package org.opendaylight.controller.usermanager;

import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import org.opendaylight.controller.configuration.ConfigurationObject;
import org.opendaylight.controller.sal.authorization.AuthResultEnum;
import org.opendaylight.controller.sal.packet.BitBufferHelper;
import org.opendaylight.controller.sal.utils.HexEncode;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.sal.utils.StatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@XmlAccessorType(XmlAccessType.NONE)
@XmlRootElement
/* loaded from: input_file:org/opendaylight/controller/usermanager/UserConfig.class */
public class UserConfig extends ConfigurationObject implements Serializable {
    private static final long serialVersionUID = 1;
    private static final String DIGEST_ALGORITHM = "SHA-384";
    private static final String BAD_PASSWORD = "Bad Password";
    private static final int USERNAME_MAXLENGTH = 32;
    protected static final String PASSWORD_REGEX = "(?=.*[^a-zA-Z0-9])(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{8,256}$";
    private static MessageDigest oneWayFunction;
    private static SecureRandom randomGenerator;

    @XmlElement
    protected String user;

    @XmlElement
    protected List<String> roles;

    @XmlElement
    private String password;
    private byte[] salt;
    private static Logger log = LoggerFactory.getLogger(UserConfig.class);
    private static final boolean strongPasswordCheck = Boolean.getBoolean("enableStrongPasswordCheck");
    private static final Pattern INVALID_USERNAME_CHARACTERS = Pattern.compile("([/\\s\\.\\?#%;\\\\]+)");

    public UserConfig() {
    }

    public UserConfig(String str, String str2, List<String> list) {
        this.user = str;
        if (validateClearTextPassword(str2).isSuccess()) {
            this.salt = BitBufferHelper.toByteArray(Long.valueOf(randomGenerator.nextLong()));
            this.password = hash(this.salt, str2);
        } else {
            this.salt = null;
            this.password = BAD_PASSWORD;
        }
        this.roles = list == null ? Collections.emptyList() : new ArrayList<>(list);
    }

    public String getUser() {
        return this.user;
    }

    public String getPassword() {
        return this.password;
    }

    public List<String> getRoles() {
        return new ArrayList(this.roles);
    }

    public byte[] getSalt() {
        if (this.salt == null) {
            return null;
        }
        return (byte[]) this.salt.clone();
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * 1) + (this.password == null ? 0 : this.password.hashCode()))) + (this.roles == null ? 0 : this.roles.hashCode()))) + (this.user == null ? 0 : this.user.hashCode());
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        UserConfig userConfig = (UserConfig) obj;
        if (this.password == null) {
            if (userConfig.password != null) {
                return false;
            }
        } else if (!this.password.equals(userConfig.password)) {
            return false;
        }
        if (this.roles == null) {
            if (userConfig.roles != null) {
                return false;
            }
        } else if (!this.roles.equals(userConfig.roles)) {
            return false;
        }
        return this.user == null ? userConfig.user == null : this.user.equals(userConfig.user);
    }

    public String toString() {
        return "UserConfig[user=" + this.user + ", password=" + this.password + ", roles=" + this.roles + "]";
    }

    public Status validate() {
        Status validateUsername = validateUsername();
        if (validateUsername.isSuccess()) {
            validateUsername = !this.password.equals(BAD_PASSWORD) ? new Status(StatusCode.SUCCESS) : new Status(StatusCode.BADREQUEST, "Password should be 8 to 256 characters long, contain both upper and lower case letters, at least one number and at least one non alphanumeric character");
        }
        if (validateUsername.isSuccess()) {
            validateUsername = validateRoles();
        }
        return validateUsername;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Status validateUsername() {
        if (this.user == null || this.user.isEmpty()) {
            return new Status(StatusCode.BADREQUEST, "Username cannot be empty");
        }
        return (this.user.length() > USERNAME_MAXLENGTH || INVALID_USERNAME_CHARACTERS.matcher(this.user).find()) ? new Status(StatusCode.BADREQUEST, "Username can have 1-32 non-whitespace alphanumeric characters and any special characters except ./#%;?\\") : new Status(StatusCode.SUCCESS);
    }

