package org.ejbca.util.crypto;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.log4j.Logger;
import org.bouncycastle.util.encoders.Hex;
import org.ejbca.config.EjbcaConfiguration;

/* loaded from: input_file:org/ejbca/util/crypto/CryptoTools.class */
public class CryptoTools {
    public static final String BCRYPT_PREFIX = "$2a$";
    private static final Logger log = Logger.getLogger(CryptoTools.class);

    public static String makePasswordHash(String str) {
        if (str == null) {
            return null;
        }
        int passwordLogRounds = EjbcaConfiguration.getPasswordLogRounds();
        return (passwordLogRounds <= 0 || EjbcaConfiguration.getEffectiveApplicationVersion() <= 311) ? makeOldPasswordHash(str) : BCrypt.hashpw(str, BCrypt.gensalt(passwordLogRounds));
    }

    public static String makeOldPasswordHash(String str) {
        if (str == null) {
            return null;
        }
        try {
            return new String(Hex.encode(MessageDigest.getInstance("SHA1").digest(str.trim().getBytes())));
        } catch (NoSuchAlgorithmException e) {
            log.error("SHA1 algorithm not supported.", e);
            throw new Error("SHA1 algorithm not supported.", e);
        }
    }

    public static String extractSaltFromPasswordHash(String str) {
        if (str.startsWith(BCRYPT_PREFIX)) {
            return str.substring(0, str.indexOf(36, BCRYPT_PREFIX.length()) + 1 + 22);
        }
        throw new IllegalArgumentException("Provided string is not a BCrypt hash.");
    }
}
