package org.gluu.persist.operation.auth;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.codec.digest.Crypt;
import org.gluu.util.StringHelper;
import org.gluu.util.security.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/persist/operation/auth/PasswordEncryptionHelper.class */
public final class PasswordEncryptionHelper {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PasswordEncryptionHelper.class);
    private static final byte[] CRYPT_SALT_CHARS = StringHelper.getBytesUtf8("./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");

    private PasswordEncryptionHelper() {
    }

    public static PasswordEncryptionMethod findAlgorithm(String str) {
        return findAlgorithm(StringHelper.getBytesUtf8(str));
    }

    public static PasswordEncryptionMethod findAlgorithm(byte[] bArr) {
        if (bArr == null || bArr.length == 0 || bArr[0] != 123) {
            return null;
        }
        int i = 1;
        while (i < bArr.length && bArr[i] != 125) {
            i++;
        }
        if (i >= bArr.length || i == 1) {
            return null;
        }
        String lowerCase = StringHelper.toLowerCase(StringHelper.utf8ToString(bArr, 1, i - 1));
        if (bArr.length > i + 3 && bArr[i + 1] == 36 && Character.isDigit(bArr[i + 2])) {
            if (bArr[i + 3] == 36) {
                lowerCase = lowerCase + StringHelper.utf8ToString(bArr, i + 1, 3);
            } else if (bArr.length > i + 4 && bArr[i + 4] == 36) {
                lowerCase = lowerCase + StringHelper.utf8ToString(bArr, i + 1, 4);
            }
        }
        return PasswordEncryptionMethod.getMethod(lowerCase);
    }

    public static String createStoragePassword(String str, PasswordEncryptionMethod passwordEncryptionMethod) {
        return StringHelper.utf8ToString(createStoragePassword(StringHelper.getBytesUtf8(str), passwordEncryptionMethod));
    }

    public static byte[] createStoragePassword(byte[] bArr, PasswordEncryptionMethod passwordEncryptionMethod) {
        byte[] bArr2;
        if (passwordEncryptionMethod == null) {
            return bArr;
        }
        switch (passwordEncryptionMethod) {
            case HASH_METHOD_SSHA:
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SMD5:
                bArr2 = new byte[8];
                new SecureRandom().nextBytes(bArr2);
                break;
            case HASH_METHOD_PKCS5S2:
                bArr2 = new byte[16];
                new SecureRandom().nextBytes(bArr2);
                break;
            case HASH_METHOD_CRYPT:
                bArr2 = generateCryptSalt(2);
                break;
            case HASH_METHOD_CRYPT_MD5:
            case HASH_METHOD_CRYPT_SHA256:
            case HASH_METHOD_CRYPT_SHA512:
                bArr2 = generateCryptSalt(8);
                break;
            case HASH_METHOD_CRYPT_BCRYPT:
            case HASH_METHOD_CRYPT_BCRYPT_B:
                bArr2 = StringHelper.getBytesUtf8(BCrypt.genSalt());
                break;
            default:
                bArr2 = null;
                break;
        }
        byte[] encryptPassword = encryptPassword(bArr, passwordEncryptionMethod, bArr2);
        StringBuilder sb = new StringBuilder();
        sb.append('{').append(StringHelper.toUpperCase(passwordEncryptionMethod.getPrefix())).append('}');
        if (passwordEncryptionMethod == PasswordEncryptionMethod.HASH_METHOD_CRYPT || passwordEncryptionMethod == PasswordEncryptionMethod.HASH_METHOD_CRYPT_BCRYPT) {
            sb.append(StringHelper.utf8ToString(bArr2));
            sb.append(StringHelper.utf8ToString(encryptPassword));
        } else if (passwordEncryptionMethod == PasswordEncryptionMethod.HASH_METHOD_CRYPT_MD5 || passwordEncryptionMethod == PasswordEncryptionMethod.HASH_METHOD_CRYPT_SHA256 || passwordEncryptionMethod == PasswordEncryptionMethod.HASH_METHOD_CRYPT_SHA512) {
            sb.append(passwordEncryptionMethod.getSubPrefix());
            sb.append(StringHelper.utf8ToString(bArr2));
            sb.append('$');
            sb.append(StringHelper.utf8ToString(encryptPassword));
        } else if (bArr2 != null) {
            byte[] bArr3 = new byte[encryptPassword.length + bArr2.length];
            if (passwordEncryptionMethod == PasswordEncryptionMethod.HASH_METHOD_PKCS5S2) {
                merge(bArr3, bArr2, encryptPassword);
            } else {
                merge(bArr3, encryptPassword, bArr2);
            }
            sb.append(String.valueOf(Base64.getEncoder().encodeToString(bArr3)));
        } else {
            sb.append(String.valueOf(Base64.getEncoder().encodeToString(encryptPassword)));
        }
        return StringHelper.getBytesUtf8(sb.toString());
    }

