package org.opends.server.extensions;

import java.util.Arrays;
import java.util.List;
import java.util.Random;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.ldap.ByteSequence;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.server.config.server.CryptPasswordStorageSchemeCfg;
import org.forgerock.opendj.server.config.server.PasswordStorageSchemeCfg;
import org.opends.messages.ExtensionMessages;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
import org.opends.server.util.BSDMD5Crypt;
import org.opends.server.util.Crypt;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:WEB-INF/lib/opendj.jar:org/opends/server/extensions/CryptPasswordStorageScheme.class */
public class CryptPasswordStorageScheme extends PasswordStorageScheme<CryptPasswordStorageSchemeCfg> implements ConfigurationChangeListener<CryptPasswordStorageSchemeCfg> {
    private static final String CLASS_NAME = "org.opends.server.extensions.CryptPasswordStorageScheme";
    private CryptPasswordStorageSchemeCfg currentConfig;
    private static final byte[] SALT_CHARS = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".getBytes();
    private final Random randomSaltIndex = new Random();
    private final Object saltLock = new Object();
    private final Crypt crypt = new Crypt();

    @Override // org.opends.server.api.PasswordStorageScheme
    public void initializePasswordStorageScheme(CryptPasswordStorageSchemeCfg cryptPasswordStorageSchemeCfg) throws ConfigException, InitializationException {
        cryptPasswordStorageSchemeCfg.addCryptChangeListener(this);
        this.currentConfig = cryptPasswordStorageSchemeCfg;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public String getStorageSchemeName() {
        return ExtensionsConstants.STORAGE_SCHEME_NAME_CRYPT;
    }

    private ByteString unixCryptEncodePassword(ByteSequence byteSequence) throws DirectoryException {
        byte[] bArr = null;
        try {
            try {
                bArr = byteSequence.toByteArray();
                byte[] crypt = this.crypt.crypt(bArr, randomSalt());
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                }
                return ByteString.wrap(crypt);
            } catch (Exception e) {
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, StaticUtils.stackTraceToSingleLineString(e)), e);
            }
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    private byte[] randomSalt() {
        byte[] bArr;
        synchronized (this.saltLock) {
            bArr = new byte[]{SALT_CHARS[this.randomSaltIndex.nextInt(SALT_CHARS.length)], SALT_CHARS[this.randomSaltIndex.nextInt(SALT_CHARS.length)]};
        }
        return bArr;
    }

    private ByteString md5CryptEncodePassword(ByteSequence byteSequence) throws DirectoryException {
        try {
            return ByteString.valueOfUtf8(BSDMD5Crypt.crypt(byteSequence));
        } catch (Exception e) {
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, StaticUtils.stackTraceToSingleLineString(e)), e);
        }
    }

    private ByteString sha256CryptEncodePassword(ByteSequence byteSequence) throws DirectoryException {
        byte[] bArr = null;
        try {
            try {
                bArr = byteSequence.toByteArray();
                String sha256Crypt = Sha2Crypt.sha256Crypt(bArr);
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                }
                return ByteString.valueOfUtf8(sha256Crypt);
            } catch (Exception e) {
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, StaticUtils.stackTraceToSingleLineString(e)), e);
            }
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    private ByteString sha512CryptEncodePassword(ByteSequence byteSequence) throws DirectoryException {
        byte[] bArr = null;
        try {
            try {
                bArr = byteSequence.toByteArray();
                String sha512Crypt = Sha2Crypt.sha512Crypt(bArr);
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                }
                return ByteString.valueOfUtf8(sha512Crypt);
            } catch (Exception e) {
                throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ExtensionMessages.ERR_PWSCHEME_CANNOT_ENCODE_PASSWORD.get(CLASS_NAME, StaticUtils.stackTraceToSingleLineString(e)), e);
            }
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodePassword(ByteSequence byteSequence) throws DirectoryException {
        ByteString byteString = null;
        switch (this.currentConfig.getCryptPasswordStorageEncryptionAlgorithm()) {
            case UNIX:
                byteString = unixCryptEncodePassword(byteSequence);
                break;
            case MD5:
                byteString = md5CryptEncodePassword(byteSequence);
                break;
            case SHA256:
                byteString = sha256CryptEncodePassword(byteSequence);
                break;
            case SHA512:
                byteString = sha512CryptEncodePassword(byteSequence);
                break;
        }
        return byteString;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodePasswordWithScheme(ByteSequence byteSequence) throws DirectoryException {
        StringBuilder sb = new StringBuilder(ExtensionsConstants.STORAGE_SCHEME_NAME_CRYPT.length() + 12);
        sb.append('{');
        sb.append(ExtensionsConstants.STORAGE_SCHEME_NAME_CRYPT);
        sb.append('}');
        sb.append(encodePassword(byteSequence));
        return ByteString.valueOfUtf8(sb);
    }

