package tigase.db.util.importexport;

import java.io.Writer;
import java.lang.reflect.Field;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.InvalidParameterException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import tigase.auth.CredentialsDecoderBean;
import tigase.auth.credentials.Credentials;
import tigase.auth.credentials.entries.PlainCredentialsEntry;
import tigase.auth.credentials.entries.ScramCredentialsEntry;
import tigase.auth.credentials.entries.ScramSha1CredentialsEntry;
import tigase.auth.credentials.entries.ScramSha256CredentialsEntry;
import tigase.auth.credentials.entries.ScramSha512CredentialsEntry;
import tigase.auth.mechanisms.SaslSCRAM;
import tigase.auth.mechanisms.SaslSCRAMSha256;
import tigase.auth.mechanisms.SaslSCRAMSha512;
import tigase.db.AbstractAuthRepositoryWithCredentials;
import tigase.db.AuthRepository;
import tigase.db.UserNotFoundException;
import tigase.io.SSLContextContainerIfc;
import tigase.kernel.beans.Bean;
import tigase.kernel.core.Kernel;
import tigase.util.Base64;
import tigase.util.ClassUtil;
import tigase.util.ui.console.CommandlineParameter;
import tigase.xml.Element;
import tigase.xmpp.jid.BareJID;

/* loaded from: input_file:tigase/db/util/importexport/CredentialsExtension.class */
public class CredentialsExtension extends RepositoryManagerExtensionBase {
    private static final Logger log = Logger.getLogger(CredentialsExtension.class.getSimpleName());
    private final CommandlineParameter EXPORT_PLAIN_CREDENTIALS = new CommandlineParameter.Builder((String) null, "plain-credentials").description("Export PLAIN credentials (if any exist)").type(Boolean.class).requireArguments(false).defaultValue(SSLContextContainerIfc.ALLOW_INVALID_CERTS_VAL).build();
    private final CommandlineParameter IMPORT_PLAIN_CREDENTIALS = new CommandlineParameter.Builder((String) null, "plain-credentials").description("Import PLAIN credentials").type(Boolean.class).requireArguments(false).defaultValue(SSLContextContainerIfc.ALLOW_INVALID_CERTS_VAL).build();

    /* loaded from: input_file:tigase/db/util/importexport/CredentialsExtension$AuthImportExtension.class */
    public static abstract class AuthImportExtension extends AbstractImporterExtension {
        protected final AuthRepository authRepository;
        private final BareJID user;
        private final String mechanism;

        protected AuthImportExtension(AuthRepository authRepository, BareJID bareJID, String str) {
            this.authRepository = authRepository;
            this.user = bareJID;
            this.mechanism = str;
        }

        protected void save(String str) throws Exception {
            save(this.mechanism, str);
        }

        protected void save(String str, String str2) throws Exception {
            CredentialsExtension.log.finest("importing user " + String.valueOf(this.user) + " credentials for " + str + "...");
            this.authRepository.updateCredential(this.user, "default", str, str2);
        }
    }

    /* loaded from: input_file:tigase/db/util/importexport/CredentialsExtension$PlainAuthImportExtension.class */
    public static class PlainAuthImportExtension extends AuthImportExtension {
        private String password;
        private boolean importPLAIN;

        protected PlainAuthImportExtension(AuthRepository authRepository, BareJID bareJID, String str, boolean z) {
            super(authRepository, bareJID, str);
            this.password = null;
        }

        @Override // tigase.db.util.importexport.ImporterExtension
        public boolean handleElement(Element element) throws Exception {
            if (!"password".equals(element.getName())) {
                return false;
            }
            this.password = new String(Base64.decode(element.getCData()), StandardCharsets.UTF_8);
            return true;
        }

        @Override // tigase.db.util.importexport.ImporterExtension
        public void close() throws Exception {
            if (this.importPLAIN) {
                save(this.password);
            } else {
                PlainCredentialsEntry plainCredentialsEntry = new PlainCredentialsEntry(this.password);
                save(SaslSCRAM.NAME, ScramCredentialsEntry.Encoder.encode(new ScramSha1CredentialsEntry(plainCredentialsEntry)));
                save(SaslSCRAMSha256.NAME, ScramCredentialsEntry.Encoder.encode(new ScramSha256CredentialsEntry(plainCredentialsEntry)));
                save(SaslSCRAMSha512.NAME, ScramCredentialsEntry.Encoder.encode(new ScramSha512CredentialsEntry(plainCredentialsEntry)));
            }
            super.close();
        }
    }

