package org.sakaiproject.user.impl;

import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Random;
import org.sakaiproject.memory.api.Cache;
import org.sakaiproject.memory.api.MemoryService;
import org.sakaiproject.user.api.Authentication;
import org.sakaiproject.user.api.AuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sakaiproject/user/impl/AuthenticationCache.class */
public class AuthenticationCache {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationCache.class);
    private MemoryService memoryService;
    private Cache<String, AuthenticationRecord> authCache = null;
    private List<String> algorithms = Arrays.asList("SHA2", "SHA1");
    private Random saltGenerator = new Random();
    private int saltLength = 8;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sakaiproject/user/impl/AuthenticationCache$AuthenticationRecord.class */
    public static class AuthenticationRecord implements Serializable {
        private static final long serialVersionUID = 1;
        byte[] encodedPassword;
        Authentication authentication;

        public AuthenticationRecord(byte[] bArr, Authentication authentication) {
            this.encodedPassword = bArr;
            this.authentication = authentication;
        }
    }

    public void setMemoryService(MemoryService memoryService) {
        this.memoryService = memoryService;
    }

    public void init() {
        log.info("INIT");
        this.authCache = this.memoryService.getCache("org.sakaiproject.user.api.AuthenticationManager");
    }

    public void destroy() {
        if (this.authCache != null) {
            this.authCache.close();
        }
    }

    public void setAuthCache(Cache<String, AuthenticationRecord> cache) {
        this.authCache = cache;
        if (!log.isDebugEnabled() || cache == null) {
            return;
        }
        log.debug("authCache ");
    }

    public Authentication getAuthentication(String str, String str2) throws AuthenticationException {
        Authentication authentication = null;
        AuthenticationRecord authenticationRecord = (AuthenticationRecord) this.authCache.get(str);
        if (authenticationRecord != null) {
            byte[] bArr = new byte[this.saltLength];
            System.arraycopy(authenticationRecord.encodedPassword, 0, bArr, 0, bArr.length);
            if (!MessageDigest.isEqual(authenticationRecord.encodedPassword, getEncrypted(str2, bArr))) {
                if (log.isDebugEnabled()) {
                    log.debug("getAuthentication: record for authenticationId=" + str + " failed password check");
                }
                this.authCache.remove(str);
            } else {
                if (authenticationRecord.authentication == null) {
                    if (log.isDebugEnabled()) {
                        log.debug("getAuthentication: replaying authentication failure for authenticationId=" + str);
                    }
                    throw new AuthenticationException("repeated invalid login");
                }
                if (log.isDebugEnabled()) {
                    log.debug("getAuthentication: returning record for authenticationId=" + str);
                }
                authentication = authenticationRecord.authentication;
            }
        }
        return authentication;
    }

    public void putAuthentication(String str, String str2, Authentication authentication) {
        putAuthenticationRecord(str, str2, authentication);
    }

    public void putAuthenticationFailure(String str, String str2) {
        putAuthenticationRecord(str, str2, null);
    }

    public void removeAuthentification(String str) {
        this.authCache.remove(str);
    }

    protected void putAuthenticationRecord(String str, String str2, Authentication authentication) {
        if (this.authCache.containsKey(str)) {
            return;
        }
        byte[] bArr = new byte[this.saltLength];
        this.saltGenerator.nextBytes(bArr);
        this.authCache.put(str, new AuthenticationRecord(getEncrypted(str2, bArr), authentication));
    }

    private byte[] getEncrypted(String str, byte[] bArr) {
        Throwable th = null;
        Iterator<String> it = this.algorithms.iterator();
        while (it.hasNext()) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(it.next());
                messageDigest.update(bArr);
                messageDigest.update(str.getBytes("UTF-8"));
                byte[] digest = messageDigest.digest();
                byte[] bArr2 = new byte[bArr.length + digest.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                System.arraycopy(digest, 0, bArr2, bArr.length, digest.length);
                return bArr2;
            } catch (UnsupportedEncodingException e) {
                th = e;
            } catch (NoSuchAlgorithmException e2) {
                th = e2;
            }
        }
        throw new RuntimeException(th);
    }

    public void setMaximumSize(int i) {
        if (log.isWarnEnabled()) {
            log.warn("maximumSize property set but no longer used; should switch to maxElementsInMemory property instead");
        }
    }

    public void setTimeoutMs(int i) {
        if (log.isWarnEnabled()) {
            log.warn("timeoutMs property set but no longer used; should switch to timeToLive seconds property instead");
        }
    }

    public void setFailureThrottleTimeoutMs(int i) {
        if (log.isWarnEnabled()) {
            log.warn("failureThrottleTimeoutMs property set but no longer used; should switch to timeToLive seconds property instead");
        }
    }
}
