package com.sun.enterprise.security.auth.realm.jdbc;

import com.sun.appserv.connectors.internal.api.ConnectorRuntime;
import com.sun.enterprise.security.BaseRealm;
import com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter;
import com.sun.enterprise.security.auth.digest.api.Password;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import com.sun.enterprise.security.common.Util;
import com.sun.enterprise.security.ee.auth.realm.DigestRealmBase;
import com.sun.enterprise.universal.GFBase64Encoder;
import com.sun.enterprise.util.Utility;
import java.io.Reader;
import java.nio.charset.CharacterCodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.Vector;
import java.util.logging.Level;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;
import org.glassfish.hk2.api.ActiveDescriptor;
import org.glassfish.hk2.utilities.BuilderHelper;
import org.jvnet.hk2.annotations.Service;

@Service
/* loaded from: input_file:com/sun/enterprise/security/auth/realm/jdbc/JDBCRealm.class */
public final class JDBCRealm extends DigestRealmBase {
    public static final String AUTH_TYPE = "jdbc";
    public static final String PRE_HASHED = "HASHED";
    public static final String PARAM_DATASOURCE_JNDI = "datasource-jndi";
    public static final String PARAM_DB_USER = "db-user";
    public static final String PARAM_DB_PASSWORD = "db-password";
    public static final String PARAM_DIGEST_ALGORITHM = "digest-algorithm";
    public static final String NONE = "none";
    public static final String PARAM_ENCODING = "encoding";
    public static final String HEX = "hex";
    public static final String BASE64 = "base64";
    public static final String DEFAULT_ENCODING = "hex";
    public static final String PARAM_CHARSET = "charset";
    public static final String PARAM_USER_TABLE = "user-table";
    public static final String PARAM_USER_NAME_COLUMN = "user-name-column";
    public static final String PARAM_PASSWORD_COLUMN = "password-column";
    public static final String PARAM_GROUP_TABLE = "group-table";
    public static final String PARAM_GROUP_NAME_COLUMN = "group-name-column";
    public static final String PARAM_GROUP_TABLE_USER_NAME_COLUMN = "group-table-user-name-column";
    private static final char[] HEXADECIMAL = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private Map<String, Vector> groupCache;
    private Vector<String> emptyVector;
    private String passwordQuery = null;
    private String groupQuery = null;
    private MessageDigest md = null;
    private ActiveDescriptor<ConnectorRuntime> cr;

    @Override // com.sun.enterprise.security.auth.realm.Realm
    public synchronized void init(Properties properties) throws BadRealmException, NoSuchRealmException {
        super.init(properties);
        String property = properties.getProperty(BaseRealm.JAAS_CONTEXT_PARAM);
        String property2 = properties.getProperty(PARAM_DB_USER);
        String property3 = properties.getProperty(PARAM_DB_PASSWORD);
        String property4 = properties.getProperty(PARAM_DATASOURCE_JNDI);
        String property5 = properties.getProperty("digest-algorithm", getDefaultDigestAlgorithm());
        String property6 = properties.getProperty("encoding");
        String property7 = properties.getProperty("charset");
        String property8 = properties.getProperty(PARAM_USER_TABLE);
        String property9 = properties.getProperty(PARAM_USER_NAME_COLUMN);
        String property10 = properties.getProperty(PARAM_PASSWORD_COLUMN);
        String property11 = properties.getProperty(PARAM_GROUP_TABLE);
        String property12 = properties.getProperty(PARAM_GROUP_NAME_COLUMN);
        String property13 = properties.getProperty(PARAM_GROUP_TABLE_USER_NAME_COLUMN, property9);
        this.cr = Util.getDefaultHabitat().getBestDescriptor(BuilderHelper.createContractFilter(ConnectorRuntime.class.getName()));
        if (property == null) {
            throw new BadRealmException(sm.getString("realm.missingprop", BaseRealm.JAAS_CONTEXT_PARAM, "JDBCRealm"));
        }
        if (property4 == null) {
            throw new BadRealmException(sm.getString("realm.missingprop", PARAM_DATASOURCE_JNDI, "JDBCRealm"));
        }
        if (property8 == null) {
            throw new BadRealmException(sm.getString("realm.missingprop", PARAM_USER_TABLE, "JDBCRealm"));
        }
        if (property11 == null) {
            throw new BadRealmException(sm.getString("realm.missingprop", PARAM_GROUP_TABLE, "JDBCRealm"));
        }
        if (property9 == null) {
            throw new BadRealmException(sm.getString("realm.missingprop", PARAM_USER_NAME_COLUMN, "JDBCRealm"));
        }
        if (property10 == null) {
            throw new BadRealmException(sm.getString("realm.missingprop", PARAM_PASSWORD_COLUMN, "JDBCRealm"));
        }
        if (property12 == null) {
            throw new BadRealmException(sm.getString("realm.missingprop", PARAM_GROUP_NAME_COLUMN, "JDBCRealm"));
        }
        this.passwordQuery = "SELECT " + property10 + " FROM " + property8 + " WHERE " + property9 + " = ?";
        this.groupQuery = "SELECT " + property12 + " FROM " + property11 + " WHERE " + property13 + " = ? ";
        if (!"none".equalsIgnoreCase(property5)) {
            try {
                this.md = MessageDigest.getInstance(property5);
            } catch (NoSuchAlgorithmException e) {
                throw new BadRealmException(sm.getString("jdbcrealm.notsupportdigestalg", property5));
            }
        }
        if (this.md != null && property6 == null) {
            property6 = "hex";
        }
        setProperty(BaseRealm.JAAS_CONTEXT_PARAM, property);
        if (property2 != null && property3 != null) {
            setProperty(PARAM_DB_USER, property2);
            setProperty(PARAM_DB_PASSWORD, property3);
        }
        setProperty(PARAM_DATASOURCE_JNDI, property4);
        setProperty("digest-algorithm", property5);
        if (property6 != null) {
            setProperty("encoding", property6);
        }
        if (property7 != null) {
            setProperty("charset", property7);
        }
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.finest("JDBCRealm : jaas-context= " + property + ", datasource-jndi = " + property4 + ", db-user = " + property2 + ", digest-algorithm = " + property5 + ", encoding = " + property6 + ", charset = " + property7);
        }
        this.groupCache = new HashMap();
        this.emptyVector = new Vector<>();
    }

