccountStatus(BareJID bareJID) throws TigaseDBException {
        String data = this.repo.getData(bareJID, ACCOUNT_STATUS_KEY);
        if (data == null) {
            return null;
        }
        return AuthRepository.AccountStatus.valueOf(data);
    }

    @Override // tigase.db.AuthRepository
    public boolean isUserDisabled(BareJID bareJID) throws UserNotFoundException, TigaseDBException {
        AuthRepository.AccountStatus accountStatus = getAccountStatus(bareJID);
        return accountStatus == null ? Boolean.parseBoolean(this.repo.getData(bareJID, DISABLED_KEY)) : accountStatus == AuthRepository.AccountStatus.disabled;
    }

    @Override // tigase.db.AuthRepository
    public void setAccountStatus(BareJID bareJID, AuthRepository.AccountStatus accountStatus) throws TigaseDBException {
        if (accountStatus == null) {
            this.repo.removeData(bareJID, ACCOUNT_STATUS_KEY);
        } else {
            this.repo.setData(bareJID, ACCOUNT_STATUS_KEY, accountStatus.name());
        }
    }

    @Override // tigase.db.AuthRepository
    public void setUserDisabled(BareJID bareJID, Boolean bool) throws UserNotFoundException, TigaseDBException {
        AuthRepository.AccountStatus accountStatus = getAccountStatus(bareJID);
        if (accountStatus == AuthRepository.AccountStatus.active || accountStatus == AuthRepository.AccountStatus.disabled) {
            setAccountStatus(bareJID, bool.booleanValue() ? AuthRepository.AccountStatus.disabled : AuthRepository.AccountStatus.active);
        }
    }

    private boolean digestAuth(BareJID bareJID, String str, String str2, String str3) throws UserNotFoundException, TigaseDBException, AuthorizationException {
        try {
            String hexDigest = Algorithms.hexDigest(str2, getPassword(bareJID), str3);
            if (log.isLoggable(Level.FINEST)) {
                log.finest("Comparing passwords, given: " + str + ", db: " + hexDigest);
            }
            return str.equals(hexDigest);
        } catch (NoSuchAlgorithmException e) {
            throw new AuthorizationException("No such algorithm.", e);
        }
    }

    private boolean plainAuth(BareJID bareJID, String str) throws UserNotFoundException, TigaseDBException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "plainAuth: {0}:{1}", new Object[]{bareJID, str});
        }
        String password = getPassword(bareJID);
        return (str == null || password == null || !password.equals(str)) ? false : true;
    }

    private boolean saslAuth(Map<String, Object> map) throws AuthorizationException {
        try {
            SaslServer saslServer = (SaslServer) map.get("SaslServer");
            if (saslServer == null) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("javax.security.sasl.qop", "auth");
                saslServer = Sasl.createSaslServer((String) map.get(AuthRepository.MACHANISM_KEY), Configurable.STANZA_XMPP_ACK, (String) map.get(AuthRepository.SERVER_NAME_KEY), treeMap, new SaslCallbackHandler(map));
                map.put("SaslServer", saslServer);
            }
            String str = (String) map.get("data");
            byte[] decode = str != null ? Base64.decode(str) : new byte[0];
            if (log.isLoggable(Level.FINEST)) {
                log.finest("response: " + new String(decode));
            }
            byte[] evaluateResponse = saslServer.evaluateResponse(decode);
            if (log.isLoggable(Level.FINEST)) {
                log.finest("challenge: " + (evaluateResponse != null ? new String(evaluateResponse) : "null"));
            }
            map.put(AuthRepository.RESULT_KEY, (evaluateResponse == null || evaluateResponse.length <= 0) ? null : Base64.encode(evaluateResponse));
            return saslServer.isComplete();
        } catch (SaslException e) {
            throw new AuthorizationException("Sasl exception.", e);
        }
    }
}
