package org.apache.geronimo.security.realm.providers;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.sql.Connection;
import java.sql.Driver;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import org.apache.geronimo.crypto.encoders.Base64;
import org.apache.geronimo.crypto.encoders.HexTranslator;
import org.apache.geronimo.gbean.AbstractName;
import org.apache.geronimo.gbean.AbstractNameQuery;
import org.apache.geronimo.kernel.GBeanNotFoundException;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.kernel.KernelRegistry;
import org.apache.geronimo.management.geronimo.JCAManagedConnectionFactory;
import org.apache.geronimo.security.jaas.JaasLoginModuleUse;
import org.apache.geronimo.security.jaas.WrappingLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/geronimo/security/realm/providers/SQLLoginModule.class */
public class SQLLoginModule implements LoginModule {
    private static final Logger log;
    public static final String USER_SELECT = "userSelect";
    public static final String GROUP_SELECT = "groupSelect";
    public static final String CONNECTION_URL = "jdbcURL";
    public static final String USER = "jdbcUser";
    public static final String PASSWORD = "jdbcPassword";
    public static final String DRIVER = "jdbcDriver";
    public static final String DATABASE_POOL_NAME = "dataSourceName";
    public static final String DATABASE_POOL_APP_NAME = "dataSourceApplication";
    public static final String DIGEST = "digest";
    public static final String ENCODING = "encoding";
    public static final List<String> supportedOptions;
    private String connectionURL;
    private Properties properties;
    private Driver driver;
    private JCAManagedConnectionFactory factory;
    private String userSelect;
    private String groupSelect;
    private String digest;
    private String encoding;
    private boolean loginSucceeded;
    private Subject subject;
    private CallbackHandler handler;
    private String cbUsername;
    private String cbPassword;
    private final Set<String> groups = new HashSet();
    private final Set<Principal> allPrincipals = new HashSet();
    static final /* synthetic */ boolean $assertionsDisabled;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.handler = callbackHandler;
        for (Object obj : map2.keySet()) {
            if (!supportedOptions.contains(obj) && !JaasLoginModuleUse.supportedOptions.contains(obj) && !WrappingLoginModule.supportedOptions.contains(obj)) {
                log.warn("Ignoring option: " + obj + ". Not supported.");
            }
        }
        this.userSelect = (String) map2.get(USER_SELECT);
        this.groupSelect = (String) map2.get(GROUP_SELECT);
        this.digest = (String) map2.get("digest");
        this.encoding = (String) map2.get("encoding");
        if (this.digest != null && !this.digest.equals("")) {
            try {
                MessageDigest.getInstance(this.digest);
                if (this.encoding != null && !"hex".equalsIgnoreCase(this.encoding) && !"base64".equalsIgnoreCase(this.encoding)) {
                    log.error("Initialization failed. Digest Encoding " + this.encoding + " is not supported.");
                    throw new IllegalArgumentException("Unable to configure SQL login module. Digest Encoding " + this.encoding + " not supported.");
                }
            } catch (NoSuchAlgorithmException e) {
                log.error("Initialization failed. Digest algorithm " + this.digest + " is not available.", e);
                throw new IllegalArgumentException("Unable to configure SQL login module: " + e.getMessage(), e);
            }
        }
        String str = (String) map2.get(DATABASE_POOL_NAME);
        if (str == null) {
            this.connectionURL = (String) map2.get(CONNECTION_URL);
            this.properties = new Properties();
            if (map2.get(USER) != null) {
                this.properties.put("user", map2.get(USER));
            }
            if (map2.get(PASSWORD) != null) {
                this.properties.put("password", map2.get(PASSWORD));
            }
            try {
                this.driver = (Driver) ((ClassLoader) map2.get(JaasLoginModuleUse.CLASSLOADER_LM_OPTION)).loadClass((String) map2.get(DRIVER)).newInstance();
                return;
            } catch (ClassNotFoundException e2) {
                throw new IllegalArgumentException("Driver class " + map2.get(DRIVER) + " is not available.  Perhaps you need to add it as a dependency in your deployment plan?", e2);
            } catch (Exception e3) {
                throw new IllegalArgumentException("Unable to load, instantiate, register driver " + map2.get(DRIVER) + ": " + e3.getMessage(), e3);
            }
        }
        String trim = str.trim();
        String str2 = (String) map2.get(DATABASE_POOL_APP_NAME);
        String trim2 = (str2 == null || str2.trim().equals("")) ? "null" : str2.trim();
        Kernel kernel = KernelRegistry.getKernel((String) map2.get(JaasLoginModuleUse.KERNEL_NAME_LM_OPTION));
        for (AbstractName abstractName : kernel.listGBeans(new AbstractNameQuery(JCAManagedConnectionFactory.class.getName()))) {
            if (abstractName.getName().get("J2EEApplication").equals(trim2) && abstractName.getName().get("name").equals(trim)) {
                try {
                    JCAManagedConnectionFactory jCAManagedConnectionFactory = (JCAManagedConnectionFactory) kernel.getGBean(abstractName);
                    if (jCAManagedConnectionFactory.getConnectionFactoryInterface().equals(DataSource.class.getName())) {
                        this.factory = jCAManagedConnectionFactory;
                        return;
                    }
                    continue;
                } catch (GBeanNotFoundException e4) {
                }
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    public boolean login() throws LoginException {
        this.loginSucceeded = false;
        NameCallback[] nameCallbackArr = {new NameCallback("User name"), new PasswordCallback("Password", false)};
        try {
            this.handler.handle(nameCallbackArr);
            if (!$assertionsDisabled && nameCallbackArr.length != 2) {
                throw new AssertionError();
            }
            this.cbUsername = nameCallbackArr[0].getName();
            if (this.cbUsername == null || this.cbUsername.equals("")) {
                throw new FailedLoginException();
            }
            char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            this.cbPassword = password == null ? null : new String(password);
            try {
                Connection connection = this.factory != null ? ((DataSource) this.factory.getConnectionFactory()).getConnection() : this.driver.connect(this.connectionURL, this.properties);
                try {
                    PreparedStatement prepareStatement = connection.prepareStatement(this.userSelect);
                    try {
                        int countParameters = countParameters(this.userSelect);
                        for (int i = 0; i < countParameters; i++) {
                            prepareStatement.setObject(i + 1, this.cbUsername);
                        }
                        ResultSet executeQuery = prepareStatement.executeQuery();
                        boolean z = false;
                        while (true) {
                            try {
                                if (!executeQuery.next()) {
                                    break;
                                }
                                String string = executeQuery.getString(1);
                                String string2 = executeQuery.getString(2);
                                if (this.cbUsername.equals(string)) {
                                    z = true;
                                    if (!checkPassword(string2, this.cbPassword)) {
                                        throw new FailedLoginException();
                                    }
                                }
                            } finally {
                            }
                        }
                        if (!z) {
                            throw new FailedLoginException();
                        }
                        executeQuery.close();
                        prepareStatement.close();
                        prepareStatement = connection.prepareStatement(this.groupSelect);
                        try {
                            int countParameters2 = countParameters(this.groupSelect);
                            for (int i2 = 0; i2 < countParameters2; i2++) {
                                prepareStatement.setObject(i2 + 1, this.cbUsername);
                            }
                            executeQuery = prepareStatement.executeQuery();
                            while (executeQuery.next()) {
                                try {
                                    String string3 = executeQuery.getString(1);
                                    String string4 = executeQuery.getString(2);
                                    if (this.cbUsername.equals(string3)) {
                                        this.groups.add(string4);
                                    }
                                } finally {
                                }
                            }
                            executeQuery.close();
                            prepareStatement.close();
                            connection.close();
                            this.loginSucceeded = true;
                            return true;
                        } finally {
                            prepareStatement.close();
                        }
                    } catch (Throwable th) {
                        throw th;
                    }
                } catch (Throwable th2) {
                    connection.close();
                    throw th2;
                }
            } catch (SQLException e) {
                this.cbUsername = null;
                this.cbPassword = null;
                this.groups.clear();
                throw ((LoginException) new LoginException("SQL error").initCause(e));
            } catch (LoginException e2) {
                this.cbUsername = null;
                this.cbPassword = null;
                this.groups.clear();
                throw e2;
            } catch (Exception e3) {
                this.cbUsername = null;
                this.cbPassword = null;
                this.groups.clear();
                throw ((LoginException) new LoginException("Could not access datasource").initCause(e3));
            }
        } catch (IOException e4) {
            throw ((LoginException) new LoginException().initCause(e4));
        } catch (UnsupportedCallbackException e5) {
            throw ((LoginException) new LoginException().initCause(e5));
        }
    }

