package org.springframework.security.authentication.encoding;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.util.Assert;

/* loaded from: input_file:rnip-ui-war-8.0.7.war:WEB-INF/lib/spring-security-core-3.1.1.RELEASE.jar:org/springframework/security/authentication/encoding/LdapShaPasswordEncoder.class */
public class LdapShaPasswordEncoder implements PasswordEncoder {
    private static final int SHA_LENGTH = 20;
    private static final String SSHA_PREFIX = "{SSHA}";
    private static final String SSHA_PREFIX_LC = SSHA_PREFIX.toLowerCase();
    private static final String SHA_PREFIX = "{SHA}";
    private static final String SHA_PREFIX_LC = SHA_PREFIX.toLowerCase();
    private boolean forceLowerCasePrefix;

    private byte[] combineHashAndSalt(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null) {
            return bArr;
        }
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    @Override // org.springframework.security.authentication.encoding.PasswordEncoder
    public String encodePassword(String str, Object obj) {
        String str2;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(Utf8.encode(str));
            if (obj != null) {
                Assert.isInstanceOf(byte[].class, obj, "Salt value must be a byte array");
                messageDigest.update((byte[]) obj);
            }
            byte[] combineHashAndSalt = combineHashAndSalt(messageDigest.digest(), (byte[]) obj);
            if (obj == null) {
                str2 = this.forceLowerCasePrefix ? SHA_PREFIX_LC : SHA_PREFIX;
            } else {
                str2 = this.forceLowerCasePrefix ? SSHA_PREFIX_LC : SSHA_PREFIX;
            }
            return str2 + Utf8.decode(Base64.encode(combineHashAndSalt));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No SHA implementation available!");
        }
    }

    private byte[] extractSalt(String str) {
        byte[] decode = Base64.decode(str.substring(6).getBytes());
        int length = decode.length - 20;
        byte[] bArr = new byte[length];
        System.arraycopy(decode, 20, bArr, 0, length);
        return bArr;
    }

    @Override // org.springframework.security.authentication.encoding.PasswordEncoder
    public boolean isPasswordValid(String str, String str2, Object obj) {
        byte[] extractSalt;
        String extractPrefix = extractPrefix(str);
        if (extractPrefix == null) {
            return str.equals(str2);
        }
        if (extractPrefix.equals(SSHA_PREFIX) || extractPrefix.equals(SSHA_PREFIX_LC)) {
            extractSalt = extractSalt(str);
        } else {
            if (!extractPrefix.equals(SHA_PREFIX) && !extractPrefix.equals(SHA_PREFIX_LC)) {
                throw new IllegalArgumentException("Unsupported password prefix '" + extractPrefix + "'");
            }
            extractSalt = null;
        }
        int length = extractPrefix.length();
        return PasswordEncoderUtils.equals(encodePassword(str2, extractSalt).substring(length), str.substring(length));
    }

    private String extractPrefix(String str) {
        if (!str.startsWith("{")) {
            return null;
        }
        int lastIndexOf = str.lastIndexOf(125);
        if (lastIndexOf < 0) {
            throw new IllegalArgumentException("Couldn't find closing brace for SHA prefix");
        }
        return str.substring(0, lastIndexOf + 1);
    }

    public void setForceLowerCasePrefix(boolean z) {
        this.forceLowerCasePrefix = z;
    }
}
