package _ss_com.streamsets.lib.security.http;

import _ss_com.com.google.common.annotations.VisibleForTesting;
import _ss_com.com.google.common.cache.Cache;
import _ss_com.com.google.common.cache.CacheBuilder;
import _ss_com.com.google.common.collect.ImmutableMap;
import _ss_com.streamsets.datacollector.execution.runner.common.Constants;
import _ss_com.streamsets.datacollector.util.Configuration;
import _ss_org.apache.commons.codec.binary.Hex;
import com.streamsets.pipeline.api.impl.Utils;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:_ss_com/streamsets/lib/security/http/PasswordHasher.class */
public class PasswordHasher {
    private static final Logger LOG = LoggerFactory.getLogger(PasswordHasher.class);
    public static final String RANDOM_ALGORITHM = "SHA1PRNG";
    public static final String HASH_ALGORITHM_V1_V2 = "PBKDF2WithHmacSHA512";
    public static final String HASH_ALGORITHM_V3 = "PBKDF2WithHmacSHA1";
    static final Map<String, SecretKeyFactory> SECRET_KEY_FACTORIES;
    private static final SecureRandom SECURE_RANDOM;
    public static final String V1 = "v1";
    public static final String V2 = "v2";

    @Deprecated
    public static final String V3 = "v3";
    public static final String CONFIG_PREFIX = "passwordHandler.";
    public static final String HASH_VERSION_KEY = "passwordHandler.hashVersion";
    public static final String HASH_VERSION_DEFAULT = "v2";
    public static final String ITERATIONS_KEY = "passwordHandler.iterations";
    public static final int ITERATIONS_DEFAULT = 100000;
    public static final String KEY_LENGTH_KEY = "passwordHandler.keyLength";
    public static final int KEY_LENGTH_DEFAULT = 256;
    private final String hashVersion;
    private final int iterations;
    private final int keyLength;
    private final Cache<String, String> verifyCache = CacheBuilder.newBuilder().expireAfterAccess(20, TimeUnit.MINUTES).build();

    public static Set<String> getSupportedHashVersions() {
        return SECRET_KEY_FACTORIES.keySet();
    }

    public PasswordHasher(Configuration configuration) {
        this.hashVersion = configuration.get(HASH_VERSION_KEY, "v2");
        this.iterations = configuration.get(ITERATIONS_KEY, 100000);
        this.keyLength = configuration.get(KEY_LENGTH_KEY, 256);
    }

    public String[] getRandomValueAndHash() {
        byte[] bArr = new byte[64];
        SECURE_RANDOM.nextBytes(bArr);
        String encodeHexString = Hex.encodeHexString(bArr);
        return new String[]{encodeHexString, getPasswordHash(encodeHexString, encodeHexString)};
    }

    @VisibleForTesting
    Cache<String, String> getVerifyCache() {
        return this.verifyCache;
    }

    public String getPasswordHash(String str, String str2) {
        return computeHash(this.hashVersion, getIterations(), getSalt(), getValueToHash(this.hashVersion, str, str2));
    }

    protected String getValueToHash(String str, String str2, String str3) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 3707:
                if (str.equals(V1)) {
                    z = false;
                    break;
                }
                break;
            case 3708:
                if (str.equals("v2")) {
                    z = true;
                    break;
                }
                break;
            case 3709:
                if (str.equals(V3)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return str3;
            case true:
            case true:
                return str2 + "\n" + str3;
            default:
                throw new IllegalArgumentException(Utils.format("Invalid/unsupported hash version '{}'", new Object[]{str}));
        }
    }

    protected String computeHash(String str, int i, byte[] bArr, String str2) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                Thread.yield();
                String str3 = str + Constants.MASTER_SDC_ID_SEPARATOR + i + Constants.MASTER_SDC_ID_SEPARATOR + Hex.encodeHexString(bArr) + Constants.MASTER_SDC_ID_SEPARATOR + Hex.encodeHexString(SECRET_KEY_FACTORIES.get(str).generateSecret(new PBEKeySpec(str2.toCharArray(), bArr, i, getKeyLength())).getEncoded());
                LOG.trace("Computing password hash '{}' with '{}' iterations took '{}msec'", new Object[]{str, Integer.valueOf(i), Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
                return str3;
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            LOG.trace("Computing password hash '{}' with '{}' iterations took '{}msec'", new Object[]{str, Integer.valueOf(i), Long.valueOf(System.currentTimeMillis() - currentTimeMillis)});
            throw th;
        }
    }

    protected String getHashVersion(String str) {
        int indexOf = str.indexOf(Constants.MASTER_SDC_ID_SEPARATOR);
        return indexOf > -1 ? str.substring(0, indexOf) : "UNKNOWN";
    }

    public boolean verify(String str, String str2, String str3) {
        boolean z = false;
        String hashVersion = getHashVersion(str);
        String valueToHash = getValueToHash(hashVersion, str2, str3);
        String ifPresent = getVerifyCache().getIfPresent(str);
        if (ifPresent != null) {
            z = ifPresent.equals(valueToHash);
        } else {
            try {
                String[] split = str.split(Constants.MASTER_SDC_ID_SEPARATOR);
                if (split.length > 0) {
                    boolean z2 = -1;
                    switch (hashVersion.hashCode()) {
                        case 3707:
                            if (hashVersion.equals(V1)) {
                                z2 = false;
                                break;
                            }
                            break;
                        case 3708:
                            if (hashVersion.equals("v2")) {
                                z2 = true;
                                break;
                            }
                            break;
                        case 3709:
                            if (hashVersion.equals(V3)) {
                                z2 = 2;
                                break;
                            }
                            break;
                    }
                    switch (z2) {
                        case false:
                        case true:
                        case true:
                            if (split.length == 4) {
                                z = str.equals(computeHash(hashVersion, Integer.parseInt(split[1]), Hex.decodeHex(split[2].toCharArray()), valueToHash));
                                if (z) {
                                    getVerifyCache().put(str, valueToHash);
                                }
                                break;
                            }
                            break;
                        default:
                            throw new IllegalArgumentException(Utils.format("Invalid/unsupported hash version '{}'", new Object[]{hashVersion}));
                    }
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return z;
    }

    public String getCurrentVersion() {
        return this.hashVersion;
    }

    protected int getIterations() {
        return this.iterations;
    }

    protected int getKeyLength() {
        return this.keyLength;
    }

    protected int getSaltLength() {
        return getKeyLength() / 8;
    }

    protected byte[] getSalt() {
        byte[] bArr = new byte[getSaltLength()];
        SECURE_RANDOM.nextBytes(bArr);
        return bArr;
    }

    static {
        try {
            SECURE_RANDOM = SecureRandom.getInstance(RANDOM_ALGORITHM);
            HashMap hashMap = new HashMap();
            try {
                SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(HASH_ALGORITHM_V1_V2);
                hashMap.put(V1, secretKeyFactory);
                hashMap.put("v2", secretKeyFactory);
            } catch (Exception e) {
                LOG.warn("Algorithm '{}' not available, v1 and v2 hashes are not supported", HASH_ALGORITHM_V1_V2);
            }
            try {
                hashMap.put(V3, SecretKeyFactory.getInstance(HASH_ALGORITHM_V3));
            } catch (Exception e2) {
                LOG.warn("Algorithm '{}' not available, v3 hashes are not supported", HASH_ALGORITHM_V3);
            }
            if (hashMap.isEmpty()) {
                throw new RuntimeException("There is no hash algorithm available");
            }
            SECRET_KEY_FACTORIES = ImmutableMap.copyOf((Map) hashMap);
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }
}
