package org.eclipse.hono.auth;

import io.vertx.core.json.JsonObject;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.eclipse.hono.util.CredentialsConstants;
import org.eclipse.hono.util.CredentialsObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:BOOT-INF/lib/hono-core-0.9-M2.jar:org/eclipse/hono/auth/SpringBasedHonoPasswordEncoder.class */
public class SpringBasedHonoPasswordEncoder implements HonoPasswordEncoder {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SpringBasedHonoPasswordEncoder.class);
    private static final int DEFAULT_BCRYPT_STRENGTH = 10;
    private final Map<String, PasswordEncoder> encoders;
    private final PasswordEncoder encoderForEncode;
    private final String idForEncode;
    private final SecureRandom secureRandom;

    public SpringBasedHonoPasswordEncoder() {
        this(newSecureRandom(), 10);
    }

    public SpringBasedHonoPasswordEncoder(int i) {
        this(newSecureRandom(), i);
    }

    public SpringBasedHonoPasswordEncoder(SecureRandom secureRandom, int i) {
        this.encoders = new HashMap();
        this.secureRandom = (SecureRandom) Objects.requireNonNull(secureRandom);
        this.encoderForEncode = new BCryptPasswordEncoder(i, this.secureRandom);
        this.idForEncode = CredentialsConstants.HASH_FUNCTION_BCRYPT;
        this.encoders.put(this.idForEncode, this.encoderForEncode);
        this.encoders.put("sha-256", new MessageDigestPasswordEncoder("sha-256", this.secureRandom));
        this.encoders.put(CredentialsConstants.HASH_FUNCTION_SHA512, new MessageDigestPasswordEncoder(CredentialsConstants.HASH_FUNCTION_SHA512, this.secureRandom));
        LOG.info("using BCrypt [strength: {}] with PRNG [{}] for encoding clear text passwords", Integer.valueOf(i), secureRandom.getAlgorithm());
    }

    @Override // org.eclipse.hono.auth.HonoPasswordEncoder
    public JsonObject encode(String str) {
        EncodedPassword encodedPassword = new EncodedPassword(this.encoderForEncode.encode(str));
        return CredentialsObject.hashedPasswordSecretForPasswordHash(encodedPassword.password, this.idForEncode, (Instant) null, (Instant) null, encodedPassword.salt);
    }

    @Override // org.eclipse.hono.auth.HonoPasswordEncoder
    public boolean matches(String str, JsonObject jsonObject) {
        try {
            EncodedPassword fromHonoSecret = EncodedPassword.fromHonoSecret(jsonObject);
            return ((PasswordEncoder) Optional.ofNullable(this.encoders.get(fromHonoSecret.hashFunction)).orElse(this.encoderForEncode)).matches(str, fromHonoSecret.format());
        } catch (IllegalArgumentException e) {
            LOG.debug("error matching password", (Throwable) e);
            return false;
        }
    }

    private static SecureRandom newSecureRandom() {
        try {
            return SecureRandom.getInstance("NativePRNGNonBlocking");
        } catch (NoSuchAlgorithmException e) {
            return new SecureRandom();
        }
    }
}
