package io.gravitee.am.service.impl;

import io.gravitee.am.model.application.ApplicationSecretSettings;
import io.gravitee.am.model.application.ClientSecret;
import io.gravitee.am.service.authentication.crypto.password.NoOpPasswordEncoder;
import io.gravitee.am.service.authentication.crypto.password.PBKDF2PasswordEncoder;
import io.gravitee.am.service.authentication.crypto.password.PasswordEncoder;
import io.gravitee.am.service.authentication.crypto.password.SHAPasswordEncoder;
import io.gravitee.am.service.authentication.crypto.password.bcrypt.BCryptPasswordEncoder;
import io.gravitee.am.service.model.PatchPasswordSettings;
import io.gravitee.am.service.spring.application.SecretHashAlgorithm;
import java.util.Date;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/service/impl/ApplicationClientSecretService.class */
public class ApplicationClientSecretService {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private Map<String, PasswordEncoder> encoders = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.gravitee.am.service.impl.ApplicationClientSecretService$1, reason: invalid class name */
    /* loaded from: input_file:io/gravitee/am/service/impl/ApplicationClientSecretService$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$gravitee$am$service$spring$application$SecretHashAlgorithm = new int[SecretHashAlgorithm.values().length];

        static {
            try {
                $SwitchMap$io$gravitee$am$service$spring$application$SecretHashAlgorithm[SecretHashAlgorithm.BCRYPT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$gravitee$am$service$spring$application$SecretHashAlgorithm[SecretHashAlgorithm.PBKDF2.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$gravitee$am$service$spring$application$SecretHashAlgorithm[SecretHashAlgorithm.SHA_512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$gravitee$am$service$spring$application$SecretHashAlgorithm[SecretHashAlgorithm.SHA_256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public PasswordEncoder getOrCreateNoOpPasswordEncoder() {
        return getOrCreatePasswordEncoder(null);
    }

    public PasswordEncoder getOrCreatePasswordEncoder(ApplicationSecretSettings applicationSecretSettings) {
        PasswordEncoder noOpPasswordEncoder = NoOpPasswordEncoder.getInstance();
        if (Objects.isNull(applicationSecretSettings)) {
            this.logger.trace("SecretSettings are null, return NoOp encoder");
            return noOpPasswordEncoder;
        }
        if (this.encoders.containsKey(applicationSecretSettings.getId())) {
            this.logger.trace("SecretSettings {} found", applicationSecretSettings.getId());
            noOpPasswordEncoder = this.encoders.get(applicationSecretSettings.getId());
        } else {
            this.logger.trace("SecretSettings {} not found, generate new instance of {} encoder", applicationSecretSettings.getId(), applicationSecretSettings.getAlgorithm());
            SecretHashAlgorithm valueOf = SecretHashAlgorithm.valueOf(applicationSecretSettings.getAlgorithm());
            switch (AnonymousClass1.$SwitchMap$io$gravitee$am$service$spring$application$SecretHashAlgorithm[valueOf.ordinal()]) {
                case PatchPasswordSettings.MIN_PASSWORD_HISTORY /* 1 */:
                    noOpPasswordEncoder = new BCryptPasswordEncoder(((Integer) applicationSecretSettings.getProperties().get(SecretHashAlgorithm.PropertyKeys.BCRYPT_ROUNDS.getKey())).intValue());
                    break;
                case 2:
                    noOpPasswordEncoder = new PBKDF2PasswordEncoder(((Integer) applicationSecretSettings.getProperties().get(SecretHashAlgorithm.PropertyKeys.PBKDF2_SALT.getKey())).intValue(), ((Integer) applicationSecretSettings.getProperties().get(SecretHashAlgorithm.PropertyKeys.PBKDF2_ROUNDS.getKey())).intValue(), (String) applicationSecretSettings.getProperties().get(SecretHashAlgorithm.PropertyKeys.PBKDF2_KEY_ALG.getKey()));
                    break;
                case 3:
                case 4:
                    noOpPasswordEncoder = new SHAPasswordEncoder(valueOf.getAlgorithm());
                    break;
                default:
                    this.logger.warn("No PasswordEncoder with id '{}' found to decode client secret, fallback to NoOpEncoder", applicationSecretSettings.getId());
                    break;
            }
            this.encoders.put(applicationSecretSettings.getId(), noOpPasswordEncoder);
        }
        return noOpPasswordEncoder;
    }

    public ClientSecret generateClientSecret(String str, ApplicationSecretSettings applicationSecretSettings) {
        ClientSecret clientSecret = new ClientSecret();
        clientSecret.setId(UUID.randomUUID().toString());
        clientSecret.setSecret(getOrCreatePasswordEncoder(applicationSecretSettings).encode(str));
        clientSecret.setCreatedAt(new Date());
        clientSecret.setSettingsId(applicationSecretSettings.getId());
        clientSecret.setName(clientSecret.getId());
        return clientSecret;
    }
}
