package org.glassfish.soteria.identitystores.hash;

import jakarta.enterprise.context.Dependent;
import jakarta.security.enterprise.identitystore.Pbkdf2PasswordHash;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

@Dependent
/* loaded from: input_file:org/glassfish/soteria/identitystores/hash/Pbkdf2PasswordHashImpl.class */
public class Pbkdf2PasswordHashImpl implements Pbkdf2PasswordHash {
    private static final int DEFAULT_ITERATIONS = 2048;
    private static final int DEFAULT_SALT_SIZE = 32;
    private static final int DEFAULT_KEY_SIZE = 32;
    private static final int MIN_ITERATIONS = 1024;
    private static final int MIN_SALT_SIZE = 16;
    private static final int MIN_KEY_SIZE = 16;
    private static final String PROPERTY_ALGORITHM = "Pbkdf2PasswordHash.Algorithm";
    private static final String PROPERTY_ITERATIONS = "Pbkdf2PasswordHash.Iterations";
    private static final String PROPERTY_SALTSIZE = "Pbkdf2PasswordHash.SaltSizeBytes";
    private static final String PROPERTY_KEYSIZE = "Pbkdf2PasswordHash.KeySizeBytes";
    private String configuredAlgorithm = DEFAULT_ALGORITHM;
    private int configuredIterations = 2048;
    private int configuredSaltSizeBytes = 32;
    private int configuredKeySizeBytes = 32;
    private final SecureRandom random = new SecureRandom();
    private static final String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA256";
    private static final Set<String> SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(new HashSet(Arrays.asList("PBKDF2WithHmacSHA224", DEFAULT_ALGORITHM, "PBKDF2WithHmacSHA384", "PBKDF2WithHmacSHA512")));

    /* loaded from: input_file:org/glassfish/soteria/identitystores/hash/Pbkdf2PasswordHashImpl$EncodedPasswordHash.class */
    private static class EncodedPasswordHash {
        private String algorithm;
        private int iterations;
        private byte[] salt;
        private byte[] hash;
        private String encoded;

        private EncodedPasswordHash() {
        }

        EncodedPasswordHash(byte[] bArr, byte[] bArr2, String str, int i) {
            this.algorithm = str;
            this.iterations = i;
            this.salt = bArr2;
            this.hash = bArr;
            encode();
        }

        EncodedPasswordHash(String str) {
            this.encoded = str;
            decode();
        }

        String getAlgorithm() {
            return this.algorithm;
        }

        int getIterations() {
            return this.iterations;
        }

        byte[] getSalt() {
            return this.salt;
        }

        byte[] getHash() {
            return this.hash;
        }

        String getEncoded() {
            return this.encoded;
        }

        private void encode() {
            this.encoded = this.algorithm + ":" + this.iterations + ":" + Base64.getEncoder().encodeToString(this.salt) + ":" + Base64.getEncoder().encodeToString(this.hash);
        }

        private void decode() {
            String[] split = this.encoded.split(":");
            if (split.length != 4) {
                throw new IllegalArgumentException("Bad hash encoding");
            }
            if (!Pbkdf2PasswordHashImpl.SUPPORTED_ALGORITHMS.contains(split[0])) {
                throw new IllegalArgumentException("Bad hash encoding");
            }
            this.algorithm = split[0];
            try {
                this.iterations = Integer.parseInt(split[1]);
                this.salt = Base64.getDecoder().decode(split[2]);
                this.hash = Base64.getDecoder().decode(split[3]);
            } catch (Exception e) {
                throw new IllegalArgumentException("Bad hash encoding", e);
            }
        }
    }

    @Override // jakarta.security.enterprise.identitystore.PasswordHash
    public void initialize(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getKey().equals(PROPERTY_ALGORITHM)) {
                if (!SUPPORTED_ALGORITHMS.contains(entry.getValue())) {
                    throw new IllegalArgumentException("Bad Algorithm parameter: " + entry.getValue());
                }
                this.configuredAlgorithm = entry.getValue();
            } else if (entry.getKey().equals(PROPERTY_ITERATIONS)) {
                try {
                    this.configuredIterations = Integer.parseInt(entry.getValue());
                    if (this.configuredIterations < 1024) {
                        throw new IllegalArgumentException("Bad Iterations parameter: " + entry.getValue());
                    }
                } catch (Exception e) {
                    throw new IllegalArgumentException("Bad Iterations parameter: " + entry.getValue());
                }
            } else if (entry.getKey().equals(PROPERTY_SALTSIZE)) {
                try {
                    this.configuredSaltSizeBytes = Integer.parseInt(entry.getValue());
                    if (this.configuredSaltSizeBytes < 16) {
                        throw new IllegalArgumentException("Bad SaltSizeBytes parameter: " + entry.getValue());
                    }
                } catch (Exception e2) {
                    throw new IllegalArgumentException("Bad SaltSizeBytes parameter: " + entry.getValue());
                }
            } else {
                if (!entry.getKey().equals(PROPERTY_KEYSIZE)) {
                    throw new IllegalArgumentException("Unrecognized parameter for Pbkdf2PasswordHash");
                }
                try {
                    this.configuredKeySizeBytes = Integer.parseInt(entry.getValue());
                    if (this.configuredKeySizeBytes < 16) {
                        throw new IllegalArgumentException("Bad KeySizeBytes parameter: " + entry.getValue());
                    }
                } catch (Exception e3) {
                    throw new IllegalArgumentException("Bad KeySizeBytes parameter: " + entry.getValue());
                }
            }
        }
    }

    @Override // jakarta.security.enterprise.identitystore.PasswordHash
    public String generate(char[] cArr) {
        byte[] randomSalt = getRandomSalt(new byte[this.configuredSaltSizeBytes]);
        return new EncodedPasswordHash(pbkdf2(cArr, randomSalt, this.configuredAlgorithm, this.configuredIterations, this.configuredKeySizeBytes), randomSalt, this.configuredAlgorithm, this.configuredIterations).getEncoded();
    }

    @Override // jakarta.security.enterprise.identitystore.PasswordHash
    public boolean verify(char[] cArr, String str) {
        EncodedPasswordHash encodedPasswordHash = new EncodedPasswordHash(str);
        return PasswordHashCompare.compareBytes(pbkdf2(cArr, encodedPasswordHash.getSalt(), encodedPasswordHash.getAlgorithm(), encodedPasswordHash.getIterations(), encodedPasswordHash.getHash().length), encodedPasswordHash.getHash());
    }

    private byte[] pbkdf2(char[] cArr, byte[] bArr, String str, int i, int i2) {
        try {
            return SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr, bArr, i, i2 * 8)).getEncoded();
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException(e);
        }
    }

    private synchronized byte[] getRandomSalt(byte[] bArr) {
        this.random.nextBytes(bArr);
        return bArr;
    }
}
