package org.springframework.security.crypto.password;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import org.springframework.security.crypto.keygen.KeyGenerators;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/spring-security-crypto-4.2.8.RELEASE.jar:org/springframework/security/crypto/password/LdapShaPasswordEncoder.class
 */
@Deprecated
/* loaded from: input_file:WEB-INF/lib/spring-security-core-4.2.8.RELEASE.jar:org/springframework/security/crypto/password/LdapShaPasswordEncoder.class */
public class LdapShaPasswordEncoder implements PasswordEncoder {
    private static final int SHA_LENGTH = 20;
    private static final String SSHA_PREFIX = "{SSHA}";
    private static final String SSHA_PREFIX_LC = SSHA_PREFIX.toLowerCase();
    private static final String SHA_PREFIX = "{SHA}";
    private static final String SHA_PREFIX_LC = SHA_PREFIX.toLowerCase();
    private BytesKeyGenerator saltGenerator;
    private boolean forceLowerCasePrefix;

    public LdapShaPasswordEncoder() {
        this(KeyGenerators.secureRandom());
    }

    public LdapShaPasswordEncoder(BytesKeyGenerator bytesKeyGenerator) {
        if (bytesKeyGenerator == null) {
            throw new IllegalArgumentException("saltGenerator cannot be null");
        }
        this.saltGenerator = bytesKeyGenerator;
    }

    private byte[] combineHashAndSalt(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null) {
            return bArr;
        }
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    @Override // org.springframework.security.crypto.password.PasswordEncoder
    public String encode(CharSequence charSequence) {
        return encode(charSequence, this.saltGenerator.generateKey());
    }

    private String encode(CharSequence charSequence, byte[] bArr) {
        String str;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(Utf8.encode(charSequence));
            if (bArr != null) {
                messageDigest.update(bArr);
            }
            byte[] combineHashAndSalt = combineHashAndSalt(messageDigest.digest(), bArr);
            if (bArr == null || bArr.length == 0) {
                str = this.forceLowerCasePrefix ? SHA_PREFIX_LC : SHA_PREFIX;
            } else {
                str = this.forceLowerCasePrefix ? SSHA_PREFIX_LC : SSHA_PREFIX;
            }
            return str + Utf8.decode(Base64.encode(combineHashAndSalt));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No SHA implementation available!");
        }
    }

    private byte[] extractSalt(String str) {
        byte[] decode = Base64.decode(str.substring(6).getBytes());
        int length = decode.length - 20;
        byte[] bArr = new byte[length];
        System.arraycopy(decode, 20, bArr, 0, length);
        return bArr;
    }

    @Override // org.springframework.security.crypto.password.PasswordEncoder
    public boolean matches(CharSequence charSequence, String str) {
        return matches(charSequence == null ? null : charSequence.toString(), str);
    }

    private boolean matches(String str, String str2) {
        byte[] extractSalt;
        String extractPrefix = extractPrefix(str2);
        if (extractPrefix == null) {
            return PasswordEncoderUtils.equals(str2, str);
        }
        if (extractPrefix.equals(SSHA_PREFIX) || extractPrefix.equals(SSHA_PREFIX_LC)) {
            extractSalt = extractSalt(str2);
        } else {
            if (!extractPrefix.equals(SHA_PREFIX) && !extractPrefix.equals(SHA_PREFIX_LC)) {
                throw new IllegalArgumentException("Unsupported password prefix '" + extractPrefix + "'");
            }
            extractSalt = null;
        }
        int length = extractPrefix.length();
        return PasswordEncoderUtils.equals(encode(str, extractSalt).substring(length), str2.substring(length));
    }

    private String extractPrefix(String str) {
        if (!str.startsWith("{")) {
            return null;
        }
        int lastIndexOf = str.lastIndexOf(125);
        if (lastIndexOf < 0) {
            throw new IllegalArgumentException("Couldn't find closing brace for SHA prefix");
        }
        return str.substring(0, lastIndexOf + 1);
    }

    public void setForceLowerCasePrefix(boolean z) {
        this.forceLowerCasePrefix = z;
    }
}
