package org.opendaylight.netconf.transport.ssh;

import com.google.common.collect.ImmutableMap;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Pattern;
import org.apache.commons.codec.digest.Crypt;
import org.opendaylight.netconf.shaded.sshd.server.auth.password.PasswordAuthenticator;
import org.opendaylight.netconf.shaded.sshd.server.session.ServerSession;

/* loaded from: input_file:org/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator.class */
final class CryptHashPasswordAuthenticator implements PasswordAuthenticator {
    private static final Pattern CRYPT_HASH_PATTERN = Pattern.compile("\\$0\\$.*|\\$1\\$[a-zA-Z0-9./]{1,8}\\$[a-zA-Z0-9./]{22}|\\$5\\$(rounds=\\d+\\$)?[a-zA-Z0-9./]{1,16}\\$[a-zA-Z0-9./]{43}|\\$6\\$(rounds=\\d+\\$)?[a-zA-Z0-9./]{1,16}\\$[a-zA-Z0-9./]{86}");
    private static final String DEFAULT_SALT = "$5$rounds=3500$default";
    private final ImmutableMap<String, CryptHash> knownHashes;

    /* loaded from: input_file:org/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator$CryptHash.class */
    private static final class CryptHash extends Record {
        private final String salt;
        private final String hash;

        CryptHash(String str, String str2) {
            Objects.requireNonNull(str);
            Objects.requireNonNull(str2);
            this.salt = str;
            this.hash = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CryptHash.class), CryptHash.class, "salt;hash", "FIELD:Lorg/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator$CryptHash;->salt:Ljava/lang/String;", "FIELD:Lorg/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator$CryptHash;->hash:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CryptHash.class), CryptHash.class, "salt;hash", "FIELD:Lorg/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator$CryptHash;->salt:Ljava/lang/String;", "FIELD:Lorg/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator$CryptHash;->hash:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CryptHash.class, Object.class), CryptHash.class, "salt;hash", "FIELD:Lorg/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator$CryptHash;->salt:Ljava/lang/String;", "FIELD:Lorg/opendaylight/netconf/transport/ssh/CryptHashPasswordAuthenticator$CryptHash;->hash:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String salt() {
            return this.salt;
        }

        public String hash() {
            return this.hash;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptHashPasswordAuthenticator(Map<String, String> map) {
        if (map.isEmpty()) {
            throw new IllegalArgumentException("Hashes map should not be empty");
        }
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String value = entry.getValue();
            if (!CRYPT_HASH_PATTERN.matcher(value).matches()) {
                throw new IllegalArgumentException("Invalid crypt hash string \"" + value + "\"");
            }
            builder.put(entry.getKey(), value.startsWith("$0$") ? new CryptHash(DEFAULT_SALT, Crypt.crypt(value.substring(3), DEFAULT_SALT)) : new CryptHash(value.substring(0, value.lastIndexOf(36)), value));
        }
        this.knownHashes = builder.build();
    }

    @Override // org.opendaylight.netconf.shaded.sshd.server.auth.password.PasswordAuthenticator
    public boolean authenticate(String str, String str2, ServerSession serverSession) {
        CryptHash cryptHash = this.knownHashes.get(str);
        return cryptHash != null && cryptHash.hash.equals(Crypt.crypt(str2, cryptHash.salt));
    }
}
