package org.wildfly.security.auth.realm.ldap;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import org.bouncycastle.asn1.eac.EACTags;
import org.wildfly.common.Assert;
import org.wildfly.common.bytes.ByteStringBuilder;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword;
import org.wildfly.security.password.interfaces.SimpleDigestPassword;
import org.wildfly.security.password.interfaces.UnixDESCryptPassword;
import org.wildfly.security.password.util.ModularCrypt;
import org.wildfly.security.util._private.Arrays2;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/realm/ldap/UserPasswordPasswordUtil.class */
class UserPasswordPasswordUtil {
    private UserPasswordPasswordUtil() {
    }

    public static Password parseUserPassword(byte[] bArr) throws InvalidKeySpecException {
        Assert.checkNotNullParam("userPassword", bArr);
        if (bArr.length == 0) {
            throw ElytronMessages.log.emptyParameter("userPassword");
        }
        if (prefixEqual(0, new byte[]{123, 83, 72, 65}, bArr)) {
            if (prefixEqual(4, new byte[]{125}, bArr)) {
                return createSimpleDigestPassword(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1, 5, bArr);
            }
            if (prefixEqual(4, new byte[]{50, 53, 54, 125}, bArr)) {
                return createSimpleDigestPassword(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256, 8, bArr);
            }
            if (prefixEqual(4, new byte[]{51, 56, 52, 125}, bArr)) {
                return createSimpleDigestPassword(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384, 8, bArr);
            }
            if (prefixEqual(4, new byte[]{53, 49, 50, 125}, bArr)) {
                return createSimpleDigestPassword(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512, 8, bArr);
            }
        }
        if (prefixEqual(0, new byte[]{123, 83, 83, 72, 65}, bArr)) {
            if (prefixEqual(5, new byte[]{125}, bArr)) {
                return createSaltedSimpleDigestPassword(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1, 6, bArr);
            }
            if (prefixEqual(5, new byte[]{50, 53, 54, 125}, bArr)) {
                return createSaltedSimpleDigestPassword(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256, 9, bArr);
            }
            if (prefixEqual(5, new byte[]{51, 56, 52, 125}, bArr)) {
                return createSaltedSimpleDigestPassword(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384, 9, bArr);
            }
            if (prefixEqual(5, new byte[]{53, 49, 50, 125}, bArr)) {
                return createSaltedSimpleDigestPassword(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512, 9, bArr);
            }
        }
        if (prefixEqual(0, new byte[]{123, 67, 82, 89, 80, 84, 125}, bArr)) {
            return bArr[7] == 95 ? createBsdCryptBasedPassword(bArr) : createCryptBasedPassword(bArr);
        }
        if (prefixEqual(0, new byte[]{123, 77, 68, 53, 125}, bArr)) {
            return createSimpleDigestPassword(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5, 5, bArr);
        }
        if (prefixEqual(0, new byte[]{123, 83, 77, 68, 53, 125}, bArr)) {
            return createSaltedSimpleDigestPassword(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5, 6, bArr);
        }
        if (prefixEqual(0, new byte[]{123, 67, 76, 69, 65, 82, 125}, bArr)) {
            return createClearPassword(7, bArr);
        }
        if (bArr[0] != 123 || Arrays2.indexOf(bArr, EACTags.SECURE_MESSAGING_TEMPLATE) <= 0) {
            return createClearPassword(0, bArr);
        }
        throw ElytronMessages.log.unknownLdapPasswordScheme();
    }

    private static byte upper(byte b) {
        return (byte) ((b < 97 || b > 122) ? b : (b - 97) + 65);
    }

    private static boolean prefixEqual(int i, byte[] bArr, byte[] bArr2) {
        if (i + bArr.length > bArr2.length) {
            return false;
        }
        for (int i2 = 0; i2 < bArr.length; i2++) {
            if (upper(bArr2[i2 + i]) != bArr[i2]) {
                return false;
            }
        }
        return true;
    }

    private static Password createClearPassword(int i, byte[] bArr) {
        if (i != 0) {
            bArr = Arrays.copyOfRange(bArr, i, bArr.length);
        }
        return ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, new String(bArr, StandardCharsets.UTF_8).toCharArray());
    }

    private static Password createSimpleDigestPassword(String str, int i, byte[] bArr) throws InvalidKeySpecException {
        return SimpleDigestPassword.createRaw(str, CodePointIterator.ofUtf8Bytes(bArr, i, bArr.length - i).base64Decode().drain());
    }

    private static Password createSaltedSimpleDigestPassword(String str, int i, byte[] bArr) throws InvalidKeySpecException {
        byte[] drain = CodePointIterator.ofUtf8Bytes(bArr, i, bArr.length - i).base64Decode().drain();
        int expectedDigestLengthBytes = expectedDigestLengthBytes(str);
        int length = drain.length - expectedDigestLengthBytes;
        if (length < 1) {
            throw ElytronMessages.log.insufficientDataToFormDigestAndSalt();
        }
        byte[] bArr2 = new byte[expectedDigestLengthBytes];
        byte[] bArr3 = new byte[length];
        System.arraycopy(drain, 0, bArr2, 0, expectedDigestLengthBytes);
        System.arraycopy(drain, expectedDigestLengthBytes, bArr3, 0, length);
        return SaltedSimpleDigestPassword.createRaw(str, bArr2, bArr3);
    }

