package org.wildfly.security.auth.realm.jdbc.mapper;

import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.util.function.Supplier;
import org.wildfly.common.Assert;
import org.wildfly.common.codec.Base64Alphabet;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.realm.jdbc.KeyMapper;
import org.wildfly.security.auth.realm.jdbc._private.ElytronMessages;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.http.oidc.Oidc;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.HashPasswordSpec;
import org.wildfly.security.password.spec.IteratedHashPasswordSpec;
import org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec;
import org.wildfly.security.password.spec.SaltedHashPasswordSpec;
import org.wildfly.security.password.util.ModularCrypt;

/* loaded from: input_file:org/wildfly/security/auth/realm/jdbc/mapper/PasswordKeyMapper.class */
public class PasswordKeyMapper implements KeyMapper {
    private final int hashColumn;
    private final int saltColumn;
    private final int iterationCountColumn;
    private final int defaultIterationCount;
    private final int algorithmColumn;
    private final String defaultAlgorithm;
    private final Encoding hashEncoding;
    private final Encoding saltEncoding;

    /* loaded from: input_file:org/wildfly/security/auth/realm/jdbc/mapper/PasswordKeyMapper$Builder.class */
    public static final class Builder {
        String defaultAlgorithm;
        int hashColumn = -1;
        int saltColumn = -1;
        int iterationCountColumn = -1;
        int defaultIterationCount = -1;
        int algorithmColumn = -1;
        Encoding hashEncoding = Encoding.BASE64;
        Encoding saltEncoding = Encoding.BASE64;

        Builder() {
        }

        public int getHashColumn() {
            return this.hashColumn;
        }

        public Builder setHashColumn(int i) {
            this.hashColumn = i;
            return this;
        }

        public int getSaltColumn() {
            return this.saltColumn;
        }

        public Builder setSaltColumn(int i) {
            this.saltColumn = i;
            return this;
        }

        public int getIterationCountColumn() {
            return this.iterationCountColumn;
        }

        public Builder setIterationCountColumn(int i) {
            this.iterationCountColumn = i;
            return this;
        }

        public int getDefaultIterationCount() {
            return this.defaultIterationCount;
        }

        public Builder setDefaultIterationCount(int i) {
            this.defaultIterationCount = i;
            return this;
        }

        public int getAlgorithmColumn() {
            return this.algorithmColumn;
        }

        public Builder setAlgorithmColumn(int i) {
            this.algorithmColumn = i;
            return this;
        }

        public String getDefaultAlgorithm() {
            return this.defaultAlgorithm;
        }

        public Builder setDefaultAlgorithm(String str) {
            this.defaultAlgorithm = str;
            return this;
        }

        public Encoding getHashEncoding() {
            return this.hashEncoding;
        }

        public Builder setHashEncoding(Encoding encoding) {
            this.hashEncoding = encoding;
            return this;
        }

        public Encoding getSaltEncoding() {
            return this.saltEncoding;
        }

        public Builder setSaltEncoding(Encoding encoding) {
            this.saltEncoding = encoding;
            return this;
        }

        public PasswordKeyMapper build() {
            return new PasswordKeyMapper(this);
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/realm/jdbc/mapper/PasswordKeyMapper$Encoding.class */
    public enum Encoding {
        BASE64,
        HEX
    }

