package org.wildfly.security.auth.provider.jdbc;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Iterator;
import java.util.List;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.provider.jdbc.mapper.PasswordKeyMapper;
import org.wildfly.security.auth.server.CredentialSupport;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.ClearPassword;

/* loaded from: input_file:org/wildfly/security/auth/provider/jdbc/JdbcSecurityRealm.class */
public class JdbcSecurityRealm implements SecurityRealm {
    private final List<QueryConfiguration> queryConfiguration;

    /* loaded from: input_file:org/wildfly/security/auth/provider/jdbc/JdbcSecurityRealm$JdbcRealmIdentity.class */
    private class JdbcRealmIdentity implements RealmIdentity {
        private final String name;

        /* loaded from: input_file:org/wildfly/security/auth/provider/jdbc/JdbcSecurityRealm$JdbcRealmIdentity$JdbcAuthorizationIdentity.class */
        private class JdbcAuthorizationIdentity implements AuthorizationIdentity {
            private String name;

            JdbcAuthorizationIdentity(String str) {
                this.name = str;
            }
        }

        public JdbcRealmIdentity(String str) {
            this.name = str;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public String getName() {
            return this.name;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public CredentialSupport getCredentialSupport(Class<?> cls) throws RealmUnavailableException {
            for (QueryConfiguration queryConfiguration : JdbcSecurityRealm.this.queryConfiguration) {
                for (ColumnMapper columnMapper : queryConfiguration.getColumnMappers()) {
                    if (KeyMapper.class.isInstance(columnMapper)) {
                        KeyMapper keyMapper = (KeyMapper) columnMapper;
                        if (keyMapper.getKeyType().isAssignableFrom(cls)) {
                            keyMapper.getClass();
                            return (CredentialSupport) executeAuthenticationQuery(queryConfiguration, keyMapper::getCredentialSupport);
                        }
                    }
                }
            }
            return CredentialSupport.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C> C getCredential(Class<C> cls) throws RealmUnavailableException {
            for (QueryConfiguration queryConfiguration : JdbcSecurityRealm.this.queryConfiguration) {
                for (ColumnMapper columnMapper : queryConfiguration.getColumnMappers()) {
                    if (KeyMapper.class.isInstance(columnMapper)) {
                        KeyMapper keyMapper = (KeyMapper) columnMapper;
                        if (keyMapper.getKeyType().isAssignableFrom(cls)) {
                            return (C) executeAuthenticationQuery(queryConfiguration, resultSet -> {
                                return keyMapper.map(resultSet);
                            });
                        }
                    }
                }
            }
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyCredential(Object obj) throws RealmUnavailableException {
            if (obj == null) {
                return false;
            }
            for (QueryConfiguration queryConfiguration : JdbcSecurityRealm.this.queryConfiguration) {
                for (ColumnMapper columnMapper : queryConfiguration.getColumnMappers()) {
                    if (KeyMapper.class.isInstance(columnMapper) && Password.class.isAssignableFrom(((KeyMapper) columnMapper).getKeyType())) {
                        return verifyPassword(queryConfiguration, (PasswordKeyMapper) columnMapper, obj);
                    }
                }
            }
            return false;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            return true;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            return new JdbcAuthorizationIdentity(this.name);
        }

        private boolean verifyPassword(QueryConfiguration queryConfiguration, PasswordKeyMapper passwordKeyMapper, Object obj) {
            char[] password;
            passwordKeyMapper.getClass();
            Object executeAuthenticationQuery = executeAuthenticationQuery(queryConfiguration, passwordKeyMapper::map);
            String algorithm = passwordKeyMapper.getAlgorithm();
            try {
                if (!Password.class.isInstance(executeAuthenticationQuery)) {
                    return false;
                }
                PasswordFactory passwordFactory = getPasswordFactory(algorithm);
                if (String.class.equals(obj.getClass())) {
                    password = obj.toString().toCharArray();
                } else if (char[].class.equals(obj.getClass())) {
                    password = (char[]) obj;
                } else {
                    if (!ClearPassword.class.isInstance(obj)) {
                        throw ElytronMessages.log.passwordBasedCredentialsMustBeStringCharsOrClearPassword();
                    }
                    password = ((ClearPassword) obj).getPassword();
                }
                return passwordFactory.verify((Password) executeAuthenticationQuery, password);
            } catch (InvalidKeyException e) {
                throw ElytronMessages.log.invalidPasswordKeyForAlgorithm(algorithm, e);
            }
        }

        private PasswordFactory getPasswordFactory(String str) {
            try {
                return PasswordFactory.getInstance(str);
            } catch (NoSuchAlgorithmException e) {
                throw ElytronMessages.log.couldNotObtainPasswordFactoryForAlgorithm(str, e);
            }
        }

        private Connection getConnection(QueryConfiguration queryConfiguration) {
            try {
                return queryConfiguration.getDataSource().getConnection();
            } catch (Exception e) {
                throw ElytronMessages.log.couldNotOpenConnection(e);
            }
        }

        private void safeClose(AutoCloseable autoCloseable) {
            if (autoCloseable != null) {
                try {
                    autoCloseable.close();
                } catch (Exception e) {
                }
            }
        }

        private <E> E executeAuthenticationQuery(QueryConfiguration queryConfiguration, ResultSetCallback<E> resultSetCallback) {
            String sql = queryConfiguration.getSql();
            Connection connection = getConnection(queryConfiguration);
            PreparedStatement preparedStatement = null;
            ResultSet resultSet = null;
            try {
                try {
                    preparedStatement = connection.prepareStatement(sql);
                    preparedStatement.setString(1, getName());
                    resultSet = preparedStatement.executeQuery();
                    E handle = resultSetCallback.handle(resultSet);
                    safeClose(resultSet);
                    safeClose(preparedStatement);
                    safeClose(connection);
                    return handle;
                } catch (SQLException e) {
                    throw ElytronMessages.log.couldNotExecuteQuery(sql, e);
                } catch (Exception e2) {
                    throw ElytronMessages.log.unexpectedErrorWhenProcessingAuthenticationQuery(sql, e2);
                }
            } catch (Throwable th) {
                safeClose(resultSet);
                safeClose(preparedStatement);
                safeClose(connection);
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/provider/jdbc/JdbcSecurityRealm$ResultSetCallback.class */
    public interface ResultSetCallback<E> {
        E handle(ResultSet resultSet);
    }

    public static JdbcSecurityRealmBuilder builder() {
        return new JdbcSecurityRealmBuilder();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JdbcSecurityRealm(List<QueryConfiguration> list) {
        this.queryConfiguration = list;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity createRealmIdentity(String str) throws RealmUnavailableException {
        return new JdbcRealmIdentity(str);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public CredentialSupport getCredentialSupport(Class<?> cls) throws RealmUnavailableException {
        Iterator<QueryConfiguration> it = this.queryConfiguration.iterator();
        while (it.hasNext()) {
            for (ColumnMapper columnMapper : it.next().getColumnMappers()) {
                if (KeyMapper.class.isInstance(columnMapper) && cls.equals(((KeyMapper) columnMapper).getKeyType())) {
                    return CredentialSupport.UNKNOWN;
                }
            }
        }
        return CredentialSupport.UNSUPPORTED;
    }
}
