package fr.paris.lutece.portal.business.user.authentication;

import fr.paris.lutece.portal.service.captcha.ICaptchaSecurityService;
import fr.paris.lutece.portal.service.util.AppException;
import fr.paris.lutece.portal.service.util.AppLogService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import fr.paris.lutece.portal.service.util.CryptoService;
import fr.paris.lutece.util.password.IPassword;
import fr.paris.lutece.util.password.IPasswordFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Random;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory.class */
final class PasswordFactory implements IPasswordFactory {
    private static final String ERROR_PASSWORD_STORAGE = "Invalid stored password ";
    private static final String PBKDF2WITHHMACSHA1_STORAGE_TYPE = "PBKDF2";
    private static final String PBKDF2WITHHMACSHA512_STORAGE_TYPE = "PBKDF2WITHHMACSHA512";
    private static final String PLAINTEXT_STORAGE_TYPE = "PLAINTEXT";
    private static final String DUMMY_STORAGE_TYPE = "��DUMMY��";
    private static final String DUMMY_STORED_PASSWORD = "��DUMMY��:��";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory$DigestPassword.class */
    public static final class DigestPassword extends LegacyPassword {
        private final String _strPassword;
        private final String _strAlgorithm;

        public DigestPassword(String str, String str2) {
            super();
            this._strPassword = str2;
            try {
                MessageDigest.getInstance(str);
                this._strAlgorithm = str;
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalArgumentException(e);
            }
        }

        @Override // fr.paris.lutece.util.password.IPassword
        public boolean check(String str) {
            return this._strPassword != null && this._strPassword.equals(CryptoService.encrypt(str, this._strAlgorithm));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory$DummyPassword.class */
    public static final class DummyPassword extends PBKDF2WithHmacSHA512Password {
        DummyPassword() {
            super(ICaptchaSecurityService.EMPTY_STRING, PBKDF2Password.PASSWORD_REPRESENTATION.CLEARTEXT);
        }

        @Override // fr.paris.lutece.portal.business.user.authentication.PasswordFactory.PBKDF2Password, fr.paris.lutece.util.password.IPassword
        public boolean check(String str) {
            super.check(str);
            return false;
        }

        @Override // fr.paris.lutece.portal.business.user.authentication.PasswordFactory.PBKDF2Password, fr.paris.lutece.util.password.IPassword
        public String getStorableRepresentation() {
            throw new UnsupportedOperationException("Must not store a dummy password");
        }
    }

    /* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory$LegacyPassword.class */
    private static abstract class LegacyPassword implements IPassword {
        private LegacyPassword() {
        }

        @Override // fr.paris.lutece.util.password.IPassword
        public final boolean isLegacy() {
            return true;
        }

        @Override // fr.paris.lutece.util.password.IPassword
        public final String getStorableRepresentation() {
            throw new UnsupportedOperationException("Passwords should not be stored without proper hashing and salting");
        }
    }

    /* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory$PBKDF2Password.class */
    private static abstract class PBKDF2Password implements IPassword {
        private static final Pattern FORMAT = Pattern.compile("^(\\d+):([a-z0-9]+):([a-z0-9]+)$", 2);
        private static final Random RANDOM;
        private static final String PROPERTY_PASSWORD_HASH_ITERATIONS = "password.hash.iterations";
        private static final String PROPERTY_PASSWORD_HASH_LENGTH = "password.hash.length";
        private final int _iterations;
        private final byte[] _salt;
        private final byte[] _hash;

        /* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory$PBKDF2Password$PASSWORD_REPRESENTATION.class */
        enum PASSWORD_REPRESENTATION {
            CLEARTEXT,
            STORABLE
        }

        public PBKDF2Password(String str) {
            this(str, PASSWORD_REPRESENTATION.STORABLE);
        }

        public PBKDF2Password(String str, PASSWORD_REPRESENTATION password_representation) {
            switch (password_representation) {
                case CLEARTEXT:
                    this._iterations = AppPropertiesService.getPropertyInt(PROPERTY_PASSWORD_HASH_ITERATIONS, 40000);
                    int propertyInt = AppPropertiesService.getPropertyInt(PROPERTY_PASSWORD_HASH_LENGTH, 128);
                    try {
                        this._salt = new byte[16];
                        RANDOM.nextBytes(this._salt);
                        this._hash = SecretKeyFactory.getInstance(getAlgorithm()).generateSecret(new PBEKeySpec(str.toCharArray(), this._salt, this._iterations, propertyInt * 8)).getEncoded();
                        return;
                    } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                        throw new AppException("Invalid Algo or key", (Exception) e);
                    }
                case STORABLE:
                    Matcher matcher = FORMAT.matcher(str);
                    if (!matcher.matches() || matcher.groupCount() != 3) {
                        throw new IllegalArgumentException(PasswordFactory.ERROR_PASSWORD_STORAGE + str);
                    }
                    this._iterations = Integer.valueOf(matcher.group(1)).intValue();
                    try {
                        this._salt = Hex.decodeHex(matcher.group(2).toCharArray());
                        this._hash = Hex.decodeHex(matcher.group(3).toCharArray());
                        return;
                    } catch (DecoderException e2) {
                        throw new IllegalArgumentException(PasswordFactory.ERROR_PASSWORD_STORAGE + str);
                    }
                default:
                    throw new IllegalArgumentException(password_representation.toString());
            }
        }

        protected abstract String getAlgorithm();

