package org.apache.openejb.core.security.jaas;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.sql.Connection;
import java.sql.Driver;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.EnumMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import org.apache.geronimo.mail.james.mime4j.util.MimeUtil;
import org.apache.openejb.JndiConstants;
import org.apache.openejb.core.EnvProps;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.spi.ContainerSystem;
import org.apache.openejb.util.Base64;
import org.apache.openejb.util.HexConverter;
import org.apache.openejb.util.LogCategory;
import org.apache.openejb.util.Logger;
import org.apache.openejb.util.Strings;

/* loaded from: input_file:lib/openejb-core-8.0.10.jar:org/apache/openejb/core/security/jaas/SQLLoginModule.class */
public class SQLLoginModule implements LoginModule {
    private static final Logger log;
    private String connectionURL;
    private Properties properties;
    private Driver driver;
    private DataSource dataSource;
    private String userSelect;
    private String groupSelect;
    private String digest;
    private String encoding;
    private boolean loginSucceeded;
    private Subject subject;
    private CallbackHandler handler;
    private String cbUsername;
    private String cbPassword;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final EnumMap<Option, String> optionsMap = new EnumMap<>(Option.class);
    private final Set<String> groups = new HashSet();
    private final Set<Principal> allPrincipals = new HashSet();

    /* loaded from: input_file:lib/openejb-core-8.0.10.jar:org/apache/openejb/core/security/jaas/SQLLoginModule$Option.class */
    private enum Option {
        USER_SELECT("userSelect"),
        GROUP_SELECT("groupSelect"),
        CONNECTION_URL("jdbcURL"),
        USER("jdbcUser"),
        PASSWORD("jdbcPassword"),
        DRIVER("jdbcDriver"),
        DATABASE_POOL_NAME("dataSourceName"),
        DIGEST("digest"),
        ENCODING("encoding");

        public final String name;

        Option(String str) {
            this.name = str;
        }

        public static Option findByName(String str) {
            for (Option option : values()) {
                if (option.name.equals(str)) {
                    return option;
                }
            }
            return null;
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.handler = callbackHandler;
        for (Object obj : map2.entrySet()) {
            Option findByName = Option.findByName((String) ((Map.Entry) obj).getKey());
            if (findByName != null) {
                this.optionsMap.put((EnumMap<Option, String>) findByName, (Option) ((String) ((Map.Entry) obj).getValue()).trim());
            } else {
                log.warning("Ignoring option: {0}. Not supported.", ((Map.Entry) obj).getKey());
            }
        }
        this.userSelect = this.optionsMap.get(Option.USER_SELECT);
        this.groupSelect = this.optionsMap.get(Option.GROUP_SELECT);
        this.digest = this.optionsMap.get(Option.DIGEST);
        this.encoding = this.optionsMap.get(Option.ENCODING);
        if (!Strings.checkNullBlankString(this.digest)) {
            try {
                MessageDigest.getInstance(this.digest);
            } catch (NoSuchAlgorithmException e) {
                initError(e, "Digest algorithm %s is not available.", this.digest);
            }
            if (this.encoding != null && !"hex".equalsIgnoreCase(this.encoding) && !MimeUtil.ENC_BASE64.equalsIgnoreCase(this.encoding)) {
                initError(null, "Digest Encoding %s is not supported.", this.encoding);
            }
        }
        if (this.optionsMap.containsKey(Option.DATABASE_POOL_NAME)) {
            String str = this.optionsMap.get(Option.DATABASE_POOL_NAME);
            try {
                this.dataSource = (DataSource) ((ContainerSystem) SystemInstance.get().getComponent(ContainerSystem.class)).getJNDIContext().lookup(JndiConstants.OPENEJB_RESOURCE_JNDI_PREFIX + str);
                return;
            } catch (NamingException e2) {
                initError(e2, "Data source %s not found.", str);
                return;
            }
        }
        if (!this.optionsMap.containsKey(Option.CONNECTION_URL)) {
            initError(null, "Neither %s nor %s was specified", Option.DATABASE_POOL_NAME.name, Option.CONNECTION_URL.name);
            return;
        }
        this.connectionURL = this.optionsMap.get(Option.CONNECTION_URL);
        String str2 = this.optionsMap.get(Option.USER);
        String str3 = this.optionsMap.get(Option.PASSWORD);
        String str4 = this.optionsMap.get(Option.DRIVER);
        this.properties = new Properties();
        if (str2 != null) {
            this.properties.put("user", str2);
        }
        if (str3 != null) {
            this.properties.put("password", str3);
        }
        if (str4 != null) {
            try {
                this.driver = (Driver) getClass().getClassLoader().loadClass(str4).newInstance();
            } catch (ClassNotFoundException e3) {
                initError(e3, "Driver class %s is not available. Perhaps you need to add it as a dependency in your deployment plan?", str4);
            } catch (Exception e4) {
                initError(e4, "Unable to load, instantiate, register driver %s: %s", str4, e4.getMessage());
            }
        }
    }

