package org.jivesoftware.openfire.auth;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.Security;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.bouncycastle.crypto.generators.OpenBSDBCrypt;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;
import org.jivesoftware.database.DbConnectionManager;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.handler.IQRegisterInfo;
import org.jivesoftware.openfire.user.UserAlreadyExistsException;
import org.jivesoftware.openfire.user.UserManager;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.PropertyEventDispatcher;
import org.jivesoftware.util.PropertyEventListener;
import org.jivesoftware.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmpp.packet.JID;

/* loaded from: input_file:org/jivesoftware/openfire/auth/JDBCAuthProvider.class */
public class JDBCAuthProvider implements AuthProvider, PropertyEventListener {
    private static final Logger Log = LoggerFactory.getLogger(JDBCAuthProvider.class);
    private static final int DEFAULT_BCRYPT_COST = 10;
    private String connectionString;
    private String passwordSQL;
    private String setPasswordSQL;
    private List<PasswordType> passwordTypes;
    private boolean allowUpdate;
    private boolean useConnectionProvider;
    private int bcryptCost;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.jivesoftware.openfire.auth.JDBCAuthProvider$1, reason: invalid class name */
    /* loaded from: input_file:org/jivesoftware/openfire/auth/JDBCAuthProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType = new int[PasswordType.values().length];

        static {
            try {
                $SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType[PasswordType.md5.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType[PasswordType.sha1.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType[PasswordType.sha256.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType[PasswordType.sha512.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType[PasswordType.bcrypt.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType[PasswordType.nt.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType[PasswordType.plain.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* loaded from: input_file:org/jivesoftware/openfire/auth/JDBCAuthProvider$PasswordType.class */
    public enum PasswordType {
        plain,
        md5,
        sha1,
        sha256,
        sha512,
        bcrypt,
        nt
    }

    public JDBCAuthProvider() {
        JiveGlobals.migrateProperty("jdbcProvider.driver");
        JiveGlobals.migrateProperty("jdbcProvider.connectionString");
        JiveGlobals.migrateProperty("jdbcAuthProvider.passwordSQL");
        JiveGlobals.migrateProperty("jdbcAuthProvider.passwordType");
        JiveGlobals.migrateProperty("jdbcAuthProvider.setPasswordSQL");
        JiveGlobals.migrateProperty("jdbcAuthProvider.allowUpdate");
        JiveGlobals.migrateProperty("jdbcAuthProvider.bcrypt.cost");
        JiveGlobals.migrateProperty("jdbcAuthProvider.useConnectionProvider");
        JiveGlobals.migrateProperty("jdbcAuthProvider.acceptPreHashedPassword");
        this.useConnectionProvider = JiveGlobals.getBooleanProperty("jdbcAuthProvider.useConnectionProvider");
        if (!this.useConnectionProvider) {
            String property = JiveGlobals.getProperty("jdbcProvider.driver");
            try {
                Class.forName(property).newInstance();
                this.connectionString = JiveGlobals.getProperty("jdbcProvider.connectionString");
            } catch (Exception e) {
                Log.error("Unable to load JDBC driver: " + property, e);
                return;
            }
        }
        this.passwordSQL = JiveGlobals.getProperty("jdbcAuthProvider.passwordSQL");
        this.setPasswordSQL = JiveGlobals.getProperty("jdbcAuthProvider.setPasswordSQL");
        this.allowUpdate = JiveGlobals.getBooleanProperty("jdbcAuthProvider.allowUpdate", false);
        setPasswordTypes(JiveGlobals.getProperty("jdbcAuthProvider.passwordType", "plain"));
        this.bcryptCost = JiveGlobals.getIntProperty("jdbcAuthProvider.bcrypt.cost", -1);
        PropertyEventDispatcher.addListener(this);
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    protected boolean assumePersistedDataIsEscaped() {
        return JiveGlobals.getBooleanProperty("jdbcAuthProvider.isEscaped", true);
    }

