package jenkins.security;

import hudson.Util;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.344-rc32282.4893a_b_302636.jar:jenkins/security/HMACConfidentialKey.class */
public class HMACConfidentialKey extends ConfidentialKey {
    private ConfidentialStore lastCS;
    private SecretKey key;
    private Mac mac;
    private final int length;
    private static final String ALGORITHM = "HmacSHA256";

    public HMACConfidentialKey(String str, int i) {
        super(str);
        this.length = i;
    }

    public HMACConfidentialKey(String str) {
        this(str, Integer.MAX_VALUE);
    }

    public HMACConfidentialKey(Class cls, String str, int i) {
        this(cls.getName() + '.' + str, i);
    }

    public HMACConfidentialKey(Class cls, String str) {
        this(cls, str, Integer.MAX_VALUE);
    }

    public synchronized byte[] mac(byte[] bArr) {
        ConfidentialStore confidentialStore = ConfidentialStore.get();
        if (this.mac == null || confidentialStore != this.lastCS) {
            this.lastCS = confidentialStore;
            this.mac = createMac();
        }
        return chop(this.mac.doFinal(bArr));
    }

    public boolean checkMac(byte[] bArr, byte[] bArr2) {
        return MessageDigest.isEqual(mac(bArr), bArr2);
    }

    public String mac(String str) {
        return Util.toHexString(mac(str.getBytes(StandardCharsets.UTF_8)));
    }

    public boolean checkMac(String str, String str2) {
        return MessageDigest.isEqual(mac(str).getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8));
    }

    private byte[] chop(byte[] bArr) {
        if (bArr.length <= this.length) {
            return bArr;
        }
        byte[] bArr2 = new byte[this.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    public Mac createMac() {
        try {
            Mac mac = Mac.getInstance(ALGORITHM);
            mac.init(getKey());
            return mac;
        } catch (GeneralSecurityException e) {
            throw new Error("HmacSHA256 not supported?", e);
        }
    }

    private synchronized SecretKey getKey() {
        ConfidentialStore confidentialStore = ConfidentialStore.get();
        if (this.key == null || confidentialStore != this.lastCS) {
            this.lastCS = confidentialStore;
            try {
                byte[] load = load();
                if (load == null) {
                    byte[] encoded = KeyGenerator.getInstance(ALGORITHM).generateKey().getEncoded();
                    load = encoded;
                    store(encoded);
                }
                this.key = new SecretKeySpec(load, ALGORITHM);
            } catch (IOException | NoSuchAlgorithmException e) {
                throw new Error("Failed to load the key: " + getId(), e);
            }
        }
        return this.key;
    }
}
