package org.apache.directory.api.ldap.model.password;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Date;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.codec.digest.Crypt;
import org.apache.directory.api.i18n.I18n;
import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
import org.apache.directory.api.util.Base64;
import org.apache.directory.api.util.DateUtils;
import org.apache.directory.api.util.Strings;

/* loaded from: input_file:WEB-INF/lib/apacheds-service-2.0.0.AM25.jar:org/apache/directory/api/ldap/model/password/PasswordUtil.class */
public final class PasswordUtil {
    public static final int SHA1_LENGTH = 20;
    public static final int SHA256_LENGTH = 32;
    public static final int SHA384_LENGTH = 48;
    public static final int SHA512_LENGTH = 64;
    public static final int MD5_LENGTH = 16;
    public static final int PKCS5S2_LENGTH = 32;
    public static final int CRYPT_LENGTH = 11;
    public static final int CRYPT_MD5_LENGTH = 22;
    public static final int CRYPT_SHA256_LENGTH = 43;
    public static final int CRYPT_SHA512_LENGTH = 86;
    public static final int CRYPT_BCRYPT_LENGTH = 31;
    private static final byte[] CRYPT_SALT_CHARS = Strings.getBytesUtf8("./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");

    private PasswordUtil() {
    }

    public static LdapSecurityConstants findAlgorithm(byte[] bArr) {
        if (bArr == null || bArr.length == 0 || bArr[0] != 123) {
            return null;
        }
        int i = 1;
        while (i < bArr.length && bArr[i] != 125) {
            i++;
        }
        if (i >= bArr.length || i == 1) {
            return null;
        }
        String lowerCaseAscii = Strings.toLowerCaseAscii(Strings.utf8ToString(bArr, 1, i - 1));
        if (bArr.length > i + 3 && bArr[i + 1] == 36 && Character.isDigit(bArr[i + 2])) {
            if (bArr[i + 3] == 36) {
                lowerCaseAscii = lowerCaseAscii + Strings.utf8ToString(bArr, i + 1, 3);
            } else if (bArr.length > i + 4 && bArr[i + 4] == 36) {
                lowerCaseAscii = lowerCaseAscii + Strings.utf8ToString(bArr, i + 1, 4);
            }
        }
        return LdapSecurityConstants.getAlgorithm(lowerCaseAscii);
    }

    public static byte[] createStoragePassword(String str, LdapSecurityConstants ldapSecurityConstants) {
        return createStoragePassword(Strings.getBytesUtf8(str), ldapSecurityConstants);
    }

    public static byte[] createStoragePassword(byte[] bArr, LdapSecurityConstants ldapSecurityConstants) {
        byte[] bArr2;
        if (ldapSecurityConstants == null) {
            return bArr;
        }
        switch (ldapSecurityConstants) {
            case HASH_METHOD_SSHA:
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SMD5:
                bArr2 = new byte[8];
                new SecureRandom().nextBytes(bArr2);
                break;
            case HASH_METHOD_PKCS5S2:
                bArr2 = new byte[16];
                new SecureRandom().nextBytes(bArr2);
                break;
            case HASH_METHOD_CRYPT:
                bArr2 = generateCryptSalt(2);
                break;
            case HASH_METHOD_CRYPT_MD5:
            case HASH_METHOD_CRYPT_SHA256:
            case HASH_METHOD_CRYPT_SHA512:
                bArr2 = generateCryptSalt(8);
                break;
            case HASH_METHOD_CRYPT_BCRYPT:
                bArr2 = Strings.getBytesUtf8(BCrypt.genSalt());
                break;
            default:
                bArr2 = null;
                break;
        }
        byte[] encryptPassword = encryptPassword(bArr, ldapSecurityConstants, bArr2);
        StringBuilder sb = new StringBuilder();
        sb.append('{').append(Strings.upperCase(ldapSecurityConstants.getPrefix())).append('}');
        if (ldapSecurityConstants == LdapSecurityConstants.HASH_METHOD_CRYPT || ldapSecurityConstants == LdapSecurityConstants.HASH_METHOD_CRYPT_BCRYPT) {
            sb.append(Strings.utf8ToString(bArr2));
            sb.append(Strings.utf8ToString(encryptPassword));
        } else if (ldapSecurityConstants == LdapSecurityConstants.HASH_METHOD_CRYPT_MD5 || ldapSecurityConstants == LdapSecurityConstants.HASH_METHOD_CRYPT_SHA256 || ldapSecurityConstants == LdapSecurityConstants.HASH_METHOD_CRYPT_SHA512) {
            sb.append(ldapSecurityConstants.getSubPrefix());
            sb.append(Strings.utf8ToString(bArr2));
            sb.append('$');
            sb.append(Strings.utf8ToString(encryptPassword));
        } else if (bArr2 != null) {
            byte[] bArr3 = new byte[encryptPassword.length + bArr2.length];
            if (ldapSecurityConstants == LdapSecurityConstants.HASH_METHOD_PKCS5S2) {
                merge(bArr3, bArr2, encryptPassword);
            } else {
                merge(bArr3, encryptPassword, bArr2);
            }
            sb.append(String.valueOf(Base64.encode(bArr3)));
        } else {
            sb.append(String.valueOf(Base64.encode(encryptPassword)));
        }
        return Strings.getBytesUtf8(sb.toString());
    }

