package org.eclipse.scada.sec.provider.jdbc;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.eclipse.scada.ca.ConfigurationDataHelper;
import org.eclipse.scada.sec.AuthenticationException;
import org.eclipse.scada.sec.AuthenticationService;
import org.eclipse.scada.sec.UserInformation;
import org.eclipse.scada.sec.UserManagerService;
import org.eclipse.scada.sec.authn.CredentialsRequest;
import org.eclipse.scada.sec.utils.password.PasswordEncoder;
import org.eclipse.scada.sec.utils.password.PasswordEncoding;
import org.eclipse.scada.sec.utils.password.PasswordType;
import org.eclipse.scada.sec.utils.password.PasswordValidator;
import org.eclipse.scada.utils.collection.MapBuilder;
import org.eclipse.scada.utils.osgi.SingleServiceListener;
import org.eclipse.scada.utils.osgi.jdbc.DataSourceConnectionAccessor;
import org.eclipse.scada.utils.osgi.jdbc.DataSourceFactoryTracker;
import org.eclipse.scada.utils.osgi.jdbc.data.RowMapperAdapter;
import org.eclipse.scada.utils.osgi.jdbc.data.RowMapperMappingException;
import org.eclipse.scada.utils.osgi.jdbc.task.CommonConnectionTask;
import org.eclipse.scada.utils.osgi.jdbc.task.ConnectionContext;
import org.eclipse.scada.utils.osgi.jdbc.task.RowCallback;
import org.eclipse.scada.utils.statuscodes.SeverityLevel;
import org.eclipse.scada.utils.statuscodes.StatusCode;
import org.eclipse.scada.utils.str.StringHelper;
import org.osgi.framework.BundleContext;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.jdbc.DataSourceFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/scada/sec/provider/jdbc/JdbcAuthenticationService.class */
public class JdbcAuthenticationService implements AuthenticationService, UserManagerService {
    private static final StatusCode NO_ACCESSOR = new StatusCode("OSSEC", "JDBC", 1, SeverityLevel.ERROR);
    private static final StatusCode INTERNAL_ERROR = new StatusCode("OSSEC", "JDBC", 2, SeverityLevel.ERROR);
    private static final Logger logger = LoggerFactory.getLogger(JdbcAuthenticationService.class);
    private final String id;
    private final BundleContext context;
    private String driver;
    private DataSourceFactoryTracker tracker;
    private Properties connectionProperties;
    private DataSourceConnectionAccessor accessor;
    private final ReadWriteLock accessorLock = new ReentrantReadWriteLock();
    private final Lock readLock = this.accessorLock.readLock();
    private final Lock writeLock = this.accessorLock.writeLock();
    private boolean authoritative;
    private PasswordValidator passwordValidator;
    private String findUserSql;
    private String findRolesForUserSql;
    private String updatePasswordSql;
    private PasswordEncoder passwordEncoder;
    private String userIdColumnName;
    private String passwordColumnName;

    /* loaded from: input_file:org/eclipse/scada/sec/provider/jdbc/JdbcAuthenticationService$PasswordCheckRowCallback.class */
    public class PasswordCheckRowCallback implements RowCallback {
        private boolean result;
        private final Map<PasswordEncoding, String> passwords;
        private final String userIdColumnName;
        private String userId;
        private final String passwordColumnName;

        public PasswordCheckRowCallback(Map<PasswordEncoding, String> map, String str, String str2) {
            this.passwords = map;
            this.userIdColumnName = str2;
            this.passwordColumnName = str;
        }

        public boolean isResult() {
            return this.result;
        }

        public String getUserId() {
            return this.userId;
        }

        public void processRow(ResultSet resultSet) throws SQLException {
            String string = resultSet.getString(this.passwordColumnName);
            if (string == null || string.isEmpty() || !JdbcAuthenticationService.this.validatePassword(this.passwords, string)) {
                return;
            }
            if (this.userIdColumnName != null) {
                this.userId = resultSet.getString(this.userIdColumnName);
            }
            this.result = true;
        }
    }

    public JdbcAuthenticationService(BundleContext bundleContext, String str) {
        this.context = bundleContext;
        this.id = str;
    }

    public void joinRequest(CredentialsRequest credentialsRequest) {
        credentialsRequest.askUsername();
        credentialsRequest.askPassword(this.passwordValidator.getSupportedInputEncodings());
    }

