package org.sonatype.security.ldap.dao.password;

import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.codec.Base64;

@Singleton
@Named("ssha")
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.5-02/dependencies/nexus-ldap-common-2.14.5-02.jar:org/sonatype/security/ldap/dao/password/SSHAPasswordEncoder.class */
public class SSHAPasswordEncoder implements PasswordEncoder {
    private static final String SSHA_PREFIX = "{SSHA}";
    private final Random random = new Random();

    @Override // org.sonatype.security.ldap.dao.password.PasswordEncoder
    public String getMethod() {
        return "SSHA";
    }

    @Override // org.sonatype.security.ldap.dao.password.PasswordEncoder
    public String encodePassword(String str, Object obj) {
        byte[] bArr;
        try {
            if (obj == null) {
                bArr = new BigInteger(32, this.random).toString(32).getBytes("UTF-8");
            } else {
                if (!byte[].class.isInstance(obj)) {
                    throw new IllegalArgumentException("salt must be of type: byte[].");
                }
                bArr = (byte[]) obj;
            }
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                messageDigest.update(str.getBytes("UTF-8"));
                messageDigest.update(bArr);
                byte[] digest = messageDigest.digest();
                byte[] bArr2 = new byte[digest.length + bArr.length];
                System.arraycopy(digest, 0, bArr2, 0, digest.length);
                System.arraycopy(bArr, 0, bArr2, digest.length, bArr.length);
                return SSHA_PREFIX + Base64.encodeToString(bArr2);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("Digest SHA not supported on this JVM.");
            }
        } catch (UnsupportedEncodingException e2) {
            throw new RuntimeException("This JVM failed to get bytes in UTF-8 from String: " + obj, e2);
        }
    }

    @Override // org.sonatype.security.ldap.dao.password.PasswordEncoder
    public boolean isPasswordValid(String str, String str2, Object obj) {
        if (str2 == null) {
            return false;
        }
        String str3 = str;
        if (str3.startsWith(SSHA_PREFIX) || str3.startsWith(SSHA_PREFIX.toLowerCase())) {
            str3 = str3.substring(SSHA_PREFIX.length());
        }
        try {
            byte[] decode = Base64.decode(str3.getBytes("UTF-8"));
            if (decode.length - 20 <= 0) {
                return false;
            }
            byte[] bArr = new byte[decode.length - 20];
            System.arraycopy(decode, 20, bArr, 0, bArr.length);
            return encodePassword(str2, bArr).substring(SSHA_PREFIX.length()).equals(str3);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("This JVM failed to get bytes in UTF-8 from String: " + obj, e);
        }
    }
}
