package org.wildfly.security.auth.provider.jdbc.mapper;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.asn1.ASN1;
import org.wildfly.security.auth.provider.jdbc.KeyMapper;
import org.wildfly.security.auth.server.CredentialSupport;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.BCryptPassword;
import org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.interfaces.DigestPassword;
import org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword;
import org.wildfly.security.password.interfaces.ScramDigestPassword;
import org.wildfly.security.password.interfaces.SimpleDigestPassword;
import org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword;
import org.wildfly.security.password.interfaces.UnixDESCryptPassword;
import org.wildfly.security.password.interfaces.UnixMD5CryptPassword;
import org.wildfly.security.password.interfaces.UnixSHACryptPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.HashPasswordSpec;
import org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec;
import org.wildfly.security.password.spec.SaltedHashPasswordSpec;
import org.wildfly.security.password.util.ModularCrypt;
import org.wildfly.security.sasl.entity.GeneralName;
import org.wildfly.security.util.CodePointIterator;

/* loaded from: input_file:org/wildfly/security/auth/provider/jdbc/mapper/PasswordKeyMapper.class */
public class PasswordKeyMapper implements KeyMapper {
    private final int hash;
    private final String algorithm;
    private int salt;
    private int iterationCount;
    private final String credentialName;
    private final Class<?> passwordType;

    public PasswordKeyMapper(String str, int i) throws InvalidKeyException {
        this.salt = -1;
        this.iterationCount = -1;
        Assert.checkNotNullParam("credentialName", str);
        Assert.checkMinimumParameter("hash", 1, i);
        this.algorithm = toAlgorithm(str);
        this.passwordType = toPasswordType(this.algorithm);
        this.hash = i;
        this.credentialName = str;
    }

    public PasswordKeyMapper(String str, int i, int i2) throws InvalidKeyException {
        this(str, i);
        Assert.checkMinimumParameter("salt", 1, i2);
        this.salt = i2;
    }

    public PasswordKeyMapper(String str, int i, int i2, int i3) throws InvalidKeyException {
        this(str, i, i2);
        Assert.checkMinimumParameter("iterationCount", 1, i3);
        this.iterationCount = i3;
    }

    public PasswordKeyMapper(String str, String str2, int i) throws InvalidKeyException {
        this.salt = -1;
        this.iterationCount = -1;
        Assert.checkNotNullParam("credentialName", str);
        Assert.checkNotNullParam("algorithm", str2);
        Assert.checkMinimumParameter("hash", 1, i);
        this.algorithm = str2;
        this.passwordType = toPasswordType(str2);
        this.hash = i;
        this.credentialName = str;
    }

    public PasswordKeyMapper(String str, String str2, int i, int i2) throws InvalidKeyException {
        this(str, str2, i);
        Assert.checkMinimumParameter("salt", 1, i2);
        this.salt = i2;
    }

    public PasswordKeyMapper(String str, String str2, int i, int i2, int i3) throws InvalidKeyException {
        this(str, str2, i, i2);
        Assert.checkMinimumParameter("iterationCount", 1, i3);
        this.iterationCount = i3;
    }

    @Override // org.wildfly.security.auth.provider.jdbc.KeyMapper
    public String getCredentialName() {
        return this.credentialName;
    }

    @Override // org.wildfly.security.auth.provider.jdbc.KeyMapper
    public CredentialSupport getCredentialSupport(ResultSet resultSet) {
        try {
            return map(resultSet) != null ? CredentialSupport.FULLY_SUPPORTED : CredentialSupport.UNSUPPORTED;
        } catch (SQLException e) {
            throw ElytronMessages.log.couldNotObtainCredentialWithCause(e);
        }
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public int getHash() {
        return this.hash;
    }

    public int getSalt() {
        return this.salt;
    }

    public int getIterationCount() {
        return this.iterationCount;
    }

    @Override // org.wildfly.security.auth.provider.jdbc.ColumnMapper
    public Object map(ResultSet resultSet) throws SQLException {
        byte[] bArr = null;
        byte[] bArr2 = null;
        int i = 0;
        if (resultSet.next()) {
            bArr = toByteArray(resultSet.getObject(getHash()));
            if (getSalt() > 0) {
                bArr2 = toByteArray(resultSet.getObject(getSalt()));
            }
            if (getIterationCount() > 0) {
                i = resultSet.getInt(getIterationCount());
            }
        }
        if (bArr == null) {
            return null;
        }
        PasswordFactory passwordFactory = getPasswordFactory(getAlgorithm());
        try {
            if (ClearPassword.class.equals(this.passwordType)) {
                return toClearPassword(bArr, passwordFactory);
            }
            if (BCryptPassword.class.equals(this.passwordType)) {
                return toBcryptPassword(bArr, bArr2, i, passwordFactory);
            }
            if (SaltedSimpleDigestPassword.class.equals(this.passwordType)) {
                return toSaltedSimpleDigestPassword(bArr, bArr2, passwordFactory);
            }
            if (SimpleDigestPassword.class.equals(this.passwordType)) {
                return toSimpleDigestPassword(bArr, passwordFactory);
            }
            if (ScramDigestPassword.class.equals(this.passwordType)) {
                return toScramDigestPassword(bArr, bArr2, i, passwordFactory);
            }
            return null;
        } catch (InvalidKeyException | InvalidKeySpecException e) {
            throw ElytronMessages.log.invalidPasswordKeySpecificationForAlgorithm(this.algorithm, e);
        }
    }

