package org.josso.auth.scheme;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josso.auth.Credential;
import org.josso.auth.CredentialProvider;
import org.josso.auth.SimplePrincipal;
import org.josso.auth.exceptions.SSOAuthenticationException;
import org.josso.auth.util.CipherUtil;
import org.josso.auth.util.Crypt;
import org.springframework.beans.PropertyAccessor;

/* loaded from: input_file:WEB-INF/lib/josso-basic-authscheme-1.8.10-SNAPSHOT.jar:org/josso/auth/scheme/UsernamePasswordAuthScheme.class */
public class UsernamePasswordAuthScheme extends AbstractAuthenticationScheme {
    private static final Log logger = LogFactory.getLog(UsernamePasswordAuthScheme.class);
    private String _hashAlgorithm;
    private String _hashEncoding;
    private String _hashCharset;
    private boolean _ignorePasswordCase;
    private boolean _ignoreUserCase;
    private int _saltLenght = 2;

    public UsernamePasswordAuthScheme() {
        setName("basic-authentication");
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public Principal getPrincipal() {
        return new SimplePrincipal(getUsername(this._inputCredentials));
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public Principal getPrincipal(Credential[] credentialArr) {
        return new SimplePrincipal(getUsername(credentialArr));
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public boolean authenticate() throws SSOAuthenticationException {
        setAuthenticated(false);
        String username = getUsername(this._inputCredentials);
        String password = getPassword(this._inputCredentials);
        if (username == null || username.length() == 0 || password == null || password.length() == 0) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("Username " + ((username == null || username.length() == 0) ? " not" : "") + " provided. Password " + ((password == null || password.length() == 0) ? " not" : "") + " provided.");
            return false;
        }
        String username2 = getUsername(getKnownCredentials());
        String password2 = getPassword(getKnownCredentials());
        String createPasswordHash = createPasswordHash(password);
        if (!validateUsername(username, username2) || !validatePassword(createPasswordHash, password2)) {
            return false;
        }
        if (this._ignoreUserCase && !username.equals(username2)) {
            updateUsername(this._inputCredentials, username2);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("[authenticate()], Principal authenticated : " + username);
        }
        setAuthenticated(true);
        return true;
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public Credential[] getPrivateCredentials() {
        PasswordCredential passwordCredential = getPasswordCredential(this._inputCredentials);
        return passwordCredential == null ? new Credential[0] : new Credential[]{passwordCredential};
    }

    @Override // org.josso.auth.scheme.AuthenticationScheme
    public Credential[] getPublicCredentials() {
        UsernameCredential usernameCredential = getUsernameCredential(this._inputCredentials);
        return usernameCredential == null ? new Credential[0] : new Credential[]{usernameCredential};
    }

    @Override // org.josso.auth.scheme.AbstractAuthenticationScheme, org.josso.auth.CredentialProvider
    public Credential newEncodedCredential(String str, Object obj) {
        try {
            String str2 = (String) obj;
            if (str.equals(UsernamePasswordCredentialProvider.PASSWORD_CREDENTIAL_NAME)) {
                str2 = createPasswordHash(str2);
            }
            return super.newEncodedCredential(str, str2);
        } catch (SSOAuthenticationException e) {
            logger.error("Cannot create encoded credential " + e.getMessage(), e);
            return null;
        }
    }

    protected boolean validatePassword(String str, String str2) {
        if (logger.isDebugEnabled()) {
            logger.debug("Validating passwords [" + str + "/" + str2 + PropertyAccessor.PROPERTY_KEY_SUFFIX);
        }
        if (str == null && str2 == null) {
            return false;
        }
        return (this._ignorePasswordCase && this._hashAlgorithm == null) ? str.equalsIgnoreCase(str2) : str.equals(str2);
    }

    protected boolean validateUsername(String str, String str2) {
        if (logger.isDebugEnabled()) {
            logger.debug("Validating usernames [" + str + "/" + str2 + PropertyAccessor.PROPERTY_KEY_SUFFIX);
        }
        if (str == null && str2 == null) {
            return false;
        }
        return this._ignoreUserCase ? str.equalsIgnoreCase(str2) : str.equals(str2);
    }

