package org.cloudfoundry.identity.uaa.util;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.TimeUnit;
import org.springframework.security.crypto.bcrypt.BCrypt;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import org.springframework.security.crypto.keygen.KeyGenerators;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.util.EncodingUtils;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.6.0.jar:org/cloudfoundry/identity/uaa/util/CachingPasswordEncoder.class */
public class CachingPasswordEncoder implements PasswordEncoder {
    private BCryptPasswordEncoder passwordEncoder;
    private int maxKeys = 1000;
    private int maxEncodedPasswords = 5;
    private boolean enabled = true;
    private int expiryInSeconds = 300;
    private volatile Cache<CharSequence, Set<String>> cache = null;
    private final MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
    private final byte[] secret = Utf8.encode(new RandomValueStringGenerator().generate());
    private final BytesKeyGenerator saltGenerator = KeyGenerators.secureRandom();
    private final byte[] salt = this.saltGenerator.generateKey();
    private final int iterations = 25;

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public CachingPasswordEncoder() throws NoSuchAlgorithmException {
        buildCache();
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public void setPasswordEncoder(BCryptPasswordEncoder bCryptPasswordEncoder) {
        this.passwordEncoder = bCryptPasswordEncoder;
    }

    @Override // org.springframework.security.crypto.password.PasswordEncoder
    public String encode(CharSequence charSequence) {
        return getPasswordEncoder().encode(charSequence);
    }

    @Override // org.springframework.security.crypto.password.PasswordEncoder
    public boolean matches(CharSequence charSequence, String str) {
        return isEnabled() ? internalMatches(cacheEncode(charSequence), charSequence, str) : getPasswordEncoder().matches(charSequence, str);
    }

    protected Set<String> getOrCreateHashList(String str) {
        if (this.cache.getIfPresent(str) == null) {
            if (this.cache.size() >= getMaxKeys()) {
                this.cache.invalidateAll();
            }
            this.cache.put(str, Collections.synchronizedSet(new LinkedHashSet()));
        }
        return this.cache.getIfPresent(str);
    }

    private boolean internalMatches(String str, CharSequence charSequence, String str2) {
        Set<String> ifPresent = this.cache.getIfPresent(str);
        boolean z = false;
        Iterator it = (ifPresent != null ? new ArrayList(ifPresent) : Collections.emptyList()).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (hashesEquals((String) it.next(), str2)) {
                z = true;
                break;
            }
        }
        if (!z) {
            String hashpw = BCrypt.hashpw(charSequence.toString(), str2);
            if (hashesEquals(hashpw, str2)) {
                z = true;
                Set<String> orCreateHashList = getOrCreateHashList(str);
                if (orCreateHashList != null) {
                    if (orCreateHashList.size() >= getMaxEncodedPasswords()) {
                        orCreateHashList.clear();
                    }
                    orCreateHashList.add(hashpw);
                }
            }
        }
        return z;
    }

    protected String cacheEncode(CharSequence charSequence) {
        return new String(Hex.encode(digest(charSequence)));
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v1, types: [byte[], byte[][]] */
    private byte[] digest(CharSequence charSequence) {
        return EncodingUtils.concatenate(new byte[]{this.salt, digest(EncodingUtils.concatenate(new byte[]{this.salt, this.secret, Utf8.encode(charSequence)}))});
    }

    private byte[] digest(byte[] bArr) {
        byte[] bArr2;
        synchronized (this.messageDigest) {
            for (int i = 0; i < this.iterations; i++) {
                bArr = this.messageDigest.digest(bArr);
            }
            bArr2 = bArr;
        }
        return bArr2;
    }

    private boolean hashesEquals(String str, String str2) {
        char[] charArray = str.toCharArray();
        char[] charArray2 = str2.toCharArray();
        if (charArray.length != charArray2.length) {
            return false;
        }
        byte b = 0;
        for (int i = 0; i < charArray.length; i++) {
            b = (byte) (b | (charArray[i] ^ charArray2[i]));
        }
        return b == 0;
    }

    public int getMaxKeys() {
        return this.maxKeys;
    }

    public void setMaxKeys(int i) {
        this.maxKeys = i;
        buildCache();
    }

    public int getMaxEncodedPasswords() {
        return this.maxEncodedPasswords;
    }

    public void setMaxEncodedPasswords(int i) {
        this.maxEncodedPasswords = i;
        buildCache();
    }

    public long getNumberOfKeys() {
        return this.cache.size();
    }

    public ConcurrentMap<CharSequence, Set<String>> asMap() {
        return this.cache.asMap();
    }

    public int getExpiryInSeconds() {
        return this.expiryInSeconds;
    }

    public void setExpiryInSeconds(int i) {
        this.expiryInSeconds = i;
        buildCache();
    }

    protected void buildCache() {
        this.cache = CacheBuilder.newBuilder().expireAfterWrite(this.expiryInSeconds, TimeUnit.SECONDS).build();
    }
}
