package org.apereo.cas.util.crypto;

import lombok.Generated;
import org.apache.commons.codec.digest.Crypt;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.util.gen.HexRandomStringGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-util-api-6.1.7.2.jar:org/apereo/cas/util/crypto/GlibcCryptPasswordEncoder.class */
public class GlibcCryptPasswordEncoder implements PasswordEncoder {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GlibcCryptPasswordEncoder.class);
    private static final int SALT_LENGTH = 8;
    private final String encodingAlgorithm;
    private final int strength;
    private String secret;

    @Override // org.springframework.security.crypto.password.PasswordEncoder
    public String encode(CharSequence charSequence) {
        if (charSequence == null) {
            return null;
        }
        if (!StringUtils.isBlank(this.encodingAlgorithm)) {
            return Crypt.crypt(charSequence.toString(), generateCryptSalt());
        }
        LOGGER.warn("No encoding algorithm is defined. Password cannot be encoded; Returning null");
        return null;
    }

    @Override // org.springframework.security.crypto.password.PasswordEncoder
    public boolean matches(CharSequence charSequence, String str) {
        String substring;
        if (StringUtils.isBlank(str)) {
            LOGGER.warn("The encoded password provided for matching is null. Returning false");
            return false;
        }
        int lastIndexOf = str.lastIndexOf(36);
        if (lastIndexOf == -1) {
            substring = str.substring(0, 2);
            LOGGER.debug("Assuming DES UnixCrypt as no delimiter could be found in the encoded password provided");
        } else {
            substring = str.substring(0, lastIndexOf);
            LOGGER.debug("Encoded password uses algorithm [{}]", Character.valueOf(substring.charAt(1)));
        }
        boolean equals = StringUtils.equals(Crypt.crypt(charSequence.toString(), substring), str);
        LOGGER.debug("Provided password does {}match the encoded password", BooleanUtils.toString(equals, "", "not "));
        return equals;
    }

    private String generateCryptSalt() {
        if (StringUtils.isBlank(this.encodingAlgorithm)) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        if ("1".equals(this.encodingAlgorithm) || "MD5".equals(this.encodingAlgorithm.toUpperCase())) {
            sb.append("$1$");
            LOGGER.debug("Encoding with MD5 algorithm");
        } else if ("5".equals(this.encodingAlgorithm) || "SHA-256".equals(this.encodingAlgorithm.toUpperCase())) {
            sb.append("$5$rounds=").append(this.strength).append('$');
            LOGGER.debug("Encoding with SHA-256 algorithm and [{}] rounds", Integer.valueOf(this.strength));
        } else if ("6".equals(this.encodingAlgorithm) || "SHA-512".equals(this.encodingAlgorithm.toUpperCase())) {
            sb.append("$6$rounds=").append(this.strength).append('$');
            LOGGER.debug("Encoding with SHA-512 algorithm and [{}] rounds", Integer.valueOf(this.strength));
        } else {
            sb.append(this.encodingAlgorithm);
            LOGGER.debug("Encoding with DES UnixCrypt algorithm as no indicator for another algorithm was found.");
        }
        if (StringUtils.isBlank(this.secret)) {
            LOGGER.debug("No secret was found. Generating a salt with length [{}]", (Object) 8);
            this.secret = new HexRandomStringGenerator(8).getNewString();
        } else {
            LOGGER.debug("The provided secrect is used as a salt");
        }
        sb.append(this.secret);
        return sb.toString();
    }

    @Generated
    public GlibcCryptPasswordEncoder(String str, int i, String str2) {
        this.encodingAlgorithm = str;
        this.strength = i;
        this.secret = str2;
    }
}
