package org.apereo.cas.authentication.principal;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.gen.DefaultRandomStringGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-services-api-5.2.9.jar:org/apereo/cas/authentication/principal/ShibbolethCompatiblePersistentIdGenerator.class */
public class ShibbolethCompatiblePersistentIdGenerator implements PersistentIdGenerator {
    private static final long serialVersionUID = 6182838799563190289L;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ShibbolethCompatiblePersistentIdGenerator.class);
    private static final byte CONST_SEPARATOR = 33;
    private static final int CONST_DEFAULT_SALT_COUNT = 16;
    private static final int CONST_SALT_ABBREV_LENGTH = 4;

    @JsonProperty
    private String salt;

    @JsonProperty
    private String attribute;

    public ShibbolethCompatiblePersistentIdGenerator() {
    }

    public ShibbolethCompatiblePersistentIdGenerator(String str) {
        this.salt = str;
    }

    public String getAttribute() {
        return this.attribute;
    }

    public void setAttribute(String str) {
        this.attribute = str;
    }

    public String getSalt() {
        return this.salt;
    }

    public void setSalt(String str) {
        this.salt = str;
    }

    @Override // org.apereo.cas.authentication.principal.PersistentIdGenerator
    public String generate(String str, String str2) {
        try {
            if (StringUtils.isBlank(this.salt)) {
                this.salt = new DefaultRandomStringGenerator(16).getNewString();
            }
            LOGGER.debug("Using principal [{}] to generate anonymous identifier for service [{}]", str, str2);
            String digestAndEncodeWithSalt = digestAndEncodeWithSalt(prepareMessageDigest(str, str2));
            LOGGER.debug("Generated persistent id for [{}] is [{}]", str2, digestAndEncodeWithSalt);
            return digestAndEncodeWithSalt;
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    @Override // org.apereo.cas.authentication.principal.PersistentIdGenerator
    public String generate(Principal principal, Service service) {
        String id;
        Map<String, Object> attributes = principal.getAttributes();
        LOGGER.debug("Found principal attributes [{}] to use when generating persistent identifiers", attributes);
        if (StringUtils.isNotBlank(this.attribute) && attributes.containsKey(this.attribute)) {
            id = CollectionUtils.firstElement(attributes.get(this.attribute)).get().toString();
            LOGGER.debug("Using attribute [{}] to establish principal id [{}] to generate persistent identifier", this.attribute, id);
        } else {
            id = principal.getId();
            LOGGER.debug("Using principal id [{}] to generate persistent identifier", id);
        }
        return generate(id, service != null ? service.getId() : null);
    }

    protected String digestAndEncodeWithSalt(MessageDigest messageDigest) {
        return EncodingUtils.encodeBase64(messageDigest.digest(StringUtils.replace(this.salt, "\n", " ").getBytes(StandardCharsets.UTF_8)), false);
    }

    protected MessageDigest prepareMessageDigest(String str, String str2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        if (StringUtils.isNotBlank(str2)) {
            messageDigest.update(str2.getBytes(StandardCharsets.UTF_8));
            messageDigest.update((byte) 33);
        }
        messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
        messageDigest.update((byte) 33);
        return messageDigest;
    }

    public boolean equals(Object obj) {
        if (obj == null) {
            return false;
        }
        if (obj == this) {
            return true;
        }
        if (obj.getClass() != getClass()) {
            return false;
        }
        ShibbolethCompatiblePersistentIdGenerator shibbolethCompatiblePersistentIdGenerator = (ShibbolethCompatiblePersistentIdGenerator) obj;
        return new EqualsBuilder().append(this.salt, shibbolethCompatiblePersistentIdGenerator.salt).append(this.attribute, shibbolethCompatiblePersistentIdGenerator.attribute).isEquals();
    }

    public int hashCode() {
        return new HashCodeBuilder().append(this.salt).append(this.attribute).toHashCode();
    }

    public String toString() {
        return new ToStringBuilder(this).append("attribute", this.attribute).append("salt", StringUtils.abbreviate(this.salt, 4)).toString();
    }
}
