package org.opendaylight.netconf.transport.ssh;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Pattern;
import org.apache.commons.codec.digest.Crypt;
import org.opendaylight.netconf.shaded.sshd.server.auth.AsyncAuthException;
import org.opendaylight.netconf.shaded.sshd.server.auth.password.PasswordAuthenticator;
import org.opendaylight.netconf.shaded.sshd.server.auth.password.PasswordChangeRequiredException;
import org.opendaylight.netconf.shaded.sshd.server.session.ServerSession;

/* loaded from: input_file:org/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator.class */
final class CryptHashPasswordAuthenticator implements PasswordAuthenticator {
    private static final Pattern CRYPT_HASH_PATTERN = Pattern.compile("\\$0\\$.*|\\$1\\$[a-zA-Z0-9./]{1,8}\\$[a-zA-Z0-9./]{22}|\\$5\\$(rounds=\\d+\\$)?[a-zA-Z0-9./]{1,16}\\$[a-zA-Z0-9./]{43}|\\$6\\$(rounds=\\d+\\$)?[a-zA-Z0-9./]{1,16}\\$[a-zA-Z0-9./]{86}");
    private static final String DEFAULT_SALT = "$5$rounds=3500$default";
    final Map<String, CryptHashValidator> userValidatorMap;

    /* loaded from: input_file:org/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator$CryptHashValidator.class */
    private static class CryptHashValidator {
        final String salt;
        final String cryptHash;

        CryptHashValidator(String str) {
            Objects.requireNonNull(str);
            Preconditions.checkArgument(CryptHashPasswordAuthenticator.CRYPT_HASH_PATTERN.matcher(str).matches(), "Not a valid crypt hash string");
            if (str.startsWith("$0$")) {
                this.salt = CryptHashPasswordAuthenticator.DEFAULT_SALT;
                this.cryptHash = Crypt.crypt(str.substring(3), CryptHashPasswordAuthenticator.DEFAULT_SALT);
            } else {
                this.salt = str.substring(0, str.lastIndexOf(36));
                this.cryptHash = str;
            }
        }

        boolean isValid(String str) {
            return this.cryptHash.equals(Crypt.crypt(str, this.salt));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptHashPasswordAuthenticator(Map<String, String> map) {
        Objects.requireNonNull(map);
        Preconditions.checkArgument(!map.isEmpty(), "Hashes map should not be empty");
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            builder.put(entry.getKey(), new CryptHashValidator(entry.getValue()));
        }
        this.userValidatorMap = builder.build();
    }

    @Override // org.opendaylight.netconf.shaded.sshd.server.auth.password.PasswordAuthenticator
    public boolean authenticate(String str, String str2, ServerSession serverSession) throws PasswordChangeRequiredException, AsyncAuthException {
        CryptHashValidator cryptHashValidator = this.userValidatorMap.get(str);
        if (cryptHashValidator == null) {
            return false;
        }
        return cryptHashValidator.isValid(str2);
    }
}