    /* loaded from: input_file:tigase/db/util/importexport/CredentialsExtension$SCRAMAuthImportExtension.class */
    public static class SCRAMAuthImportExtension extends AuthImportExtension {
        private byte[] salt;
        private int iterations;
        private byte[] storedKey;
        private byte[] serverKey;

        public SCRAMAuthImportExtension(AuthRepository authRepository, BareJID bareJID, String str) {
            super(authRepository, bareJID, str);
        }

        @Override // tigase.db.util.importexport.ImporterExtension
        public boolean handleElement(Element element) throws Exception {
            String name = element.getName();
            boolean z = -1;
            switch (name.hashCode()) {
                case -1827084075:
                    if (name.equals("server-key")) {
                        z = 2;
                        break;
                    }
                    break;
                case 3522646:
                    if (name.equals("salt")) {
                        z = true;
                        break;
                    }
                    break;
                case 924429621:
                    if (name.equals("stored-key")) {
                        z = 3;
                        break;
                    }
                    break;
                case 1039150618:
                    if (name.equals("iter-count")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    this.iterations = Integer.parseInt(element.getCData());
                    return true;
                case true:
                    this.salt = Base64.decode(element.getCData());
                    return true;
                case true:
                    this.serverKey = Base64.decode(element.getCData());
                    return true;
                case true:
                    this.storedKey = Base64.decode(element.getCData());
                    return true;
                default:
                    return false;
            }
        }

        @Override // tigase.db.util.importexport.ImporterExtension
        public void close() throws Exception {
            if (this.iterations <= 0) {
                throw new InvalidParameterException("Iterations cannot be less or equal 0!");
            }
            if (this.salt == null) {
                throw new InvalidParameterException("Salt cannot be null!");
            }
            if (this.serverKey == null) {
                throw new InvalidParameterException("ServerKey cannot be null!");
            }
            if (this.storedKey == null) {
                throw new InvalidParameterException("StoredKey cannot be null!");
            }
            save(ScramCredentialsEntry.Encoder.encode(this.salt, this.iterations, this.storedKey, this.serverKey));
            super.close();
        }
    }

    @Override // tigase.db.util.importexport.RepositoryManagerExtensionBase, tigase.db.util.importexport.RepositoryManagerExtension
    public void initialize(Kernel kernel, DataSourceHelper dataSourceHelper, RepositoryHolder repositoryHolder, Path path) {
        repositoryHolder.registerPrepFn(AbstractAuthRepositoryWithCredentials.class, this::prepareAuthRepo);
        super.initialize(kernel, dataSourceHelper, repositoryHolder, path);
    }

    @Override // tigase.db.util.importexport.RepositoryManagerExtension
    public Stream<CommandlineParameter> getExportParameters() {
        return Stream.concat(super.getExportParameters(), Stream.of(this.EXPORT_PLAIN_CREDENTIALS));
    }

    @Override // tigase.db.util.importexport.RepositoryManagerExtension
    public Stream<CommandlineParameter> getImportParameters() {
        return Stream.concat(super.getImportParameters(), Stream.of(this.IMPORT_PLAIN_CREDENTIALS));
    }

    @Override // tigase.db.util.importexport.RepositoryManagerExtension
    public void exportDomainData(String str, Writer writer) throws Exception {
    }

    @Override // tigase.db.util.importexport.RepositoryManagerExtension
    public void exportUserData(Path path, BareJID bareJID, Writer writer) throws Exception {
        try {
            Credentials credentials = ((AuthRepository) getRepository(AbstractAuthRepositoryWithCredentials.class, bareJID.getDomain())).getCredentials(bareJID, "default");
            if (credentials instanceof AuthRepository.DefaultCredentials) {
                Field declaredField = AuthRepository.DefaultCredentials.class.getDeclaredField("entries");
                declaredField.setAccessible(true);
                Iterator it = ((List) declaredField.get(credentials)).iterator();
                while (it.hasNext()) {
                    Credentials.Entry entryForMechanism = credentials.getEntryForMechanism(((AuthRepository.DefaultCredentials.RawEntry) it.next()).getMechanism());
                    if (entryForMechanism instanceof ScramCredentialsEntry) {
                        writeSCRAM((ScramCredentialsEntry) entryForMechanism, writer);
                    } else if (entryForMechanism instanceof PlainCredentialsEntry) {
                        PlainCredentialsEntry plainCredentialsEntry = (PlainCredentialsEntry) entryForMechanism;
                        if (RepositoryManager.isSet(this.EXPORT_PLAIN_CREDENTIALS)) {
                            writer.append("<plain-credentials xmlns='tigase:xep-0227:sasl:0#plain' mechanism='").append((CharSequence) plainCredentialsEntry.getMechanism()).append("'>");
                            writer.append("<password>").append((CharSequence) Base64.encode(plainCredentialsEntry.getPassword().getBytes(StandardCharsets.UTF_8))).append("</password>");
                            writer.append("</plain-credentials>");
                        } else {
                            writeSCRAM(new ScramSha1CredentialsEntry(plainCredentialsEntry), writer);
                            writeSCRAM(new ScramSha256CredentialsEntry(plainCredentialsEntry), writer);
                            writeSCRAM(new ScramSha512CredentialsEntry(plainCredentialsEntry), writer);
                        }
                    }
                }
            }
        } catch (UserNotFoundException e) {
            log.log(Level.FINEST, "No credentials for user " + String.valueOf(bareJID));
        }
    }

