package kd.bos.util;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import kd.bos.encrypt.api.FrameWorkServiceFactory;
import kd.bos.encrypt.pass.PasswordFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:kd/bos/util/PasswordEncryptUtil.class */
public class PasswordEncryptUtil {
    private static Logger LOG = LoggerFactory.getLogger(PasswordEncryptUtil.class);
    public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
    public static final int SALT_BYTE_SIZE = 16;
    public static final int HASH_BIT_SIZE = 512;
    public static final int PBKDF2_ITERATIONS = 1000;
    private static final int PASSWORD_CHECK_LENGTH = 160;

    public static boolean authenticate(String str, String str2, String str3) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return PasswordFactory.getPasswordEncoder(str2).encryptPassword(str, str3).equals(str2);
    }

    public static String getCorrectUserIDSalt(String str) {
        String str2 = str;
        if (StringUtils.isNotEmpty(str) && str.length() <= 1) {
            str2 = str + "110111";
        }
        return str2;
    }

    public static String getEncryptedPassword(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return PasswordFactory.getCurrentUsingPasswordEncoder().encryptPassword(str, str2);
    }

    public static String generateSalt() throws NoSuchAlgorithmException {
        SecureRandom secureRandom = null;
        try {
            secureRandom = SecureRandom.getInstance("NativePRNGNonBlocking");
        } catch (NoSuchAlgorithmException e) {
            LOG.info(e.getMessage());
        }
        if (secureRandom == null) {
            secureRandom = new SecureRandom();
        }
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        return HexUtils.toHex(bArr);
    }

    public static String getEncryptePasswordWithSalt(String str, String str2) {
        String str3 = "";
        try {
            str3 = getEncryptedPassword(str, str2);
        } catch (NoSuchAlgorithmException e) {
            LOG.error(e.getMessage());
        } catch (InvalidKeySpecException e2) {
            LOG.error(e2.getMessage());
        }
        return str3;
    }

    public static String getEncryptePasswordWithSalt(String str) {
        String str2 = "";
        try {
            String generateSalt = generateSalt();
            str2 = getEncryptedPassword(str, generateSalt) + generateSalt;
        } catch (NoSuchAlgorithmException e) {
            LOG.error(e.getMessage());
        } catch (InvalidKeySpecException e2) {
            LOG.error(e2.getMessage());
        }
        return str2;
    }

    public static boolean authenticate(String str, String str2) {
        return authenticateWithSalt(getSalt(str), str, str2);
    }

    public static boolean authenticateWithSalt(String str, String str2, String str3) {
        String str4;
        boolean z = false;
        if (str2 != null) {
            String str5 = str;
            if (str2.length() >= PASSWORD_CHECK_LENGTH) {
                str5 = getSalt(str2);
                str4 = getEncryptedString(str2, str5);
            } else {
                str4 = str2;
            }
            try {
                if (StringUtils.isNotEmpty(str5)) {
                    z = str4.equals(PasswordFactory.getPasswordEncoder(str2).encryptPassword(str3, str5));
                }
            } catch (NoSuchAlgorithmException e) {
                LOG.error(e.getMessage());
            } catch (InvalidKeySpecException e2) {
                LOG.error(e2.getMessage());
            }
        }
        return z;
    }

    private static String getEncryptedString(String str, String str2) {
        String str3 = "";
        if (str != null && str2 != null) {
            str3 = str.replace(str2, "");
        }
        return str3;
    }

    private static String getSalt(String str) {
        String str2 = "";
        if (str != null && str.length() >= PASSWORD_CHECK_LENGTH) {
            str2 = str.substring(str.length() - 32, str.length());
        }
        return str2;
    }

    public static boolean checkPassword(String str, String str2) {
        boolean z = false;
        if (str != null && str2 != null) {
            if (authenticate(str2, str)) {
                z = true;
            }
            if (supportOLDEncrypt() && !z && str2.equals(EncryptUtils.encryptPSW(str))) {
                z = true;
            }
        }
        return z;
    }

    private static boolean supportOLDEncrypt() {
        boolean z = true;
        String geStringtProptyOfTenant = FrameWorkServiceFactory.getFrameWorkService().geStringtProptyOfTenant("password_support_old_arlgorithm");
        if (StringUtils.isNotEmpty(geStringtProptyOfTenant) && !"true".equalsIgnoreCase(geStringtProptyOfTenant)) {
            z = false;
        }
        return z;
    }

    public static boolean checkPasswordWithSalt(String str, String str2, String str3) {
        boolean z = false;
        if (str2 != null && str3 != null) {
            if (StringUtils.isNotEmpty(str)) {
                z = authenticateWithSalt(str, str3, str2);
            }
            if (supportOLDEncrypt() && !z && str3.equals(EncryptUtils.encryptPSW(str2))) {
                z = true;
            }
        }
        return z;
    }
}
