package org.opends.server.extensions;

import java.util.Arrays;
import java.util.Random;
import java.util.concurrent.locks.ReentrantLock;
import org.opends.server.admin.std.server.PasswordStorageSchemeCfg;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.messages.ExtensionsMessages;
import org.opends.server.messages.MessageHandler;
import org.opends.server.types.ByteString;
import org.opends.server.types.ByteStringFactory;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
import org.opends.server.types.ResultCode;
import org.opends.server.util.Crypt;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/CryptPasswordStorageScheme.class */
public class CryptPasswordStorageScheme extends PasswordStorageScheme {
    private static final String CLASS_NAME = "org.opends.server.extensions.CryptPasswordStorageScheme";
    private static final byte[] SALT_CHARS = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".getBytes();
    private final Random randomSaltIndex = new Random();
    private final ReentrantLock saltLock = new ReentrantLock();
    private final Crypt crypt = new Crypt();

    @Override // org.opends.server.api.PasswordStorageScheme
    public void initializePasswordStorageScheme(PasswordStorageSchemeCfg passwordStorageSchemeCfg) throws ConfigException, InitializationException {
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public String getStorageSchemeName() {
        return ExtensionsConstants.STORAGE_SCHEME_NAME_CRYPT;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodePassword(ByteString byteString) throws DirectoryException {
        try {
            return ByteStringFactory.create(this.crypt.crypt(byteString.value(), randomSalt()));
        } catch (Exception e) {
            throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), MessageHandler.getMessage(ExtensionsMessages.MSGID_PWSCHEME_CANNOT_ENCODE_PASSWORD, CLASS_NAME, StaticUtils.stackTraceToSingleLineString(e)), ExtensionsMessages.MSGID_PWSCHEME_CANNOT_ENCODE_PASSWORD, e);
        }
    }

    private byte[] randomSalt() {
        this.saltLock.lock();
        try {
            byte[] bArr = {SALT_CHARS[this.randomSaltIndex.nextInt(SALT_CHARS.length)], SALT_CHARS[this.randomSaltIndex.nextInt(SALT_CHARS.length)]};
            this.saltLock.unlock();
            return bArr;
        } catch (Throwable th) {
            this.saltLock.unlock();
            throw th;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodePasswordWithScheme(ByteString byteString) throws DirectoryException {
        StringBuilder sb = new StringBuilder(ExtensionsConstants.STORAGE_SCHEME_NAME_CRYPT.length() + 12);
        sb.append('{');
        sb.append(ExtensionsConstants.STORAGE_SCHEME_NAME_CRYPT);
        sb.append('}');
        sb.append(encodePassword(byteString));
        return ByteStringFactory.create(sb.toString());
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean passwordMatches(ByteString byteString, ByteString byteString2) {
        byte[] value = byteString2.value();
        try {
            return Arrays.equals(this.crypt.crypt(byteString.value(), value), value);
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean supportsAuthPasswordSyntax() {
        return false;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString encodeAuthPassword(ByteString byteString) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, MessageHandler.getMessage(ExtensionsMessages.MSGID_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD, getStorageSchemeName()), ExtensionsMessages.MSGID_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD);
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean authPasswordMatches(ByteString byteString, String str, String str2) {
        return false;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean isReversible() {
        return false;
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString getPlaintextValue(ByteString byteString) throws DirectoryException {
        throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, MessageHandler.getMessage(ExtensionsMessages.MSGID_PWSCHEME_NOT_REVERSIBLE, ExtensionsConstants.STORAGE_SCHEME_NAME_CRYPT), ExtensionsMessages.MSGID_PWSCHEME_NOT_REVERSIBLE);
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public ByteString getAuthPasswordPlaintextValue(String str, String str2) throws DirectoryException {
        throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, MessageHandler.getMessage(ExtensionsMessages.MSGID_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD, getStorageSchemeName()), ExtensionsMessages.MSGID_PWSCHEME_DOES_NOT_SUPPORT_AUTH_PASSWORD);
    }

    @Override // org.opends.server.api.PasswordStorageScheme
    public boolean isStorageSchemeSecure() {
        return false;
    }
}
