package org.apache.directory.api.ldap.model.password;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Date;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
import org.apache.directory.api.util.Base64;
import org.apache.directory.api.util.DateUtils;
import org.apache.directory.api.util.Strings;
import org.apache.directory.api.util.UnixCrypt;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-2.0.0-M18.jar:org/apache/directory/api/ldap/model/password/PasswordUtil.class */
public class PasswordUtil {
    public static final int SHA1_LENGTH = 20;
    public static final int SHA256_LENGTH = 32;
    public static final int SHA384_LENGTH = 48;
    public static final int SHA512_LENGTH = 64;
    public static final int MD5_LENGTH = 16;
    public static final int PKCS5S2_LENGTH = 32;

    public static LdapSecurityConstants findAlgorithm(byte[] bArr) {
        if (bArr == null || bArr.length == 0 || bArr[0] != 123) {
            return null;
        }
        int i = 1;
        while (i < bArr.length && bArr[i] != 125) {
            i++;
        }
        if (i >= bArr.length || i == 1) {
            return null;
        }
        return LdapSecurityConstants.getAlgorithm(Strings.toLowerCase(new String(bArr, 1, i - 1)));
    }

    public static byte[] createStoragePassword(String str, LdapSecurityConstants ldapSecurityConstants) {
        return createStoragePassword(Strings.getBytesUtf8(str), ldapSecurityConstants);
    }

    public static byte[] createStoragePassword(byte[] bArr, LdapSecurityConstants ldapSecurityConstants) {
        byte[] bArr2;
        switch (ldapSecurityConstants) {
            case HASH_METHOD_SSHA:
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SMD5:
                bArr2 = new byte[8];
                new SecureRandom().nextBytes(bArr2);
                break;
            case HASH_METHOD_PKCS5S2:
                bArr2 = new byte[16];
                new SecureRandom().nextBytes(bArr2);
                break;
            case HASH_METHOD_CRYPT:
                bArr2 = new byte[2];
                SecureRandom secureRandom = new SecureRandom();
                int nextInt = secureRandom.nextInt(64);
                int nextInt2 = secureRandom.nextInt(64);
                bArr2[0] = (byte) (nextInt < 12 ? nextInt + 46 : nextInt < 38 ? (nextInt + 65) - 12 : (nextInt + 97) - 38);
                bArr2[1] = (byte) (nextInt2 < 12 ? nextInt2 + 46 : nextInt2 < 38 ? (nextInt2 + 65) - 12 : (nextInt2 + 97) - 38);
                break;
            default:
                bArr2 = null;
                break;
        }
        byte[] encryptPassword = encryptPassword(bArr, ldapSecurityConstants, bArr2);
        StringBuffer stringBuffer = new StringBuffer();
        if (ldapSecurityConstants != null) {
            stringBuffer.append('{').append(ldapSecurityConstants.getPrefix().toUpperCase()).append('}');
            if (ldapSecurityConstants == LdapSecurityConstants.HASH_METHOD_CRYPT) {
                stringBuffer.append(Strings.utf8ToString(bArr2));
                stringBuffer.append(Strings.utf8ToString(encryptPassword));
            } else if (bArr2 != null) {
                byte[] bArr3 = new byte[encryptPassword.length + bArr2.length];
                if (ldapSecurityConstants == LdapSecurityConstants.HASH_METHOD_PKCS5S2) {
                    merge(bArr3, bArr2, encryptPassword);
                } else {
                    merge(bArr3, encryptPassword, bArr2);
                }
                stringBuffer.append(String.valueOf(Base64.encode(bArr3)));
            } else {
                stringBuffer.append(String.valueOf(Base64.encode(encryptPassword)));
            }
        } else {
            stringBuffer.append(Strings.utf8ToString(encryptPassword));
        }
        return Strings.getBytesUtf8(stringBuffer.toString());
    }

    public static boolean compareCredentials(byte[] bArr, byte[] bArr2) {
        LdapSecurityConstants findAlgorithm = findAlgorithm(bArr2);
        if (findAlgorithm == null) {
            return Arrays.equals(bArr2, bArr);
        }
        EncryptionMethod encryptionMethod = new EncryptionMethod(findAlgorithm, null);
        return Arrays.equals(encryptPassword(bArr, encryptionMethod.getAlgorithm(), encryptionMethod.getSalt()), splitCredentials(bArr2, encryptionMethod));
    }

    public static byte[] encryptPassword(byte[] bArr, LdapSecurityConstants ldapSecurityConstants, byte[] bArr2) {
        switch (ldapSecurityConstants) {
            case HASH_METHOD_SSHA:
            case HASH_METHOD_SHA:
                return digest(LdapSecurityConstants.HASH_METHOD_SHA, bArr, bArr2);
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SHA256:
                return digest(LdapSecurityConstants.HASH_METHOD_SHA256, bArr, bArr2);
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SHA384:
                return digest(LdapSecurityConstants.HASH_METHOD_SHA384, bArr, bArr2);
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SHA512:
                return digest(LdapSecurityConstants.HASH_METHOD_SHA512, bArr, bArr2);
            case HASH_METHOD_SMD5:
            case HASH_METHOD_MD5:
                return digest(LdapSecurityConstants.HASH_METHOD_MD5, bArr, bArr2);
            case HASH_METHOD_PKCS5S2:
                return generatePbkdf2Hash(bArr, ldapSecurityConstants, bArr2);
            case HASH_METHOD_CRYPT:
                return Strings.getBytesUtf8(UnixCrypt.crypt(Strings.utf8ToString(bArr), Strings.utf8ToString(bArr2)).substring(2));
            default:
                return bArr;
        }
    }