    private void initError(Exception exc, String str, Object... objArr) {
        String format = String.format(str, objArr);
        log.error("Initialization failed. {0}", format);
        throw new IllegalArgumentException(format, exc);
    }

    /* JADX WARN: Finally extract failed */
    public boolean login() throws LoginException {
        this.loginSucceeded = false;
        NameCallback[] nameCallbackArr = {new NameCallback("User name"), new PasswordCallback(EnvProps.PASSWORD, false)};
        try {
            this.handler.handle(nameCallbackArr);
            if (!$assertionsDisabled && nameCallbackArr.length != 2) {
                throw new AssertionError();
            }
            this.cbUsername = nameCallbackArr[0].getName();
            if (Strings.checkNullBlankString(this.cbUsername)) {
                throw new FailedLoginException();
            }
            char[] password = ((PasswordCallback) nameCallbackArr[1]).getPassword();
            this.cbPassword = password == null ? null : new String(password);
            try {
                Connection connection = this.dataSource != null ? this.dataSource.getConnection() : this.driver != null ? this.driver.connect(this.connectionURL, this.properties) : DriverManager.getConnection(this.connectionURL, this.properties);
                try {
                    PreparedStatement prepareStatement = connection.prepareStatement(this.userSelect);
                    try {
                        int parameterCount = prepareStatement.getParameterMetaData().getParameterCount();
                        for (int i = 0; i < parameterCount; i++) {
                            prepareStatement.setObject(i + 1, this.cbUsername);
                        }
                        ResultSet executeQuery = prepareStatement.executeQuery();
                        Throwable th = null;
                        boolean z = false;
                        while (true) {
                            try {
                                if (!executeQuery.next()) {
                                    break;
                                }
                                String string = executeQuery.getString(1);
                                String string2 = executeQuery.getString(2);
                                if (this.cbUsername.equals(string)) {
                                    z = true;
                                    if (!checkPassword(string2, this.cbPassword)) {
                                        throw new FailedLoginException();
                                    }
                                }
                            } catch (Throwable th2) {
                                if (executeQuery != null) {
                                    if (0 != 0) {
                                        try {
                                            executeQuery.close();
                                        } catch (Throwable th3) {
                                            th.addSuppressed(th3);
                                        }
                                    } else {
                                        executeQuery.close();
                                    }
                                }
                                throw th2;
                            }
                        }
                        if (!z) {
                            throw new FailedLoginException();
                        }
                        if (executeQuery != null) {
                            if (0 != 0) {
                                try {
                                    executeQuery.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                executeQuery.close();
                            }
                        }
                        prepareStatement.close();
                        prepareStatement = connection.prepareStatement(this.groupSelect);
                        try {
                            int parameterCount2 = prepareStatement.getParameterMetaData().getParameterCount();
                            for (int i2 = 0; i2 < parameterCount2; i2++) {
                                prepareStatement.setObject(i2 + 1, this.cbUsername);
                            }
                            ResultSet executeQuery2 = prepareStatement.executeQuery();
                            Throwable th5 = null;
                            while (executeQuery2.next()) {
                                try {
                                    try {
                                        String string3 = executeQuery2.getString(1);
                                        String string4 = executeQuery2.getString(2);
                                        if (this.cbUsername.equals(string3)) {
                                            this.groups.add(string4);
                                        }
                                    } finally {
                                    }
                                } catch (Throwable th6) {
                                    if (executeQuery2 != null) {
                                        if (th5 != null) {
                                            try {
                                                executeQuery2.close();
                                            } catch (Throwable th7) {
                                                th5.addSuppressed(th7);
                                            }
                                        } else {
                                            executeQuery2.close();
                                        }
                                    }
                                    throw th6;
                                }
                            }
                            if (executeQuery2 != null) {
                                if (0 != 0) {
                                    try {
                                        executeQuery2.close();
                                    } catch (Throwable th8) {
                                        th5.addSuppressed(th8);
                                    }
                                } else {
                                    executeQuery2.close();
                                }
                            }
                            prepareStatement.close();
                            connection.close();
                            this.loginSucceeded = true;
                            return true;
                        } finally {
                            prepareStatement.close();
                        }
                    } catch (Throwable th9) {
                        throw th9;
                    }
                } catch (Throwable th10) {
                    connection.close();
                    throw th10;
                }
            } catch (SQLException e) {
                this.cbUsername = null;
                this.cbPassword = null;
                this.groups.clear();
                throw ((LoginException) new LoginException("SQL error").initCause(e));
            } catch (LoginException e2) {
                this.cbUsername = null;
                this.cbPassword = null;
                this.groups.clear();
                throw e2;
            } catch (Exception e3) {
                this.cbUsername = null;
                this.cbPassword = null;
                this.groups.clear();
                throw ((LoginException) new LoginException("Could not access datasource").initCause(e3));
            }
        } catch (IOException | UnsupportedCallbackException e4) {
            throw ((LoginException) new LoginException().initCause(e4));
        }
    }

