package org.apache.isis.security.sql.authentication;

import com.google.common.base.Strings;
import com.google.inject.Inject;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import org.apache.isis.applib.ApplicationException;
import org.apache.isis.core.commons.config.IsisConfiguration;
import org.apache.isis.core.commons.ensure.Assert;
import org.apache.isis.core.runtime.authentication.AuthenticationRequest;
import org.apache.isis.core.runtime.authentication.AuthenticationRequestPassword;
import org.apache.isis.core.runtime.authentication.standard.PasswordRequestAuthenticatorAbstract;
import org.apache.isis.runtimes.dflt.runtime.system.context.IsisContext;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/isis/security/sql/authentication/SqlAuthenticator.class */
public class SqlAuthenticator extends PasswordRequestAuthenticatorAbstract {
    private static final Logger LOG = Logger.getLogger(SqlAuthenticator.class);
    static SqlAuthenticator instance;
    static final String PROPERTY_BASE = "isis.authentication.sql";
    static final String USER_TABLE = "isis.authentication.sql.userTable";
    static final String USER_TABLE_NAME_FIELD = "isis.authentication.sql.userNameField";
    static final String USER_TABLE_PASSWORD_FIELD = "isis.authentication.sql.passwordField";
    static final String USER_TABLE_ROLE_FIELD = "isis.authentication.sql.roleField";
    private Connection connection;
    final String passwordField;
    final String userTable;
    final String userNameField;
    final String userRoleField;
    private final List<Object> queryValues;

    public static SqlAuthenticator getInstance() {
        return instance;
    }

    protected boolean verifyPasswordsAreEqual(String str, String str2) {
        return str2.equals(str);
    }

    protected ResultSet postProcessLogin(String str, String str2, ResultSet resultSet) {
        return resultSet;
    }

    protected String getRoles(ResultSet resultSet, String str) {
        try {
            if (this.userRoleField != null) {
                return str + "|" + resultSet.getString(this.userRoleField);
            }
        } catch (SQLException e) {
            LOG.warn("Error fetching role", e);
        }
        return str;
    }

    public void initialise() {
    }

    public static String getPropertyBase() {
        return PROPERTY_BASE;
    }

    public static String getPropertyUserTable() {
        return USER_TABLE;
    }

    public static String getPropertyUserTableNameField() {
        return USER_TABLE_NAME_FIELD;
    }

    public static String getPropertyUserTablePasswordField() {
        return USER_TABLE_PASSWORD_FIELD;
    }

    public static String getPropertyUserTableRoleField() {
        return USER_TABLE_ROLE_FIELD;
    }

    @Inject
    public SqlAuthenticator(IsisConfiguration isisConfiguration) {
        super(isisConfiguration);
        this.queryValues = new ArrayList();
        this.userTable = isisConfiguration.getString(USER_TABLE);
        this.userNameField = isisConfiguration.getString(USER_TABLE_NAME_FIELD);
        this.passwordField = isisConfiguration.getString(USER_TABLE_PASSWORD_FIELD);
        this.userRoleField = isisConfiguration.getString(USER_TABLE_ROLE_FIELD);
        instance = this;
    }

    public void init() {
        if (this.connection != null) {
            LOG.info("close");
        }
        IsisConfiguration properties = IsisContext.getConfiguration().getProperties("isis.authentication.sql.jdbc.");
        try {
            String string = properties.getString("isis.authentication.sql.jdbc.driver");
            String string2 = properties.getString("isis.authentication.sql.jdbc.connection");
            String string3 = properties.getString("isis.authentication.sql.jdbc.user");
            String string4 = properties.getString("isis.authentication.sql.jdbc.password");
            if (this.connection != null) {
                throw new ApplicationException("Connection already established");
            }
            if (string == null) {
                throw new ApplicationException("No driver specified for database connection");
            }
            if (string2 == null) {
                throw new ApplicationException("No connection URL specified to database");
            }
            if (string3 == null) {
                throw new ApplicationException("No user specified for database connection");
            }
            if (string4 == null) {
                throw new ApplicationException("No password specified for database connection");
            }
            Class.forName(string);
            LOG.info("Connecting to " + string2 + " as " + string3);
            this.connection = DriverManager.getConnection(string2, string3, string4);
            if (this.connection == null) {
                throw new ApplicationException("No connection established to " + string2);
            }
        } catch (ClassNotFoundException e) {
            throw new ApplicationException("Could not find database driver", e);
        } catch (SQLException e2) {
            throw new ApplicationException("Failed to start", e2);
        }
    }