    public static boolean compareCredentials(String str, String str2) {
        return compareCredentials(StringHelper.getBytesUtf8(str), StringHelper.getBytesUtf8(str2));
    }

    public static boolean compareCredentials(byte[] bArr, byte[] bArr2) {
        if (findAlgorithm(bArr2) == null) {
            return compareBytes(bArr, bArr2);
        }
        PasswordDetails splitCredentials = splitCredentials(bArr2);
        return compareBytes(encryptPassword(bArr, splitCredentials.getAlgorithm(), splitCredentials.getSalt()), splitCredentials.getPassword());
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static boolean compareBytes(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null) {
            return bArr == null;
        }
        if (bArr == null || bArr2.length != bArr.length) {
            return false;
        }
        Object[] objArr = false;
        for (int i = 0; i < bArr2.length; i++) {
            objArr = (objArr == true ? 1 : 0) | (bArr2[i] ^ bArr[i]) ? 1 : 0;
        }
        return objArr == false;
    }

    private static byte[] encryptPassword(byte[] bArr, PasswordEncryptionMethod passwordEncryptionMethod, byte[] bArr2) {
        switch (passwordEncryptionMethod) {
            case HASH_METHOD_SSHA:
            case HASH_METHOD_SHA:
                return digest(PasswordEncryptionMethod.HASH_METHOD_SHA, bArr, bArr2);
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SHA256:
                return digest(PasswordEncryptionMethod.HASH_METHOD_SHA256, bArr, bArr2);
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SHA384:
                return digest(PasswordEncryptionMethod.HASH_METHOD_SHA384, bArr, bArr2);
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SHA512:
                return digest(PasswordEncryptionMethod.HASH_METHOD_SHA512, bArr, bArr2);
            case HASH_METHOD_SMD5:
            case HASH_METHOD_MD5:
                return digest(PasswordEncryptionMethod.HASH_METHOD_MD5, bArr, bArr2);
            case HASH_METHOD_PKCS5S2:
                return generatePbkdf2Hash(bArr, passwordEncryptionMethod, bArr2);
            case HASH_METHOD_CRYPT:
                return StringHelper.getBytesUtf8(Crypt.crypt(StringHelper.utf8ToString(bArr), StringHelper.utf8ToString(bArr2)).substring(2));
            case HASH_METHOD_CRYPT_MD5:
            case HASH_METHOD_CRYPT_SHA256:
            case HASH_METHOD_CRYPT_SHA512:
                String crypt = Crypt.crypt(StringHelper.utf8ToString(bArr), passwordEncryptionMethod.getSubPrefix() + StringHelper.utf8ToString(bArr2));
                return StringHelper.getBytesUtf8(crypt.substring(crypt.lastIndexOf(36) + 1));
            case HASH_METHOD_CRYPT_BCRYPT:
            case HASH_METHOD_CRYPT_BCRYPT_B:
                String hashPw = BCrypt.hashPw(StringHelper.utf8ToString(bArr), StringHelper.utf8ToString(bArr2));
                return StringHelper.getBytesUtf8(hashPw.substring(hashPw.length() - 31));
            default:
                return bArr;
        }
    }

