package com.sun.jmx.remote.security;

import com.sun.jmx.remote.util.ClassLogger;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.channels.FileLock;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import jdk.internal.org.jline.reader.impl.LineReaderImpl;

/* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.management/com/sun/jmx/remote/security/HashedPasswordManager.class */
public final class HashedPasswordManager {
    private static final String DefaultHashAlgorithm = "SHA3-512";
    private static final int DefaultSaltLength = 64;
    private final String passwordFile;
    private final boolean shouldHashPasswords;
    private static final ClassLogger logger = new ClassLogger("javax.management.remote.misc", "HashedPasswordManager");
    private final SecureRandom random = new SecureRandom();
    private final Map<String, UserCredentials> userCredentialsMap = new HashMap();
    private boolean isLogged = false;

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.management/com/sun/jmx/remote/security/HashedPasswordManager$UserCredentials.class */
    private static final class UserCredentials {
        private final String userName;
        private final String hashAlgorithm;
        private final String b64Salt;
        private final String b64Hash;

        public UserCredentials(String str, String str2, String str3, String str4) {
            this.userName = str;
            this.hashAlgorithm = str2;
            this.b64Salt = str3;
            this.b64Hash = str4;
        }

        public String toString() {
            return this.userName + " " + this.b64Salt + " " + this.b64Hash + " " + this.hashAlgorithm;
        }
    }

    public HashedPasswordManager(String str, boolean z) {
        this.passwordFile = str;
        this.shouldHashPasswords = z;
    }

    private String[] getHash(String str, String str2) {
        try {
            byte[] bArr = new byte[64];
            this.random.nextBytes(bArr);
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.reset();
            messageDigest.update(bArr);
            return new String[]{Base64.getEncoder().encodeToString(bArr), Base64.getEncoder().encodeToString(messageDigest.digest(str2.getBytes(StandardCharsets.UTF_8)))};
        } catch (NoSuchAlgorithmException e) {
            if (logger.debugOn()) {
                logger.debug("getHash", "Invalid algorithm : " + str);
            }
            return new String[]{"", ""};
        }
    }

    private String[] readPasswordFile() throws IOException {
        String[] split;
        synchronized (HashedPasswordManager.class) {
            File file = new File(this.passwordFile);
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                FileLock lock = fileInputStream.getChannel().lock(0L, Long.MAX_VALUE, true);
                try {
                    byte[] bArr = new byte[(int) file.length()];
                    if (fileInputStream.read(bArr) != bArr.length) {
                        throw new IOException("Failed to read data from the password file");
                    }
                    lock.release();
                    if (lock != null) {
                        lock.close();
                    }
                    fileInputStream.close();
                    split = new String(bArr, StandardCharsets.UTF_8).split("\\r?\\n");
                } catch (Throwable th) {
                    if (lock != null) {
                        try {
                            lock.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        }
        return split;
    }

    private void writePasswordFile(String str) throws IOException {
        synchronized (HashedPasswordManager.class) {
            FileOutputStream fileOutputStream = new FileOutputStream(this.passwordFile);
            try {
                OutputStreamWriter outputStreamWriter = new OutputStreamWriter(fileOutputStream, StandardCharsets.UTF_8);
                try {
                    FileLock lock = fileOutputStream.getChannel().lock();
                    try {
                        outputStreamWriter.write(str);
                        lock.release();
                        if (lock != null) {
                            lock.close();
                        }
                        outputStreamWriter.close();
                        fileOutputStream.close();
                    } catch (Throwable th) {
                        if (lock != null) {
                            try {
                                lock.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    try {
                        outputStreamWriter.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                    throw th3;
                }
            } finally {
            }
        }
    }