    private static byte[] digest(LdapSecurityConstants ldapSecurityConstants, byte[] bArr, byte[] bArr2) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(ldapSecurityConstants.getAlgorithm());
            if (bArr2 == null) {
                return messageDigest.digest(bArr);
            }
            messageDigest.update(bArr);
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    public static byte[] splitCredentials(byte[] bArr, EncryptionMethod encryptionMethod) {
        int length = encryptionMethod.getAlgorithm().getPrefix().length() + 2;
        switch (encryptionMethod.getAlgorithm()) {
            case HASH_METHOD_SSHA:
                return getCredentials(bArr, length, 20, encryptionMethod);
            case HASH_METHOD_SSHA256:
            case HASH_METHOD_SHA256:
                return getCredentials(bArr, length, 32, encryptionMethod);
            case HASH_METHOD_SSHA384:
            case HASH_METHOD_SHA384:
                return getCredentials(bArr, length, 48, encryptionMethod);
            case HASH_METHOD_SSHA512:
            case HASH_METHOD_SHA512:
                return getCredentials(bArr, length, 64, encryptionMethod);
            case HASH_METHOD_SMD5:
                try {
                    byte[] decode = Base64.decode(new String(bArr, length, bArr.length - length, "UTF-8").toCharArray());
                    encryptionMethod.setSalt(new byte[decode.length - 16]);
                    byte[] bArr2 = new byte[16];
                    split(decode, 0, bArr2, encryptionMethod.getSalt());
                    return bArr2;
                } catch (UnsupportedEncodingException e) {
                    return bArr;
                }
            case HASH_METHOD_PKCS5S2:
                return getPbkdf2Credentials(bArr, length, encryptionMethod);
            case HASH_METHOD_CRYPT:
                encryptionMethod.setSalt(new byte[2]);
                byte[] bArr3 = new byte[(bArr.length - encryptionMethod.getSalt().length) - length];
                split(bArr, length, encryptionMethod.getSalt(), bArr3);
                return bArr3;
            case HASH_METHOD_SHA:
            case HASH_METHOD_MD5:
                try {
                    return Base64.decode(new String(bArr, length, bArr.length - length, "UTF-8").toCharArray());
                } catch (UnsupportedEncodingException e2) {
                    return bArr;
                }
            default:
                return bArr;
        }
    }

    private static byte[] getCredentials(byte[] bArr, int i, int i2, EncryptionMethod encryptionMethod) {
        try {
            byte[] decode = Base64.decode(new String(bArr, i, bArr.length - i, "UTF-8").toCharArray());
            encryptionMethod.setSalt(new byte[decode.length - i2]);
            byte[] bArr2 = new byte[i2];
            split(decode, 0, bArr2, encryptionMethod.getSalt());
            return bArr2;
        } catch (UnsupportedEncodingException e) {
            return bArr;
        }
    }

    private static void split(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
        System.arraycopy(bArr, i + bArr2.length, bArr3, 0, bArr3.length);
    }

    private static void merge(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        System.arraycopy(bArr2, 0, bArr, 0, bArr2.length);
        System.arraycopy(bArr3, 0, bArr, bArr2.length, bArr3.length);
    }

    public static boolean isPwdExpired(String str, int i) {
        Date date = DateUtils.getDate(DateUtils.getGeneralizedTime((i * 1000) + DateUtils.getDate(str).getTime()));
        Date date2 = DateUtils.getDate(DateUtils.getGeneralizedTime());
        boolean z = false;
        if (date.equals(date2) || date.before(date2)) {
            z = true;
        }
        return z;
    }

    private static byte[] generatePbkdf2Hash(byte[] bArr, LdapSecurityConstants ldapSecurityConstants, byte[] bArr2) {
        try {
            return SecretKeyFactory.getInstance(ldapSecurityConstants.getAlgorithm()).generateSecret(new PBEKeySpec(Strings.utf8ToString(bArr).toCharArray(), bArr2, 10000, 256)).getEncoded();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] getPbkdf2Credentials(byte[] bArr, int i, EncryptionMethod encryptionMethod) {
        try {
            byte[] decode = Base64.decode(new String(bArr, i, bArr.length - i, "UTF-8").toCharArray());
            encryptionMethod.setSalt(new byte[decode.length - 32]);
            byte[] bArr2 = new byte[32];
            split(decode, 0, encryptionMethod.getSalt(), bArr2);
            return bArr2;
        } catch (UnsupportedEncodingException e) {
            return bArr;
        }
    }
}
