package org.wildfly.security.auth.realm.jdbc;

import java.security.Principal;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Iterator;
import java.util.List;
import java.util.function.Consumer;
import java.util.function.Supplier;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.CacheableSecurityRealm;
import org.wildfly.security.auth.realm.jdbc.mapper.AttributeMapper;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.2.4.Final.jar:org/wildfly/security/auth/realm/jdbc/JdbcSecurityRealm.class */
public class JdbcSecurityRealm implements CacheableSecurityRealm {
    private final Supplier<Provider[]> providers;
    private final List<QueryConfiguration> queryConfiguration;

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.2.4.Final.jar:org/wildfly/security/auth/realm/jdbc/JdbcSecurityRealm$JdbcRealmIdentity.class */
    private class JdbcRealmIdentity implements RealmIdentity {
        private final String name;
        private boolean loaded = false;
        private JdbcIdentity identity;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.2.4.Final.jar:org/wildfly/security/auth/realm/jdbc/JdbcSecurityRealm$JdbcRealmIdentity$JdbcIdentity.class */
        public class JdbcIdentity {
            private final Attributes attributes;
            private final IdentityCredentials identityCredentials;

            JdbcIdentity(Attributes attributes, IdentityCredentials identityCredentials) {
                this.attributes = attributes;
                this.identityCredentials = identityCredentials;
            }
        }

        public JdbcRealmIdentity(String str) {
            this.name = str;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public Principal getRealmIdentityPrincipal() {
            return new NamePrincipal(this.name);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentialType", cls);
            JdbcIdentity identity = getIdentity();
            return identity != null ? identity.identityCredentials.getCredentialAcquireSupport(cls, str, algorithmParameterSpec) : SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
            return (C) getCredential(cls, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
            return (C) getCredential(cls, str, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentialType", cls);
            JdbcIdentity identity = getIdentity();
            if (identity != null) {
                return (C) identity.identityCredentials.getCredential(cls, str);
            }
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            Assert.checkNotNullParam("evidenceType", cls);
            JdbcIdentity identity = getIdentity();
            if (identity != null && identity.identityCredentials.canVerify(cls, str)) {
                return SupportLevel.SUPPORTED;
            }
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            Assert.checkNotNullParam("evidence", evidence);
            JdbcIdentity identity = getIdentity();
            if (identity != null) {
                return identity.identityCredentials.verify(evidence);
            }
            return false;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            return getIdentity() != null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            return !exists() ? AuthorizationIdentity.EMPTY : AuthorizationIdentity.basicIdentity(this.identity.attributes);
        }

