package org.jivesoftware.openfire.auth;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.jivesoftware.openfire.lockout.LockOutManager;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.Blowfish;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.LocaleUtils;
import org.jivesoftware.util.StringUtils;
import org.jivesoftware.util.SystemProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmpp.packet.JID;

/* loaded from: input_file:org/jivesoftware/openfire/auth/AuthFactory.class */
public class AuthFactory {
    private static MessageDigest digest;
    public static final String ONE_TIME_PROPERTY = "oneTimeAccessToken";
    private static final Logger Log = LoggerFactory.getLogger(AuthFactory.class);
    private static final SystemProperty<String> PASSWORD_KEY = SystemProperty.Builder.ofType(String.class).setKey("passwordKey").setDynamic(true).build();
    public static final SystemProperty<Class> AUTH_PROVIDER = SystemProperty.Builder.ofType(Class.class).setKey("provider.auth.className").setBaseClass(AuthProvider.class).setDefaultValue(DefaultAuthProvider.class).setDynamic(true).addListener(AuthFactory::initProvider).build();
    private static AuthProvider authProvider = null;
    private static final Object DIGEST_LOCK = new Object();
    private static Blowfish cipher = null;

    private static void initProvider(Class cls) {
        if (authProvider == null || !cls.equals(authProvider.getClass())) {
            try {
                authProvider = (AuthProvider) cls.newInstance();
            } catch (Exception e) {
                Log.error("Error loading auth provider: " + cls.getName(), e);
                authProvider = new DefaultAuthProvider();
            }
        }
    }

    public static AuthProvider getAuthProvider() {
        return authProvider;
    }

    public static boolean isProviderInstanceOf(Class<?> cls) {
        return cls.isInstance(authProvider);
    }

    public static boolean isProviderHybridInstanceOf(Class<? extends AuthProvider> cls) {
        return (authProvider instanceof HybridAuthProvider) && ((HybridAuthProvider) authProvider).isProvider(cls);
    }

    public static boolean supportsPasswordRetrieval() {
        return authProvider.supportsPasswordRetrieval();
    }

    public static String getPassword(String str) throws UserNotFoundException, UnsupportedOperationException {
        return authProvider.getPassword(JID.unescapeNode(str).toLowerCase());
    }

    public static void setPassword(String str, String str2) throws UserNotFoundException, UnsupportedOperationException, ConnectionException, InternalUnauthenticatedException {
        authProvider.setPassword(JID.unescapeNode(str), str2);
    }

    public static AuthToken authenticate(String str, String str2) throws UnauthorizedException, ConnectionException, InternalUnauthenticatedException {
        String unescapeNode = JID.unescapeNode(str);
        if (LockOutManager.getInstance().isAccountDisabled(unescapeNode)) {
            LockOutManager.getInstance().recordFailedLogin(unescapeNode);
            throw new UnauthorizedException();
        }
        authProvider.authenticate(unescapeNode, str2);
        return AuthToken.generateUserToken(unescapeNode);
    }

    public static String createDigest(String str, String str2) {
        String encodeHex;
        synchronized (DIGEST_LOCK) {
            digest.update(str.getBytes());
            encodeHex = StringUtils.encodeHex(digest.digest(str2.getBytes()));
        }
        return encodeHex;
    }

    public static String encryptPassword(String str) {
        if (str == null) {
            return null;
        }
        Blowfish cipher2 = getCipher();
        if (cipher2 == null) {
            throw new UnsupportedOperationException();
        }
        return cipher2.encryptString(str);
    }

    public static String decryptPassword(String str) {
        if (str == null) {
            return null;
        }
        Blowfish cipher2 = getCipher();
        if (cipher2 == null) {
            throw new UnsupportedOperationException();
        }
        return cipher2.decryptString(str);
    }

    private static synchronized Blowfish getCipher() {
        if (cipher != null) {
            return cipher;
        }
        try {
            String value = PASSWORD_KEY.getValue();
            if (value == null) {
                value = StringUtils.randomString(15);
                PASSWORD_KEY.setValue(value);
                if (!value.equals(PASSWORD_KEY.getValue())) {
                    return null;
                }
            }
            cipher = new Blowfish(value);
        } catch (Exception e) {
            Log.error(e.getMessage(), e);
        }
        return cipher;
    }

    public static boolean supportsScram() {
        return authProvider.isScramSupported();
    }

    public static String getSalt(String str) throws UnsupportedOperationException, UserNotFoundException {
        return authProvider.getSalt(str);
    }

    public static int getIterations(String str) throws UnsupportedOperationException, UserNotFoundException {
        return authProvider.getIterations(str);
    }

    public static String getServerKey(String str) throws UnsupportedOperationException, UserNotFoundException {
        return authProvider.getServerKey(str);
    }

    public static String getStoredKey(String str) throws UnsupportedOperationException, UserNotFoundException {
        return authProvider.getStoredKey(str);
    }

    public static boolean isOneTimeAccessTokenEnabled() {
        return org.apache.commons.lang3.StringUtils.isNotBlank(JiveGlobals.getXMLProperty(ONE_TIME_PROPERTY));
    }

    public static AuthToken checkOneTimeAccessToken(String str) throws UnauthorizedException {
        String xMLProperty = JiveGlobals.getXMLProperty(ONE_TIME_PROPERTY);
        if (!isOneTimeAccessTokenEnabled() || !xMLProperty.equals(str)) {
            throw new UnauthorizedException();
        }
        JiveGlobals.deleteXMLProperty(ONE_TIME_PROPERTY);
        Log.info("Login with the one time access token.");
        return AuthToken.generateOneTimeToken(xMLProperty);
    }

    static {
        try {
            digest = MessageDigest.getInstance("SHA");
        } catch (NoSuchAlgorithmException e) {
            Log.error(LocaleUtils.getLocalizedString("admin.error"), e);
        }
        initProvider(AUTH_PROVIDER.getValue());
    }
}