    private void setPasswordTypes(String str) {
        PasswordType valueOf;
        Collection<String> stringToCollection = StringUtils.stringToCollection(str);
        ArrayList arrayList = new ArrayList(stringToCollection.size());
        Iterator<String> it = stringToCollection.iterator();
        while (it.hasNext()) {
            String lowerCase = it.next().toLowerCase();
            try {
                valueOf = PasswordType.valueOf(lowerCase);
                arrayList.add(valueOf);
            } catch (IllegalArgumentException e) {
                Log.debug("Ignoring unparsable value '{}'", lowerCase, e);
            }
            if (valueOf == PasswordType.bcrypt) {
                if (it.hasNext()) {
                    Log.warn("The jdbcAuthProvider.passwordType setting in invalid.  Bcrypt must be the final hashType if a series is given.  Ignoring all hash types beyond bcrypt: {}", str);
                }
                break;
            }
            continue;
        }
        if (arrayList.isEmpty()) {
            Log.warn("The jdbcAuthProvider.passwordType setting is not set or contains invalid values.  Setting the type to 'plain'");
            arrayList.add(PasswordType.plain);
        }
        this.passwordTypes = arrayList;
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public void authenticate(String str, String str2) throws UnauthorizedException {
        if (str == null || str2 == null) {
            throw new UnauthorizedException();
        }
        if (str.contains("@")) {
            int indexOf = str.indexOf("@");
            if (!str.substring(indexOf + 1).equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
                throw new UnauthorizedException();
            }
            str = str.substring(0, indexOf);
        }
        try {
            if (!comparePasswords(str2, getPasswordValue(str))) {
                throw new UnauthorizedException();
            }
            createUser(str);
        } catch (UserNotFoundException e) {
            throw new UnauthorizedException();
        }
    }

    protected boolean comparePasswords(String str, String str2) {
        int size = this.passwordTypes.size() - 1;
        if (this.passwordTypes.get(size) != PasswordType.bcrypt) {
            return hashPassword(str).equals(str2);
        }
        for (int i = 0; i < size; i++) {
            str = hashPassword(str, this.passwordTypes.get(i));
        }
        return OpenBSDBCrypt.checkPassword(str2, str.toCharArray());
    }

    private String hashPassword(String str) {
        Iterator<PasswordType> it = this.passwordTypes.iterator();
        while (it.hasNext()) {
            str = hashPassword(str, it.next());
        }
        return str;
    }

    protected String hashPassword(String str, PasswordType passwordType) {
        switch (AnonymousClass1.$SwitchMap$org$jivesoftware$openfire$auth$JDBCAuthProvider$PasswordType[passwordType.ordinal()]) {
            case 1:
                return StringUtils.hash(str, "MD5");
            case 2:
                return StringUtils.hash(str, "SHA-1");
            case 3:
                return StringUtils.hash(str, "SHA-256");
            case 4:
                return StringUtils.hash(str, "SHA-512");
            case 5:
                byte[] bArr = new byte[16];
                new SecureRandom().nextBytes(bArr);
                return OpenBSDBCrypt.generate(str.toCharArray(), bArr, (this.bcryptCost < 4 || this.bcryptCost > 31) ? 10 : this.bcryptCost);
            case IQRegisterInfo.STATE /* 6 */:
                try {
                    return new String(Hex.encode(MessageDigest.getInstance("MD4").digest(str.getBytes(StandardCharsets.UTF_16LE))));
                } catch (Exception e) {
                    return null;
                }
            case IQRegisterInfo.ZIP /* 7 */:
            default:
                return str;
        }
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public String getPassword(String str) throws UserNotFoundException, UnsupportedOperationException {
        if (!supportsPasswordRetrieval()) {
            throw new UnsupportedOperationException();
        }
        if (str.contains("@")) {
            int indexOf = str.indexOf("@");
            if (!str.substring(indexOf + 1).equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
                throw new UserNotFoundException();
            }
            str = str.substring(0, indexOf);
        }
        return getPasswordValue(str);
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public void setPassword(String str, String str2) throws UserNotFoundException, UnsupportedOperationException {
        if (!this.allowUpdate || this.setPasswordSQL == null) {
            throw new UnsupportedOperationException();
        }
        setPasswordValue(str, str2);
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public boolean supportsPasswordRetrieval() {
        return this.passwordSQL != null && this.passwordTypes.size() == 1 && this.passwordTypes.get(0) == PasswordType.plain;
    }

    private Connection getConnection() throws SQLException {
        return this.useConnectionProvider ? DbConnectionManager.getConnection() : DriverManager.getConnection(this.connectionString);
    }

    private String getPasswordValue(String str) throws UserNotFoundException {
        if (str.contains("@")) {
            int indexOf = str.indexOf("@");
            if (!str.substring(indexOf + 1).equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
                throw new UserNotFoundException();
            }
            str = str.substring(0, indexOf);
        }
        try {
            try {
                Connection connection = getConnection();
                PreparedStatement prepareStatement = connection.prepareStatement(this.passwordSQL);
                prepareStatement.setString(1, assumePersistedDataIsEscaped() ? str : JID.unescapeNode(str));
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    throw new UserNotFoundException();
                }
                String string = executeQuery.getString(1);
                DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                return string;
            } catch (SQLException e) {
                Log.error("Exception in JDBCAuthProvider", e);
                throw new UserNotFoundException();
            }
        } catch (Throwable th) {
            DbConnectionManager.closeConnection(null, null, null);
            throw th;
        }
    }

