package com.funambol.server.security;

import com.funambol.framework.core.Authentication;
import com.funambol.framework.core.Cred;
import com.funambol.framework.filter.LogicalClause;
import com.funambol.framework.filter.WhereClause;
import com.funambol.framework.security.AbstractOfficer;
import com.funambol.framework.security.Officer;
import com.funambol.framework.security.Sync4jPrincipal;
import com.funambol.framework.server.Sync4jUser;
import com.funambol.framework.server.store.PersistentStore;
import com.funambol.framework.server.store.PersistentStoreException;
import com.funambol.framework.tools.Base64;
import com.funambol.framework.tools.MD5;
import com.funambol.framework.tools.beans.LazyInitBean;
import com.funambol.framework.tools.encryption.EncryptionException;
import com.funambol.framework.tools.encryption.EncryptionTool;
import com.funambol.server.admin.UserManager;
import com.funambol.server.config.Configuration;
import com.funambol.server.store.DevicePersistentStore;
import com.funambol.server.store.PersistentStoreManager;
import java.io.Serializable;

/* loaded from: input_file:com/funambol/server/security/DBOfficer.class */
public class DBOfficer extends AbstractOfficer implements Officer, Serializable, LazyInitBean {
    protected static final String ROLE_USER = "sync_user";
    protected PersistentStore ps = null;
    protected UserManager userManager = null;

    public void init() {
        Configuration configuration = Configuration.getConfiguration();
        this.ps = configuration.getStore();
        this.userManager = configuration.getUserManager();
    }

    public Sync4jUser authenticateUser(Cred cred) {
        Sync4jUser sync4jUser = null;
        String type = cred.getType();
        if ("syncml:auth-basic".equals(type)) {
            sync4jUser = authenticateBasicCredential(cred);
        } else if ("syncml:auth-md5".equals(type)) {
            sync4jUser = authenticateMD5Credential(cred);
        }
        return sync4jUser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Sync4jUser getUser(String str, String str2) {
        try {
            WhereClause whereClause = new WhereClause(PersistentStoreManager.CONFIG_USERNAME, new String[]{str}, "EQ", true);
            Sync4jUser[] users = this.userManager.getUsers(str2 != null ? new LogicalClause("AND", new WhereClause[]{whereClause, new WhereClause(PersistentStoreManager.CONFIG_PASSWORD, new String[]{EncryptionTool.encrypt(str2)}, "EQ", true)}) : whereClause);
            if (users.length != 1) {
                return null;
            }
            this.userManager.getUserRoles(users[0]);
            return users[0];
        } catch (EncryptionException e) {
            this.log.error("Error encryption the searched password", e);
            return null;
        } catch (PersistentStoreException e2) {
            this.log.error("Error reading user", e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isASyncUser(Sync4jUser sync4jUser) {
        String[] roles = sync4jUser.getRoles();
        if (roles == null || roles.length == 0) {
            return false;
        }
        for (String str : roles) {
            if (ROLE_USER.equals(str)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Sync4jUser authenticateMD5Credential(Cred cred) {
        boolean z = false;
        Authentication authentication = cred.getAuthentication();
        String deviceId = authentication.getDeviceId();
        String username = authentication.getUsername();
        Sync4jUser sync4jUser = null;
        if (username != null) {
            sync4jUser = getUser(username, null);
            if (sync4jUser == null) {
                return null;
            }
            z = isCredAuthenticate(sync4jUser, cred);
        } else {
            try {
                Sync4jPrincipal[] sync4jPrincipalArr = (Sync4jPrincipal[]) this.ps.read(Sync4jPrincipal.createPrincipal((String) null, deviceId), new WhereClause(DevicePersistentStore.NS_DEVICE, new String[]{deviceId}, "EQ", true));
                int length = sync4jPrincipalArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    sync4jUser = getUser(sync4jPrincipalArr[i].getUsername(), null);
                    z = isCredAuthenticate(sync4jUser, cred);
                    if (z) {
                        authentication.setUsername(sync4jPrincipalArr[i].getUsername());
                        break;
                    }
                    i++;
                }
            } catch (PersistentStoreException e) {
                this.log.error("Error reading principals", e);
                return null;
            }
        }
        if (z) {
            return sync4jUser;
        }
        return null;
    }