    private boolean unixCryptPasswordMatches(ByteSequence byteSequence, ByteSequence byteSequence2) {
        byte[] bArr = null;
        try {
            bArr = byteSequence.toByteArray();
            ByteString wrap = ByteString.wrap(this.crypt.crypt(bArr, byteSequence2.copyTo(new byte[2])));
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return wrap.equals(byteSequence2);
        } catch (Exception e) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return false;
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    private boolean md5CryptPasswordMatches(ByteSequence byteSequence, ByteSequence byteSequence2) {
        String byteSequence3 = byteSequence2.toString();
        try {
            return BSDMD5Crypt.crypt(byteSequence, byteSequence3).equals(byteSequence3);
        } catch (Exception e) {
            return false;
        }
    }

    private boolean sha256CryptPasswordMatches(ByteSequence byteSequence, ByteSequence byteSequence2) {
        byte[] bArr = null;
        String byteSequence3 = byteSequence2.toString();
        try {
            bArr = byteSequence.toByteArray();
            boolean equals = Sha2Crypt.sha256Crypt(bArr, byteSequence3).equals(byteSequence3);
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return equals;
        } catch (Exception e) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return false;
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    private boolean sha512CryptPasswordMatches(ByteSequence byteSequence, ByteSequence byteSequence2) {
        byte[] bArr = null;
        String byteSequence3 = byteSequence2.toString();
        try {
            bArr = byteSequence.toByteArray();
            boolean equals = Sha2Crypt.sha512Crypt(bArr, byteSequence3).equals(byteSequence3);
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return equals;
        } catch (Exception e) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return false;
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean passwordMatches(ByteSequence byteSequence, ByteSequence byteSequence2) {
        String byteSequence3 = byteSequence2.toString();
        return byteSequence3.startsWith(BSDMD5Crypt.getMagicString()) ? md5CryptPasswordMatches(byteSequence, byteSequence2) : byteSequence3.startsWith(Sha2Crypt.getMagicSHA256Prefix()) ? sha256CryptPasswordMatches(byteSequence, byteSequence2) : byteSequence3.startsWith(Sha2Crypt.getMagicSHA512Prefix()) ? sha512CryptPasswordMatches(byteSequence, byteSequence2) : unixCryptPasswordMatches(byteSequence, byteSequence2);
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean supportsAuthPasswordSyntax() {
        return false;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodeAuthPassword(ByteSequence byteSequence) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, ExtensionMessages.ERR_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD.get(getStorageSchemeName()));
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean authPasswordMatches(ByteSequence byteSequence, String str, String str2) {
        return false;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean isReversible() {
        return false;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString getPlaintextValue(ByteSequence byteSequence) throws DirectoryException {
        throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, ExtensionMessages.ERR_PWSCHEME_NOT_REVERSIBLE.get(ExtensionsConstants.STORAGE_SCHEME_NAME_CRYPT));
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString getAuthPasswordPlaintextValue(String str, String str2) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, ExtensionMessages.ERR_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD.get(getStorageSchemeName()));
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean isStorageSchemeSecure() {
        return false;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean isConfigurationAcceptable(PasswordStorageSchemeCfg passwordStorageSchemeCfg, List<LocalizableMessage> list) {
        return isConfigurationChangeAcceptable2((CryptPasswordStorageSchemeCfg) passwordStorageSchemeCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(CryptPasswordStorageSchemeCfg cryptPasswordStorageSchemeCfg, List<LocalizableMessage> list) {
        return true;
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(CryptPasswordStorageSchemeCfg cryptPasswordStorageSchemeCfg) {
        this.currentConfig = cryptPasswordStorageSchemeCfg;
        return new ConfigChangeResult();
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(CryptPasswordStorageSchemeCfg cryptPasswordStorageSchemeCfg, List list) {
        return isConfigurationChangeAcceptable2(cryptPasswordStorageSchemeCfg, (List<LocalizableMessage>) list);
    }
}
