package org.neo4j.cypher.internal.security;

import java.nio.charset.StandardCharsets;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SaltedAuthenticationInfo;
import org.apache.shiro.codec.Hex;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.neo4j.kernel.impl.security.Credential;

/* loaded from: input_file:org/neo4j/cypher/internal/security/SystemGraphCredential.class */
public class SystemGraphCredential implements Credential {
    private final SecureHasher secureHasher;
    private final SimpleHash hashedCredentials;

    private SystemGraphCredential(SecureHasher secureHasher, SimpleHash simpleHash) {
        this.secureHasher = secureHasher;
        this.hashedCredentials = simpleHash;
    }

    @Override // org.neo4j.kernel.impl.security.Credential
    public boolean matchesPassword(final byte[] bArr) {
        return this.secureHasher.getHashedCredentialsMatcherWithIterations(this.hashedCredentials.getIterations()).doCredentialsMatch(new AuthenticationToken() { // from class: org.neo4j.cypher.internal.security.SystemGraphCredential.1
            @Override // org.apache.shiro.authc.AuthenticationToken
            public Object getCredentials() {
                return bArr;
            }

            @Override // org.apache.shiro.authc.AuthenticationToken
            public Object getPrincipal() {
                return null;
            }
        }, new SaltedAuthenticationInfo() { // from class: org.neo4j.cypher.internal.security.SystemGraphCredential.2
            @Override // org.apache.shiro.authc.AuthenticationInfo
            public Object getCredentials() {
                return SystemGraphCredential.this.hashedCredentials.getBytes();
            }

            @Override // org.apache.shiro.authc.SaltedAuthenticationInfo
            public ByteSource getCredentialsSalt() {
                return SystemGraphCredential.this.hashedCredentials.getSalt();
            }

            @Override // org.apache.shiro.authc.AuthenticationInfo
            public PrincipalCollection getPrincipals() {
                return null;
            }
        });
    }

    public static SystemGraphCredential createCredentialForPassword(byte[] bArr, SecureHasher secureHasher) {
        return new SystemGraphCredential(secureHasher, secureHasher.hash(bArr));
    }

    @Override // org.neo4j.kernel.impl.security.Credential
    public String serialize() {
        return serialize(this);
    }

    public static String serialize(SystemGraphCredential systemGraphCredential) {
        String algorithmName = systemGraphCredential.hashedCredentials.getAlgorithmName();
        String num = Integer.toString(systemGraphCredential.hashedCredentials.getIterations());
        return String.join(",", algorithmName, systemGraphCredential.hashedCredentials.toHex(), systemGraphCredential.hashedCredentials.getSalt().toHex(), num);
    }

    public static String serialize(byte[] bArr) throws IllegalArgumentException {
        Matcher matcher = Pattern.compile(String.join(",", "^([0-9])", "([A-Fa-f0-9]+)", "([A-Fa-f0-9]+)")).matcher(new String(bArr, StandardCharsets.UTF_8));
        if (!matcher.matches()) {
            throw new IllegalArgumentException("Incorrect format of encrypted password. Correct format is '<encryption-version>,<hash>,<salt>'.");
        }
        String group = matcher.group(1);
        String group2 = matcher.group(2);
        String group3 = matcher.group(3);
        SecureHasherConfiguration secureHasherConfiguration = SecureHasherConfigurations.configurations.get(group);
        if (secureHasherConfiguration == null) {
            throw new IllegalArgumentException("The encryption version specified is not available.");
        }
        return String.join(",", secureHasherConfiguration.algorithm, group2, group3, String.valueOf(secureHasherConfiguration.iterations));
    }

    public static String maskSerialized(String str) throws IllegalArgumentException {
        Matcher matcher = Pattern.compile(String.join(",", "^([A-Za-z0-9\\-]+)", "([A-Fa-f0-9]+)", "([A-Fa-f0-9]+)") + "(?:,([0-9]+))?").matcher(str);
        if (!matcher.matches()) {
            throw new IllegalArgumentException("Invalid serialized credential.");
        }
        String group = matcher.group(1);
        String group2 = matcher.group(2);
        String group3 = matcher.group(3);
        String group4 = matcher.group(4);
        return String.join(",", SecureHasherConfigurations.getVersionForConfiguration(group, group4 != null ? Integer.parseInt(group4) : 1), group2, group3);
    }

    public static SystemGraphCredential deserialize(String str, SecureHasher secureHasher) throws FormatException {
        String[] split = str.split(",", -1);
        if (split.length < 3 || split.length > 4) {
            throw new FormatException("wrong number of credential fields");
        }
        String str2 = split[0];
        byte[] decode = Hex.decode(split[1]);
        byte[] decode2 = Hex.decode(split[2]);
        int parseInt = split.length == 4 ? Integer.parseInt(split[3]) : 1;
        SimpleHash simpleHash = new SimpleHash(str2);
        simpleHash.setBytes(decode);
        simpleHash.setSalt(ByteSource.Util.bytes(decode2));
        simpleHash.setIterations(parseInt);
        return new SystemGraphCredential(secureHasher, simpleHash);
    }
}
