package org.jivesoftware.openfire.auth;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.security.sasl.SaslException;
import javax.xml.bind.DatatypeConverter;
import org.jivesoftware.database.DbConnectionManager;
import org.jivesoftware.openfire.domain.DomainManager;
import org.jivesoftware.openfire.sasl.ScramSha1SaslServer;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/auth/DefaultAuthProvider.class */
public class DefaultAuthProvider implements AuthProvider {
    private static final String LOAD_PASSWORD = "SELECT plainPassword,encryptedPassword FROM ofUser WHERE username=?";
    private static final String TEST_PASSWORD = "SELECT plainPassword,encryptedPassword,iterations,salt,storedKey,serverKey FROM ofUser WHERE username=?";
    private static final String UPDATE_PASSWORD = "UPDATE ofUser SET plainPassword=?, encryptedPassword=?, storedKey=?, serverKey=?, salt=?, iterations=? WHERE username=?";
    private static final Logger Log = LoggerFactory.getLogger(DefaultAuthProvider.class);
    private static final SecureRandom random = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jivesoftware/openfire/auth/DefaultAuthProvider$UserInfo.class */
    public class UserInfo {
        String plainText;
        String encrypted;
        int iterations;
        String salt;
        String storedKey;
        String serverKey;

        private UserInfo() {
        }
    }

    private UserInfo getUserInfo(String str) throws UnsupportedOperationException, UserNotFoundException {
        return getUserInfo(str, false);
    }

    private UserInfo getUserInfo(String str, boolean z) throws UnsupportedOperationException, UserNotFoundException {
        if (!isScramSupported()) {
            throw new UnsupportedOperationException();
        }
        try {
            try {
                Connection connection = DbConnectionManager.getConnection();
                PreparedStatement prepareStatement = connection.prepareStatement(TEST_PASSWORD);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    throw new UserNotFoundException(str);
                }
                UserInfo userInfo = new UserInfo();
                userInfo.plainText = executeQuery.getString(1);
                userInfo.encrypted = executeQuery.getString(2);
                userInfo.iterations = executeQuery.getInt(3);
                userInfo.salt = executeQuery.getString(4);
                userInfo.storedKey = executeQuery.getString(5);
                userInfo.serverKey = executeQuery.getString(6);
                if (userInfo.encrypted != null) {
                    try {
                        userInfo.plainText = AuthFactory.decryptPassword(userInfo.encrypted);
                    } catch (UnsupportedOperationException e) {
                    }
                }
                if (z || userInfo.plainText == null || !(JiveGlobals.getBooleanProperty("user.scramHashedPasswordOnly") || userInfo.salt == null)) {
                    DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                    return userInfo;
                }
                setPassword(str, userInfo.plainText);
                UserInfo userInfo2 = getUserInfo(str, true);
                DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                return userInfo2;
            } catch (Throwable th) {
                DbConnectionManager.closeConnection(null, null, null);
                throw th;
            }
        } catch (SQLException e2) {
            Log.error("User SQL failure:", e2);
            throw new UserNotFoundException(e2);
        }
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public String getSalt(String str) throws UserNotFoundException {
        return getUserInfo(str).salt;
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public int getIterations(String str) throws UserNotFoundException {
        return getUserInfo(str).iterations;
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public String getStoredKey(String str) throws UserNotFoundException {
        return getUserInfo(str).storedKey;
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public String getServerKey(String str) throws UserNotFoundException {
        return getUserInfo(str).serverKey;
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public void authenticate(String str, String str2) throws UnauthorizedException {
        if (str == null || str2 == null) {
            throw new UnauthorizedException();
        }
        String lowerCase = str.trim().toLowerCase();
        if (lowerCase.contains("@")) {
            if (!DomainManager.getInstance().isRegisteredDomain(lowerCase.substring(lowerCase.indexOf("@") + 1))) {
                throw new UnauthorizedException();
            }
        }
        try {
            if (checkPassword(lowerCase, str2)) {
            } else {
                throw new UnauthorizedException();
            }
        } catch (UserNotFoundException e) {
            throw new UnauthorizedException();
        }
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public String getPassword(String str) throws UserNotFoundException {
        if (!supportsPasswordRetrieval()) {
            throw new UnsupportedOperationException();
        }
        if (str.contains("@")) {
            if (!DomainManager.getInstance().isRegisteredDomain(str.substring(str.indexOf("@") + 1))) {
                throw new UserNotFoundException();
            }
        }
        try {
            try {
                Connection connection = DbConnectionManager.getConnection();
                PreparedStatement prepareStatement = connection.prepareStatement(LOAD_PASSWORD);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    throw new UserNotFoundException(str);
                }
                String string = executeQuery.getString(1);
                String string2 = executeQuery.getString(2);
                if (string2 != null) {
                    try {
                        String decryptPassword = AuthFactory.decryptPassword(string2);
                        DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                        return decryptPassword;
                    } catch (UnsupportedOperationException e) {
                    }
                }
                if (string == null) {
                    throw new UnsupportedOperationException();
                }
                DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                return string;
            } catch (SQLException e2) {
                throw new UserNotFoundException(e2);
            }
        } catch (Throwable th) {
            DbConnectionManager.closeConnection(null, null, null);
            throw th;
        }
    }