    private static byte[] digest(PasswordEncryptionMethod passwordEncryptionMethod, byte[] bArr, byte[] bArr2) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(passwordEncryptionMethod.getAlgorithm());
            if (bArr2 == null) {
                return messageDigest.digest(bArr);
            }
            messageDigest.update(bArr);
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    public static PasswordDetails splitCredentials(byte[] bArr) {
        PasswordEncryptionMethod findAlgorithm = findAlgorithm(bArr);
        if (findAlgorithm == null) {
            return new PasswordDetails(null, null, bArr);
        }
        int length = findAlgorithm.getPrefix().length() + 2;
        switch (findAlgorithm) {
            case HASH_METHOD_SSHA:
            case HASH_METHOD_SHA:
                return getCredentials(bArr, length, findAlgorithm.getHashLength(), findAlgorithm);
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SHA256:
                return getCredentials(bArr, length, findAlgorithm.getHashLength(), findAlgorithm);
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SHA384:
                return getCredentials(bArr, length, findAlgorithm.getHashLength(), findAlgorithm);
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SHA512:
                return getCredentials(bArr, length, findAlgorithm.getHashLength(), findAlgorithm);
            case HASH_METHOD_SMD5:
            case HASH_METHOD_MD5:
                return getCredentials(bArr, length, findAlgorithm.getHashLength(), findAlgorithm);
            case HASH_METHOD_PKCS5S2:
                return getPbkdf2Credentials(bArr, length, findAlgorithm);
            case HASH_METHOD_CRYPT:
                byte[] bArr2 = new byte[2];
                byte[] bArr3 = new byte[(bArr.length - bArr2.length) - length];
                split(bArr, length, bArr2, bArr3);
                return new PasswordDetails(findAlgorithm, bArr2, bArr3);
            case HASH_METHOD_CRYPT_MD5:
            case HASH_METHOD_CRYPT_SHA256:
            case HASH_METHOD_CRYPT_SHA512:
                return getCryptCredentials(bArr, length + 3, findAlgorithm);
            case HASH_METHOD_CRYPT_BCRYPT:
            case HASH_METHOD_CRYPT_BCRYPT_B:
                return new PasswordDetails(findAlgorithm, Arrays.copyOfRange(bArr, length, bArr.length - 31), Arrays.copyOfRange(bArr, bArr.length - 31, bArr.length));
            default:
                throw new IllegalArgumentException("Unknown hash algorithm " + findAlgorithm);
        }
    }

    private static PasswordDetails getCredentials(byte[] bArr, int i, int i2, PasswordEncryptionMethod passwordEncryptionMethod) {
        byte[] decode = Base64.getDecoder().decode(StringHelper.utf8ToString(bArr, i, bArr.length - i));
        int length = decode.length - i2;
        byte[] bArr2 = length == 0 ? null : new byte[length];
        byte[] bArr3 = new byte[i2];
        split(decode, 0, bArr3, bArr2);
        return new PasswordDetails(passwordEncryptionMethod, bArr2, bArr3);
    }

    private static void split(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
        if (bArr3 != null) {
            System.arraycopy(bArr, i + bArr2.length, bArr3, 0, bArr3.length);
        }
    }

    private static void merge(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        System.arraycopy(bArr2, 0, bArr, 0, bArr2.length);
        System.arraycopy(bArr3, 0, bArr, bArr2.length, bArr3.length);
    }

    private static byte[] generatePbkdf2Hash(byte[] bArr, PasswordEncryptionMethod passwordEncryptionMethod, byte[] bArr2) {
        try {
            return SecretKeyFactory.getInstance(passwordEncryptionMethod.getAlgorithm()).generateSecret(new PBEKeySpec(StringHelper.utf8ToString(bArr).toCharArray(), bArr2, 10000, passwordEncryptionMethod.getHashLength() * 8)).getEncoded();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static PasswordDetails getPbkdf2Credentials(byte[] bArr, int i, PasswordEncryptionMethod passwordEncryptionMethod) {
        byte[] decode = Base64.getDecoder().decode(StringHelper.utf8ToString(bArr, i, bArr.length - i));
        byte[] bArr2 = new byte[decode.length - passwordEncryptionMethod.getHashLength()];
        byte[] bArr3 = new byte[passwordEncryptionMethod.getHashLength()];
        split(decode, 0, bArr2, bArr3);
        return new PasswordDetails(passwordEncryptionMethod, bArr2, bArr3);
    }

    private static byte[] generateCryptSalt(int i) {
        byte[] bArr = new byte[i];
        SecureRandom secureRandom = new SecureRandom();
        for (int i2 = 0; i2 < bArr.length; i2++) {
            bArr[i2] = CRYPT_SALT_CHARS[secureRandom.nextInt(CRYPT_SALT_CHARS.length)];
        }
        return bArr;
    }

    private static PasswordDetails getCryptCredentials(byte[] bArr, int i, PasswordEncryptionMethod passwordEncryptionMethod) {
        int i2 = i;
        while (i2 < bArr.length && bArr[i2] != 36) {
            i2++;
        }
        return new PasswordDetails(passwordEncryptionMethod, Arrays.copyOfRange(bArr, i, i2), Arrays.copyOfRange(bArr, i2 + 1, bArr.length));
    }
}
