package org.hawkular.openshift.auth;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.codec.digest.Md5Crypt;
import org.apache.commons.codec.digest.Sha2Crypt;

/* loaded from: input_file:org/hawkular/openshift/auth/PasswordManager.class */
public class PasswordManager {
    private static final String MD5_PREFIX = "$apr1$";
    private static final String SHA_PREFIX = "{SHA}";
    private static final String SHA256_PREFIX = "$5$";
    private static final String SHA512_PREFIX = "$6$";
    private static final String PBKDF2_SHA256_PREFIX = "$pbkdf2-sha256$";
    private static final String PBKDF2_SHA512_PREFIX = "$pbkdf2-sha512$";
    private static final int DEFAULT_ITERATIONS_PBKDF2 = 25000;

    public boolean isAuthorized(String str, String str2) {
        return (str.startsWith(MD5_PREFIX) && verifyMD5Password(str, str2)) || (str.startsWith(SHA_PREFIX) && verifySHA1Password(str, str2)) || ((str.startsWith(SHA256_PREFIX) && verifySHA256Password(str, str2)) || ((str.startsWith(SHA512_PREFIX) && verifySHA512Password(str, str2)) || ((str.startsWith(PBKDF2_SHA256_PREFIX) && verifyPBDKF2Password(str, str2)) || (str.startsWith(PBKDF2_SHA512_PREFIX) && verifyPBDKF2Password(str, str2)))));
    }

    private boolean verifyMD5Password(String str, String str2) {
        return Md5Crypt.apr1Crypt(str2, str).equals(str);
    }

    private boolean verifySHA1Password(String str, String str2) {
        return Base64.getEncoder().encodeToString(DigestUtils.sha1(str2)).equals(str.substring(SHA_PREFIX.length()));
    }

    private boolean verifySHA256Password(String str, String str2) {
        return Sha2Crypt.sha256Crypt(str2.getBytes(), str.substring(0, str.lastIndexOf("$") + 1)).equals(str);
    }

    private boolean verifySHA512Password(String str, String str2) {
        return Sha2Crypt.sha512Crypt(str2.getBytes(), str.substring(0, str.lastIndexOf("$") + 1)).equals(str);
    }

    private boolean verifyPBDKF2Password(String str, String str2) {
        String[] split = str.split("\\$");
        if (split.length != 5) {
            throw new RuntimeException("Stored password checksum not valid. Check password store.");
        }
        String str3 = "PBKDF2WithHmacSHA256";
        int length = Base64.getDecoder().decode(split[4]).length * 8;
        if (length != 256) {
            if (length != 512) {
                throw new RuntimeException("Stored password is not a valid size. Check password store.");
            }
            str3 = "PBKDF2WithHmacSHA512";
        }
        return encodePBDKF2(str2, Integer.parseInt(split[2]), Base64.getDecoder().decode(split[3].getBytes()), length, str3).equals(split[4]);
    }

    private String encodePBDKF2(String str, int i, byte[] bArr, int i2, String str2) {
        try {
            return Base64.getEncoder().encodeToString(SecretKeyFactory.getInstance(str2).generateSecret(new PBEKeySpec(str.toCharArray(), bArr, i, i2)).getEncoded());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("PBKDF2 algorithm not found", e);
        } catch (InvalidKeySpecException e2) {
            throw new RuntimeException("Password could not be encoded", e2);
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    public String createPBDKF2SHA256Password(String str) {
        return createPBDKF2Password(str, DEFAULT_ITERATIONS_PBKDF2, 256);
    }

    public String createPBDKF2SHA512Password(String str) {
        return createPBDKF2Password(str, DEFAULT_ITERATIONS_PBKDF2, 512);
    }

    private String createPBDKF2Password(String str, int i, int i2) {
        String str2 = PBKDF2_SHA256_PREFIX;
        String str3 = "PBKDF2WithHmacSHA256";
        if (i2 != 256) {
            if (i2 != 512) {
                throw new RuntimeException("Keysize must be 256 or 512");
            }
            str2 = PBKDF2_SHA512_PREFIX;
            str3 = "PBKDF2WithHmacSHA512";
        }
        if (i < 10000) {
            throw new RuntimeException("Iterations must be above 10000 when specified.");
        }
        byte[] salt = getSalt();
        return str2 + i + "$" + Base64.getEncoder().encodeToString(salt) + "$" + encodePBDKF2(str, i, salt, i2, str3);
    }

    private byte[] getSalt() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }
}