        /* JADX WARN: Finally extract failed */
        private JdbcIdentity getIdentity() {
            if (!this.loaded && this.identity == null) {
                MapAttributes mapAttributes = new MapAttributes();
                IdentityCredentials identityCredentials = IdentityCredentials.NONE;
                boolean z = false;
                for (QueryConfiguration queryConfiguration : JdbcSecurityRealm.this.queryConfiguration) {
                    String sql = queryConfiguration.getSql();
                    ElytronMessages.log.tracef("Executing principalQuery %s with value %s", sql, this.name);
                    try {
                        Connection connection = getConnection(queryConfiguration);
                        Throwable th = null;
                        try {
                            PreparedStatement prepareStatement = connection.prepareStatement(sql);
                            Throwable th2 = null;
                            try {
                                prepareStatement.setString(1, this.name);
                                ResultSet executeQuery = prepareStatement.executeQuery();
                                Throwable th3 = null;
                                try {
                                    try {
                                        List<AttributeMapper> columnMappers = queryConfiguration.getColumnMappers(AttributeMapper.class);
                                        List columnMappers2 = queryConfiguration.getColumnMappers(KeyMapper.class);
                                        while (executeQuery.next()) {
                                            z = true;
                                            for (AttributeMapper attributeMapper : columnMappers) {
                                                Object map = attributeMapper.map(executeQuery, JdbcSecurityRealm.this.providers);
                                                if (map != null) {
                                                    if (mapAttributes.containsKey(attributeMapper.getName())) {
                                                        mapAttributes.get(attributeMapper.getName()).add(map.toString());
                                                    } else {
                                                        mapAttributes.addFirst(attributeMapper.getName(), map.toString());
                                                    }
                                                }
                                            }
                                            Iterator it = columnMappers2.iterator();
                                            while (it.hasNext()) {
                                                Credential map2 = ((KeyMapper) it.next()).map(executeQuery, JdbcSecurityRealm.this.providers);
                                                if (map2 != null) {
                                                    identityCredentials = identityCredentials.withCredential(map2);
                                                }
                                            }
                                        }
                                        if (executeQuery != null) {
                                            if (0 != 0) {
                                                try {
                                                    executeQuery.close();
                                                } catch (Throwable th4) {
                                                    th3.addSuppressed(th4);
                                                }
                                            } else {
                                                executeQuery.close();
                                            }
                                        }
                                        if (prepareStatement != null) {
                                            if (0 != 0) {
                                                try {
                                                    prepareStatement.close();
                                                } catch (Throwable th5) {
                                                    th2.addSuppressed(th5);
                                                }
                                            } else {
                                                prepareStatement.close();
                                            }
                                        }
                                        if (connection != null) {
                                            if (0 != 0) {
                                                try {
                                                    connection.close();
                                                } catch (Throwable th6) {
                                                    th.addSuppressed(th6);
                                                }
                                            } else {
                                                connection.close();
                                            }
                                        }
                                    } finally {
                                    }
                                } catch (Throwable th7) {
                                    if (executeQuery != null) {
                                        if (th3 != null) {
                                            try {
                                                executeQuery.close();
                                            } catch (Throwable th8) {
                                                th3.addSuppressed(th8);
                                            }
                                        } else {
                                            executeQuery.close();
                                        }
                                    }
                                    throw th7;
                                }
                            } catch (Throwable th9) {
                                if (prepareStatement != null) {
                                    if (0 != 0) {
                                        try {
                                            prepareStatement.close();
                                        } catch (Throwable th10) {
                                            th2.addSuppressed(th10);
                                        }
                                    } else {
                                        prepareStatement.close();
                                    }
                                }
                                throw th9;
                            }
                        } catch (Throwable th11) {
                            if (connection != null) {
                                if (0 != 0) {
                                    try {
                                        connection.close();
                                    } catch (Throwable th12) {
                                        th.addSuppressed(th12);
                                    }
                                } else {
                                    connection.close();
                                }
                            }
                            throw th11;
                        }
                    } catch (SQLException e) {
                        throw ElytronMessages.log.couldNotExecuteQuery(sql, e);
                    } catch (Exception e2) {
                        throw ElytronMessages.log.unexpectedErrorWhenProcessingAuthenticationQuery(sql, e2);
                    }
                }
                this.identity = z ? new JdbcIdentity(mapAttributes, identityCredentials) : null;
                this.loaded = true;
            }
            return this.identity;
        }

        private Connection getConnection(QueryConfiguration queryConfiguration) {
            try {
                return queryConfiguration.getDataSource().getConnection();
            } catch (Exception e) {
                throw ElytronMessages.log.couldNotOpenConnection(e);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.2.4.Final.jar:org/wildfly/security/auth/realm/jdbc/JdbcSecurityRealm$ResultSetCallback.class */
    private interface ResultSetCallback<E> {
        E handle(ResultSet resultSet) throws SQLException;
    }

    public static JdbcSecurityRealmBuilder builder() {
        return new JdbcSecurityRealmBuilder();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JdbcSecurityRealm(List<QueryConfiguration> list, Supplier<Provider[]> supplier) {
        this.queryConfiguration = list;
        this.providers = supplier;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(Principal principal) {
        return !(principal instanceof NamePrincipal) ? RealmIdentity.NON_EXISTENT : new JdbcRealmIdentity(principal.getName());
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        SupportLevel supportLevel = SupportLevel.UNSUPPORTED;
        Iterator<QueryConfiguration> it = this.queryConfiguration.iterator();
        while (it.hasNext()) {
            Iterator it2 = it.next().getColumnMappers(KeyMapper.class).iterator();
            while (it2.hasNext()) {
                SupportLevel credentialAcquireSupport = ((KeyMapper) it2.next()).getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
                if (supportLevel.compareTo(credentialAcquireSupport) < 0) {
                    supportLevel = credentialAcquireSupport;
                }
            }
        }
        return supportLevel;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidenceType", cls);
        SupportLevel supportLevel = SupportLevel.UNSUPPORTED;
        Iterator<QueryConfiguration> it = this.queryConfiguration.iterator();
        while (it.hasNext()) {
            Iterator it2 = it.next().getColumnMappers(KeyMapper.class).iterator();
            while (it2.hasNext()) {
                SupportLevel evidenceVerifySupport = ((KeyMapper) it2.next()).getEvidenceVerifySupport(cls, str);
                if (supportLevel.compareTo(evidenceVerifySupport) < 0) {
                    supportLevel = evidenceVerifySupport;
                }
            }
        }
        return supportLevel;
    }

    @Override // org.wildfly.security.auth.realm.CacheableSecurityRealm
    public void registerIdentityChangeListener(Consumer<Principal> consumer) {
    }
}
