package org.alfresco.repo.security.authentication;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.util.ParameterCheck;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:org/alfresco/repo/security/authentication/CompositePasswordEncoder.class */
public class CompositePasswordEncoder {
    private Map<String, Object> encoders;
    private String preferredEncoding;
    private static Log logger = LogFactory.getLog(CompositePasswordEncoder.class);
    public static final List<String> SHA256 = Arrays.asList("sha256");
    public static final String MD4_KEY = "md4";
    public static final List<String> MD4 = Arrays.asList(MD4_KEY);

    public String getPreferredEncoding() {
        return this.preferredEncoding;
    }

    public void setPreferredEncoding(String str) {
        this.preferredEncoding = str;
    }

    public void setEncoders(Map<String, Object> map) {
        this.encoders = map;
    }

    public boolean lastEncodingIsPreferred(List<String> list) {
        return list != null && list.size() > 0 && this.preferredEncoding.equals(list.get(list.size() - 1));
    }

    public boolean isSafeToEncodeChain(List<String> list) {
        if (list == null || list.size() <= 0) {
            return false;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            Object obj = this.encoders.get(str);
            if (obj == null) {
                throw new AlfrescoRuntimeException("Invalid encoder specified: " + str);
            }
            if (obj instanceof PasswordEncoder) {
                arrayList.add(str);
            }
        }
        if (arrayList.isEmpty()) {
            return true;
        }
        if (arrayList.size() == 1 && ((String) arrayList.get(0)).equals(list.get(list.size() - 1))) {
            return true;
        }
        if (!logger.isDebugEnabled()) {
            return false;
        }
        logger.debug("Non-upgradable encoders in the encoding chain: " + Arrays.toString(arrayList.toArray()) + ". Only 1 non-upgradable encoder is allowed at the end of the chain: " + Arrays.toString(list.toArray()));
        return false;
    }

    public void init() {
        PropertyCheck.mandatory(this, "encoders", this.encoders);
        PropertyCheck.mandatory(this, "preferredEncoding", this.preferredEncoding);
        if (logger.isDebugEnabled()) {
            logger.debug("Preferred password encoding set to " + this.preferredEncoding);
        }
        if (!this.encoders.containsKey(this.preferredEncoding)) {
            throw new AlfrescoRuntimeException("Invalid preferredEncoding specified: " + this.preferredEncoding + ". Permissible encoders are " + this.encoders.keySet());
        }
    }

    public String encodePassword(String str, Object obj, List<String> list) {
        ParameterCheck.mandatoryString("rawPassword", str);
        ParameterCheck.mandatoryCollection("encodingChain", list);
        String str2 = new String(str);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            str2 = encode(it.next(), str2, obj);
        }
        if (str2 == str) {
            throw new AlfrescoRuntimeException("No password encoding specified. " + list);
        }
        return str2;
    }

    public String encodePreferred(String str, Object obj) {
        return encode(getPreferredEncoding(), str, obj);
    }

    protected String encode(String str, String str2, Object obj) {
        ParameterCheck.mandatoryString("rawPassword", str2);
        ParameterCheck.mandatoryString("encoderKey", str);
        Object obj2 = this.encoders.get(str);
        if (obj2 == null) {
            throw new AlfrescoRuntimeException("Invalid encoder specified: " + str);
        }
        if (obj2 instanceof net.sf.acegisecurity.providers.encoding.PasswordEncoder) {
            net.sf.acegisecurity.providers.encoding.PasswordEncoder passwordEncoder = (net.sf.acegisecurity.providers.encoding.PasswordEncoder) obj2;
            if (MD4_KEY.equals(str)) {
                obj = null;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Encoding using acegis PasswordEncoder: " + str);
            }
            return passwordEncoder.encodePassword(str2, obj);
        }
        if (!(obj2 instanceof PasswordEncoder)) {
            throw new AlfrescoRuntimeException("Unsupported encoder specified: " + str);
        }
        PasswordEncoder passwordEncoder2 = (PasswordEncoder) obj2;
        if (logger.isDebugEnabled()) {
            logger.debug("Encoding using spring PasswordEncoder: " + str);
        }
        return passwordEncoder2.encode(str2);
    }

    public boolean matchesPassword(String str, String str2, Object obj, List<String> list) {
        ParameterCheck.mandatoryString("rawPassword", str);
        ParameterCheck.mandatoryString("encodedPassword", str2);
        ParameterCheck.mandatoryCollection("encodingChain", list);
        if (list.size() > 1) {
            return matches(list.get(list.size() - 1), encodePassword(str, obj, list.subList(0, list.size() - 1)), str2, obj);
        }
        if (list.size() == 1) {
            return matches(list.get(0), str, str2, obj);
        }
        return false;
    }

    protected boolean matches(String str, String str2, String str3, Object obj) {
        ParameterCheck.mandatoryString("rawPassword", str2);
        ParameterCheck.mandatoryString("encodedPassword", str3);
        ParameterCheck.mandatoryString("encoderKey", str);
        Object obj2 = this.encoders.get(str);
        if (obj2 == null) {
            throw new AlfrescoRuntimeException("Invalid matches encoder specified: " + str);
        }
        if (obj2 instanceof net.sf.acegisecurity.providers.encoding.PasswordEncoder) {
            net.sf.acegisecurity.providers.encoding.PasswordEncoder passwordEncoder = (net.sf.acegisecurity.providers.encoding.PasswordEncoder) obj2;
            if (MD4_KEY.equals(str)) {
                obj = null;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Matching using acegis PasswordEncoder: " + str);
            }
            return passwordEncoder.isPasswordValid(str3, str2, obj);
        }
        if (!(obj2 instanceof PasswordEncoder)) {
            throw new AlfrescoRuntimeException("Unsupported encoder for matching: " + str);
        }
        PasswordEncoder passwordEncoder2 = (PasswordEncoder) obj2;
        if (logger.isDebugEnabled()) {
            logger.debug("Matching using spring PasswordEncoder: " + str);
        }
        return passwordEncoder2.matches(str2, str3);
    }
}
