package org.wildfly.security.auth.provider.ldap;

import java.nio.charset.Charset;
import java.security.spec.InvalidKeySpecException;
import org.wildfly.security.asn1.ASN1;
import org.wildfly.security.password.interfaces.TrivialDigestPassword;
import org.wildfly.security.password.interfaces.TrivialSaltedDigestPassword;
import org.wildfly.security.password.spec.BSDUnixDESCryptPasswordSpec;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.PasswordSpec;
import org.wildfly.security.password.spec.TrivialDigestPasswordSpec;
import org.wildfly.security.password.spec.TrivialSaltedDigestPasswordSpec;
import org.wildfly.security.sasl.util.AbstractSaslParticipant;
import org.wildfly.security.util.Alphabet;
import org.wildfly.security.util.CodePointIterator;

/* loaded from: input_file:org/wildfly/security/auth/provider/ldap/UserPasswordPasswordUtils.class */
class UserPasswordPasswordUtils {
    static final Charset UTF_8 = Charset.forName("UTF-8");

    private UserPasswordPasswordUtils() {
    }

    public static PasswordSpec parseUserPassword(byte[] bArr) throws InvalidKeySpecException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("userPassword can not be null or empty.");
        }
        if (bArr[0] != 123) {
            return createClearPasswordSpec(bArr);
        }
        if (bArr[1] == 115 && bArr[2] == 104 && bArr[3] == 97) {
            if (bArr[4] == 125) {
                return createTrivialDigestSpec(TrivialDigestPassword.ALGORITHM_DIGEST_SHA_1, 5, bArr);
            }
            if (bArr[4] == 50 && bArr[5] == 53 && bArr[6] == 54 && bArr[7] == 125) {
                return createTrivialDigestSpec("digest-sha-256", 8, bArr);
            }
            if (bArr[4] == 51 && bArr[5] == 56 && bArr[6] == 52 && bArr[7] == 125) {
                return createTrivialDigestSpec(TrivialDigestPassword.ALGORITHM_DIGEST_SHA_384, 8, bArr);
            }
            if (bArr[4] == 53 && bArr[5] == 49 && bArr[6] == 50 && bArr[7] == 125) {
                return createTrivialDigestSpec("digest-sha-512", 8, bArr);
            }
        } else if (bArr[1] == 115 && bArr[2] == 115 && bArr[3] == 104 && bArr[4] == 97) {
            if (bArr[5] == 125) {
                return createTrivialSaltedPasswordSpec(TrivialSaltedDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1, 6, bArr);
            }
            if (bArr[5] == 50 && bArr[6] == 53 && bArr[7] == 54 && bArr[8] == 125) {
                return createTrivialSaltedPasswordSpec(TrivialSaltedDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256, 9, bArr);
            }
            if (bArr[5] == 51 && bArr[6] == 56 && bArr[7] == 52 && bArr[8] == 125) {
                return createTrivialSaltedPasswordSpec(TrivialSaltedDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384, 9, bArr);
            }
            if (bArr[5] == 53 && bArr[6] == 49 && bArr[7] == 50 && bArr[8] == 125) {
                return createTrivialSaltedPasswordSpec(TrivialSaltedDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512, 9, bArr);
            }
        } else if (bArr[1] == 99 && bArr[2] == 114 && bArr[3] == 121 && bArr[4] == 112 && bArr[5] == 116 && bArr[6] == 125) {
            return createCryptBasedSpec(bArr);
        }
        for (int i = 1; i < bArr.length - 1; i++) {
            if (bArr[i] == 125) {
                throw new InvalidKeySpecException();
            }
        }
        return createClearPasswordSpec(bArr);
    }

    private static PasswordSpec createClearPasswordSpec(byte[] bArr) {
        return new ClearPasswordSpec(new String(bArr, UTF_8).toCharArray());
    }

    private static PasswordSpec createTrivialDigestSpec(String str, int i, byte[] bArr) throws InvalidKeySpecException {
        return new TrivialDigestPasswordSpec(str, CodePointIterator.ofUtf8Bytes(bArr, i, bArr.length - i).base64Decode().drain());
    }

    private static PasswordSpec createTrivialSaltedPasswordSpec(String str, int i, byte[] bArr) throws InvalidKeySpecException {
        byte[] drain = CodePointIterator.ofUtf8Bytes(bArr, i, bArr.length - i).base64Decode().drain();
        int expectedDigestLengthBytes = expectedDigestLengthBytes(str);
        int length = drain.length - expectedDigestLengthBytes;
        if (length < 1) {
            throw new InvalidKeySpecException("Insufficient data to form a digest and a salt.");
        }
        byte[] bArr2 = new byte[expectedDigestLengthBytes];
        byte[] bArr3 = new byte[length];
        System.arraycopy(drain, 0, bArr2, 0, expectedDigestLengthBytes);
        System.arraycopy(drain, expectedDigestLengthBytes, bArr3, 0, length);
        return new TrivialSaltedDigestPasswordSpec(str, bArr2, bArr3);
    }

    private static PasswordSpec createCryptBasedSpec(byte[] bArr) throws InvalidKeySpecException {
        if (bArr.length != 20) {
            throw new InvalidKeySpecException("Insufficient data to form a digest and a salt.");
        }
        int decode = Alphabet.MOD_CRYPT.decode(bArr[7] & 255);
        int decode2 = Alphabet.MOD_CRYPT.decode(bArr[8] & 255);
        if (decode == -1 || decode2 == -1) {
            throw new IllegalArgumentException(String.format("Invalid salt (%s%s)", Character.valueOf((char) decode), Character.valueOf((char) decode2)));
        }
        return new BSDUnixDESCryptPasswordSpec(CodePointIterator.ofUtf8Bytes(bArr, 9, 11).base64Decode(Alphabet.MOD_CRYPT, false).drain(), decode | (decode2 << 6), 25);
    }

    private static int expectedDigestLengthBytes(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1701396786:
                if (str.equals(TrivialSaltedDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256)) {
                    z = true;
                    break;
                }
                break;
            case -1701395734:
                if (str.equals(TrivialSaltedDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384)) {
                    z = 2;
                    break;
                }
                break;
            case -1701394031:
                if (str.equals(TrivialSaltedDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512)) {
                    z = 3;
                    break;
                }
                break;
            case 726720364:
                if (str.equals(TrivialSaltedDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case AbstractSaslParticipant.COMPLETE_STATE /* 0 */:
                return 20;
            case true:
                return 32;
            case ASN1.INTEGER_TYPE /* 2 */:
                return 48;
            case true:
                return 64;
            default:
                throw new IllegalArgumentException("Unrecognised algorithm.");
        }
    }
}