    private boolean isProtocolSyncML10(Cred cred) {
        String syncMLVerProto = cred.getAuthentication().getSyncMLVerProto();
        if (this.log.isTraceEnabled()) {
            this.log.trace("Check MD5 credential with protocol " + syncMLVerProto);
        }
        return syncMLVerProto.indexOf("1.0") != -1;
    }

    private Sync4jUser authenticateBasicCredential(Cred cred) {
        String substring;
        String substring2;
        String str = new String(Base64.decode(cred.getAuthentication().getData()));
        int indexOf = str.indexOf(58);
        if (indexOf == -1) {
            substring = str;
            substring2 = "";
        } else {
            substring = indexOf > 0 ? str.substring(0, indexOf) : "";
            substring2 = indexOf == str.length() - 1 ? "" : str.substring(indexOf + 1);
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("Username: " + substring);
        }
        Sync4jUser user = getUser(substring, substring2);
        if (user == null) {
            if (!this.log.isTraceEnabled()) {
                return null;
            }
            this.log.trace("User '" + substring + "' not found.");
            return null;
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("User '" + substring + "' found");
        }
        if (isASyncUser(user)) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("User authenticated");
            }
            return user;
        }
        if (!this.log.isTraceEnabled()) {
            return null;
        }
        this.log.trace("The user is not a 'sync_user'");
        return null;
    }

    private boolean checkMD5Credential10(String str, byte[] bArr, String str2, String str3) {
        byte[] bytes = (str2 + ':' + str3).getBytes();
        if (this.log.isTraceEnabled()) {
            this.log.trace("username: " + str2);
            this.log.trace("password: " + str3);
            this.log.trace("clientNonce: " + new String(Base64.encode(bArr)));
        }
        byte[] bArr2 = new byte[bytes.length + 1 + bArr.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        bArr2[bytes.length] = 58;
        System.arraycopy(bArr, 0, bArr2, bytes.length + 1, bArr.length);
        String str4 = new String(Base64.encode(MD5.digest(bArr2)));
        if (this.log.isTraceEnabled()) {
            this.log.trace("serverDigestNonceB64: " + str4);
            this.log.trace("clientDigest: " + str);
        }
        return str.equals(str4);
    }

    private boolean checkMD5Credential11(String str, byte[] bArr, String str2, String str3) {
        byte[] encode = Base64.encode(MD5.digest(new String(str2 + ':' + str3).getBytes()));
        if (this.log.isTraceEnabled()) {
            this.log.trace("username: " + str2);
            this.log.trace("userDigestB64: " + new String(encode));
            this.log.trace("clientNonce: " + new String(Base64.encode(bArr)));
        }
        byte[] bArr2 = new byte[encode.length + 1 + bArr.length];
        System.arraycopy(encode, 0, bArr2, 0, encode.length);
        bArr2[encode.length] = 58;
        System.arraycopy(bArr, 0, bArr2, encode.length + 1, bArr.length);
        String str4 = new String(Base64.encode(MD5.digest(bArr2)));
        if (this.log.isTraceEnabled()) {
            this.log.trace("serverDigestNonceB64: " + str4);
            this.log.trace("clientDigest: " + str);
        }
        return str.equals(str4);
    }

    private boolean isCredAuthenticate(Sync4jUser sync4jUser, Cred cred) {
        if (!isASyncUser(sync4jUser)) {
            return false;
        }
        Authentication authentication = cred.getAuthentication();
        String username = sync4jUser.getUsername();
        String password = sync4jUser.getPassword();
        String data = authentication.getData();
        byte[] value = authentication.getNextNonce().getValue();
        return isProtocolSyncML10(cred) ? checkMD5Credential10(data, value, username, password) : checkMD5Credential11(data, value, username, password);
    }
}
