package org.opendaylight.aaa.impl.password.service;

import java.util.Optional;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.Hash;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.crypto.hash.SimpleHashRequest;
import org.apache.shiro.util.ByteSource;
import org.opendaylight.aaa.api.password.service.PasswordHash;
import org.opendaylight.aaa.api.password.service.PasswordHashService;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/aaa/impl/password/service/DefaultPasswordHashService.class */
public class DefaultPasswordHashService implements PasswordHashService {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultPasswordHashService.class);
    public static final String DEFAULT_HASH_ALGORITHM = "SHA-512";
    public static final int DEFAULT_NUM_ITERATIONS = 20000;
    private final DefaultHashService hashService;

    public DefaultPasswordHashService() {
        this.hashService = new DefaultHashService();
        this.hashService.setRandomNumberGenerator(new SecureRandomNumberGenerator());
        this.hashService.setGeneratePublicSalt(true);
        setNumIterations(Optional.of(Integer.valueOf(DEFAULT_NUM_ITERATIONS)));
        setHashAlgorithm(Optional.of(DEFAULT_HASH_ALGORITHM));
    }

    public DefaultPasswordHashService(PasswordServiceConfig passwordServiceConfig) {
        this();
        setNumIterations(Optional.ofNullable(passwordServiceConfig.getIterations()));
        setHashAlgorithm(Optional.ofNullable(passwordServiceConfig.getAlgorithm()));
        setPrivateSalt(Optional.ofNullable(passwordServiceConfig.getPrivateSalt()));
    }

    private void setNumIterations(Optional<Integer> optional) {
        if (!optional.isPresent()) {
            this.hashService.setHashIterations(DEFAULT_NUM_ITERATIONS);
            LOG.info("DefaultPasswordHashService will utilize default iteration count={}", Integer.valueOf(DEFAULT_NUM_ITERATIONS));
        } else {
            Integer num = optional.get();
            this.hashService.setHashIterations(num.intValue());
            LOG.info("DefaultPasswordHashService will utilize configured iteration count={}", num);
        }
    }

    private void setHashAlgorithm(Optional<String> optional) {
        if (!optional.isPresent()) {
            this.hashService.setHashAlgorithmName(DEFAULT_HASH_ALGORITHM);
            LOG.info("DefaultPasswordHashService will utilize default algorithm={}", DEFAULT_HASH_ALGORITHM);
        } else {
            String str = optional.get();
            this.hashService.setHashAlgorithmName(str);
            LOG.info("DefaultPasswordHashService will utilize configured algorithm={}", str);
        }
    }

    private void setPrivateSalt(Optional<String> optional) {
        if (!optional.isPresent()) {
            LOG.info("DefaultPasswordHashService will not utilize a private salt, since none was configured");
        } else {
            this.hashService.setPrivateSalt(ByteSource.Util.bytes(optional.get()));
            LOG.info("DefaultPasswordHashService will utilize a configured private salt");
        }
    }

    public PasswordHash getPasswordHash(String str) {
        Hash computeHash = this.hashService.computeHash(new HashRequest.Builder().setAlgorithmName(this.hashService.getHashAlgorithmName()).setIterations(this.hashService.getHashIterations()).setSource(ByteSource.Util.bytes(str)).build());
        return PasswordHashImpl.create(computeHash.getAlgorithmName(), computeHash.getSalt().toBase64(), computeHash.getIterations(), computeHash.toBase64());
    }

    public PasswordHash getPasswordHash(String str, String str2) {
        Hash computeHash = this.hashService.computeHash(new SimpleHashRequest(this.hashService.getHashAlgorithmName(), ByteSource.Util.bytes(str), ByteSource.Util.bytes(Base64.decode(str2)), this.hashService.getHashIterations()));
        return PasswordHashImpl.create(computeHash.getAlgorithmName(), computeHash.getSalt().toBase64(), computeHash.getIterations(), computeHash.toBase64());
    }

    public boolean passwordsMatch(String str, String str2, String str3) {
        return getPasswordHash(str, str3).getHashedPassword().equals(str2);
    }
}