    public boolean commit() throws LoginException {
        if (this.loginSucceeded) {
            if (this.cbUsername != null) {
                this.allPrincipals.add(new GeronimoUserPrincipal(this.cbUsername));
            }
            Iterator<String> it = this.groups.iterator();
            while (it.hasNext()) {
                this.allPrincipals.add(new GeronimoGroupPrincipal(it.next()));
            }
            this.subject.getPrincipals().addAll(this.allPrincipals);
        }
        this.cbUsername = null;
        this.cbPassword = null;
        this.groups.clear();
        return this.loginSucceeded;
    }

    public boolean abort() throws LoginException {
        if (this.loginSucceeded) {
            this.cbUsername = null;
            this.cbPassword = null;
            this.groups.clear();
            this.allPrincipals.clear();
        }
        return this.loginSucceeded;
    }

    public boolean logout() throws LoginException {
        this.loginSucceeded = false;
        this.cbUsername = null;
        this.cbPassword = null;
        this.groups.clear();
        if (!this.subject.isReadOnly()) {
            this.subject.getPrincipals().removeAll(this.allPrincipals);
        }
        this.allPrincipals.clear();
        return true;
    }

    private static int countParameters(String str) {
        int i = 0;
        int i2 = -1;
        while (true) {
            int indexOf = str.indexOf(63, i2 + 1);
            i2 = indexOf;
            if (indexOf == -1) {
                return i;
            }
            i++;
        }
    }

    private boolean checkPassword(String str, String str2) {
        if (str == null && str2 == null) {
            return true;
        }
        if (str == null || str2 == null) {
            return false;
        }
        if (this.digest == null || this.digest.equals("")) {
            return str.equals(str2);
        }
        try {
            byte[] digest = MessageDigest.getInstance(this.digest).digest(str2.getBytes());
            if (this.encoding == null || "hex".equalsIgnoreCase(this.encoding)) {
                byte[] bArr = new byte[digest.length * 2];
                new HexTranslator().encode(digest, 0, digest.length, bArr, 0);
                return str.equalsIgnoreCase(new String(bArr));
            }
            if ("base64".equalsIgnoreCase(this.encoding)) {
                return str.equals(new String(Base64.encode(digest)));
            }
            return false;
        } catch (NoSuchAlgorithmException e) {
            log.error("Should not occur.  Availability of algorithm has been checked at initialization.", e);
            return false;
        }
    }

    static {
        $assertionsDisabled = !SQLLoginModule.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(SQLLoginModule.class);
        supportedOptions = Collections.unmodifiableList(Arrays.asList(USER_SELECT, GROUP_SELECT, CONNECTION_URL, USER, PASSWORD, DRIVER, DATABASE_POOL_NAME, DATABASE_POOL_APP_NAME, "digest", "encoding"));
    }
}