    public UserInformation authenticate(final CredentialsRequest credentialsRequest) throws AuthenticationException {
        final String userName = credentialsRequest.getUserName();
        try {
            this.readLock.lock();
            if (this.accessor == null) {
                logger.info("We don't have any accessor");
                return failure("No connection to database", NO_ACCESSOR);
            }
            try {
                return (UserInformation) this.accessor.doWithConnection(new CommonConnectionTask<UserInformation>() { // from class: org.eclipse.scada.sec.provider.jdbc.JdbcAuthenticationService.1
                    /* renamed from: performTask, reason: merged with bridge method [inline-methods] */
                    public UserInformation m2performTask(ConnectionContext connectionContext) throws Exception {
                        return JdbcAuthenticationService.this.performAuthentication(connectionContext, userName, credentialsRequest.getPasswords());
                    }
                });
            } catch (Exception e) {
                if (e.getCause() instanceof AuthenticationException) {
                    logger.info("Task throw exception. Rethrowing cause...", e);
                    throw e.getCause();
                }
                logger.warn("Failed to perform login", e);
                throw new AuthenticationException(INTERNAL_ERROR, e);
            }
        } finally {
            this.readLock.unlock();
        }
    }

    protected UserInformation performAuthentication(ConnectionContext connectionContext, String str, Map<PasswordEncoding, String> map) throws AuthenticationException, SQLException {
        PasswordCheckRowCallback passwordCheckRowCallback = new PasswordCheckRowCallback(map, this.passwordColumnName, this.userIdColumnName);
        connectionContext.query(passwordCheckRowCallback, this.findUserSql, new MapBuilder().put("USER_ID", str).getMap());
        if (!passwordCheckRowCallback.isResult()) {
            return null;
        }
        String userId = this.userIdColumnName != null ? passwordCheckRowCallback.getUserId() : str;
        logger.trace("Using user id: {}", userId);
        List queryForList = (this.findRolesForUserSql == null || this.findRolesForUserSql.isEmpty()) ? null : connectionContext.queryForList(String.class, this.findRolesForUserSql, new MapBuilder().put("USER_ID", userId).getMap());
        logger.trace("Found roles for user: {}", queryForList);
        return new UserInformation(str, queryForList);
    }

    protected boolean validatePassword(Map<PasswordEncoding, String> map, String str) {
        try {
            return this.passwordValidator.validatePassword(map, str);
        } catch (Exception e) {
            logger.warn("Failed to validate password", e);
            return false;
        }
    }

    private UserInformation failure(String str, StatusCode statusCode) throws AuthenticationException {
        if (this.authoritative) {
            throw new AuthenticationException(statusCode, str);
        }
        logger.warn("Failed to authenticate non-authoritative with error: {}", statusCode);
        return null;
    }

    public void dispose() {
        detach();
    }

    public UserInformation getUser(final String str) {
        this.readLock.lock();
        try {
            if (this.accessor == null) {
                logger.info("We don't have any accessor");
                this.readLock.unlock();
                return null;
            }
            try {
                return (UserInformation) this.accessor.doWithConnection(new CommonConnectionTask<UserInformation>() { // from class: org.eclipse.scada.sec.provider.jdbc.JdbcAuthenticationService.2
                    /* renamed from: performTask, reason: merged with bridge method [inline-methods] */
                    public UserInformation m3performTask(ConnectionContext connectionContext) throws Exception {
                        return JdbcAuthenticationService.this.performLookup(connectionContext, str);
                    }
                });
            } catch (Exception e) {
                logger.warn("Failed to perform lookup", e);
                this.readLock.unlock();
                return null;
            }
        } finally {
            this.readLock.unlock();
        }
    }

    protected UserInformation performLookup(ConnectionContext connectionContext, String str) throws SQLException {
        List query = connectionContext.query(new RowMapperAdapter<String>() { // from class: org.eclipse.scada.sec.provider.jdbc.JdbcAuthenticationService.3
            /* renamed from: mapRow, reason: merged with bridge method [inline-methods] */
            public String m4mapRow(ResultSet resultSet) throws SQLException, RowMapperMappingException {
                return JdbcAuthenticationService.this.userIdColumnName == null ? "" : resultSet.getString(JdbcAuthenticationService.this.userIdColumnName);
            }
        }, this.findUserSql, new MapBuilder().put("USER_ID", str).getMap());
        if (query.isEmpty()) {
            return null;
        }
        String str2 = this.userIdColumnName != null ? (String) query.get(0) : str;
        logger.trace("Using '{0}' as user id", str2);
        List queryForList = (this.findRolesForUserSql == null || this.findRolesForUserSql.isEmpty()) ? null : connectionContext.queryForList(String.class, this.findRolesForUserSql, new MapBuilder().put("USER_ID", str2).getMap());
        logger.trace("Found roles for user: {}", queryForList);
        return new UserInformation(str2, queryForList);
    }

