package com.atlassian.crowd.password.encoder;

import com.atlassian.crowd.common.properties.SystemProperties;
import com.atlassian.crowd.exception.PasswordEncoderException;
import com.atlassian.crowd.password.saltgenerator.SecureRandomSaltGenerator;
import com.atlassian.security.password.DefaultPasswordEncoder;
import com.atlassian.security.password.PKCS5S2PasswordHashGenerator;
import com.atlassian.security.password.PasswordEncoder;
import java.util.List;

/* loaded from: input_file:com/atlassian/crowd/password/encoder/AtlassianSecurityPasswordEncoder.class */
public class AtlassianSecurityPasswordEncoder implements InternalPasswordEncoder, UpgradeablePasswordEncoder {
    private static final PasswordEncoder ADVANCED_PASSWORD_ENCODER = new DefaultPasswordEncoder("PKCS5S2_SHA2", new PKCS5S2SHA2PasswordHashGenerator(), SecureRandomSaltGenerator.INSTANCE);
    private static final PasswordEncoder STANDARD_PASSWORD_ENCODER = new DefaultPasswordEncoder("PKCS5S2", new PKCS5S2PasswordHashGenerator(), SecureRandomSaltGenerator.INSTANCE);
    private final List<PasswordEncoder> supportedPasswordEncoders;
    private final PasswordEncoder legacyPasswordEncoder;

    public AtlassianSecurityPasswordEncoder() {
        this(getSupportedEncoders(), (PasswordEncoder) new AtlassianSHA1PasswordEncoder());
    }

    AtlassianSecurityPasswordEncoder(PasswordEncoder passwordEncoder, PasswordEncoder passwordEncoder2) {
        this((List<PasswordEncoder>) List.of(passwordEncoder), passwordEncoder2);
    }

    private AtlassianSecurityPasswordEncoder(List<PasswordEncoder> list, PasswordEncoder passwordEncoder) {
        if (list.isEmpty()) {
            throw new IllegalArgumentException("Supported encoders list must contain at least 1 element");
        }
        this.supportedPasswordEncoders = list;
        this.legacyPasswordEncoder = passwordEncoder;
    }

    public String encodePassword(String str, Object obj) throws PasswordEncoderException {
        try {
            return getDefaultPasswordEncoder().encodePassword(str);
        } catch (IllegalArgumentException e) {
            throw new PasswordEncoderException("Password could not be encoded.", e);
        }
    }

    public boolean isPasswordValid(String str, String str2, Object obj) {
        return ((Boolean) this.supportedPasswordEncoders.stream().filter(passwordEncoder -> {
            return passwordEncoder.canDecodePassword(str);
        }).findFirst().map(passwordEncoder2 -> {
            return Boolean.valueOf(isValidPassword(passwordEncoder2, str2, str));
        }).orElseGet(() -> {
            return Boolean.valueOf(this.legacyPasswordEncoder.isPasswordValid(str, str2, obj));
        })).booleanValue();
    }

    public boolean isUpgradeRequired(String str) {
        return !getDefaultPasswordEncoder().canDecodePassword(str);
    }

    public String getKey() {
        return "atlassian-security";
    }

    private PasswordEncoder getDefaultPasswordEncoder() {
        return this.supportedPasswordEncoders.get(0);
    }

    private boolean isValidPassword(PasswordEncoder passwordEncoder, String str, String str2) {
        try {
            return passwordEncoder.isValidPassword(str, str2);
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    private static List<PasswordEncoder> getSupportedEncoders() {
        return ((Boolean) SystemProperties.ADVANCED_SECURITY_PASSWORD_ENCODER_ENABLED.getValue()).booleanValue() ? List.of(ADVANCED_PASSWORD_ENCODER, STANDARD_PASSWORD_ENCODER) : List.of(STANDARD_PASSWORD_ENCODER, ADVANCED_PASSWORD_ENCODER);
    }
}
