package org.apereo.cas.adaptors.jdbc;

import java.security.GeneralSecurityException;
import java.util.Map;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.sql.DataSource;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.util.ByteSource;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.IncorrectResultSizeDataAccessException;

/* loaded from: input_file:org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandler.class */
public class QueryAndEncodeDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler {
    protected String algorithmName;
    protected String sql;
    protected String passwordFieldName;
    protected String saltFieldName;
    protected String expiredFieldName;
    protected String disabledFieldName;
    protected String numberOfIterationsFieldName;
    protected long numberOfIterations;
    protected String staticSalt;

    public QueryAndEncodeDatabaseAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer num, DataSource dataSource, String str2, String str3, String str4, String str5, String str6, String str7, String str8, long j, String str9) {
        super(str, servicesManager, principalFactory, num, dataSource);
        this.passwordFieldName = "password";
        this.saltFieldName = "salt";
        this.algorithmName = str2;
        this.sql = str3;
        this.passwordFieldName = str4;
        this.saltFieldName = str5;
        this.expiredFieldName = str6;
        this.disabledFieldName = str7;
        this.numberOfIterationsFieldName = str8;
        this.numberOfIterations = j;
        this.staticSalt = str9;
    }

    protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential usernamePasswordCredential, String str) throws GeneralSecurityException, PreventedException {
        Object obj;
        Object obj2;
        if (StringUtils.isBlank(this.sql) || StringUtils.isBlank(this.algorithmName) || getJdbcTemplate() == null) {
            throw new GeneralSecurityException("Authentication handler is not configured correctly");
        }
        String username = usernamePasswordCredential.getUsername();
        try {
            Map<String, Object> queryForMap = getJdbcTemplate().queryForMap(this.sql, new Object[]{username});
            if (!queryForMap.get(this.passwordFieldName).equals(digestEncodedPassword(usernamePasswordCredential.getPassword(), queryForMap))) {
                throw new FailedLoginException("Password does not match value on record.");
            }
            if (StringUtils.isNotBlank(this.expiredFieldName) && (obj2 = queryForMap.get(this.expiredFieldName)) != null && (Boolean.TRUE.equals(Boolean.valueOf(BooleanUtils.toBoolean(obj2.toString()))) || obj2.equals(1))) {
                throw new AccountPasswordMustChangeException("Password has expired");
            }
            if (StringUtils.isNotBlank(this.disabledFieldName) && (obj = queryForMap.get(this.disabledFieldName)) != null && (Boolean.TRUE.equals(Boolean.valueOf(BooleanUtils.toBoolean(obj.toString()))) || obj.equals(1))) {
                throw new AccountDisabledException("Account has been disabled");
            }
            return createHandlerResult(usernamePasswordCredential, this.principalFactory.createPrincipal(username), null);
        } catch (IncorrectResultSizeDataAccessException e) {
            if (e.getActualSize() == 0) {
                throw new AccountNotFoundException(username + " not found with SQL query");
            }
            throw new FailedLoginException("Multiple records found for " + username);
        } catch (DataAccessException e2) {
            throw new PreventedException("SQL exception while executing query for " + username, e2);
        }
    }

    protected String digestEncodedPassword(String str, Map<String, Object> map) {
        DefaultHashService defaultHashService = new DefaultHashService();
        if (StringUtils.isNotBlank(this.staticSalt)) {
            defaultHashService.setPrivateSalt(ByteSource.Util.bytes(this.staticSalt));
        }
        defaultHashService.setHashAlgorithmName(this.algorithmName);
        Long valueOf = Long.valueOf(this.numberOfIterations);
        if (map.containsKey(this.numberOfIterationsFieldName)) {
            valueOf = Long.valueOf(map.get(this.numberOfIterationsFieldName).toString());
        }
        defaultHashService.setHashIterations(valueOf.intValue());
        if (!map.containsKey(this.saltFieldName)) {
            throw new RuntimeException("Specified field name for salt does not exist in the results");
        }
        return defaultHashService.computeHash(new HashRequest.Builder().setSalt(map.get(this.saltFieldName).toString()).setSource(str).build()).toHex();
    }
}
