package org.exist.security.internal;

import gnu.crypto.hash.MD5;
import gnu.crypto.hash.RipeMD160;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.math3.geometry.VectorFormat;
import org.exist.security.Account;
import org.exist.security.Credential;
import org.exist.security.MessageDigester;

/* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/Password.class */
public class Password implements Credential {
    private final String pw;
    private final String digestPw;
    public static final Hash DEFAULT_ALGORITHM = Hash.RIPEMD160;
    private final Hash algorithm;
    final Pattern ptnHash = Pattern.compile("\\{([A-Z0-9]+)\\}(.*)");
    final Matcher mtcHash = this.ptnHash.matcher("");

    /* loaded from: input_file:WEB-INF/lib/exist-core-3.0.RC1.jar:org/exist/security/internal/Password$Hash.class */
    public enum Hash {
        MD5,
        RIPEMD160
    }

    public Password(Account account, String str) {
        if (str == null) {
            this.algorithm = DEFAULT_ALGORITHM;
            this.pw = null;
            this.digestPw = null;
            return;
        }
        this.mtcHash.reset(str);
        if (this.mtcHash.matches()) {
            this.algorithm = Hash.valueOf(this.mtcHash.group(1));
            this.pw = this.mtcHash.group(2);
        } else {
            this.algorithm = DEFAULT_ALGORITHM;
            this.pw = hashAndEncode(str);
        }
        this.digestPw = digest(account.getName(), account.getRealmId(), this.pw);
    }

    public Password(Account account, Hash hash, String str) {
        this.algorithm = hash;
        this.pw = str;
        this.digestPw = digest(account.getName(), account.getRealmId(), this.pw);
    }

    @Override // org.exist.security.Credential
    public String getDigest() {
        return this.digestPw;
    }

    final String digest(String str, String str2, String str3) {
        return MessageDigester.byteArrayToHex(hash(str + ":" + str2 + ":" + str3));
    }

    final String hashAndEncode(String str) {
        return Base64.encodeBase64String(hash(str));
    }

    final byte[] hash(String str) {
        switch (this.algorithm) {
            case RIPEMD160:
                return ripemd160Hash(str);
            case MD5:
                return md5Hash(str);
            default:
                return null;
        }
    }

    final byte[] ripemd160Hash(String str) {
        RipeMD160 ripeMD160 = new RipeMD160();
        byte[] bytes = str.getBytes();
        ripeMD160.update(bytes, 0, bytes.length);
        return ripeMD160.digest();
    }

    final byte[] md5Hash(String str) {
        MD5 md5 = new MD5();
        byte[] bytes = str.getBytes();
        md5.update(bytes, 0, bytes.length);
        return md5.digest();
    }

    @Override // org.exist.security.Credential
    public boolean check(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj == null) {
            obj = "";
        }
        if ((obj instanceof Password) || (obj instanceof String)) {
            return equals(obj);
        }
        if (obj instanceof char[]) {
            return equals(String.valueOf((char[]) obj));
        }
        return false;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj == null) {
            return false;
        }
        if (!(obj instanceof Password)) {
            if (obj instanceof String) {
                return hashAndEncode((String) obj).equals(this.pw);
            }
            return false;
        }
        Password password = (Password) obj;
        if (this.algorithm != password.algorithm) {
            throw new RuntimeException("Cannot compare passwords with different algorithms i.e. " + this.algorithm + " and " + password.algorithm);
        }
        return this.pw == password.pw || (this.pw != null && this.pw.equals(password.pw));
    }

    public String toString() {
        return VectorFormat.DEFAULT_PREFIX + this.algorithm + "}" + this.pw;
    }
}
