package org.sonar.server.authentication;

import com.google.common.base.Preconditions;
import java.security.SecureRandom;
import java.util.Objects;
import org.apache.commons.codec.digest.DigestUtils;
import org.mindrot.jbcrypt.BCrypt;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.issue.IssueFieldsSetter;

/* loaded from: input_file:org/sonar/server/authentication/LocalAuthentication.class */
public class LocalAuthentication {
    private final DbClient dbClient;
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final HashMethod DEFAULT = HashMethod.BCRYPT;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/server/authentication/LocalAuthentication$AuthenticationResult.class */
    public static class AuthenticationResult {
        private final boolean successful;
        private final String failureMessage;

        private AuthenticationResult(boolean z, String str) {
            Preconditions.checkArgument((z && str.isEmpty()) || !(z || str.isEmpty()), "Incorrect parameters");
            this.successful = z;
            this.failureMessage = str;
        }

        public boolean isSuccessful() {
            return this.successful;
        }

        public String getFailureMessage() {
            return this.failureMessage;
        }
    }

    /* loaded from: input_file:org/sonar/server/authentication/LocalAuthentication$BcryptFunction.class */
    private static final class BcryptFunction implements HashFunction {
        private BcryptFunction() {
        }

        @Override // org.sonar.server.authentication.LocalAuthentication.HashFunction
        public AuthenticationResult checkCredentials(UserDto userDto, String str) {
            return !BCrypt.checkpw(str, userDto.getCryptedPassword()) ? new AuthenticationResult(false, "wrong password") : new AuthenticationResult(true, IssueFieldsSetter.UNUSED);
        }

        @Override // org.sonar.server.authentication.LocalAuthentication.HashFunction
        public void storeHashPassword(UserDto userDto, String str) {
            Objects.requireNonNull(str, "Password cannot be null");
            userDto.setHashMethod(HashMethod.BCRYPT.name()).setCryptedPassword(BCrypt.hashpw(str, BCrypt.gensalt(12))).setSalt((String) null);
        }
    }

    /* loaded from: input_file:org/sonar/server/authentication/LocalAuthentication$HashFunction.class */
    public interface HashFunction {
        AuthenticationResult checkCredentials(UserDto userDto, String str);

        void storeHashPassword(UserDto userDto, String str);
    }

    /* loaded from: input_file:org/sonar/server/authentication/LocalAuthentication$HashMethod.class */
    public enum HashMethod implements HashFunction {
        SHA1(new Sha1Function()),
        BCRYPT(new BcryptFunction());

        private HashFunction hashFunction;

        HashMethod(HashFunction hashFunction) {
            this.hashFunction = hashFunction;
        }

        @Override // org.sonar.server.authentication.LocalAuthentication.HashFunction
        public AuthenticationResult checkCredentials(UserDto userDto, String str) {
            return this.hashFunction.checkCredentials(userDto, str);
        }

        @Override // org.sonar.server.authentication.LocalAuthentication.HashFunction
        public void storeHashPassword(UserDto userDto, String str) {
            this.hashFunction.storeHashPassword(userDto, str);
        }
    }

    /* loaded from: input_file:org/sonar/server/authentication/LocalAuthentication$Sha1Function.class */
    private static final class Sha1Function implements HashFunction {
        private Sha1Function() {
        }

        @Override // org.sonar.server.authentication.LocalAuthentication.HashFunction
        public AuthenticationResult checkCredentials(UserDto userDto, String str) {
            return userDto.getCryptedPassword() == null ? new AuthenticationResult(false, "null password in DB") : userDto.getSalt() == null ? new AuthenticationResult(false, "null salt") : !userDto.getCryptedPassword().equals(hash(userDto.getSalt(), str)) ? new AuthenticationResult(false, "wrong password") : new AuthenticationResult(true, IssueFieldsSetter.UNUSED);
        }

        @Override // org.sonar.server.authentication.LocalAuthentication.HashFunction
        public void storeHashPassword(UserDto userDto, String str) {
            Objects.requireNonNull(str, "Password cannot be null");
            byte[] bArr = new byte[20];
            LocalAuthentication.SECURE_RANDOM.nextBytes(bArr);
            String sha1Hex = DigestUtils.sha1Hex(bArr);
            userDto.setHashMethod(HashMethod.SHA1.name()).setCryptedPassword(hash(sha1Hex, str)).setSalt(sha1Hex);
        }

        private static String hash(String str, String str2) {
            return DigestUtils.sha1Hex("--" + str + "--" + str2 + "--");
        }
    }

    public LocalAuthentication(DbClient dbClient) {
        this.dbClient = dbClient;
    }

    public void authenticate(DbSession dbSession, UserDto userDto, String str, AuthenticationEvent.Method method) {
        if (userDto.getHashMethod() == null) {
            throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(method)).setLogin(userDto.getLogin()).setMessage("null hash method").build();
        }
        try {
            HashMethod valueOf = HashMethod.valueOf(userDto.getHashMethod());
            AuthenticationResult checkCredentials = valueOf.checkCredentials(userDto, str);
            if (!checkCredentials.isSuccessful()) {
                throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(method)).setLogin(userDto.getLogin()).setMessage(checkCredentials.getFailureMessage()).build();
            }
            if (valueOf != DEFAULT) {
                DEFAULT.storeHashPassword(userDto, str);
                this.dbClient.userDao().update(dbSession, userDto);
            }
        } catch (IllegalArgumentException e) {
            throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(method)).setLogin(userDto.getLogin()).setMessage(String.format("Unknown hash method [%s]", userDto.getHashMethod())).build();
        }
    }

    public void storeHashPassword(UserDto userDto, String str) {
        DEFAULT.storeHashPassword(userDto, str);
    }
}
