package org.apache.shiro.authc.credential;

import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.Hash;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.crypto.hash.HashService;
import org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory;
import org.apache.shiro.crypto.hash.format.HashFormat;
import org.apache.shiro.crypto.hash.format.HashFormatFactory;
import org.apache.shiro.crypto.hash.format.ParsableHashFormat;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
import org.apache.shiro.util.ByteSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/shiro-core-1.2.3.jar:org/apache/shiro/authc/credential/DefaultPasswordService.class */
public class DefaultPasswordService implements HashingPasswordService {
    public static final String DEFAULT_HASH_ALGORITHM = "SHA-256";
    public static final int DEFAULT_HASH_ITERATIONS = 500000;
    private static final Logger log = LoggerFactory.getLogger(DefaultPasswordService.class);
    private HashService hashService;
    private HashFormat hashFormat;
    private HashFormatFactory hashFormatFactory;
    private volatile boolean hashFormatWarned = false;

    public DefaultPasswordService() {
        DefaultHashService defaultHashService = new DefaultHashService();
        defaultHashService.setHashAlgorithmName("SHA-256");
        defaultHashService.setHashIterations(DEFAULT_HASH_ITERATIONS);
        defaultHashService.setGeneratePublicSalt(true);
        this.hashService = defaultHashService;
        this.hashFormat = new Shiro1CryptFormat();
        this.hashFormatFactory = new DefaultHashFormatFactory();
    }

    @Override // org.apache.shiro.authc.credential.PasswordService
    public String encryptPassword(Object obj) {
        Hash hashPassword = hashPassword(obj);
        checkHashFormatDurability();
        return this.hashFormat.format(hashPassword);
    }

    @Override // org.apache.shiro.authc.credential.HashingPasswordService
    public Hash hashPassword(Object obj) {
        ByteSource createByteSource = createByteSource(obj);
        if (createByteSource == null || createByteSource.isEmpty()) {
            return null;
        }
        return this.hashService.computeHash(createHashRequest(createByteSource));
    }

    @Override // org.apache.shiro.authc.credential.HashingPasswordService
    public boolean passwordsMatch(Object obj, Hash hash) {
        ByteSource createByteSource = createByteSource(obj);
        if (hash == null || hash.isEmpty()) {
            return createByteSource == null || createByteSource.isEmpty();
        }
        if (createByteSource == null || createByteSource.isEmpty()) {
            return false;
        }
        return hash.equals(this.hashService.computeHash(buildHashRequest(createByteSource, hash)));
    }

    protected void checkHashFormatDurability() {
        if (this.hashFormatWarned) {
            return;
        }
        HashFormat hashFormat = this.hashFormat;
        if ((hashFormat instanceof ParsableHashFormat) || !log.isWarnEnabled()) {
            return;
        }
        log.warn("The configured hashFormat instance [" + hashFormat.getClass().getName() + "] is not a " + ParsableHashFormat.class.getName() + " implementation.  This is required if you wish to support backwards compatibility for saved password checking (almost always desirable).  Without a " + ParsableHashFormat.class.getSimpleName() + " instance, any hashService configuration changes will break previously hashed/saved passwords.");
        this.hashFormatWarned = true;
    }

    protected HashRequest createHashRequest(ByteSource byteSource) {
        return new HashRequest.Builder().setSource(byteSource).build();
    }

    protected ByteSource createByteSource(Object obj) {
        return ByteSource.Util.bytes(obj);
    }

    @Override // org.apache.shiro.authc.credential.PasswordService
    public boolean passwordsMatch(Object obj, String str) {
        ByteSource createByteSource = createByteSource(obj);
        if (str == null || str.length() == 0) {
            return createByteSource == null || createByteSource.isEmpty();
        }
        if (createByteSource == null || createByteSource.isEmpty()) {
            return false;
        }
        HashFormat hashFormatFactory = this.hashFormatFactory.getInstance(str);
        if (hashFormatFactory == null || !(hashFormatFactory instanceof ParsableHashFormat)) {
            return str.equals(this.hashFormat.format(this.hashService.computeHash(createHashRequest(createByteSource))));
        }
        return passwordsMatch(obj, ((ParsableHashFormat) hashFormatFactory).parse(str));
    }

    protected HashRequest buildHashRequest(ByteSource byteSource, Hash hash) {
        return new HashRequest.Builder().setSource(byteSource).setAlgorithmName(hash.getAlgorithmName()).setSalt(hash.getSalt()).setIterations(hash.getIterations()).build();
    }

    public HashService getHashService() {
        return this.hashService;
    }

    public void setHashService(HashService hashService) {
        this.hashService = hashService;
    }

    public HashFormat getHashFormat() {
        return this.hashFormat;
    }

    public void setHashFormat(HashFormat hashFormat) {
        this.hashFormat = hashFormat;
    }

    public HashFormatFactory getHashFormatFactory() {
        return this.hashFormatFactory;
    }

    public void setHashFormatFactory(HashFormatFactory hashFormatFactory) {
        this.hashFormatFactory = hashFormatFactory;
    }
}