    PasswordKeyMapper(Builder builder) {
        int i = builder.hashColumn;
        Assert.checkMinimumParameter("hashColumn", 1, i);
        this.hashColumn = i;
        int i2 = builder.saltColumn;
        if (i2 != -1) {
            Assert.checkMinimumParameter("saltColumn", 1, i2);
        }
        this.saltColumn = i2;
        int i3 = builder.iterationCountColumn;
        if (i3 != -1) {
            Assert.checkMinimumParameter("iterationCountColumn", 1, i3);
        }
        this.iterationCountColumn = i3;
        int i4 = builder.defaultIterationCount;
        if (i4 != -1) {
            Assert.checkMinimumParameter("defaultIterationCount", 1, i4);
        }
        this.defaultIterationCount = i4;
        int i5 = builder.algorithmColumn;
        if (i5 != -1) {
            Assert.checkMinimumParameter("algorithmColumn", 1, i5);
        }
        this.algorithmColumn = i5;
        this.defaultAlgorithm = builder.defaultAlgorithm;
        this.hashEncoding = (Encoding) Assert.checkNotNullParam("hashEncoding", builder.hashEncoding);
        this.saltEncoding = (Encoding) Assert.checkNotNullParam("saltEncoding", builder.saltEncoding);
    }

    @Override // org.wildfly.security.auth.realm.jdbc.KeyMapper
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) {
        return PasswordCredential.class.isAssignableFrom(cls) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.auth.realm.jdbc.KeyMapper
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) {
        return PasswordCredential.canVerifyEvidence(cls, str) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    public String getDefaultAlgorithm() {
        return this.defaultAlgorithm;
    }

    public int getHashColumn() {
        return this.hashColumn;
    }

    public int getSaltColumn() {
        return this.saltColumn;
    }

    public int getIterationCountColumn() {
        return this.iterationCountColumn;
    }

    public int getDefaultIterationCount() {
        return this.defaultIterationCount;
    }

    public int getAlgorithmColumn() {
        return this.algorithmColumn;
    }

    private static byte[] getBinaryColumn(ResultSetMetaData resultSetMetaData, ResultSet resultSet, int i, Encoding encoding) throws SQLException {
        if (i == -1) {
            return null;
        }
        switch (resultSetMetaData.getColumnType(i)) {
            case -16:
            case -9:
            case -1:
            case 1:
            case 12:
                return decodeColumn(resultSet.getString(i), encoding);
            case -15:
            case -14:
            case -13:
            case -12:
            case -11:
            case -10:
            case -8:
            case -7:
            case -6:
            case -5:
            case 0:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 11:
            default:
                Object object = resultSet.getObject(i);
                if (object instanceof byte[]) {
                    return (byte[]) object;
                }
                if (object instanceof String) {
                    return decodeColumn((String) object, encoding);
                }
                return null;
            case -4:
            case Oidc.INVALID_TYPE_CLAIM /* -3 */:
            case -2:
                return resultSet.getBytes(i);
        }
    }

    private static byte[] decodeColumn(String str, Encoding encoding) {
        switch (encoding) {
            case BASE64:
                return CodePointIterator.ofString(str).base64Decode(Base64Alphabet.STANDARD, false).drain();
            case HEX:
                return CodePointIterator.ofString(str).hexDecode().drain();
            default:
                throw new IllegalStateException();
        }
    }

    private static String getStringColumn(ResultSetMetaData resultSetMetaData, ResultSet resultSet, int i) throws SQLException {
        if (i == -1) {
            return null;
        }
        switch (resultSetMetaData.getColumnType(i)) {
            case -16:
            case -9:
            case -1:
            case 1:
            case 12:
                return resultSet.getString(i);
            case -15:
            case -14:
            case -13:
            case -12:
            case -11:
            case -10:
            case -8:
            case -7:
            case -6:
            case -5:
            case 0:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 11:
            default:
                Object object = resultSet.getObject(i);
                if (object instanceof byte[]) {
                    return new String((byte[]) object, StandardCharsets.UTF_8);
                }
                if (object instanceof String) {
                    return (String) object;
                }
                return null;
            case -4:
            case Oidc.INVALID_TYPE_CLAIM /* -3 */:
            case -2:
                return new String(resultSet.getBytes(i), StandardCharsets.UTF_8);
        }
    }

