package com.atlassian.security.password;

import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.Validate;

/* loaded from: input_file:WEB-INF/lib/atlassian-password-encoder-3.2.3.jar:com/atlassian/security/password/DefaultPasswordEncoder.class */
public final class DefaultPasswordEncoder implements PasswordEncoder {
    private static final PasswordEncoder DEFAULT_INSTANCE = new DefaultPasswordEncoder("PKCS5S2", new PKCS5S2PasswordHashGenerator(), new RandomSaltGenerator());
    private static final int DEFAULT_SALT_LENGTH_BYTES = 16;
    private final String prefix;
    private final PasswordHashGenerator hashGenerator;
    private final SaltGenerator saltGenerator;

    public static PasswordEncoder getDefaultInstance() {
        return DEFAULT_INSTANCE;
    }

    public static PasswordEncoder newInstance(String str, PasswordHashGenerator passwordHashGenerator) {
        return new DefaultPasswordEncoder(str, passwordHashGenerator, new RandomSaltGenerator());
    }

    public DefaultPasswordEncoder(String str, PasswordHashGenerator passwordHashGenerator, SaltGenerator saltGenerator) {
        this.prefix = "{" + str + "}";
        this.hashGenerator = passwordHashGenerator;
        this.saltGenerator = saltGenerator;
    }

    @Override // com.atlassian.security.password.PasswordEncoder
    public final boolean canDecodePassword(String str) {
        return str != null && str.startsWith(this.prefix);
    }

    @Override // com.atlassian.security.password.PasswordEncoder
    public final String encodePassword(String str) throws IllegalArgumentException {
        Validate.notEmpty(str, "Password must not be empty");
        byte[] generateSalt = this.saltGenerator.generateSalt(getSaltLength());
        return prependPrefix(toEncodedForm(generateSalt, this.hashGenerator.generateHash(StringUtils.getBytesUtf8(str), generateSalt)));
    }

    private int getSaltLength() {
        if (this.hashGenerator.getRequiredSaltLength() > 0) {
            return this.hashGenerator.getRequiredSaltLength();
        }
        return 16;
    }

    @Override // com.atlassian.security.password.PasswordEncoder
    public final boolean isValidPassword(String str, String str2) throws IllegalArgumentException {
        Validate.notNull(str);
        Validate.notNull(str2);
        if (!canDecodePassword(str2)) {
            return false;
        }
        byte[] fromEncodedForm = fromEncodedForm(removePrefix(str2));
        return Arrays.equals(ArrayUtils.subarray(fromEncodedForm, getSaltLength(), fromEncodedForm.length), this.hashGenerator.generateHash(StringUtils.getBytesUtf8(str), ArrayUtils.subarray(fromEncodedForm, 0, getSaltLength())));
    }

    private String prependPrefix(String str) {
        return this.prefix + str;
    }

    private String removePrefix(String str) {
        return str.substring(this.prefix.length());
    }

    private byte[] fromEncodedForm(String str) {
        return Base64.decodeBase64(StringUtils.getBytesUtf8(str));
    }

    private String toEncodedForm(byte[] bArr, byte[] bArr2) {
        return StringUtils.newStringUtf8(Base64.encodeBase64(ArrayUtils.addAll(bArr, bArr2)));
    }
}
