package fathom.realm;

import com.google.common.base.Strings;
import fathom.authc.AuthenticationToken;
import fathom.authc.StandardCredentials;
import fathom.utils.CryptoUtil;
import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:fathom-security-0.8.4.jar:fathom/realm/StandardCredentialsRealm.class */
public abstract class StandardCredentialsRealm implements Realm {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) StandardCredentialsRealm.class);

    public String toString() {
        return getRealmName();
    }

    @Override // fathom.realm.Realm
    public boolean canAuthenticate(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof StandardCredentials;
    }

    public abstract Account authenticate(String str, String str2);

    @Override // fathom.realm.Realm
    public Account authenticate(AuthenticationToken authenticationToken) {
        if (!(authenticationToken instanceof StandardCredentials)) {
            return null;
        }
        StandardCredentials standardCredentials = (StandardCredentials) authenticationToken;
        if (Strings.isNullOrEmpty(standardCredentials.getUsername()) || Strings.isNullOrEmpty(standardCredentials.getPassword())) {
            return null;
        }
        return authenticate(standardCredentials);
    }

    public Account authenticate(StandardCredentials standardCredentials) {
        if (!hasAccount(standardCredentials.getUsername())) {
            log.debug("Unknown account '{}' in the '{}' realm", standardCredentials.getUsername(), getRealmName());
            return null;
        }
        Account account = getAccount(standardCredentials.getUsername());
        StandardCredentials standardCredentials2 = (StandardCredentials) account.getCredentials();
        if (Strings.isNullOrEmpty(standardCredentials2.getPassword())) {
            log.debug("Account '{}' in '{}' has no password and may not be used for authentication", account.getUsername(), getRealmName());
            return null;
        }
        if (validatePassword(standardCredentials, standardCredentials2)) {
            log.debug("Authentication succeeded for '{}' against '{}'", standardCredentials.getUsername(), getRealmName());
            return account;
        }
        log.debug("Authentication failed for '{}' against '{}'", standardCredentials.getUsername(), getRealmName());
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validatePassword(StandardCredentials standardCredentials, StandardCredentials standardCredentials2) {
        String password = standardCredentials2.getPassword();
        String username = standardCredentials.getUsername();
        String password2 = standardCredentials.getPassword();
        boolean z = false;
        if (password.startsWith("{BF}")) {
            if (BCrypt.checkpw(password2, password.substring("{BF}".length()))) {
                log.trace("Blowfish hashed password matched for user '{}'", username);
                z = true;
            }
        } else if (password.startsWith("{SHA256}")) {
            if (password.substring("{SHA256}".length()).equals(CryptoUtil.getHashSHA256(password2))) {
                log.trace("Unsalted SHA-256 hashed password matched for user '{}'", username);
                z = true;
            }
        } else if (password.startsWith("{SHA1}")) {
            if (password.substring("{SHA1}".length()).equals(CryptoUtil.getHashSHA1(password2))) {
                log.trace("Unsalted SHA-1 hashed password matched for user '{}'", username);
                z = true;
            }
        } else if (password.startsWith("{MD5}")) {
            if (password.substring("{MD5}".length()).equals(CryptoUtil.getHashMD5(password2))) {
                log.trace("Unsalted MD5 hashed password matched for user '{}'", username);
                z = true;
            }
        } else if (password.startsWith("{CMD5}")) {
            if (password.substring("{CMD5}".length()).equals(CryptoUtil.getHashMD5(username + password2))) {
                log.trace("Salted MD5 hashed password matched for user '{}'", username);
                z = true;
            }
        } else if (password.equals(password2)) {
            log.trace("Clear text password matched for user '{}'", username);
            z = true;
        }
        return z;
    }
}
