package org.apache.accumulo.server.security.handler;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.Scheduler;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.data.InstanceId;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.accumulo.core.security.NamespacePermission;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.commons.codec.digest.Crypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/server/security/handler/ZKSecurityTool.class */
class ZKSecurityTool {
    private static final int SALT_LENGTH = 8;
    private static final String PW_HASH_ALGORITHM_OUTDATED = "SHA-256";
    private static final Logger log = LoggerFactory.getLogger(ZKSecurityTool.class);
    private static final SecureRandom random = new SecureRandom();
    private static final Cache<ByteBuffer, String> CRYPT_PASSWORD_CACHE = Caffeine.newBuilder().scheduler(Scheduler.systemScheduler()).expireAfterAccess(Duration.ofMinutes(1)).initialCapacity(4).maximumSize(64).build();

    ZKSecurityTool() {
    }

    private static byte[] generateSalt() {
        byte[] bArr = new byte[8];
        random.nextBytes(bArr);
        return bArr;
    }

    @Deprecated(since = "2.1.0")
    static byte[] createOutdatedPass(byte[] bArr) throws AccumuloException {
        try {
            return convertPass(bArr, generateSalt());
        } catch (NoSuchAlgorithmException e) {
            log.error("Count not create hashed password", e);
            throw new AccumuloException("Count not create hashed password", e);
        }
    }

    private static byte[] hash(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(PW_HASH_ALGORITHM_OUTDATED);
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Deprecated(since = "2.1.0")
    public static boolean checkPass(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null) {
            return false;
        }
        byte[] bArr3 = new byte[8];
        System.arraycopy(bArr2, 0, bArr3, 0, 8);
        try {
            return MessageDigest.isEqual(convertPass(bArr, bArr3), bArr2);
        } catch (NoSuchAlgorithmException e) {
            log.error("Count not create hashed password", e);
            return false;
        }
    }

    private static byte[] convertPass(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException {
        byte[] bArr3 = new byte[bArr.length + 8];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, 8);
        byte[] hash = hash(bArr3);
        byte[] bArr4 = new byte[8 + hash.length];
        System.arraycopy(bArr2, 0, bArr4, 0, 8);
        System.arraycopy(hash, 0, bArr4, 8, hash.length);
        return bArr4;
    }

    public static byte[] createPass(byte[] bArr) throws AccumuloException {
        return Crypt.crypt(bArr).getBytes(StandardCharsets.UTF_8);
    }

    public static boolean checkCryptPass(byte[] bArr, byte[] bArr2) {
        ByteBuffer allocate = ByteBuffer.allocate(bArr.length + bArr2.length);
        allocate.put(bArr);
        allocate.put(bArr2);
        String str = (String) CRYPT_PASSWORD_CACHE.getIfPresent(allocate);
        if (str != null) {
            if (MessageDigest.isEqual(bArr2, str.getBytes(StandardCharsets.UTF_8))) {
                return true;
            }
            CRYPT_PASSWORD_CACHE.invalidate(allocate);
        }
        try {
            String crypt = Crypt.crypt(bArr, new String(bArr2, StandardCharsets.UTF_8));
            boolean isEqual = MessageDigest.isEqual(bArr2, crypt.getBytes(StandardCharsets.UTF_8));
            if (isEqual) {
                CRYPT_PASSWORD_CACHE.put(allocate, crypt);
            }
            return isEqual;
        } catch (IllegalArgumentException e) {
            log.error("Unrecognized hash format", e);
            return false;
        }
    }

    public static Authorizations convertAuthorizations(byte[] bArr) {
        return new Authorizations(bArr);
    }

    public static byte[] convertAuthorizations(Authorizations authorizations) {
        return authorizations.getAuthorizationsArray();
    }

    public static byte[] convertSystemPermissions(Set<SystemPermission> set) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(set.size());
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            Iterator<SystemPermission> it = set.iterator();
            while (it.hasNext()) {
                dataOutputStream.writeByte(it.next().getId());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            log.error("{}", e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    public static Set<SystemPermission> convertSystemPermissions(byte[] bArr) {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
        HashSet hashSet = new HashSet();
        while (dataInputStream.available() > 0) {
            try {
                hashSet.add(SystemPermission.getPermissionById(dataInputStream.readByte()));
            } catch (IOException e) {
                log.error("User database is corrupt; error converting system permissions", e);
                hashSet.clear();
            }
        }
        return hashSet;
    }

    public static byte[] convertTablePermissions(Set<TablePermission> set) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(set.size());
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            Iterator<TablePermission> it = set.iterator();
            while (it.hasNext()) {
                dataOutputStream.writeByte(it.next().getId());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            log.error("{}", e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    public static Set<TablePermission> convertTablePermissions(byte[] bArr) {
        HashSet hashSet = new HashSet();
        for (byte b : bArr) {
            hashSet.add(TablePermission.getPermissionById(b));
        }
        return hashSet;
    }

    public static byte[] convertNamespacePermissions(Set<NamespacePermission> set) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(set.size());
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            Iterator<NamespacePermission> it = set.iterator();
            while (it.hasNext()) {
                dataOutputStream.writeByte(it.next().getId());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            log.error("{}", e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    public static Set<NamespacePermission> convertNamespacePermissions(byte[] bArr) {
        HashSet hashSet = new HashSet();
        for (byte b : bArr) {
            hashSet.add(NamespacePermission.getPermissionById(b));
        }
        return hashSet;
    }

    public static String getInstancePath(InstanceId instanceId) {
        return "/accumulo/" + instanceId;
    }

    public static boolean isOutdatedPass(byte[] bArr) {
        return bArr.length == 40;
    }
}
