package org.camunda.bpm.engine.impl.digest;

import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.camunda.bpm.engine.impl.ProcessEngineLogger;
import org.camunda.bpm.engine.impl.util.EnsureUtil;

/* loaded from: input_file:BOOT-INF/lib/camunda-engine-7.20.0.jar:org/camunda/bpm/engine/impl/digest/PasswordManager.class */
public class PasswordManager {
    public static final SecurityLogger LOG = ProcessEngineLogger.SECURITY_LOGGER;
    protected PasswordEncryptor defaultPasswordEncryptor;
    protected Map<String, PasswordEncryptor> passwordChecker = new HashMap();
    protected DatabasePrefixHandler prefixHandler = new DatabasePrefixHandler();

    public PasswordManager(PasswordEncryptor passwordEncryptor, List<PasswordEncryptor> list) {
        addPasswordCheckerAndThrowErrorIfAlreadyAvailable(new ShaHashDigest());
        addPasswordCheckerAndThrowErrorIfAlreadyAvailable(new Sha512HashDigest());
        addAllPasswordChecker(list);
        addDefaultEncryptor(passwordEncryptor);
    }

    protected void addAllPasswordChecker(List<PasswordEncryptor> list) {
        Iterator<PasswordEncryptor> it = list.iterator();
        while (it.hasNext()) {
            addPasswordCheckerAndThrowErrorIfAlreadyAvailable(it.next());
        }
    }

    protected void addPasswordCheckerAndThrowErrorIfAlreadyAvailable(PasswordEncryptor passwordEncryptor) {
        if (this.passwordChecker.containsKey(passwordEncryptor.hashAlgorithmName())) {
            throw LOG.hashAlgorithmForPasswordEncryptionAlreadyAvailableException(passwordEncryptor.hashAlgorithmName());
        }
        this.passwordChecker.put(passwordEncryptor.hashAlgorithmName(), passwordEncryptor);
    }

    protected void addDefaultEncryptor(PasswordEncryptor passwordEncryptor) {
        this.defaultPasswordEncryptor = passwordEncryptor;
        this.passwordChecker.put(passwordEncryptor.hashAlgorithmName(), passwordEncryptor);
    }

    public String encrypt(String str) {
        return this.prefixHandler.generatePrefix(this.defaultPasswordEncryptor.hashAlgorithmName()) + this.defaultPasswordEncryptor.encrypt(str);
    }

    public boolean check(String str, String str2) {
        PasswordEncryptor correctEncryptorForPassword = getCorrectEncryptorForPassword(str2);
        String removePrefix = this.prefixHandler.removePrefix(str2);
        EnsureUtil.ensureNotNull("encryptedPasswordWithoutPrefix", removePrefix);
        return correctEncryptorForPassword.check(str, removePrefix);
    }

    protected PasswordEncryptor getCorrectEncryptorForPassword(String str) {
        String retrieveAlgorithmName = this.prefixHandler.retrieveAlgorithmName(str);
        if (retrieveAlgorithmName == null || !this.passwordChecker.containsKey(retrieveAlgorithmName)) {
            throw LOG.cannotResolveAlgorithmPrefixFromGivenPasswordException(retrieveAlgorithmName, this.passwordChecker.keySet());
        }
        return this.passwordChecker.get(retrieveAlgorithmName);
    }
}