    @Override // com.sun.enterprise.security.auth.realm.Realm
    public String getAuthType() {
        return "jdbc";
    }

    @Override // com.sun.enterprise.security.auth.realm.Realm
    public Enumeration getGroupNames(String str) throws InvalidOperationException, NoSuchUserException {
        Vector vector = this.groupCache.get(str);
        if (vector == null) {
            setGroupNames(str, findGroups(str));
            vector = this.groupCache.get(str);
        }
        return vector.elements();
    }

    private void setGroupNames(String str, String[] strArr) {
        Vector<String> vector;
        if (strArr == null) {
            vector = this.emptyVector;
        } else {
            vector = new Vector<>(strArr.length + 1);
            Collections.addAll(vector, strArr);
        }
        synchronized (this) {
            this.groupCache.put(str, vector);
        }
    }

    public String[] authenticate(String str, char[] cArr) {
        String[] strArr = null;
        if (isUserValid(str, cArr)) {
            strArr = addAssignGroups(findGroups(str));
            setGroupNames(str, strArr);
        }
        return strArr;
    }

    @Override // com.sun.enterprise.security.ee.auth.realm.DigestRealm
    public boolean validate(String str, DigestAlgorithmParameter[] digestAlgorithmParameterArr) {
        Password password = getPassword(str);
        if (password == null) {
            return false;
        }
        return validate(password, digestAlgorithmParameterArr);
    }

    private Password getPassword(String str) {
        try {
            try {
                Connection connection = getConnection();
                PreparedStatement prepareStatement = connection.prepareStatement(this.passwordQuery);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    close(connection, prepareStatement, executeQuery);
                    return null;
                }
                final String string = executeQuery.getString(1);
                if (PRE_HASHED.equalsIgnoreCase(getProperty("encoding"))) {
                    Password password = new Password() { // from class: com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm.2
                        @Override // com.sun.enterprise.security.auth.digest.api.Password
                        public byte[] getValue() {
                            return string.getBytes();
                        }

                        @Override // com.sun.enterprise.security.auth.digest.api.Password
                        public int getType() {
                            return 1;
                        }
                    };
                    close(connection, prepareStatement, executeQuery);
                    return password;
                }
                Password password2 = new Password() { // from class: com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm.1
                    @Override // com.sun.enterprise.security.auth.digest.api.Password
                    public byte[] getValue() {
                        return string.getBytes();
                    }

                    @Override // com.sun.enterprise.security.auth.digest.api.Password
                    public int getType() {
                        return 0;
                    }
                };
                close(connection, prepareStatement, executeQuery);
                return password2;
            } catch (Exception e) {
                _logger.log(Level.SEVERE, "jdbcrealm.invaliduser", str);
                _logger.log(Level.SEVERE, (String) null, (Throwable) e);
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Cannot validate user", (Throwable) e);
                }
                close(null, null, null);
                return null;
            }
        } catch (Throwable th) {
            close(null, null, null);
            throw th;
        }
    }

