package org.opendaylight.aaa.impl.password.service;

import org.apache.shiro.codec.Base64;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.Hash;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.crypto.hash.SimpleHashRequest;
import org.apache.shiro.util.ByteSource;
import org.opendaylight.aaa.api.password.service.PasswordHash;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfig;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfigBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/aaa/impl/password/service/DefaultPasswordHashService.class */
public class DefaultPasswordHashService implements PasswordHashService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DefaultPasswordHashService.class);
    public static final String DEFAULT_HASH_ALGORITHM = "SHA-512";
    public static final int DEFAULT_NUM_ITERATIONS = 20000;
    private final DefaultHashService hashService;

    public DefaultPasswordHashService() {
        this(new PasswordServiceConfigBuilder().build());
    }

    public DefaultPasswordHashService(PasswordServiceConfig passwordServiceConfig) {
        this.hashService = createHashService(passwordServiceConfig.getIterations(), passwordServiceConfig.getAlgorithm(), passwordServiceConfig.getPrivateSalt());
    }

    @Override // org.opendaylight.aaa.api.password.service.PasswordHashService
    public PasswordHash getPasswordHash(String str) {
        Hash computeHash = this.hashService.computeHash(new HashRequest.Builder().setAlgorithmName(this.hashService.getHashAlgorithmName()).setIterations(this.hashService.getHashIterations()).setSource(ByteSource.Util.bytes(str)).build());
        return PasswordHashImpl.create(computeHash.getAlgorithmName(), computeHash.getSalt().toBase64(), computeHash.getIterations(), computeHash.toBase64());
    }

    @Override // org.opendaylight.aaa.api.password.service.PasswordHashService
    public PasswordHash getPasswordHash(String str, String str2) {
        Hash computeHash = this.hashService.computeHash(new SimpleHashRequest(this.hashService.getHashAlgorithmName(), ByteSource.Util.bytes(str), ByteSource.Util.bytes(Base64.decode(str2)), this.hashService.getHashIterations()));
        return PasswordHashImpl.create(computeHash.getAlgorithmName(), computeHash.getSalt().toBase64(), computeHash.getIterations(), computeHash.toBase64());
    }

    @Override // org.opendaylight.aaa.api.password.service.PasswordHashService
    public boolean passwordsMatch(String str, String str2, String str3) {
        return getPasswordHash(str, str3).getHashedPassword().equals(str2);
    }

    private static DefaultHashService createHashService(Integer num, String str, String str2) {
        DefaultHashService defaultHashService = new DefaultHashService();
        if (num != null) {
            defaultHashService.setHashIterations(num.intValue());
            LOG.info("DefaultPasswordHashService will utilize configured iteration count={}", num);
        } else {
            defaultHashService.setHashIterations(DEFAULT_NUM_ITERATIONS);
            LOG.info("DefaultPasswordHashService will utilize default iteration count={}", Integer.valueOf(DEFAULT_NUM_ITERATIONS));
        }
        if (str != null) {
            defaultHashService.setHashAlgorithmName(str);
            LOG.info("DefaultPasswordHashService will utilize configured algorithm={}", str);
        } else {
            defaultHashService.setHashAlgorithmName(DEFAULT_HASH_ALGORITHM);
            LOG.info("DefaultPasswordHashService will utilize default algorithm={}", DEFAULT_HASH_ALGORITHM);
        }
        if (str2 != null) {
            defaultHashService.setPrivateSalt(ByteSource.Util.bytes(str2));
            LOG.info("DefaultPasswordHashService will utilize a configured private salt");
        } else {
            defaultHashService.setGeneratePublicSalt(true);
            LOG.info("DefaultPasswordHashService will not utilize a private salt, since none was configured");
        }
        return defaultHashService;
    }
}