    public void update(Map<String, String> map) throws Exception {
        logger.debug("Updating configuration");
        detach();
        ConfigurationDataHelper configurationDataHelper = new ConfigurationDataHelper(map);
        this.driver = configurationDataHelper.getStringChecked("driver", "Need database driver name in 'driver'");
        this.connectionProperties = new Properties();
        this.connectionProperties.putAll(configurationDataHelper.getPrefixed("jdbc.properties."));
        PasswordType enumChecked = configurationDataHelper.getEnumChecked("passwordType", PasswordType.class, String.format("Need 'passwordType' to be one of (%s)", StringHelper.join(PasswordType.values(), ", ")));
        this.passwordValidator = enumChecked.createValdiator();
        this.passwordEncoder = enumChecked.createEncoder();
        this.authoritative = configurationDataHelper.getBoolean("authoritative", true);
        this.findUserSql = configurationDataHelper.getStringChecked("findUserSql", "Need 'findUserSql' to be set");
        this.findRolesForUserSql = configurationDataHelper.getString("findRolesForUserSql");
        this.updatePasswordSql = configurationDataHelper.getString("updatePasswordSql");
        this.userIdColumnName = configurationDataHelper.getString("userIdColumnName");
        this.passwordColumnName = configurationDataHelper.getString("passwordColumnName", "password");
        attach();
    }

    private void attach() throws InvalidSyntaxException {
        logger.debug("Creating data source tracker: {}", this.driver);
        this.tracker = new DataSourceFactoryTracker(this.context, this.driver, new SingleServiceListener<DataSourceFactory>() { // from class: org.eclipse.scada.sec.provider.jdbc.JdbcAuthenticationService.4
            public void serviceChange(ServiceReference<DataSourceFactory> serviceReference, DataSourceFactory dataSourceFactory) {
                JdbcAuthenticationService.this.setDataSource(dataSourceFactory);
            }

            public /* bridge */ /* synthetic */ void serviceChange(ServiceReference serviceReference, Object obj) {
                serviceChange((ServiceReference<DataSourceFactory>) serviceReference, (DataSourceFactory) obj);
            }
        });
        this.tracker.open();
    }

    private void detach() {
        if (this.tracker != null) {
            this.tracker.close();
            this.tracker = null;
        }
    }

    protected void setDataSource(DataSourceFactory dataSourceFactory) {
        logger.debug("Setting data source: {}", dataSourceFactory);
        try {
            this.writeLock.lock();
            if (this.accessor != null) {
                this.accessor.dispose();
                this.accessor = null;
            }
            if (dataSourceFactory != null) {
                try {
                    this.accessor = new DataSourceConnectionAccessor(dataSourceFactory, this.connectionProperties);
                } catch (SQLException e) {
                    logger.error("Failed to create datasource for " + this.id, e);
                }
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    public boolean isUserManager() {
        return (this.updatePasswordSql == null || this.updatePasswordSql.isEmpty()) ? false : true;
    }

    public void setPassword(final String str, final String str2) {
        try {
            this.readLock.lock();
            if (this.accessor == null) {
                logger.info("We don't have any accessor");
                throw new IllegalStateException("User manager does not have a database connection");
            }
            this.accessor.doWithConnection(new CommonConnectionTask<Void>() { // from class: org.eclipse.scada.sec.provider.jdbc.JdbcAuthenticationService.5
                /* JADX INFO: Access modifiers changed from: protected */
                /* renamed from: performTask, reason: merged with bridge method [inline-methods] */
                public Void m5performTask(ConnectionContext connectionContext) throws Exception {
                    connectionContext.setAutoCommit(false);
                    JdbcAuthenticationService.this.handleSetPassword(connectionContext, str, str2);
                    connectionContext.commit();
                    return null;
                }
            });
        } finally {
            this.readLock.unlock();
        }
    }

    protected void handleSetPassword(ConnectionContext connectionContext, String str, String str2) throws Exception {
        String encodePassword = this.passwordEncoder.encodePassword(str2);
        HashMap hashMap = new HashMap();
        hashMap.put("USER_NAME", str);
        hashMap.put("PASSWORD", encodePassword);
        int update = connectionContext.update(this.updatePasswordSql, new Object[]{hashMap});
        logger.info("Updated password for user {} => {}", str, Integer.valueOf(update));
        if (update != 1) {
            throw new IllegalStateException(update < 1 ? String.format("User '%s' was not found", str) : "Too many entries");
        }
    }
}
