package org.springframework.security.config.authentication;

import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.authentication.encoding.BaseDigestPasswordEncoder;
import org.springframework.security.authentication.encoding.LdapShaPasswordEncoder;
import org.springframework.security.authentication.encoding.Md4PasswordEncoder;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.security.config.Elements;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.util.StringUtils;
import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/spring-security-config-4.2.9.RELEASE.jar:org/springframework/security/config/authentication/PasswordEncoderParser.class */
public class PasswordEncoderParser {
    static final String ATT_REF = "ref";
    public static final String ATT_HASH = "hash";
    static final String ATT_BASE_64 = "base64";
    static final String OPT_HASH_BCRYPT = "bcrypt";
    static final String OPT_HASH_PLAINTEXT = "plaintext";
    static final String OPT_HASH_SHA = "sha";
    static final String OPT_HASH_SHA256 = "sha-256";
    static final String OPT_HASH_MD4 = "md4";
    static final String OPT_HASH_MD5 = "md5";
    static final String OPT_HASH_LDAP_SHA = "{sha}";
    static final String OPT_HASH_LDAP_SSHA = "{ssha}";
    private static final Map<String, Class<?>> ENCODER_CLASSES = new HashMap();
    private static final Log logger;
    private BeanMetadataElement passwordEncoder;
    private BeanMetadataElement saltSource;

    public PasswordEncoderParser(Element element, ParserContext parserContext) {
        parse(element, parserContext);
    }

    private void parse(Element element, ParserContext parserContext) {
        String attribute = element.getAttribute(ATT_HASH);
        boolean z = false;
        if (StringUtils.hasText(element.getAttribute(ATT_BASE_64))) {
            z = Boolean.valueOf(element.getAttribute(ATT_BASE_64)).booleanValue();
        }
        String attribute2 = element.getAttribute("ref");
        if (StringUtils.hasText(attribute2)) {
            this.passwordEncoder = new RuntimeBeanReference(attribute2);
        } else {
            this.passwordEncoder = createPasswordEncoderBeanDefinition(attribute, z);
            ((RootBeanDefinition) this.passwordEncoder).setSource(parserContext.extractSource(element));
        }
        Element childElementByTagName = DomUtils.getChildElementByTagName(element, Elements.SALT_SOURCE);
        if (childElementByTagName != null) {
            if (OPT_HASH_BCRYPT.equals(attribute)) {
                parserContext.getReaderContext().error("salt-source isn't compatible with bcrypt", parserContext.extractSource(childElementByTagName));
            } else {
                this.saltSource = new SaltSourceBeanDefinitionParser().parse(childElementByTagName, parserContext);
            }
        }
    }

    public static BeanDefinition createPasswordEncoderBeanDefinition(String str, boolean z) {
        Class<?> cls = ENCODER_CLASSES.get(str);
        BeanDefinitionBuilder rootBeanDefinition = BeanDefinitionBuilder.rootBeanDefinition(cls);
        if ("sha-256".equals(str)) {
            rootBeanDefinition.addConstructorArgValue(256);
        }
        if (z) {
            if (BaseDigestPasswordEncoder.class.isAssignableFrom(cls)) {
                rootBeanDefinition.addPropertyValue("encodeHashAsBase64", "true");
            } else {
                logger.warn("base64 isn't compatible with " + str + " and will be ignored");
            }
        }
        return rootBeanDefinition.getBeanDefinition();
    }

    public BeanMetadataElement getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public BeanMetadataElement getSaltSource() {
        return this.saltSource;
    }

    static {
        ENCODER_CLASSES.put(OPT_HASH_PLAINTEXT, PlaintextPasswordEncoder.class);
        ENCODER_CLASSES.put(OPT_HASH_BCRYPT, BCryptPasswordEncoder.class);
        ENCODER_CLASSES.put(OPT_HASH_SHA, ShaPasswordEncoder.class);
        ENCODER_CLASSES.put("sha-256", ShaPasswordEncoder.class);
        ENCODER_CLASSES.put(OPT_HASH_MD4, Md4PasswordEncoder.class);
        ENCODER_CLASSES.put("md5", Md5PasswordEncoder.class);
        ENCODER_CLASSES.put(OPT_HASH_LDAP_SHA, LdapShaPasswordEncoder.class);
        ENCODER_CLASSES.put(OPT_HASH_LDAP_SSHA, LdapShaPasswordEncoder.class);
        logger = LogFactory.getLog(PasswordEncoderParser.class);
    }
}
