package org.apache.doris.mysql;

import com.google.common.base.Strings;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.doris.common.AnalysisException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/doris/mysql/MysqlPassword.class */
public class MysqlPassword {
    public static final int SCRAMBLE_LENGTH = 20;
    public static final int SCRAMBLE_LENGTH_HEX_LENGTH = 41;
    public static final byte PVERSION41_CHAR = 42;
    public static final int MIN_PASSWORD_LEN = 8;
    private static final Logger LOG = LogManager.getLogger(MysqlPassword.class);
    public static final byte[] EMPTY_PASSWORD = new byte[0];
    private static final byte[] DIG_VEC_UPPER = {48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 65, 66, 67, 68, 69, 70};
    private static final Random random = new Random(System.currentTimeMillis());
    private static final Set<Character> complexCharSet = (Set) "~!@#$%^&*()_+|<>,.?/:;'[]{}".chars().mapToObj(i -> {
        return Character.valueOf((char) i);
    }).collect(Collectors.toSet());

    public static byte[] createRandomString(int i) {
        byte[] bArr = new byte[i];
        random.nextBytes(bArr);
        for (int i2 = 0; i2 < i; i2++) {
            if ((bArr[i2] < 97 || bArr[i2] > 122) && (bArr[i2] < 65 || bArr[i2] > 90)) {
                bArr[i2] = (byte) (97 + (bArr[i2] % 26));
            }
        }
        return bArr;
    }

    private static byte[] xorCrypt(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            return null;
        }
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }

    public static boolean checkScramble(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(bArr2);
            messageDigest.update(bArr3);
            byte[] xorCrypt = xorCrypt(messageDigest.digest(), bArr);
            messageDigest.reset();
            messageDigest.update(xorCrypt);
            return MessageDigest.isEqual(messageDigest.digest(), bArr3);
        } catch (NoSuchAlgorithmException e) {
            LOG.warn("No SHA-1 Algorithm when compute password.");
            return false;
        }
    }

    public static byte[] scramble(byte[] bArr, String str) {
        byte[] bArr2 = null;
        try {
            byte[] bytes = str.getBytes("UTF-8");
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            byte[] digest = messageDigest.digest(bytes);
            messageDigest.reset();
            byte[] digest2 = messageDigest.digest(digest);
            messageDigest.reset();
            messageDigest.update(bArr);
            bArr2 = xorCrypt(digest, messageDigest.digest(digest2));
        } catch (UnsupportedEncodingException e) {
            LOG.warn("No UTF-8 character set when compute password.");
        } catch (NoSuchAlgorithmException e2) {
            LOG.warn("No SHA-1 Algorithm when compute password.");
        }
        return bArr2;
    }

    private static byte[] twoStageHash(String str) {
        try {
            byte[] bytes = str.getBytes("UTF-8");
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            byte[] digest = messageDigest.digest(bytes);
            messageDigest.reset();
            return messageDigest.digest(digest);
        } catch (UnsupportedEncodingException e) {
            LOG.warn("No UTF-8 character set when compute password.");
            return null;
        } catch (NoSuchAlgorithmException e2) {
            LOG.warn("No SHA-1 Algorithm when compute password.");
            return null;
        }
    }

    private static void octetToHexSafe(byte[] bArr, int i, byte[] bArr2) {
        int i2 = i;
        for (byte b : bArr2) {
            int i3 = b & 255;
            int i4 = i2;
            int i5 = i2 + 1;
            bArr[i4] = DIG_VEC_UPPER[i3 >> 4];
            i2 = i5 + 1;
            bArr[i5] = DIG_VEC_UPPER[i3 & 15];
        }
    }

    private static int fromByte(int i) {
        return (i < 48 || i > 57) ? (i < 65 || i > 70) ? (i - 97) + 10 : (i - 65) + 10 : i - 48;
    }

    private static void hexToOctetSafe(byte[] bArr, byte[] bArr2, int i) {
        int i2 = 0;
        int i3 = i;
        while (i3 < bArr2.length) {
            int i4 = i3;
            int i5 = i3 + 1;
            int fromByte = fromByte(bArr2[i4] & 255);
            int i6 = i2;
            i2++;
            bArr[i6] = (byte) ((fromByte << 4) + fromByte(bArr2[i5] & 255));
            i3 = i5 + 1;
        }
    }

    public static byte[] makeScrambledPassword(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return EMPTY_PASSWORD;
        }
        byte[] twoStageHash = twoStageHash(str);
        byte[] bArr = new byte[41];
        bArr[0] = 42;
        octetToHexSafe(bArr, 1, twoStageHash);
        return bArr;
    }

    public static byte[] getSaltFromPassword(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return EMPTY_PASSWORD;
        }
        byte[] bArr2 = new byte[20];
        hexToOctetSafe(bArr2, bArr, 1);
        return bArr2;
    }

    public static boolean checkPlainPass(byte[] bArr, String str) {
        byte[] makeScrambledPassword = makeScrambledPassword(str);
        if (makeScrambledPassword.length != bArr.length) {
            return false;
        }
        for (int i = 0; i < makeScrambledPassword.length; i++) {
            if (makeScrambledPassword[i] != bArr[i]) {
                return false;
            }
        }
        return true;
    }

    public static byte[] checkPassword(String str) throws AnalysisException {
        if (Strings.isNullOrEmpty(str)) {
            return EMPTY_PASSWORD;
        }
        byte[] bArr = null;
        try {
            bArr = str.toUpperCase().getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            ErrorReport.reportAnalysisException(ErrorCode.ERR_UNKNOWN_ERROR, new Object[0]);
        }
        if (bArr.length != 41 || bArr[0] != 42) {
            ErrorReport.reportAnalysisException(ErrorCode.ERR_PASSWD_LENGTH, 41);
        }
        for (int i = 1; i < bArr.length; i++) {
            if ((bArr[i] > 57 || bArr[i] < 48) && (bArr[i] < 65 || bArr[i] > 70)) {
                ErrorReport.reportAnalysisException(ErrorCode.ERR_PASSWD_LENGTH, 41);
            }
        }
        return bArr;
    }

    public static void validatePlainPassword(long j, String str) throws AnalysisException {
        if (j == 2) {
            if (Strings.isNullOrEmpty(str) || str.length() < 8) {
                throw new AnalysisException("Violate password validation policy: STRONG. The password must be at least 8 characters");
            }
            int i = 0;
            if (str.chars().anyMatch(Character::isDigit)) {
                i = 0 + 1;
            }
            if (str.chars().anyMatch(Character::isLowerCase)) {
                i++;
            }
            if (str.chars().anyMatch(Character::isUpperCase)) {
                i++;
            }
            if (str.chars().anyMatch(i2 -> {
                return complexCharSet.contains(Character.valueOf((char) i2));
            })) {
                i++;
            }
            if (i < 3) {
                throw new AnalysisException("Violate password validation policy: STRONG. The password must contain at least 3 types of numbers, uppercase letters, lowercase letters and special characters.");
            }
        }
    }
}