    public boolean checkPassword(String str, String str2) throws UserNotFoundException {
        if (str.contains("@")) {
            if (!DomainManager.getInstance().isRegisteredDomain(str.substring(str.indexOf("@") + 1))) {
                throw new UserNotFoundException();
            }
        }
        try {
            try {
                Connection connection = DbConnectionManager.getConnection();
                PreparedStatement prepareStatement = connection.prepareStatement(TEST_PASSWORD);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    throw new UserNotFoundException(str);
                }
                String string = executeQuery.getString(1);
                String string2 = executeQuery.getString(2);
                int i = executeQuery.getInt(3);
                String string3 = executeQuery.getString(4);
                String string4 = executeQuery.getString(5);
                if (string2 != null) {
                    try {
                        string = AuthFactory.decryptPassword(string2);
                    } catch (UnsupportedOperationException e) {
                    }
                }
                if (string != null) {
                    if (JiveGlobals.getBooleanProperty("user.scramHashedPasswordOnly")) {
                        setPassword(str, string);
                    }
                    boolean equals = str2.equals(string);
                    DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                    return equals;
                }
                if (string3 == null || i == 0 || string4 == null) {
                    Log.warn("No available credentials for checkPassword.");
                    DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                    return false;
                }
                try {
                    boolean equals2 = DatatypeConverter.printBase64Binary(MessageDigest.getInstance("SHA-1").digest(ScramUtils.computeHmac(ScramUtils.createSaltedPassword(DatatypeConverter.parseBase64Binary(string3), str2, i), "Client Key"))).equals(string4);
                    DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                    return equals2;
                } catch (SaslException | NoSuchAlgorithmException e2) {
                    Log.warn("Unable to check SCRAM values for PLAIN authentication.");
                    DbConnectionManager.closeConnection(executeQuery, prepareStatement, connection);
                    return false;
                }
            } catch (SQLException e3) {
                Log.error("User SQL failure:", e3);
                throw new UserNotFoundException(e3);
            }
        } catch (Throwable th) {
            DbConnectionManager.closeConnection(null, null, null);
            throw th;
        }
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public void setPassword(String str, String str2) throws UserNotFoundException {
        boolean booleanProperty = JiveGlobals.getBooleanProperty("user.usePlainPassword");
        boolean booleanProperty2 = JiveGlobals.getBooleanProperty("user.scramHashedPasswordOnly");
        String str3 = null;
        if (str.contains("@")) {
            if (!DomainManager.getInstance().isRegisteredDomain(str.substring(str.indexOf("@") + 1))) {
                throw new UserNotFoundException();
            }
        }
        byte[] bArr = new byte[24];
        random.nextBytes(bArr);
        String printBase64Binary = DatatypeConverter.printBase64Binary(bArr);
        int intValue = ScramSha1SaslServer.ITERATION_COUNT.getValue().intValue();
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        try {
            byte[] createSaltedPassword = ScramUtils.createSaltedPassword(bArr, str2, intValue);
            bArr2 = MessageDigest.getInstance("SHA-1").digest(ScramUtils.computeHmac(createSaltedPassword, "Client Key"));
            bArr3 = ScramUtils.computeHmac(createSaltedPassword, "Server Key");
        } catch (SaslException | NoSuchAlgorithmException e) {
            Log.warn("Unable to persist values for SCRAM authentication.");
        }
        if (!booleanProperty2 && !booleanProperty) {
            try {
                str3 = AuthFactory.encryptPassword(str2);
                str2 = null;
            } catch (UnsupportedOperationException e2) {
            }
        }
        if (booleanProperty2) {
            str3 = null;
            str2 = null;
        }
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                connection = DbConnectionManager.getConnection();
                preparedStatement = connection.prepareStatement(UPDATE_PASSWORD);
                if (str2 == null) {
                    preparedStatement.setNull(1, 12);
                } else {
                    preparedStatement.setString(1, str2);
                }
                if (str3 == null) {
                    preparedStatement.setNull(2, 12);
                } else {
                    preparedStatement.setString(2, str3);
                }
                if (bArr2 == null) {
                    preparedStatement.setNull(3, 12);
                } else {
                    preparedStatement.setString(3, DatatypeConverter.printBase64Binary(bArr2));
                }
                if (bArr3 == null) {
                    preparedStatement.setNull(4, 12);
                } else {
                    preparedStatement.setString(4, DatatypeConverter.printBase64Binary(bArr3));
                }
                preparedStatement.setString(5, printBase64Binary);
                preparedStatement.setInt(6, intValue);
                preparedStatement.setString(7, str);
                preparedStatement.executeUpdate();
                DbConnectionManager.closeConnection(preparedStatement, connection);
            } catch (SQLException e3) {
                throw new UserNotFoundException(e3);
            }
        } catch (Throwable th) {
            DbConnectionManager.closeConnection(preparedStatement, connection);
            throw th;
        }
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public boolean supportsPasswordRetrieval() {
        return !JiveGlobals.getBooleanProperty("user.scramHashedPasswordOnly");
    }

    @Override // org.jivesoftware.openfire.auth.AuthProvider
    public boolean isScramSupported() {
        return true;
    }
}