    public static Status validateClearTextPassword(String str) {
        return (str == null || str.isEmpty()) ? new Status(StatusCode.BADREQUEST, "Password cannot be empty") : (!strongPasswordCheck || str.matches(PASSWORD_REGEX)) ? new Status(StatusCode.SUCCESS) : new Status(StatusCode.BADREQUEST, "Password should be 8 to 256 characters long, contain both upper and lower case letters, at least one number and at least one non alphanumeric character");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Status validateRoles() {
        return (this.roles == null || this.roles.isEmpty()) ? new Status(StatusCode.BADREQUEST, "No role specified") : new Status(StatusCode.SUCCESS);
    }

    public Status update(String str, String str2, List<String> list) {
        if (!isPasswordMatch(str)) {
            return new Status(StatusCode.BADREQUEST, "Current password is incorrect");
        }
        UserConfig userConfig = new UserConfig();
        userConfig.user = this.user;
        userConfig.password = str2 == null ? this.password : hash(this.salt, str2);
        userConfig.roles = list == null ? this.roles : list;
        Status validate = userConfig.validate();
        if (!validate.isSuccess()) {
            return validate;
        }
        this.user = userConfig.user;
        this.password = userConfig.password;
        this.roles = new ArrayList(userConfig.roles);
        return validate;
    }

    public boolean isPasswordMatch(String str) {
        return this.password.equals(hash(this.salt, str));
    }

    public AuthResponse authenticate(String str) {
        AuthResponse authResponse = new AuthResponse();
        if (isPasswordMatch(str)) {
            authResponse.setStatus(AuthResultEnum.AUTH_ACCEPT_LOC);
            authResponse.addData(getRolesString());
        } else {
            authResponse.setStatus(AuthResultEnum.AUTH_REJECT_LOC);
        }
        return authResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRolesString() {
        StringBuffer stringBuffer = new StringBuffer();
        if (!this.roles.isEmpty()) {
            Iterator<String> it = this.roles.iterator();
            stringBuffer.append(it.next());
            while (it.hasNext()) {
                stringBuffer.append(" ");
                stringBuffer.append(it.next());
            }
        }
        return stringBuffer.toString();
    }

    private static byte[] concatenate(byte[] bArr, String str) {
        byte[] bytes = str.getBytes();
        byte[] bArr2 = new byte[bArr.length + str.length()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(bytes, 0, bArr2, bArr.length, bytes.length);
        return bArr2;
    }

    private static String hash(byte[] bArr, String str) {
        if (str == null) {
            log.warn("Password hash requested but empty or no password provided");
            return str;
        }
        if (bArr == null || bArr.length == 0) {
            log.warn("Password hash requested but empty or no salt provided");
            return str;
        }
        byte[] bytes = str.getBytes();
        byte[] bArr2 = new byte[bArr.length + str.length()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(bytes, 0, bArr2, bArr.length, bytes.length);
        oneWayFunction.reset();
        return HexEncode.bytesToHexString(oneWayFunction.digest(concatenate(bArr, str)));
    }

    public static UserConfig getUncheckedUserConfig(String str, String str2, List<String> list) {
        UserConfig userConfig = new UserConfig();
        userConfig.user = str;
        userConfig.salt = BitBufferHelper.toByteArray(Long.valueOf(randomGenerator.nextLong()));
        userConfig.password = hash(userConfig.salt, str2);
        userConfig.roles = list;
        return userConfig;
    }

    static {
        try {
            oneWayFunction = MessageDigest.getInstance(DIGEST_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            log.error(String.format("Implementation of %s digest algorithm not found: %s", DIGEST_ALGORITHM, e.getMessage()));
        }
        randomGenerator = new SecureRandom(BitBufferHelper.toByteArray(Long.valueOf(System.currentTimeMillis())));
    }
}