    public static boolean compareCredentials(byte[] bArr, byte[] bArr2) {
        if (findAlgorithm(bArr2) == null) {
            return compareBytes(bArr, bArr2);
        }
        PasswordDetails splitCredentials = splitCredentials(bArr2);
        return compareBytes(encryptPassword(bArr, splitCredentials.getAlgorithm(), splitCredentials.getSalt()), splitCredentials.getPassword());
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static boolean compareBytes(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null) {
            return bArr == null;
        }
        if (bArr == null || bArr2.length != bArr.length) {
            return false;
        }
        Object[] objArr = false;
        for (int i = 0; i < bArr2.length; i++) {
            objArr = (objArr == true ? 1 : 0) | (bArr2[i] ^ bArr[i]) ? 1 : 0;
        }
        return objArr == false;
    }

    private static byte[] encryptPassword(byte[] bArr, LdapSecurityConstants ldapSecurityConstants, byte[] bArr2) {
        switch (ldapSecurityConstants) {
            case HASH_METHOD_SSHA:
            case HASH_METHOD_SHA:
                return digest(LdapSecurityConstants.HASH_METHOD_SHA, bArr, bArr2);
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SHA256:
                return digest(LdapSecurityConstants.HASH_METHOD_SHA256, bArr, bArr2);
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SHA384:
                return digest(LdapSecurityConstants.HASH_METHOD_SHA384, bArr, bArr2);
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SHA512:
                return digest(LdapSecurityConstants.HASH_METHOD_SHA512, bArr, bArr2);
            case HASH_METHOD_SMD5:
            case HASH_METHOD_MD5:
                return digest(LdapSecurityConstants.HASH_METHOD_MD5, bArr, bArr2);
            case HASH_METHOD_PKCS5S2:
                return generatePbkdf2Hash(bArr, ldapSecurityConstants, bArr2);
            case HASH_METHOD_CRYPT:
                return Strings.getBytesUtf8(Crypt.crypt(Strings.utf8ToString(bArr), Strings.utf8ToString(bArr2)).substring(2));
            case HASH_METHOD_CRYPT_MD5:
            case HASH_METHOD_CRYPT_SHA256:
            case HASH_METHOD_CRYPT_SHA512:
                String crypt = Crypt.crypt(Strings.utf8ToString(bArr), ldapSecurityConstants.getSubPrefix() + Strings.utf8ToString(bArr2));
                return Strings.getBytesUtf8(crypt.substring(crypt.lastIndexOf(36) + 1));
            case HASH_METHOD_CRYPT_BCRYPT:
                String hashPw = BCrypt.hashPw(Strings.utf8ToString(bArr), Strings.utf8ToString(bArr2));
                return Strings.getBytesUtf8(hashPw.substring(hashPw.length() - 31));
            default:
                return bArr;
        }
    }

