package com.atlassian.crowd.password.encoder;

import com.atlassian.crowd.common.properties.SystemProperties;
import com.atlassian.crowd.exception.PasswordEncoderException;
import com.atlassian.crowd.password.factory.PasswordEncoderFactory;
import com.atlassian.crowd.password.saltgenerator.SecureRandomSaltGenerator;
import com.atlassian.security.password.DefaultPasswordEncoder;
import com.atlassian.security.password.PKCS5S2PasswordHashGenerator;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import java.util.List;

/* loaded from: input_file:com/atlassian/crowd/password/encoder/AtlassianSecurityPasswordEncoder.class */
public class AtlassianSecurityPasswordEncoder implements InternalPasswordEncoder, UpgradeablePasswordEncoder {
    private static final com.atlassian.security.password.PasswordEncoder ADVANCED_PASSWORD_ENCODER = new DefaultPasswordEncoder("PKCS5S2_SHA2", new PKCS5S2SHA2PasswordHashGenerator(), SecureRandomSaltGenerator.INSTANCE);
    private static final com.atlassian.security.password.PasswordEncoder STANDARD_PASSWORD_ENCODER = new DefaultPasswordEncoder("PKCS5S2", new PKCS5S2PasswordHashGenerator(), SecureRandomSaltGenerator.INSTANCE);
    private final List<com.atlassian.security.password.PasswordEncoder> supportedPasswordEncoders;
    private final PasswordEncoder legacyPasswordEncoder;

    public AtlassianSecurityPasswordEncoder() {
        this(getSupportedEncoders(), new AtlassianSHA1PasswordEncoder());
    }

    AtlassianSecurityPasswordEncoder(com.atlassian.security.password.PasswordEncoder passwordEncoder, PasswordEncoder passwordEncoder2) {
        this((List<com.atlassian.security.password.PasswordEncoder>) ImmutableList.of(passwordEncoder), passwordEncoder2);
    }

    private AtlassianSecurityPasswordEncoder(List<com.atlassian.security.password.PasswordEncoder> list, PasswordEncoder passwordEncoder) {
        Preconditions.checkArgument(!list.isEmpty(), "Supported encoders list must contain at least 1 element");
        this.supportedPasswordEncoders = list;
        this.legacyPasswordEncoder = passwordEncoder;
    }

    @Override // com.atlassian.crowd.password.encoder.PasswordEncoder
    public String encodePassword(String str, Object obj) throws PasswordEncoderException {
        try {
            return getDefaultPasswordEncoder().encodePassword(str);
        } catch (IllegalArgumentException e) {
            throw new PasswordEncoderException("Password could not be encoded.", e);
        }
    }

    @Override // com.atlassian.crowd.password.encoder.PasswordEncoder
    public boolean isPasswordValid(String str, String str2, Object obj) {
        return ((Boolean) this.supportedPasswordEncoders.stream().filter(passwordEncoder -> {
            return passwordEncoder.canDecodePassword(str);
        }).findFirst().map(passwordEncoder2 -> {
            return Boolean.valueOf(isValidPassword(passwordEncoder2, str2, str));
        }).orElseGet(() -> {
            return Boolean.valueOf(this.legacyPasswordEncoder.isPasswordValid(str, str2, obj));
        })).booleanValue();
    }

    @Override // com.atlassian.crowd.password.encoder.UpgradeablePasswordEncoder
    public boolean isUpgradeRequired(String str) {
        return !getDefaultPasswordEncoder().canDecodePassword(str);
    }

    @Override // com.atlassian.crowd.password.encoder.PasswordEncoder
    public String getKey() {
        return PasswordEncoderFactory.ATLASSIAN_SECURITY_ENCODER;
    }

    private com.atlassian.security.password.PasswordEncoder getDefaultPasswordEncoder() {
        return this.supportedPasswordEncoders.get(0);
    }

    private boolean isValidPassword(com.atlassian.security.password.PasswordEncoder passwordEncoder, String str, String str2) {
        try {
            return passwordEncoder.isValidPassword(str, str2);
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    private static List<com.atlassian.security.password.PasswordEncoder> getSupportedEncoders() {
        return ((Boolean) SystemProperties.ADVANCED_SECURITY_PASSWORD_ENCODER_ENABLED.getValue()).booleanValue() ? ImmutableList.of(ADVANCED_PASSWORD_ENCODER, STANDARD_PASSWORD_ENCODER) : ImmutableList.of(STANDARD_PASSWORD_ENCODER, ADVANCED_PASSWORD_ENCODER);
    }
}
