package org.geoserver.security.password;

import java.io.IOException;
import java.util.Arrays;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.KeyStoreProvider;
import org.geoserver.security.KeyStoreProviderImpl;
import org.geoserver.security.SecurityUtils;
import org.geoserver.security.password.AbstractGeoserverPasswordEncoder;
import org.jasypt.encryption.pbe.StandardPBEByteEncryptor;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.springsecurity3.authentication.encoding.PBEPasswordEncoder;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.crypto.codec.Base64;

/* loaded from: input_file:org/geoserver/security/password/GeoServerPBEPasswordEncoder.class */
public class GeoServerPBEPasswordEncoder extends AbstractGeoserverPasswordEncoder {
    StandardPBEStringEncryptor stringEncrypter;
    StandardPBEByteEncryptor byteEncrypter;
    private String providerName;
    private String algorithm;
    private String keyAliasInKeyStore = KeyStoreProviderImpl.CONFIGPASSWORDKEY;
    private KeyStoreProvider keystoreProvider;

    @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder, org.geoserver.security.password.GeoServerPasswordEncoder
    public void initialize(GeoServerSecurityManager geoServerSecurityManager) throws IOException {
        this.keystoreProvider = geoServerSecurityManager.getKeyStoreProvider();
    }

    @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder, org.geoserver.security.password.GeoServerPasswordEncoder
    public void initializeFor(GeoServerUserGroupService geoServerUserGroupService) throws IOException {
        if (!this.keystoreProvider.hasUserGroupKey(geoServerUserGroupService.getName())) {
            throw new IOException("No key alias: " + this.keystoreProvider.aliasForGroupService(geoServerUserGroupService.getName()) + " in key store: " + this.keystoreProvider.getResource().path());
        }
        this.keyAliasInKeyStore = this.keystoreProvider.aliasForGroupService(geoServerUserGroupService.getName());
    }

    public String getProviderName() {
        return this.providerName;
    }

    public void setProviderName(String str) {
        this.providerName = str;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public String getKeyAliasInKeyStore() {
        return this.keyAliasInKeyStore;
    }

    @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder
    /* renamed from: createStringEncoder */
    protected PasswordEncoder mo215createStringEncoder() {
        byte[] lookupPasswordFromKeyStore = lookupPasswordFromKeyStore();
        char[] chars = SecurityUtils.toChars(lookupPasswordFromKeyStore);
        try {
            this.stringEncrypter = new StandardPBEStringEncryptor();
            this.stringEncrypter.setPasswordCharArray(chars);
            if (getProviderName() != null && !getProviderName().isEmpty()) {
                this.stringEncrypter.setProviderName(getProviderName());
            }
            this.stringEncrypter.setAlgorithm(getAlgorithm());
            PBEPasswordEncoder pBEPasswordEncoder = new PBEPasswordEncoder();
            pBEPasswordEncoder.setPbeStringEncryptor(this.stringEncrypter);
            return pBEPasswordEncoder;
        } finally {
            SecurityUtils.scramble(lookupPasswordFromKeyStore);
            SecurityUtils.scramble(chars);
        }
    }

    @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder
    protected AbstractGeoserverPasswordEncoder.CharArrayPasswordEncoder createCharEncoder() {
        char[] chars = SecurityUtils.toChars(lookupPasswordFromKeyStore());
        this.byteEncrypter = new StandardPBEByteEncryptor();
        this.byteEncrypter.setPasswordCharArray(chars);
        if (getProviderName() != null && !getProviderName().isEmpty()) {
            this.byteEncrypter.setProviderName(getProviderName());
        }
        this.byteEncrypter.setAlgorithm(getAlgorithm());
        return new AbstractGeoserverPasswordEncoder.CharArrayPasswordEncoder() { // from class: org.geoserver.security.password.GeoServerPBEPasswordEncoder.1
            @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder.CharArrayPasswordEncoder
            public boolean isPasswordValid(String str, char[] cArr, Object obj) {
                byte[] decrypt = GeoServerPBEPasswordEncoder.this.byteEncrypter.decrypt(Base64.decode(str.getBytes()));
                char[] chars2 = SecurityUtils.toChars(decrypt);
                try {
                    return Arrays.equals(chars2, cArr);
                } finally {
                    SecurityUtils.scramble(decrypt);
                    SecurityUtils.scramble(chars2);
                }
            }

            @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder.CharArrayPasswordEncoder
            public String encodePassword(char[] cArr, Object obj) {
                byte[] bytes = SecurityUtils.toBytes(cArr);
                try {
                    return new String(Base64.encode(GeoServerPBEPasswordEncoder.this.byteEncrypter.encrypt(bytes)));
                } finally {
                    SecurityUtils.scramble(bytes);
                }
            }
        };
    }

    byte[] lookupPasswordFromKeyStore() {
        try {
            if (this.keystoreProvider.containsAlias(getKeyAliasInKeyStore())) {
                return this.keystoreProvider.getSecretKey(getKeyAliasInKeyStore()).getEncoded();
            }
            throw new RuntimeException("Keystore: " + this.keystoreProvider.getResource().path() + " does not contain alias: " + getKeyAliasInKeyStore());
        } catch (IOException e) {
            throw new RuntimeException("Cannot find alias: " + getKeyAliasInKeyStore() + " in " + this.keystoreProvider.getResource().path());
        }
    }

    @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder, org.geoserver.security.password.GeoServerPasswordEncoder
    public PasswordEncodingType getEncodingType() {
        return PasswordEncodingType.ENCRYPT;
    }

    @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder, org.geoserver.security.password.GeoServerPasswordEncoder
    public String decode(String str) throws UnsupportedOperationException {
        if (this.stringEncrypter == null) {
            getStringEncoder();
        }
        return this.stringEncrypter.decrypt(removePrefix(str));
    }

    @Override // org.geoserver.security.password.AbstractGeoserverPasswordEncoder, org.geoserver.security.password.GeoServerPasswordEncoder
    public char[] decodeToCharArray(String str) throws UnsupportedOperationException {
        if (this.byteEncrypter == null) {
            getCharEncoder();
        }
        byte[] decrypt = this.byteEncrypter.decrypt(Base64.decode(removePrefix(str).getBytes()));
        try {
            return SecurityUtils.toChars(decrypt);
        } finally {
            SecurityUtils.scramble(decrypt);
        }
    }
}