    private static byte[] digest(LdapSecurityConstants ldapSecurityConstants, byte[] bArr, byte[] bArr2) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(ldapSecurityConstants.getAlgorithm());
            if (bArr2 == null) {
                return messageDigest.digest(bArr);
            }
            messageDigest.update(bArr);
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    public static PasswordDetails splitCredentials(byte[] bArr) {
        LdapSecurityConstants findAlgorithm = findAlgorithm(bArr);
        if (findAlgorithm == null) {
            return new PasswordDetails(null, null, bArr);
        }
        int length = findAlgorithm.getPrefix().length() + 2;
        switch (findAlgorithm) {
            case HASH_METHOD_SSHA:
            case HASH_METHOD_SHA:
                return getCredentials(bArr, length, 20, findAlgorithm);
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SHA256:
                return getCredentials(bArr, length, 32, findAlgorithm);
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SHA384:
                return getCredentials(bArr, length, 48, findAlgorithm);
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SHA512:
                return getCredentials(bArr, length, 64, findAlgorithm);
            case HASH_METHOD_SMD5:
            case HASH_METHOD_MD5:
                return getCredentials(bArr, length, 16, findAlgorithm);
            case HASH_METHOD_PKCS5S2:
                return getPbkdf2Credentials(bArr, length, findAlgorithm);
            case HASH_METHOD_CRYPT:
                byte[] bArr2 = new byte[2];
                byte[] bArr3 = new byte[(bArr.length - bArr2.length) - length];
                split(bArr, length, bArr2, bArr3);
                return new PasswordDetails(findAlgorithm, bArr2, bArr3);
            case HASH_METHOD_CRYPT_MD5:
            case HASH_METHOD_CRYPT_SHA256:
            case HASH_METHOD_CRYPT_SHA512:
                return getCryptCredentials(bArr, length + 3, findAlgorithm);
            case HASH_METHOD_CRYPT_BCRYPT:
                return new PasswordDetails(findAlgorithm, Arrays.copyOfRange(bArr, length, bArr.length - 31), Arrays.copyOfRange(bArr, bArr.length - 31, bArr.length));
            default:
                throw new IllegalArgumentException(I18n.err(I18n.ERR_13010_UNKNOWN_HASH_ALGO, findAlgorithm));
        }
    }

    private static PasswordDetails getCredentials(byte[] bArr, int i, int i2, LdapSecurityConstants ldapSecurityConstants) {
        byte[] decode = Base64.decode(Strings.utf8ToString(bArr, i, bArr.length - i).toCharArray());
        int length = decode.length - i2;
        byte[] bArr2 = length == 0 ? null : new byte[length];
        byte[] bArr3 = new byte[i2];
        split(decode, 0, bArr3, bArr2);
        return new PasswordDetails(ldapSecurityConstants, bArr2, bArr3);
    }

    private static void split(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
        if (bArr3 != null) {
            System.arraycopy(bArr, i + bArr2.length, bArr3, 0, bArr3.length);
        }
    }

    private static void merge(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        System.arraycopy(bArr2, 0, bArr, 0, bArr2.length);
        System.arraycopy(bArr3, 0, bArr, bArr2.length, bArr3.length);
    }

    public static boolean isPwdExpired(String str, int i) {
        Date date = DateUtils.getDate(DateUtils.getGeneralizedTime((i * 1000) + DateUtils.getDate(str).getTime()));
        Date date2 = DateUtils.getDate(DateUtils.getGeneralizedTime());
        boolean z = false;
        if (date.equals(date2) || date.before(date2)) {
            z = true;
        }
        return z;
    }

    private static byte[] generatePbkdf2Hash(byte[] bArr, LdapSecurityConstants ldapSecurityConstants, byte[] bArr2) {
        try {
            return SecretKeyFactory.getInstance(ldapSecurityConstants.getAlgorithm()).generateSecret(new PBEKeySpec(Strings.utf8ToString(bArr).toCharArray(), bArr2, 10000, 256)).getEncoded();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static PasswordDetails getPbkdf2Credentials(byte[] bArr, int i, LdapSecurityConstants ldapSecurityConstants) {
        byte[] decode = Base64.decode(Strings.utf8ToString(bArr, i, bArr.length - i).toCharArray());
        byte[] bArr2 = new byte[decode.length - 32];
        byte[] bArr3 = new byte[32];
        split(decode, 0, bArr2, bArr3);
        return new PasswordDetails(ldapSecurityConstants, bArr2, bArr3);
    }

    private static byte[] generateCryptSalt(int i) {
        byte[] bArr = new byte[i];
        SecureRandom secureRandom = new SecureRandom();
        for (int i2 = 0; i2 < bArr.length; i2++) {
            bArr[i2] = CRYPT_SALT_CHARS[secureRandom.nextInt(CRYPT_SALT_CHARS.length)];
        }
        return bArr;
    }

    private static PasswordDetails getCryptCredentials(byte[] bArr, int i, LdapSecurityConstants ldapSecurityConstants) {
        int i2 = i;
        while (i2 < bArr.length && bArr[i2] != 36) {
            i2++;
        }
        return new PasswordDetails(ldapSecurityConstants, Arrays.copyOfRange(bArr, i, i2), Arrays.copyOfRange(bArr, i2 + 1, bArr.length));
    }
}
