package io.inversion.jdbc;

import io.inversion.ApiException;
import io.inversion.User;
import io.inversion.action.security.AuthAction;
import io.inversion.utils.Config;
import io.inversion.utils.Rows;
import java.security.MessageDigest;
import java.sql.Connection;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import javax.xml.bind.annotation.adapters.HexBinaryAdapter;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.collections4.map.CaseInsensitiveMap;

/* loaded from: input_file:io/inversion/jdbc/JdbcDbUserDao.class */
public class JdbcDbUserDao extends AuthAction.JwtUserDao {
    protected String name = null;
    protected JdbcDb db = null;
    protected String salt = null;

    public JdbcDbUserDao() {
    }

    public JdbcDbUserDao(JdbcDb jdbcDb) {
        withDb(jdbcDb);
    }

    protected boolean checkPassword(String str, String str2) {
        String salt = getSalt();
        if (salt == null) {
            ApiException.throw500InternalServerError("You must configure a salt value for password hashing.", new Object[0]);
        }
        return str.equals(strongHash(salt, str2)) || str.equals(weakHash(str2));
    }

    public User getUser(AuthAction authAction, String str, String str2, String str3, String str4) throws ApiException {
        User user = null;
        try {
            ArrayList arrayList = new ArrayList();
            String str5 = "";
            if (str != null) {
                arrayList.add(str);
                str5 = ((((str5 + " SELECT DISTINCT u.*") + " FROM User u   ") + " WHERE (u.revoked IS NULL OR u.revoked != 1) ") + " AND u.username = ? ") + " LIMIT 1 ";
            }
            Connection connection = this.db.getConnection();
            Rows.Row selectRow = JdbcUtils.selectRow(connection, str5, str);
            if (selectRow != null) {
                CaseInsensitiveMap caseInsensitiveMap = new CaseInsensitiveMap(selectRow);
                if (checkPassword((String) caseInsensitiveMap.get("password"), str2)) {
                    user = new User();
                    user.withId(Integer.parseInt(caseInsensitiveMap.get("id") + "")).withUsername((String) caseInsensitiveMap.get("username")).withAccessKey((String) caseInsensitiveMap.get("accessKey")).withTenant((String) caseInsensitiveMap.get("tenant"));
                }
                if (user != null) {
                    Rows findGRP = findGRP(connection, user.getId(), str3, str4);
                    if (findGRP == null || findGRP.size() == 0) {
                        user = null;
                    } else {
                        populateGRP(user, findGRP);
                    }
                }
            }
        } catch (Exception e) {
            ApiException.throw500InternalServerError(e);
        }
        return user;
    }

    public static String strongHash(Object obj, String str) throws ApiException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
            messageDigest.reset();
            messageDigest.update(obj.toString().getBytes());
            byte[] digest = messageDigest.digest(str.getBytes("UTF-8"));
            for (int i = 0; i < 1000; i++) {
                messageDigest.reset();
                digest = messageDigest.digest(digest);
            }
            return Base64.encodeBase64String(digest).trim();
        } catch (Exception e) {
            ApiException.throwEx((String) null, e, (String) null, new Object[0]);
            return null;
        }
    }

    public static String weakHash(String str) {
        try {
            byte[] bytes = str.getBytes();
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bytes);
            return new HexBinaryAdapter().marshal(messageDigest.digest());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x003c. Please report as an issue. */
    void populateGRP(User user, Rows rows) {
        Iterator it = rows.iterator();
        while (it.hasNext()) {
            Rows.Row row = (Rows.Row) it.next();
            String string = row.getString("type");
            String string2 = row.getString("name");
            if (string2 != null) {
                boolean z = -1;
                switch (string.hashCode()) {
                    case -517618225:
                        if (string.equals("permission")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 3506294:
                        if (string.equals("role")) {
                            z = true;
                            break;
                        }
                        break;
                    case 98629247:
                        if (string.equals("group")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        user.withGroups(new String[]{string2});
                        break;
                    case true:
                        user.withRoles(new String[]{string2});
                        break;
                    case true:
                        user.withPermissions(new String[]{string2});
                        break;
                }
            }
        }
    }

