package org.opends.server.extensions;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.concurrent.locks.ReentrantLock;
import org.opends.messages.ExtensionMessages;
import org.opends.server.admin.std.server.PasswordStorageSchemeCfg;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.ByteString;
import org.opends.server.types.ByteStringFactory;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
import org.opends.server.types.ResultCode;
import org.opends.server.util.Base64;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/SaltedMD5PasswordStorageScheme.class */
public class SaltedMD5PasswordStorageScheme extends PasswordStorageScheme<PasswordStorageSchemeCfg> {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private static final String CLASS_NAME = "org.opends.server.extensions.SaltedMD5PasswordStorageScheme";
    private static final int NUM_SALT_BYTES = 8;
    private MessageDigest messageDigest;
    private ReentrantLock digestLock;
    private SecureRandom random;

    @Override // org.opends.server.api.PasswordStorageScheme
    public void initializePasswordStorageScheme(PasswordStorageSchemeCfg passwordStorageSchemeCfg) throws ConfigException, InitializationException {
        try {
            this.messageDigest = MessageDigest.getInstance("MD5");
            this.digestLock = new ReentrantLock();
            this.random = new SecureRandom();
        } catch (Exception e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            throw new InitializationException(ExtensionMessages.ERR_PWSCHEME_CANNOT_INITIALIZE_MESSAGE_DIGEST.get("MD5", String.valueOf(e)), e);
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public String getStorageSchemeName() {
        return ExtensionsConstants.STORAGE_SCHEME_NAME_SALTED_MD5;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodePassword(ByteString byteString) throws DirectoryException {
        byte[] value = byteString.value();
        byte[] bArr = new byte[8];
        byte[] bArr2 = new byte[value.length + 8];
        System.arraycopy(value, 0, bArr2, 0, value.length);
        this.digestLock.lock();
        try {
            try {
                this.random.nextBytes(bArr);
                System.arraycopy(bArr, 0, bArr2, value.length, 8);
                byte[] digest = this.messageDigest.digest(bArr2);
                this.digestLock.unlock();
                byte[] bArr3 = new byte[digest.length + 8];
                System.arraycopy(digest, 0, bArr3, 0, digest.length);
                System.arraycopy(bArr, 0, bArr3, digest.length, 8);
                return ByteStringFactory.create(Base64.encode(bArr3));
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), ExtensionMessages.ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Throwable th) {
            this.digestLock.unlock();
            throw th;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodePasswordWithScheme(ByteString byteString) throws DirectoryException {
        StringBuilder sb = new StringBuilder();
        sb.append('{');
        sb.append(ExtensionsConstants.STORAGE_SCHEME_NAME_SALTED_MD5);
        sb.append('}');
        byte[] value = byteString.value();
        byte[] bArr = new byte[8];
        byte[] bArr2 = new byte[value.length + 8];
        System.arraycopy(value, 0, bArr2, 0, value.length);
        this.digestLock.lock();
        try {
            try {
                this.random.nextBytes(bArr);
                System.arraycopy(bArr, 0, bArr2, value.length, 8);
                byte[] digest = this.messageDigest.digest(bArr2);
                this.digestLock.unlock();
                byte[] bArr3 = new byte[digest.length + 8];
                System.arraycopy(digest, 0, bArr3, 0, digest.length);
                System.arraycopy(bArr, 0, bArr3, digest.length, 8);
                sb.append(Base64.encode(bArr3));
                return ByteStringFactory.create(sb.toString());
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), ExtensionMessages.ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Throwable th) {
            this.digestLock.unlock();
            throw th;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean passwordMatches(ByteString byteString, ByteString byteString2) {
        byte[] bArr = new byte[8];
        try {
            byte[] decode = Base64.decode(byteString2.stringValue());
            int length = decode.length - 8;
            byte[] bArr2 = new byte[length];
            System.arraycopy(decode, 0, bArr2, 0, length);
            System.arraycopy(decode, length, bArr, 0, 8);
            byte[] value = byteString.value();
            byte[] bArr3 = new byte[value.length + 8];
            System.arraycopy(value, 0, bArr3, 0, value.length);
            System.arraycopy(bArr, 0, bArr3, value.length, 8);
            this.digestLock.lock();
            try {
                try {
                    byte[] digest = this.messageDigest.digest(bArr3);
                    this.digestLock.unlock();
                    return Arrays.equals(bArr2, digest);
                } catch (Exception e) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e);
                    }
                    this.digestLock.unlock();
                    return false;
                }
            } catch (Throwable th) {
                this.digestLock.unlock();
                throw th;
            }
        } catch (Exception e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            ErrorLogger.logError(ExtensionMessages.ERR_PWSCHEME_CANNOT_BASE64_DECODE_STORED_PASSWORD.get(byteString2.stringValue(), String.valueOf(e2)));
            return false;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean supportsAuthPasswordSyntax() {
        return true;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public String getAuthPasswordSchemeName() {
        return "MD5";
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodeAuthPassword(ByteString byteString) throws DirectoryException {
        byte[] value = byteString.value();
        byte[] bArr = new byte[8];
        byte[] bArr2 = new byte[value.length + 8];
        System.arraycopy(value, 0, bArr2, 0, value.length);
        this.digestLock.lock();
        try {
            try {
                this.random.nextBytes(bArr);
                System.arraycopy(bArr, 0, bArr2, value.length, 8);
                byte[] digest = this.messageDigest.digest(bArr2);
                this.digestLock.unlock();
                return ByteStringFactory.create("MD5$" + Base64.encode(bArr) + '$' + Base64.encode(digest));
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), ExtensionMessages.ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (Throwable th) {
            this.digestLock.unlock();
            throw th;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean authPasswordMatches(ByteString byteString, String str, String str2) {
        try {
            byte[] decode = Base64.decode(str);
            byte[] decode2 = Base64.decode(str2);
            byte[] value = byteString.value();
            byte[] bArr = new byte[value.length + decode.length];
            System.arraycopy(value, 0, bArr, 0, value.length);
            System.arraycopy(decode, 0, bArr, value.length, decode.length);
            this.digestLock.lock();
            try {
                boolean equals = Arrays.equals(decode2, this.messageDigest.digest(bArr));
                this.digestLock.unlock();
                return equals;
            } catch (Throwable th) {
                this.digestLock.unlock();
                throw th;
            }
        } catch (Exception e) {
            if (!DebugLogger.debugEnabled()) {
                return false;
            }
            TRACER.debugCaught(DebugLogLevel.ERROR, e);
            return false;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean isReversible() {
        return false;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString getPlaintextValue(ByteString byteString) throws DirectoryException {
        throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ExtensionMessages.ERR_PWSCHEME_NOT_REVERSIBLE.get(ExtensionsConstants.STORAGE_SCHEME_NAME_SALTED_MD5));
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString getAuthPasswordPlaintextValue(String str, String str2) throws DirectoryException {
        throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ExtensionMessages.ERR_PWSCHEME_NOT_REVERSIBLE.get("MD5"));
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean isStorageSchemeSecure() {
        return true;
    }
}