    private void setPasswordValue(String str, String str2) throws UserNotFoundException {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        if (str.contains("@")) {
            int indexOf = str.indexOf("@");
            if (!str.substring(indexOf + 1).equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
                throw new UserNotFoundException();
            }
            str = str.substring(0, indexOf);
        }
        try {
            try {
                connection = getConnection();
                preparedStatement = connection.prepareStatement(this.setPasswordSQL);
                preparedStatement.setString(2, assumePersistedDataIsEscaped() ? str : JID.unescapeNode(str));
                preparedStatement.setString(1, hashPassword(str2));
                preparedStatement.executeQuery();
                DbConnectionManager.closeConnection(preparedStatement, connection);
            } catch (SQLException e) {
                Log.error("Exception in JDBCAuthProvider", e);
                throw new UserNotFoundException();
            }
        } catch (Throwable th) {
            DbConnectionManager.closeConnection(preparedStatement, connection);
            throw th;
        }
    }

    protected void createUser(String str) {
        try {
            UserManager.getInstance().getUser(str);
        } catch (UserNotFoundException e) {
            try {
                Log.debug("JDBCAuthProvider: Automatically creating new user account for " + str);
                UserManager.getUserProvider().createUser(str, StringUtils.randomString(8), null, null);
            } catch (UserAlreadyExistsException e2) {
            }
        }
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public boolean isScramSupported() {
        return false;
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public String getSalt(String str) throws UnsupportedOperationException, UserNotFoundException {
        throw new UnsupportedOperationException();
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public int getIterations(String str) throws UnsupportedOperationException, UserNotFoundException {
        throw new UnsupportedOperationException();
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public String getServerKey(String str) throws UnsupportedOperationException, UserNotFoundException {
        throw new UnsupportedOperationException();
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public String getStoredKey(String str) throws UnsupportedOperationException, UserNotFoundException {
        throw new UnsupportedOperationException();
    }

    @Override // org.jivesoftware.util.PropertyEventListener
    public void propertySet(String str, Map<String, Object> map) {
        String str2 = (String) map.get("value");
        boolean z = -1;
        switch (str.hashCode()) {
            case -624833320:
                if (str.equals("jdbcAuthProvider.allowUpdate")) {
                    z = 2;
                    break;
                }
                break;
            case -320436785:
                if (str.equals("jdbcAuthProvider.passwordType")) {
                    z = 3;
                    break;
                }
                break;
            case -287433575:
                if (str.equals("jdbcAuthProvider.passwordSQL")) {
                    z = false;
                    break;
                }
                break;
            case 544222613:
                if (str.equals("jdbcAuthProvider.bcrypt.cost")) {
                    z = 4;
                    break;
                }
                break;
            case 785585739:
                if (str.equals("jdbcAuthProvider.setPasswordSQL")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.passwordSQL = str2;
                Log.debug("jdbcAuthProvider.passwordSQL configured to: {}", this.passwordSQL);
                return;
            case true:
                this.setPasswordSQL = str2;
                Log.debug("jdbcAuthProvider.setPasswordSQL configured to: {}", this.setPasswordSQL);
                return;
            case true:
                this.allowUpdate = Boolean.parseBoolean(str2);
                Log.debug("jdbcAuthProvider.allowUpdate configured to: {}", Boolean.valueOf(this.allowUpdate));
                return;
            case true:
                setPasswordTypes(str2);
                Log.debug("jdbcAuthProvider.passwordType configured to: {}", Arrays.toString(this.passwordTypes.toArray()));
                return;
            case true:
                try {
                    this.bcryptCost = Integer.parseInt(str2);
                } catch (NumberFormatException e) {
                    this.bcryptCost = -1;
                }
                Log.debug("jdbcAuthProvider.bcrypt.cost configured to: {}", Integer.valueOf(this.bcryptCost));
                return;
            default:
                return;
        }
    }

    @Override // org.jivesoftware.util.PropertyEventListener
    public void propertyDeleted(String str, Map<String, Object> map) {
        propertySet(str, Collections.emptyMap());
    }

    @Override // org.jivesoftware.util.PropertyEventListener
    public void xmlPropertySet(String str, Map<String, Object> map) {
    }

    @Override // org.jivesoftware.util.PropertyEventListener
    public void xmlPropertyDeleted(String str, Map<String, Object> map) {
    }
}