    protected Rows findGRP(Connection connection, int i, String str, String str2) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Integer.valueOf(i));
        arrayList.addAll(Arrays.asList(str, str2, str, str2));
        arrayList.addAll(Arrays.asList(Integer.valueOf(i), str, str2, str, str2, str, str2));
        arrayList.addAll(Arrays.asList(Integer.valueOf(i), str, str2, str, str2, str, str2));
        arrayList.addAll(Arrays.asList(Integer.valueOf(i), str, str2, str, str2, str, str2, str, str2));
        arrayList.addAll(Arrays.asList(Integer.valueOf(i), str, str2));
        arrayList.addAll(Arrays.asList(Integer.valueOf(i), str, str2));
        String str3 = (((((((((((((((((((((((((((((((((((((((((((((((((((((((((("SELECT * FROM (") + "\r\n    SELECT 'permission' as type, p.name, 'user->permission' as via") + "\r\n    FROM Permission p") + "\r\n    JOIN UserPermission u ON p.id = u.permissionId") + "\r\n    WHERE u.userId = ?") + "\r\n     AND ((p.api is null OR p.api = ?) AND (p.tenant is null OR p.tenant = ?))") + "\r\n     AND ((u.api is null OR u.api = ?) AND (u.tenant is null OR u.tenant = ?))") + "\r\n                                                           ") + "\r\n    UNION") + "\r\n                                                           ") + "\r\n    SELECT 'permission' as type, p.name, 'user->group->permission' as via") + "\r\n    FROM Permission p") + "\r\n    JOIN GroupPermission g ON p.id = g.permissionId") + "\r\n    JOIN UserGroup u ON u.groupId = g.groupId ") + "\r\n    WHERE u.userId = ?") + "\r\n     AND ((p.api is null OR p.api = ?) AND (p.tenant is null OR p.tenant = ?))") + "\r\n     AND ((g.api is null OR g.api = ?) AND (g.tenant is null OR g.tenant = ?))") + "\r\n     AND ((u.api is null OR u.api = ?) AND (u.tenant is null OR u.tenant = ?))") + "\r\n                                                           ") + "\r\n    UNION") + "\r\n                                                           ") + "\r\n    SELECT 'permission' as type, p.name, 'user->role->permission' as via") + "\r\n    FROM Permission p") + "\r\n    JOIN RolePermission r ON p.id = r.permissionId") + "\r\n    JOIN UserRole u ON u.roleId = r.roleId ") + "\r\n    WHERE u.userId = ?") + "\r\n     AND ((p.api is null OR p.api = ?) AND (p.tenant is null OR p.tenant = ?))") + "\r\n     AND ((r.api is null OR r.api = ?) AND (r.tenant is null OR r.tenant = ?))") + "\r\n     AND ((u.api is null OR u.api = ?) AND (u.tenant is null OR u.tenant = ?))") + "\r\n                                                           ") + "\r\n    UNION") + "\r\n                                                           ") + "\r\n    SELECT 'permission' as type, p.name, 'user->group->role->permission' as via") + "\r\n    FROM Permission p") + "\r\n    JOIN RolePermission r ON p.id = r.permissionId") + "\r\n    JOIN GroupRole g ON r.roleID = g.roleId") + "\r\n    JOIN UserGroup u ON g.groupId = u.groupId") + "\r\n    WHERE u.userId = ?") + "\r\n     AND ((p.api is null OR p.api = ?) AND (p.tenant is null OR p.tenant = ?))") + "\r\n     AND ((r.api is null OR r.api = ?) AND (r.tenant is null OR r.tenant = ?))") + "\r\n     AND ((g.api is null OR g.api = ?) AND (g.tenant is null OR g.tenant = ?))") + "\r\n     AND ((u.api is null OR u.api = ?) AND (u.tenant is null OR u.tenant = ?))") + "\r\n                                                           ") + "\r\n    UNION") + "\r\n                                                           ") + "\r\n    SELECT 'group' as type, g.name, '' as via") + "\r\n    FROM `Group` g") + "\r\n    JOIN UserGroup u ON g.id = u.groupId") + "\r\n    WHERE u.userId = ?") + "\r\n     AND ((u.api is null OR u.api = ?) AND (u.tenant is null OR u.tenant = ?))") + "\r\n                                                           ") + "\r\n    UNION") + "\r\n                                                           ") + "\r\n    SELECT 'role' as type, r.name, '' as via") + "\r\n    FROM Role r") + "\r\n    JOIN UserRole u ON r.id = u.roleId") + "\r\n    WHERE u.userId = ?") + "\r\n     AND ((u.api is null OR u.api = ?) AND (u.tenant is null OR u.tenant = ?))") + " ) as q ORDER BY type, name, via";
        System.out.println(str3 + " -> " + arrayList);
        return JdbcUtils.selectRows(connection, str3, arrayList);
    }

    public JdbcDbUserDao withDb(JdbcDb jdbcDb) {
        this.db = jdbcDb;
        return this;
    }

    public JdbcDb getDb() {
        return this.db;
    }

    public JdbcDbUserDao withSalt(String str) {
        this.salt = str;
        return this;
    }

    public String getSalt() {
        return Config.getString(getName() + ".salt", this.salt);
    }

    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public void setDb(JdbcDb jdbcDb) {
        this.db = jdbcDb;
    }
}