    protected void writeSCRAM(ScramCredentialsEntry scramCredentialsEntry, Writer writer) throws Exception {
        writer.append("<scram-credentials xmlns='urn:xmpp:pie:0#scram' mechanism='").append((CharSequence) scramCredentialsEntry.getMechanism()).append("'>");
        writer.append("<iter-count>").append((CharSequence) String.valueOf(scramCredentialsEntry.getIterations())).append("</iter-count>");
        writer.append("<salt>").append((CharSequence) Base64.encode(scramCredentialsEntry.getSalt())).append("</salt>");
        writer.append("<server-key>").append((CharSequence) Base64.encode(scramCredentialsEntry.getServerKey())).append("</server-key>");
        writer.append("<stored-key>").append((CharSequence) Base64.encode(scramCredentialsEntry.getStoredKey())).append("</stored-key>");
        writer.append("</scram-credentials>");
    }

    protected AbstractAuthRepositoryWithCredentials prepareAuthRepo(AbstractAuthRepositoryWithCredentials abstractAuthRepositoryWithCredentials) {
        CredentialsDecoderBean credentialsDecoderBean = new CredentialsDecoderBean();
        try {
            Field declaredField = CredentialsDecoderBean.class.getDeclaredField("decoders");
            declaredField.setAccessible(true);
            List list = (List) ClassUtil.getClassesImplementing(Credentials.Decoder.class).stream().map(cls -> {
                try {
                    Credentials.Decoder decoder = (Credentials.Decoder) cls.getConstructor(new Class[0]).newInstance(new Object[0]);
                    Bean bean = (Bean) decoder.getClass().getAnnotation(Bean.class);
                    if (bean != null) {
                        Class<?> cls = decoder.getClass();
                        while (cls != null) {
                            try {
                                Field declaredField2 = cls.getDeclaredField("name");
                                declaredField2.setAccessible(true);
                                declaredField2.set(decoder, bean.name());
                                cls = null;
                            } catch (NoSuchFieldException e) {
                                cls = cls.getSuperclass();
                            }
                        }
                    }
                    return decoder;
                } catch (Throwable th) {
                    log.log(Level.WARNING, "failed to initialize credentials decoder " + String.valueOf(cls), th);
                    return null;
                }
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
            System.out.println(list);
            declaredField.set(credentialsDecoderBean, list);
            abstractAuthRepositoryWithCredentials.setCredentialsCodecs(null, credentialsDecoderBean);
            return abstractAuthRepositoryWithCredentials;
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    }

    @Override // tigase.db.util.importexport.RepositoryManagerExtension
    public ImporterExtension startImportUserData(BareJID bareJID, String str, Map<String, String> map) throws Exception {
        boolean z = -1;
        switch (str.hashCode()) {
            case 162740093:
                if (str.equals("scram-credentials")) {
                    z = false;
                    break;
                }
                break;
            case 196456313:
                if (str.equals("plain-credentials")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if ("urn:xmpp:pie:0#scram".equals(map.get("xmlns"))) {
                    return new SCRAMAuthImportExtension((AuthRepository) getRepository(AbstractAuthRepositoryWithCredentials.class, bareJID.getDomain()), bareJID, map.get(AuthRepository.MACHANISM_KEY));
                }
                return null;
            case true:
                if ("tigase:xep-0227:sasl:0#plain".equals(map.get("xmlns"))) {
                    return new PlainAuthImportExtension((AuthRepository) getRepository(AbstractAuthRepositoryWithCredentials.class, bareJID.getDomain()), bareJID, map.get(AuthRepository.MACHANISM_KEY), RepositoryManager.isSet(this.IMPORT_PLAIN_CREDENTIALS));
                }
                return null;
            default:
                return null;
        }
    }
}