    private static Password createCryptBasedPassword(byte[] bArr) throws InvalidKeySpecException {
        if (bArr.length != 20) {
            throw ElytronMessages.log.insufficientDataToFormDigestAndSalt();
        }
        int decode = ModularCrypt.MOD_CRYPT.decode(bArr[7] & 255);
        int decode2 = ModularCrypt.MOD_CRYPT.decode(bArr[8] & 255);
        if (decode == -1 || decode2 == -1) {
            throw ElytronMessages.log.invalidSalt((char) decode, (char) decode2);
        }
        return UnixDESCryptPassword.createRaw(UnixDESCryptPassword.ALGORITHM_CRYPT_DES, (short) (decode | (decode2 << 6)), CodePointIterator.ofUtf8Bytes(bArr, 9, 11).base64Decode(ModularCrypt.MOD_CRYPT, false).drain());
    }

    private static Password createBsdCryptBasedPassword(byte[] bArr) throws InvalidKeySpecException {
        if (bArr.length != 27) {
            throw ElytronMessages.log.insufficientDataToFormDigestAndSalt();
        }
        int decode = ModularCrypt.MOD_CRYPT.decode(bArr[8] & 255);
        int decode2 = ModularCrypt.MOD_CRYPT.decode(bArr[9] & 255);
        int decode3 = ModularCrypt.MOD_CRYPT.decode(bArr[10] & 255);
        int decode4 = ModularCrypt.MOD_CRYPT.decode(bArr[11] & 255);
        if (decode == -1 || decode2 == -1 || decode3 == -1 || decode4 == -1) {
            throw ElytronMessages.log.invalidRounds((char) decode, (char) decode2, (char) decode3, (char) decode4);
        }
        int i = decode | (decode2 << 6) | (decode3 << 12) | (decode4 << 18);
        int decode5 = ModularCrypt.MOD_CRYPT.decode(bArr[12] & 255);
        int decode6 = ModularCrypt.MOD_CRYPT.decode(bArr[13] & 255);
        int decode7 = ModularCrypt.MOD_CRYPT.decode(bArr[14] & 255);
        int decode8 = ModularCrypt.MOD_CRYPT.decode(bArr[15] & 255);
        if (decode5 == -1 || decode6 == -1 || decode7 == -1 || decode8 == -1) {
            throw ElytronMessages.log.invalidSalt((char) decode5, (char) decode6, (char) decode7, (char) decode8);
        }
        return BSDUnixDESCryptPassword.createRaw(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES, CodePointIterator.ofUtf8Bytes(bArr, 16, 11).base64Decode(ModularCrypt.MOD_CRYPT, false).drain(), decode5 | (decode6 << 6) | (decode7 << 12) | (decode8 << 18), i);
    }

    private static int expectedDigestLengthBytes(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1701396786:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256)) {
                    z = 2;
                    break;
                }
                break;
            case -1701395734:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384)) {
                    z = 3;
                    break;
                }
                break;
            case -1701394031:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512)) {
                    z = 4;
                    break;
                }
                break;
            case -338914150:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5)) {
                    z = false;
                    break;
                }
                break;
            case 726720364:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return 16;
            case true:
                return 20;
            case true:
                return 32;
            case true:
                return 48;
            case true:
                return 64;
            default:
                throw ElytronMessages.log.unrecognizedAlgorithm(str);
        }
    }