    public synchronized boolean authenticate(String str, char[] cArr) {
        if (!this.userCredentialsMap.containsKey(str)) {
            if (!logger.debugOn()) {
                return false;
            }
            logger.debug("authenticate", "Unknown user : " + str);
            return false;
        }
        try {
            UserCredentials userCredentials = this.userCredentialsMap.get(str);
            byte[] decode = Base64.getDecoder().decode(userCredentials.b64Salt);
            byte[] decode2 = Base64.getDecoder().decode(userCredentials.b64Hash);
            MessageDigest messageDigest = MessageDigest.getInstance(userCredentials.hashAlgorithm);
            messageDigest.reset();
            messageDigest.update(decode);
            ByteBuffer encode = Charset.forName("UTF-8").encode(CharBuffer.wrap(cArr));
            byte[] bArr = new byte[encode.limit()];
            encode.get(bArr);
            return Arrays.equals(messageDigest.digest(bArr), decode2);
        } catch (NoSuchAlgorithmException e) {
            if (!logger.debugOn()) {
                return false;
            }
            logger.debug("authenticate", "Unrecognized hash algorithm : " + this.userCredentialsMap.get(str).hashAlgorithm + " - for user : " + str);
            return false;
        }
    }

    public synchronized void loadPasswords() throws IOException, SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkRead(this.passwordFile);
        }
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        StringBuilder sb = new StringBuilder();
        this.userCredentialsMap.clear();
        Arrays.stream(readPasswordFile()).forEach(str -> {
            if (str.trim().startsWith(LineReaderImpl.DEFAULT_COMMENT_BEGIN)) {
                sb.append(str).append("\n");
                return;
            }
            String[] split = str.split("\\s+");
            switch (split.length) {
                case 2:
                    String[] hash = getHash(DefaultHashAlgorithm, split[1]);
                    UserCredentials userCredentials = new UserCredentials(split[0], DefaultHashAlgorithm, hash[0], hash[1]);
                    sb.append(userCredentials.userName).append(" ").append(userCredentials.b64Salt).append(" ").append(userCredentials.b64Hash).append(" ").append(userCredentials.hashAlgorithm).append("\n");
                    if (this.userCredentialsMap.get(split[0]) != null && logger.debugOn()) {
                        logger.debug("loadPasswords", "Ignoring entry for role : " + split[0]);
                    }
                    this.userCredentialsMap.put(split[0], userCredentials);
                    atomicBoolean.set(true);
                    if (logger.debugOn()) {
                        logger.debug("loadPasswords", "Found atleast one clear password");
                        return;
                    }
                    return;
                case 3:
                case 4:
                    UserCredentials userCredentials2 = new UserCredentials(split[0], split.length == 4 ? split[3] : DefaultHashAlgorithm, split[1], split[2]);
                    sb.append(str).append("\n");
                    if (this.userCredentialsMap.get(split[0]) != null && logger.debugOn()) {
                        logger.debug("loadPasswords", "Ignoring entry for role : " + split[0]);
                    }
                    this.userCredentialsMap.put(split[0], userCredentials2);
                    return;
                default:
                    sb.append(str).append("\n");
                    return;
            }
        });
        if (!this.shouldHashPasswords && atomicBoolean.get() && logger.debugOn()) {
            logger.debug("loadPasswords", "Passwords in " + this.passwordFile + " are in clear but are requested not to be hashed !!!");
        }
        if (sb.indexOf("# The passwords in this file are hashed") != 0) {
            sb.insert(0, "# The passwords in this file are hashed.\n# In order to change the password for a role, replace the hashed password entry\n# with a clear text password or a new hashed password. If the new password is in clear,\n# it will be replaced with its hash when a new login attempt is made.\n\n");
        }
        if (this.shouldHashPasswords && atomicBoolean.get()) {
            if (new File(this.passwordFile).canWrite()) {
                writePasswordFile(sb.toString());
                if (logger.debugOn()) {
                    logger.debug("loadPasswords", "Wrote hashed passwords to file : " + this.passwordFile);
                    return;
                }
                return;
            }
            if (!logger.debugOn() || this.isLogged) {
                return;
            }
            this.isLogged = true;
            logger.debug("loadPasswords", "Passwords in " + this.passwordFile + " are in clear and password file is read-only. Passwords cannot be hashed !!!!");
        }
    }
}