    private boolean isUserValid(String str, char[] cArr) {
        boolean z = false;
        try {
            try {
                char[] hashPassword = hashPassword(cArr);
                Connection connection = getConnection();
                PreparedStatement prepareStatement = connection.prepareStatement(this.passwordQuery);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    Reader characterStream = executeQuery.getCharacterStream(1);
                    try {
                        char[] cArr2 = new char[1024];
                        int read = characterStream.read(cArr2);
                        if (read < 0) {
                            read = 0;
                        }
                        char[] cArr3 = new char[read];
                        System.arraycopy(cArr2, 0, cArr3, 0, read);
                        if ("hex".equalsIgnoreCase(getProperty("encoding"))) {
                            z = true;
                            int i = 0;
                            while (true) {
                                if (i >= read) {
                                    break;
                                }
                                if (Character.toLowerCase(cArr3[i]) != Character.toLowerCase(hashPassword[i])) {
                                    z = false;
                                    break;
                                }
                                i++;
                            }
                        } else {
                            z = Arrays.equals(cArr3, hashPassword);
                        }
                        if (characterStream != null) {
                            characterStream.close();
                        }
                    } catch (Throwable th) {
                        if (characterStream != null) {
                            try {
                                characterStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                close(connection, prepareStatement, executeQuery);
            } catch (Throwable th3) {
                close(null, null, null);
                throw th3;
            }
        } catch (SQLException e) {
            _logger.log(Level.SEVERE, "jdbcrealm.invaliduserreason", (Object[]) new String[]{str, e.toString()});
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Cannot validate user", (Throwable) e);
            }
            close(null, null, null);
        } catch (Exception e2) {
            _logger.log(Level.SEVERE, "jdbcrealm.invaliduser", str);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Cannot validate user", (Throwable) e2);
            }
            close(null, null, null);
        }
        return z;
    }

    private char[] hashPassword(char[] cArr) throws CharacterCodingException {
        String property = getProperty("charset");
        byte[] convertCharArrayToByteArray = Utility.convertCharArrayToByteArray(cArr, property);
        if (this.md != null) {
            synchronized (this.md) {
                this.md.reset();
                convertCharArrayToByteArray = this.md.digest(convertCharArrayToByteArray);
            }
        }
        String property2 = getProperty("encoding");
        return "hex".equalsIgnoreCase(property2) ? hexEncode(convertCharArrayToByteArray) : "base64".equalsIgnoreCase(property2) ? base64Encode(convertCharArrayToByteArray).toCharArray() : Utility.convertByteArrayToCharArray(convertCharArrayToByteArray, property);
    }

    private char[] hexEncode(byte[] bArr) {
        StringBuilder sb = new StringBuilder(2 * bArr.length);
        for (byte b : bArr) {
            sb.append(HEXADECIMAL[(b & 240) >> 4]);
            sb.append(HEXADECIMAL[b & 15]);
        }
        char[] cArr = new char[sb.length()];
        sb.getChars(0, sb.length(), cArr, 0);
        return cArr;
    }

    private String base64Encode(byte[] bArr) {
        return new GFBase64Encoder().encode(bArr);
    }

    private String[] findGroups(String str) {
        Connection connection = null;
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                connection = getConnection();
                preparedStatement = connection.prepareStatement(this.groupQuery);
                preparedStatement.setString(1, str);
                resultSet = preparedStatement.executeQuery();
                ArrayList arrayList = new ArrayList();
                while (resultSet.next()) {
                    arrayList.add(resultSet.getString(1));
                }
                String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
                close(connection, preparedStatement, resultSet);
                return strArr;
            } catch (Exception e) {
                _logger.log(Level.SEVERE, "jdbcrealm.grouperror", str);
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Cannot load group", (Throwable) e);
                }
                close(connection, preparedStatement, resultSet);
                return null;
            }
        } catch (Throwable th) {
            close(connection, preparedStatement, resultSet);
            throw th;
        }
    }

    private void close(Connection connection, PreparedStatement preparedStatement, ResultSet resultSet) {
        if (resultSet != null) {
            try {
                resultSet.close();
            } catch (Exception e) {
            }
        }
        if (preparedStatement != null) {
            try {
                preparedStatement.close();
            } catch (Exception e2) {
            }
        }
        if (connection != null) {
            try {
                connection.close();
            } catch (Exception e3) {
            }
        }
    }

    private Connection getConnection() throws LoginException {
        String property = getProperty(PARAM_DATASOURCE_JNDI);
        String property2 = getProperty(PARAM_DB_USER);
        String property3 = getProperty(PARAM_DB_PASSWORD);
        try {
            DataSource dataSource = (DataSource) ((ConnectorRuntime) Util.getDefaultHabitat().getServiceHandle(this.cr).getService()).lookupNonTxResource(property, false);
            return (property2 == null || property3 == null) ? dataSource.getConnection() : dataSource.getConnection(property2, property3);
        } catch (Exception e) {
            LoginException loginException = new LoginException(sm.getString("jdbcrealm.cantconnect", property, property2));
            loginException.initCause(e);
            throw loginException;
        }
    }
}