    @Override // org.wildfly.security.auth.realm.jdbc.KeyMapper, org.wildfly.security.auth.realm.jdbc.ColumnMapper
    public Credential map(ResultSet resultSet, Supplier<Provider[]> supplier) throws SQLException {
        String stringColumn;
        char[] charArray;
        String identifyAlgorithm;
        KeySpec clearPasswordSpec;
        byte[] bArr = null;
        char[] cArr = null;
        byte[] bArr2 = null;
        String defaultAlgorithm = getDefaultAlgorithm();
        ResultSetMetaData metaData = resultSet.getMetaData();
        if (this.algorithmColumn > 0) {
            defaultAlgorithm = resultSet.getString(this.algorithmColumn);
            if (defaultAlgorithm == null) {
                defaultAlgorithm = getDefaultAlgorithm();
            }
        }
        if (ClearPassword.ALGORITHM_CLEAR.equals(defaultAlgorithm)) {
            String stringColumn2 = getStringColumn(metaData, resultSet, this.hashColumn);
            if (stringColumn2 != null) {
                cArr = stringColumn2.toCharArray();
            } else {
                bArr = getBinaryColumn(metaData, resultSet, this.hashColumn, this.hashEncoding);
            }
        } else {
            if (this.saltColumn == -1 && this.iterationCountColumn == -1 && (stringColumn = getStringColumn(metaData, resultSet, this.hashColumn)) != null && (identifyAlgorithm = ModularCrypt.identifyAlgorithm((charArray = stringColumn.toCharArray()))) != null) {
                try {
                    Password decode = ModularCrypt.decode(charArray);
                    if (ElytronMessages.log.isTraceEnabled()) {
                        ElytronMessages.log.tracef("Key Mapper: Password credential created using Modular Crypt algorithm [%s]", identifyAlgorithm);
                    }
                    return new PasswordCredential(decode);
                } catch (InvalidKeySpecException e) {
                    ElytronMessages.log.tracef(e, "Key Mapper: Unable to identify Modular Crypt algorithm [%s]", identifyAlgorithm);
                }
            }
            bArr = getBinaryColumn(metaData, resultSet, this.hashColumn, this.hashEncoding);
        }
        if (this.saltColumn > 0) {
            bArr2 = getBinaryColumn(metaData, resultSet, this.saltColumn, this.saltEncoding);
        }
        int i = this.iterationCountColumn > 0 ? resultSet.getInt(this.iterationCountColumn) : this.defaultIterationCount;
        try {
            PasswordFactory passwordFactory = PasswordFactory.getInstance(defaultAlgorithm, supplier);
            if (bArr != null) {
                clearPasswordSpec = bArr2 != null ? i > 0 ? new IteratedSaltedHashPasswordSpec(bArr, bArr2, i) : new SaltedHashPasswordSpec(bArr, bArr2) : i > 0 ? new IteratedHashPasswordSpec(bArr, i) : new HashPasswordSpec(bArr);
            } else {
                if (cArr == null) {
                    return null;
                }
                clearPasswordSpec = new ClearPasswordSpec(cArr);
            }
            try {
                Password generatePassword = passwordFactory.generatePassword(clearPasswordSpec);
                if (ElytronMessages.log.isTraceEnabled()) {
                    ElytronMessages.log.tracef("Key Mapper: Password credential created using algorithm column value [%s]", defaultAlgorithm);
                }
                return new PasswordCredential(generatePassword);
            } catch (InvalidKeySpecException e2) {
                throw ElytronMessages.log.invalidPasswordKeySpecificationForAlgorithm(defaultAlgorithm, e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw ElytronMessages.log.couldNotObtainPasswordFactoryForAlgorithm(defaultAlgorithm, e3);
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // org.wildfly.security.auth.realm.jdbc.KeyMapper, org.wildfly.security.auth.realm.jdbc.ColumnMapper
    public /* bridge */ /* synthetic */ Object map(ResultSet resultSet, Supplier supplier) throws SQLException {
        return map(resultSet, (Supplier<Provider[]>) supplier);
    }
}