    public void shutdown() {
        update("SHUTDOWN");
        closeConnection();
    }

    private void closeConnection() {
        try {
            this.connection.close();
            this.connection = null;
        } catch (SQLException e) {
            LOG.warn("Failed to close connection:" + e);
        }
    }

    public final boolean isValid(AuthenticationRequest authenticationRequest) {
        AuthenticationRequestPassword authenticationRequestPassword = (AuthenticationRequestPassword) authenticationRequest;
        String name = authenticationRequestPassword.getName();
        if (Strings.isNullOrEmpty(name)) {
            return false;
        }
        String password = authenticationRequestPassword.getPassword();
        Assert.assertNotNull(password);
        return isPasswordValidForUser(authenticationRequestPassword, name, password);
    }

    private boolean isPasswordValidForUser(AuthenticationRequest authenticationRequest, String str, String str2) {
        ResultSet loadUserDetails = loadUserDetails(str, str2);
        if (loadUserDetails == null) {
            return false;
        }
        setRoles(authenticationRequest, getRoles(loadUserDetails, "org.apache.isis.viewer.wicket.roles.USER|org.starobjects.wicket.roles.USER"));
        return true;
    }

    protected ResultSet loadUserDetails(String str, String str2) {
        String str3 = "SELECT * FROM " + this.userTable + " WHERE UPPER(" + this.userNameField + ") = ?";
        addToQueryValues(str.toUpperCase());
        ResultSet select = select(str3);
        do {
            try {
                if (!select.next()) {
                    return null;
                }
            } catch (SQLException e) {
                LOG.error("Error loading user details: " + str3);
                throw new ApplicationException("Error loading user details", e);
            }
        } while (!verifyPasswordsAreEqual(str2, select.getString(this.passwordField)));
        return postProcessLogin(str, str2, select);
    }

    private final void setRoles(AuthenticationRequest authenticationRequest, String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, "|", false);
        String[] strArr = new String[stringTokenizer.countTokens()];
        int i = 0;
        while (stringTokenizer.hasMoreTokens()) {
            strArr[i] = stringTokenizer.nextToken();
            i++;
        }
        authenticationRequest.setRoles(Arrays.asList(strArr));
    }

    public boolean isSetup() {
        return hasTable(this.userTable);
    }

    protected int update(String str) {
        LOG.debug("SQL: " + str);
        try {
            try {
                PreparedStatement prepareStatement = this.connection.prepareStatement(str);
                addPreparedValues(prepareStatement);
                int executeUpdate = prepareStatement.executeUpdate();
                prepareStatement.close();
                clearPreparedValues();
                return executeUpdate;
            } catch (SQLException e) {
                LOG.error("failed to execute " + str, e);
                throw new ApplicationException("Error executing update", e);
            }
        } catch (Throwable th) {
            clearPreparedValues();
            throw th;
        }
    }

    private ResultSet select(String str) {
        LOG.debug("SQL: " + str);
        try {
            try {
                PreparedStatement prepareStatement = this.connection.prepareStatement(str);
                addPreparedValues(prepareStatement);
                ResultSet executeQuery = prepareStatement.executeQuery();
                clearPreparedValues();
                return executeQuery;
            } catch (SQLException e) {
                LOG.error("failed to execte select: " + str, e);
                throw new ApplicationException("Error executing select", e);
            }
        } catch (Throwable th) {
            clearPreparedValues();
            throw th;
        }
    }

    public String addToQueryValues(Object obj) {
        this.queryValues.add(obj);
        return "?";
    }

    private void clearPreparedValues() {
        this.queryValues.clear();
    }

    private void addPreparedValues(PreparedStatement preparedStatement) throws SQLException {
        if (this.queryValues.size() > 0) {
            int i = 1;
            try {
                Iterator<Object> it = this.queryValues.iterator();
                while (it.hasNext()) {
                    preparedStatement.setObject(i, it.next());
                    i++;
                }
            } catch (SQLException e) {
                LOG.error("Error adding prepared value " + i + " of type " + this.queryValues.get(i - 1).getClass().getSimpleName(), e);
                throw e;
            }
        }
    }

    private boolean hasTable(String str) {
        try {
            ResultSet tables = this.connection.getMetaData().getTables(null, null, str, null);
            if (!tables.next()) {
                tables.close();
                return false;
            }
            LOG.debug("Found " + tables.getString("TABLE_NAME"));
            tables.close();
            return true;
        } catch (SQLException e) {
            LOG.error("failed to find table: " + str, e);
            throw new ApplicationException("Error checking for table: " + str, e);
        }
    }
}