    public static byte[] composeUserPassword(Password password) throws IOException {
        String algorithm = password.getAlgorithm();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 109, 100, 53, 125});
            byteArrayOutputStream.write(ByteIterator.ofBytes(((SimpleDigestPassword) password).getDigest()).base64Encode().asUtf8().drain());
        } else if (SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 104, 97, 125});
            byteArrayOutputStream.write(ByteIterator.ofBytes(((SimpleDigestPassword) password).getDigest()).base64Encode().asUtf8().drain());
        } else if (SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 104, 97, 50, 53, 54, 125});
            byteArrayOutputStream.write(ByteIterator.ofBytes(((SimpleDigestPassword) password).getDigest()).base64Encode().asUtf8().drain());
        } else if (SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 104, 97, 51, 56, 52, 125});
            byteArrayOutputStream.write(ByteIterator.ofBytes(((SimpleDigestPassword) password).getDigest()).base64Encode().asUtf8().drain());
        } else if (SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 104, 97, 53, 49, 50, 125});
            byteArrayOutputStream.write(ByteIterator.ofBytes(((SimpleDigestPassword) password).getDigest()).base64Encode().asUtf8().drain());
        } else if (SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 109, 100, 53, 125});
            byteArrayOutputStream.write(composeDigestSalt((SaltedSimpleDigestPassword) password));
        } else if (SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 115, 104, 97, 125});
            byteArrayOutputStream.write(composeDigestSalt((SaltedSimpleDigestPassword) password));
        } else if (SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 115, 104, 97, 50, 53, 54, 125});
            byteArrayOutputStream.write(composeDigestSalt((SaltedSimpleDigestPassword) password));
        } else if (SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 115, 104, 97, 51, 56, 52, 125});
            byteArrayOutputStream.write(composeDigestSalt((SaltedSimpleDigestPassword) password));
        } else if (SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 115, 115, 104, 97, 53, 49, 50, 125});
            byteArrayOutputStream.write(composeDigestSalt((SaltedSimpleDigestPassword) password));
        } else if (BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES.equals(algorithm)) {
            byteArrayOutputStream.write(new byte[]{123, 99, 114, 121, 112, 116, 125, 95});
            composeBsdCryptBasedPassword(byteArrayOutputStream, (BSDUnixDESCryptPassword) password);
        } else {
            if (!UnixDESCryptPassword.ALGORITHM_CRYPT_DES.equals(algorithm)) {
                if (ClearPassword.ALGORITHM_CLEAR.equals(algorithm)) {
                    return CodePointIterator.ofChars(((ClearPassword) password).getPassword()).asUtf8().drain();
                }
                return null;
            }
            byteArrayOutputStream.write(new byte[]{123, 99, 114, 121, 112, 116, 125});
            composeCryptBasedPassword(byteArrayOutputStream, (UnixDESCryptPassword) password);
        }
        return byteArrayOutputStream.toByteArray();
    }

    private static byte[] composeDigestSalt(SaltedSimpleDigestPassword saltedSimpleDigestPassword) {
        return ByteIterator.ofBytes(new ByteStringBuilder().append(saltedSimpleDigestPassword.getDigest()).append(saltedSimpleDigestPassword.getSalt()).toArray()).base64Encode().asUtf8().drain();
    }

    private static void composeCryptBasedPassword(ByteArrayOutputStream byteArrayOutputStream, UnixDESCryptPassword unixDESCryptPassword) throws IOException {
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode(unixDESCryptPassword.getSalt() & 63));
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode((unixDESCryptPassword.getSalt() >> 6) & 63));
        byteArrayOutputStream.write(ByteIterator.ofBytes(unixDESCryptPassword.getHash()).base64Encode(ModularCrypt.MOD_CRYPT, false).asUtf8().drain());
    }

    private static void composeBsdCryptBasedPassword(ByteArrayOutputStream byteArrayOutputStream, BSDUnixDESCryptPassword bSDUnixDESCryptPassword) throws IOException {
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode(bSDUnixDESCryptPassword.getIterationCount() & 63));
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode((bSDUnixDESCryptPassword.getIterationCount() >> 6) & 63));
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode((bSDUnixDESCryptPassword.getIterationCount() >> 12) & 63));
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode((bSDUnixDESCryptPassword.getIterationCount() >> 18) & 63));
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode(bSDUnixDESCryptPassword.getSalt() & 63));
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode((bSDUnixDESCryptPassword.getSalt() >> 6) & 63));
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode((bSDUnixDESCryptPassword.getSalt() >> 12) & 63));
        byteArrayOutputStream.write(ModularCrypt.MOD_CRYPT.encode((bSDUnixDESCryptPassword.getSalt() >> 18) & 63));
        byteArrayOutputStream.write(ByteIterator.ofBytes(bSDUnixDESCryptPassword.getHash()).base64Encode(ModularCrypt.MOD_CRYPT, false).asUtf8().drain());
    }

    public static boolean isAlgorithmSupported(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1701396786:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256)) {
                    z = 7;
                    break;
                }
                break;
            case -1701395734:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384)) {
                    z = 8;
                    break;
                }
                break;
            case -1701394031:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512)) {
                    z = 9;
                    break;
                }
                break;
            case -1690837980:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256)) {
                    z = 2;
                    break;
                }
                break;
            case -1690836928:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384)) {
                    z = 3;
                    break;
                }
                break;
            case -1690835225:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512)) {
                    z = 4;
                    break;
                }
                break;
            case -819635646:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1)) {
                    z = true;
                    break;
                }
                break;
            case -338914150:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5)) {
                    z = 5;
                    break;
                }
                break;
            case 94746189:
                if (str.equals(ClearPassword.ALGORITHM_CLEAR)) {
                    z = 12;
                    break;
                }
                break;
            case 726720364:
                if (str.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1)) {
                    z = 6;
                    break;
                }
                break;
            case 1012583449:
                if (str.equals(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES)) {
                    z = 10;
                    break;
                }
                break;
            case 1527631088:
                if (str.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5)) {
                    z = false;
                    break;
                }
                break;
            case 1596346163:
                if (str.equals(UnixDESCryptPassword.ALGORITHM_CRYPT_DES)) {
                    z = 11;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
                return true;
            default:
                return false;
        }
    }
}