        @Override // fr.paris.lutece.util.password.IPassword
        public boolean check(String str) {
            try {
                return Arrays.equals(this._hash, SecretKeyFactory.getInstance(getAlgorithm()).generateSecret(new PBEKeySpec(str.toCharArray(), this._salt, this._iterations, this._hash.length * 8)).getEncoded());
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new AppException("Invalid Algo or key", (Exception) e);
            }
        }

        protected abstract String getStorageType();

        @Override // fr.paris.lutece.util.password.IPassword
        public String getStorableRepresentation() {
            StringBuilder sb = new StringBuilder();
            sb.append(getStorageType()).append(':');
            sb.append(this._iterations).append(':').append(Hex.encodeHex(this._salt));
            sb.append(':').append(Hex.encodeHex(this._hash));
            return sb.toString();
        }

        static {
            SecureRandom secureRandom;
            try {
                secureRandom = SecureRandom.getInstance("SHA1PRNG");
            } catch (NoSuchAlgorithmException e) {
                AppLogService.error("SHA1PRNG is not availabled. Picking the default SecureRandom.", e);
                secureRandom = new SecureRandom();
            }
            RANDOM = secureRandom;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory$PBKDF2WithHmacSHA1Password.class */
    public static final class PBKDF2WithHmacSHA1Password extends PBKDF2Password {
        public PBKDF2WithHmacSHA1Password(String str) {
            super(str);
        }

        @Override // fr.paris.lutece.util.password.IPassword
        public boolean isLegacy() {
            return true;
        }

        @Override // fr.paris.lutece.portal.business.user.authentication.PasswordFactory.PBKDF2Password
        protected String getAlgorithm() {
            return "PBKDF2WithHmacSHA1";
        }

        @Override // fr.paris.lutece.portal.business.user.authentication.PasswordFactory.PBKDF2Password
        protected String getStorageType() {
            return PasswordFactory.PBKDF2WITHHMACSHA1_STORAGE_TYPE;
        }

        @Override // fr.paris.lutece.portal.business.user.authentication.PasswordFactory.PBKDF2Password, fr.paris.lutece.util.password.IPassword
        public String getStorableRepresentation() {
            throw new UnsupportedOperationException("Must not store a legacy password");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory$PBKDF2WithHmacSHA512Password.class */
    public static class PBKDF2WithHmacSHA512Password extends PBKDF2Password {
        public PBKDF2WithHmacSHA512Password(String str) {
            super(str);
        }

        public PBKDF2WithHmacSHA512Password(String str, PBKDF2Password.PASSWORD_REPRESENTATION password_representation) {
            super(str, password_representation);
        }

        @Override // fr.paris.lutece.util.password.IPassword
        public boolean isLegacy() {
            return false;
        }

        @Override // fr.paris.lutece.portal.business.user.authentication.PasswordFactory.PBKDF2Password
        protected String getAlgorithm() {
            return "PBKDF2WithHmacSHA512";
        }

        @Override // fr.paris.lutece.portal.business.user.authentication.PasswordFactory.PBKDF2Password
        protected String getStorageType() {
            return PasswordFactory.PBKDF2WITHHMACSHA512_STORAGE_TYPE;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:fr/paris/lutece/portal/business/user/authentication/PasswordFactory$PlaintextPassword.class */
    public static final class PlaintextPassword extends LegacyPassword {
        private final String _strPassword;

        public PlaintextPassword(String str) {
            super();
            this._strPassword = str;
        }

        @Override // fr.paris.lutece.util.password.IPassword
        public boolean check(String str) {
            return this._strPassword != null && this._strPassword.equals(str);
        }
    }

    PasswordFactory() {
    }

    @Override // fr.paris.lutece.util.password.IPasswordFactory
    public IPassword getPassword(String str) {
        int indexOf = str.indexOf(58);
        if (indexOf == -1) {
            throw new IllegalArgumentException(str);
        }
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf + 1);
        boolean z = -1;
        switch (substring.hashCode()) {
            case -1941380937:
                if (substring.equals(PBKDF2WITHHMACSHA1_STORAGE_TYPE)) {
                    z = true;
                    break;
                }
                break;
            case -355137170:
                if (substring.equals(PBKDF2WITHHMACSHA512_STORAGE_TYPE)) {
                    z = 2;
                    break;
                }
                break;
            case 464861655:
                if (substring.equals(PLAINTEXT_STORAGE_TYPE)) {
                    z = false;
                    break;
                }
                break;
            case 2027652216:
                if (substring.equals(DUMMY_STORAGE_TYPE)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new PlaintextPassword(substring2);
            case true:
                return new PBKDF2WithHmacSHA1Password(substring2);
            case true:
                return new PBKDF2WithHmacSHA512Password(substring2);
            case true:
                return new DummyPassword();
            default:
                return new DigestPassword(substring, substring2);
        }
    }

    @Override // fr.paris.lutece.util.password.IPasswordFactory
    public IPassword getPasswordFromCleartext(String str) {
        return new PBKDF2WithHmacSHA512Password(str, PBKDF2Password.PASSWORD_REPRESENTATION.CLEARTEXT);
    }

    @Override // fr.paris.lutece.util.password.IPasswordFactory
    public IPassword getDummyPassword() {
        return getPassword(DUMMY_STORED_PASSWORD);
    }
}