    private Password toBcryptPassword(byte[] bArr, byte[] bArr2, int i, PasswordFactory passwordFactory) throws InvalidKeyException, InvalidKeySpecException {
        return bArr2 == null ? passwordFactory.translate(ModularCrypt.decode(toCharArray(bArr))) : passwordFactory.generatePassword(new IteratedSaltedHashPasswordSpec(bArr, bArr2, i));
    }

    private Object toScramDigestPassword(byte[] bArr, byte[] bArr2, int i, PasswordFactory passwordFactory) throws InvalidKeySpecException {
        if (bArr2 == null) {
            throw ElytronMessages.log.saltIsExpectedWhenCreatingPasswords(ScramDigestPassword.class.getSimpleName());
        }
        return passwordFactory.generatePassword(new IteratedSaltedHashPasswordSpec(bArr, bArr2, i));
    }

    private Object toSimpleDigestPassword(byte[] bArr, PasswordFactory passwordFactory) throws InvalidKeySpecException {
        return passwordFactory.generatePassword(new HashPasswordSpec(bArr));
    }

    private Object toSaltedSimpleDigestPassword(byte[] bArr, byte[] bArr2, PasswordFactory passwordFactory) throws InvalidKeySpecException {
        if (bArr2 == null) {
            throw ElytronMessages.log.saltIsExpectedWhenCreatingPasswords(SaltedSimpleDigestPassword.class.getSimpleName());
        }
        return passwordFactory.generatePassword(new SaltedHashPasswordSpec(bArr, bArr2));
    }

    private Object toClearPassword(byte[] bArr, PasswordFactory passwordFactory) throws InvalidKeySpecException {
        return passwordFactory.generatePassword(new ClearPasswordSpec(toCharArray(bArr)));
    }

    private PasswordFactory getPasswordFactory(String str) {
        try {
            return PasswordFactory.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            throw ElytronMessages.log.couldNotObtainPasswordFactoryForAlgorithm(str, e);
        }
    }

    private byte[] toByteArray(Object obj) {
        return String.class.isInstance(obj) ? obj.toString().getBytes(StandardCharsets.UTF_8) : byte[].class.isInstance(obj) ? (byte[]) obj : new byte[0];
    }

    private char[] toCharArray(byte[] bArr) {
        return CodePointIterator.ofUtf8Bytes(bArr).drainToString().toCharArray();
    }

    private String toAlgorithm(String str) throws InvalidKeyException {
        if (str.endsWith(ClearPassword.ALGORITHM_CLEAR)) {
            return ClearPassword.ALGORITHM_CLEAR;
        }
        if (str.endsWith(BCryptPassword.ALGORITHM_BCRYPT)) {
            return BCryptPassword.ALGORITHM_BCRYPT;
        }
        if (str.endsWith(UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5)) {
            return UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5;
        }
        if (str.endsWith(SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5)) {
            return SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5;
        }
        if (str.endsWith(SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT)) {
            return SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT;
        }
        if (str.endsWith(UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256)) {
            return UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256;
        }
        if (str.endsWith(UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512)) {
            return UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512;
        }
        if (str.endsWith(DigestPassword.ALGORITHM_DIGEST_MD5)) {
            return DigestPassword.ALGORITHM_DIGEST_MD5;
        }
        if (str.endsWith(DigestPassword.ALGORITHM_DIGEST_SHA)) {
            return DigestPassword.ALGORITHM_DIGEST_SHA;
        }
        if (str.endsWith(DigestPassword.ALGORITHM_DIGEST_SHA_256)) {
            return DigestPassword.ALGORITHM_DIGEST_SHA_256;
        }
        if (str.endsWith(DigestPassword.ALGORITHM_DIGEST_SHA_512)) {
            return DigestPassword.ALGORITHM_DIGEST_SHA_512;
        }
        if (str.endsWith(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2)) {
            return SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2;
        }
        if (str.endsWith(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5)) {
            return SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5;
        }
        if (str.endsWith(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1)) {
            return SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1;
        }
        if (str.endsWith(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256)) {
            return SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256;
        }
        if (str.endsWith(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384)) {
            return SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384;
        }
        if (str.endsWith(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512)) {
            return SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5)) {
            return SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1)) {
            return SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256)) {
            return SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384)) {
            return SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512)) {
            return SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5)) {
            return SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1)) {
            return SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256)) {
            return SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384)) {
            return SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384;
        }
        if (str.endsWith(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512)) {
            return SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512;
        }
        if (str.endsWith(UnixDESCryptPassword.ALGORITHM_CRYPT_DES)) {
            return UnixDESCryptPassword.ALGORITHM_CRYPT_DES;
        }
        if (str.endsWith(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES)) {
            return BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES;
        }
        if (str.endsWith(ScramDigestPassword.ALGORITHM_SCRAM_SHA_1)) {
            return ScramDigestPassword.ALGORITHM_SCRAM_SHA_1;
        }
        if (str.endsWith(ScramDigestPassword.ALGORITHM_SCRAM_SHA_256)) {
            return ScramDigestPassword.ALGORITHM_SCRAM_SHA_256;
        }
        throw ElytronMessages.log.couldNotResolveAlgorithmByCredentialName(str);
    }

