package org.apache.jackrabbit.core.security.authentication;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import org.apache.derby.iapi.sql.compile.TypeCompiler;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/jackrabbit-core-2.3.0.jar:org/apache/jackrabbit/core/security/authentication/CryptedSimpleCredentials.class */
public class CryptedSimpleCredentials implements Credentials {
    private static final Logger log = LoggerFactory.getLogger(CryptedSimpleCredentials.class);
    private final String algorithm;
    private final String salt;
    private final String hashedPassword;
    private final String userId;
    private final Map<String, Object> attributes;

    public CryptedSimpleCredentials(SimpleCredentials simpleCredentials) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        this.userId = simpleCredentials.getUserID();
        if (this.userId == null || this.userId.length() == 0) {
            throw new IllegalArgumentException();
        }
        char[] password = simpleCredentials.getPassword();
        if (password == null) {
            throw new IllegalArgumentException();
        }
        String str = new String(password);
        this.algorithm = SecurityConstants.DEFAULT_DIGEST;
        this.salt = null;
        this.hashedPassword = generateHash(str, this.algorithm, this.salt);
        String[] attributeNames = simpleCredentials.getAttributeNames();
        this.attributes = new HashMap(attributeNames.length);
        for (String str2 : attributeNames) {
            this.attributes.put(str2, simpleCredentials.getAttribute(str2));
        }
    }

    public CryptedSimpleCredentials(String str, String str2) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Invalid userID: The userID must have a length > 0.");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Password may not be null.");
        }
        this.userId = str;
        String extractAlgorithm = extractAlgorithm(str2);
        if (extractAlgorithm == null) {
            log.debug("Plain text password -> Using sha1 to create digest.");
            this.algorithm = SecurityConstants.DEFAULT_DIGEST;
            this.salt = generateSalt();
            this.hashedPassword = generateHash(str2, this.algorithm, this.salt);
        } else {
            this.algorithm = extractAlgorithm;
            this.salt = extractSalt(str2, this.algorithm);
            this.hashedPassword = str2;
        }
        this.attributes = Collections.emptyMap();
    }

    public String getUserID() {
        return this.userId;
    }

    public Object getAttribute(String str) {
        return this.attributes.get(str);
    }

    public String[] getAttributeNames() {
        return (String[]) this.attributes.keySet().toArray(new String[this.attributes.size()]);
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public String getPassword() {
        return this.hashedPassword;
    }

    public boolean matches(SimpleCredentials simpleCredentials) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        if (getUserID().equalsIgnoreCase(simpleCredentials.getUserID())) {
            return this.hashedPassword.equals(generateHash(String.valueOf(simpleCredentials.getPassword()), this.algorithm, this.salt));
        }
        return false;
    }

    private static String generateHash(String str, String str2, String str3) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        sb.append("{").append(str2).append("}");
        if (str3 == null || str3.length() <= 0) {
            sb.append(Text.digest(str2, str.getBytes("UTF-8")));
        } else {
            sb.append(str3).append(TypeCompiler.MINUS_OP);
            StringBuilder sb2 = new StringBuilder();
            sb2.append(str3).append(str);
            sb.append(Text.digest(str2, sb2.toString().getBytes("UTF-8")));
        }
        return sb.toString();
    }

    private static String extractAlgorithm(String str) {
        int indexOf = str.indexOf(125);
        if (!str.startsWith("{") || indexOf <= 0) {
            return null;
        }
        String substring = str.substring(1, indexOf);
        try {
            MessageDigest.getInstance(substring);
            return substring;
        } catch (NoSuchAlgorithmException e) {
            log.debug("Invalid algorithm detected " + substring);
            return null;
        }
    }

    private static String extractSalt(String str, String str2) {
        int length = str2.length() + 2;
        int indexOf = str.indexOf(45, length);
        if (indexOf > -1) {
            return str.substring(length, indexOf);
        }
        return null;
    }

    private static String generateSalt() {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (byte b : bArr) {
            stringBuffer.append(Text.hexTable[(b >> 4) & 15]);
            stringBuffer.append(Text.hexTable[b & 15]);
        }
        return stringBuffer.toString();
    }
}