    public boolean commit() throws LoginException {
        if (this.loginSucceeded) {
            if (this.cbUsername != null) {
                this.allPrincipals.add(new UserPrincipal(this.cbUsername));
            }
            Iterator<String> it = this.groups.iterator();
            while (it.hasNext()) {
                this.allPrincipals.add(new GroupPrincipal(it.next()));
            }
            this.subject.getPrincipals().addAll(this.allPrincipals);
        }
        this.cbUsername = null;
        this.cbPassword = null;
        this.groups.clear();
        return this.loginSucceeded;
    }

    public boolean abort() throws LoginException {
        if (this.loginSucceeded) {
            this.cbUsername = null;
            this.cbPassword = null;
            this.groups.clear();
            this.allPrincipals.clear();
        }
        return this.loginSucceeded;
    }

    public boolean logout() throws LoginException {
        this.loginSucceeded = false;
        this.cbUsername = null;
        this.cbPassword = null;
        this.groups.clear();
        if (!this.subject.isReadOnly()) {
            this.subject.getPrincipals().removeAll(this.allPrincipals);
        }
        this.allPrincipals.clear();
        return true;
    }

    private boolean checkPassword(String str, String str2) {
        if (str == null && str2 == null) {
            return true;
        }
        if (str == null || str2 == null) {
            return false;
        }
        if (Strings.checkNullBlankString(this.digest)) {
            return str.equals(str2);
        }
        try {
            byte[] digest = MessageDigest.getInstance(this.digest).digest(str2.getBytes());
            if (this.encoding == null || "hex".equalsIgnoreCase(this.encoding)) {
                return str.equalsIgnoreCase(HexConverter.bytesToHex(digest));
            }
            if (MimeUtil.ENC_BASE64.equalsIgnoreCase(this.encoding)) {
                return str.equals(new String(Base64.encodeBase64(digest)));
            }
            return false;
        } catch (NoSuchAlgorithmException e) {
            log.error("Should not occur.  Availability of algorithm has been checked at initialization.", e);
            return false;
        }
    }

    static {
        $assertionsDisabled = !SQLLoginModule.class.desiredAssertionStatus();
        log = Logger.getInstance(LogCategory.OPENEJB_SECURITY, "org.apache.openejb.util.resources");
    }
}