    private Class<?> toPasswordType(String str) throws InvalidKeyException {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1912980823:
                if (str.equals(DigestPassword.ALGORITHM_DIGEST_SHA_256)) {
                    z = 9;
                    break;
                }
                break;
            case -1912978068:
                if (str.equals(DigestPassword.ALGORITHM_DIGEST_SHA_512)) {
                    z = 10;
                    break;
                }
                break;
            case -1757081455:
                if (str.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_1)) {
                    z = 29;
                    break;
                }
                break;
            case -1701396786:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256)) {
                    z = 19;
                    break;
                }
                break;
            case -1701395734:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384)) {
                    z = 20;
                    break;
                }
                break;
            case -1701394031:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512)) {
                    z = 21;
                    break;
                }
                break;
            case -1690837980:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256)) {
                    z = 14;
                    break;
                }
                break;
            case -1690836928:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384)) {
                    z = 15;
                    break;
                }
                break;
            case -1690835225:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512)) {
                    z = 16;
                    break;
                }
                break;
            case -1394365876:
                if (str.equals(BCryptPassword.ALGORITHM_BCRYPT)) {
                    z = true;
                    break;
                }
                break;
            case -1310312971:
                if (str.equals(DigestPassword.ALGORITHM_DIGEST_MD5)) {
                    z = 7;
                    break;
                }
                break;
            case -1310307037:
                if (str.equals(DigestPassword.ALGORITHM_DIGEST_SHA)) {
                    z = 8;
                    break;
                }
                break;
            case -1040294462:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1)) {
                    z = 23;
                    break;
                }
                break;
            case -819635646:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1)) {
                    z = 13;
                    break;
                }
                break;
            case -706146221:
                if (str.equals(UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256)) {
                    z = 5;
                    break;
                }
                break;
            case -706143466:
                if (str.equals(UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512)) {
                    z = 6;
                    break;
                }
                break;
            case -633128269:
                if (str.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_256)) {
                    z = 30;
                    break;
                }
                break;
            case -338914150:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5)) {
                    z = 17;
                    break;
                }
                break;
            case -311107102:
                if (str.equals(SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT)) {
                    z = 4;
                    break;
                }
                break;
            case -211770786:
                if (str.equals(SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5)) {
                    z = 3;
                    break;
                }
                break;
            case 94746189:
                if (str.equals(ClearPassword.ALGORITHM_CLEAR)) {
                    z = false;
                    break;
                }
                break;
            case 726720364:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1)) {
                    z = 18;
                    break;
                }
                break;
            case 1004404644:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256)) {
                    z = 24;
                    break;
                }
                break;
            case 1004405696:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384)) {
                    z = 25;
                    break;
                }
                break;
            case 1004407399:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512)) {
                    z = 26;
                    break;
                }
                break;
            case 1012583449:
                if (str.equals(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES)) {
                    z = 28;
                    break;
                }
                break;
            case 1330753648:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5)) {
                    z = 22;
                    break;
                }
                break;
            case 1527631085:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2)) {
                    z = 11;
                    break;
                }
                break;
            case 1527631088:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5)) {
                    z = 12;
                    break;
                }
                break;
            case 1596346163:
                if (str.equals(UnixDESCryptPassword.ALGORITHM_CRYPT_DES)) {
                    z = 27;
                    break;
                }
                break;
            case 1596354719:
                if (str.equals(UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return ClearPassword.class;
            case true:
                return BCryptPassword.class;
            case true:
                return UnixMD5CryptPassword.class;
            case true:
            case true:
                return SunUnixMD5CryptPassword.class;
            case true:
            case true:
                return ClearPassword.class;
            case GeneralName.IP_ADDRESS /* 7 */:
            case true:
            case true:
            case true:
                return DigestPassword.class;
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
                return SimpleDigestPassword.class;
            case true:
            case true:
            case ASN1.PRINTABLE_STRING_TYPE /* 19 */:
            case true:
            case true:
            case ASN1.IA5_STRING_TYPE /* 22 */:
            case BCryptPassword.BCRYPT_HASH_SIZE /* 23 */:
            case true:
            case true:
            case true:
                return SaltedSimpleDigestPassword.class;
            case true:
                return UnixDESCryptPassword.class;
            case true:
                return BSDUnixDESCryptPassword.class;
            case true:
            case true:
                return ScramDigestPassword.class;
            default:
                throw ElytronMessages.log.unknownPasswordTypeOrAlgorithm(str);
        }
    }
}