    protected String createPasswordHash(String str) throws SSOAuthenticationException {
        byte[] bytes;
        if (getHashAlgorithm() == null && getHashEncoding() == null) {
            return str;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Creating password hash for [" + str + "] with algorithm/encoding [" + getHashAlgorithm() + "/" + getHashEncoding() + PropertyAccessor.PROPERTY_KEY_SUFFIX);
        }
        if ("CRYPT".equalsIgnoreCase(getHashAlgorithm())) {
            String password = getPassword(getKnownCredentials());
            return Crypt.crypt((password == null || password.length() <= 1) ? "" : password.substring(0, this._saltLenght), str);
        }
        String str2 = null;
        try {
            bytes = this._hashCharset == null ? str.getBytes() : str.getBytes(this._hashCharset);
        } catch (UnsupportedEncodingException e) {
            logger.error("charset " + this._hashCharset + " not found. Using platform default.");
            bytes = str.getBytes();
        }
        try {
            byte[] digest = this._hashAlgorithm != null ? getDigest().digest(bytes) : bytes;
            if ("BASE64".equalsIgnoreCase(this._hashEncoding)) {
                str2 = CipherUtil.encodeBase64(digest);
            } else if ("HEX".equalsIgnoreCase(this._hashEncoding)) {
                str2 = CipherUtil.encodeBase16(digest);
            } else if (this._hashEncoding == null) {
                logger.error("You must specify a hashEncoding when using hashAlgorithm");
            } else {
                logger.error("Unsupported hash encoding format " + this._hashEncoding);
            }
        } catch (Exception e2) {
            logger.error(new StringBuilder().append("Password hash calculation failed : \n").append(e2.getMessage()).toString() != null ? e2.getMessage() : e2.toString(), e2);
        }
        return str2;
    }

    protected MessageDigest getDigest() throws SSOAuthenticationException {
        MessageDigest messageDigest = null;
        if (this._hashAlgorithm != null) {
            try {
                messageDigest = MessageDigest.getInstance(this._hashAlgorithm);
                logger.debug("Using hash algorithm/encoding : " + this._hashAlgorithm + "/" + this._hashEncoding);
            } catch (NoSuchAlgorithmException e) {
                logger.error("Algorithm not supported : " + this._hashAlgorithm, e);
                throw new SSOAuthenticationException(e.getMessage(), e);
            }
        }
        return messageDigest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUsername(Credential[] credentialArr) {
        UsernameCredential usernameCredential = getUsernameCredential(credentialArr);
        if (usernameCredential == null) {
            return null;
        }
        return (String) usernameCredential.getValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPassword(Credential[] credentialArr) {
        PasswordCredential passwordCredential = getPasswordCredential(credentialArr);
        if (passwordCredential == null) {
            return null;
        }
        return (String) passwordCredential.getValue();
    }

    protected void updateUsername(Credential[] credentialArr, String str) {
        UsernameCredential usernameCredential = getUsernameCredential(credentialArr);
        if (usernameCredential != null) {
            usernameCredential.setValue(str);
        }
    }

    protected PasswordCredential getPasswordCredential(Credential[] credentialArr) {
        for (int i = 0; i < credentialArr.length; i++) {
            if (credentialArr[i] instanceof PasswordCredential) {
                return (PasswordCredential) credentialArr[i];
            }
        }
        return null;
    }

    protected UsernameCredential getUsernameCredential(Credential[] credentialArr) {
        for (int i = 0; i < credentialArr.length; i++) {
            if (credentialArr[i] instanceof UsernameCredential) {
                return (UsernameCredential) credentialArr[i];
            }
        }
        return null;
    }

    @Override // org.josso.auth.scheme.AbstractAuthenticationScheme
    protected CredentialProvider doMakeCredentialProvider() {
        return new UsernamePasswordCredentialProvider();
    }

    public String getHashAlgorithm() {
        return this._hashAlgorithm;
    }

    public void setHashAlgorithm(String str) {
        if (str != null && str.equals("")) {
            str = null;
        }
        this._hashAlgorithm = str;
    }

    public String getHashEncoding() {
        return this._hashEncoding;
    }

    public void setHashEncoding(String str) {
        if (str != null && str.equals("")) {
            str = null;
        }
        this._hashEncoding = str;
    }

    public String getHashCharset() {
        return this._hashCharset;
    }

    public void setHashCharset(String str) {
        this._hashCharset = str;
    }

    public void setSaltLenght(String str) {
        setSaltLength(Integer.valueOf(str).intValue());
    }

    public int getSaltLength() {
        return this._saltLenght;
    }

    public void setSaltLength(int i) {
        this._saltLenght = i;
    }

    public void setIgnorePasswordCase(String str) {
        this._ignorePasswordCase = Boolean.valueOf(str).booleanValue();
    }

    public void setIgnoreUserCase(String str) {
        this._ignoreUserCase = Boolean.valueOf(str).booleanValue();
    }

    @Override // org.josso.auth.scheme.AbstractAuthenticationScheme, org.josso.auth.scheme.AuthenticationScheme
    public Object clone() {
        UsernamePasswordAuthScheme usernamePasswordAuthScheme = (UsernamePasswordAuthScheme) super.clone();
        usernamePasswordAuthScheme.setHashAlgorithm(this._hashAlgorithm);
        usernamePasswordAuthScheme.setHashCharset(this._hashCharset);
        usernamePasswordAuthScheme.setHashEncoding(this._hashEncoding);
        usernamePasswordAuthScheme.setIgnorePasswordCase(this._ignorePasswordCase + "");
        usernamePasswordAuthScheme.setIgnoreUserCase(this._ignoreUserCase + "");
        usernamePasswordAuthScheme.setName(this._name);
        return usernamePasswordAuthScheme;
    }
}
