package org.antfarmer.ejce.password.encoder;

import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Properties;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.antfarmer.ejce.exception.EncryptorConfigurationException;
import org.antfarmer.ejce.util.ByteUtil;
import org.antfarmer.ejce.util.EnvironmentUtil;
import org.antfarmer.ejce.util.TextUtil;

/* loaded from: input_file:org/antfarmer/ejce/password/encoder/Pbkdf2Encoder.class */
public class Pbkdf2Encoder extends AbstractPbkdf2PasswordEncoder {
    public static final String KEY_SALT_LENGTH = "saltLen";
    public static final String KEY_PROVIDER_NAME = "providerName";
    public static final String KEY_PROVIDER_CLASS = "providerClass";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA1 = "PBKDF2withHmacSHA1";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA224 = "PBKDF2withHmacSHA224";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA256 = "PBKDF2withHmacSHA256";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA384 = "PBKDF2withHmacSHA384";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA512 = "PBKDF2withHmacSHA512";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA3_224 = "PBKDF2withHmacSHA3-224";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA3_256 = "PBKDF2withHmacSHA3-256";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA3_384 = "PBKDF2withHmacSHA3-384";
    public static final String ALGORITHM_PBKDF2_HMAC_SHA3_512 = "PBKDF2withHmacSHA3-512";
    public static final String ALGORITHM_PBKDF2_HMAC_GOST = "PBKDF2withHmacGOST3411";
    public static final String DEFAULT_ALGORITHM;
    public static final int DEFAULT_SALT_LENGTH = 64;
    private byte[] secret;
    private int hashLengthBits;
    private int saltLengthBytes;
    private int iterations;
    private String algorithm;
    private SecureRandom random;
    private SecretKeyFactory skf;

    @Override // org.antfarmer.ejce.password.AbstractConfigurablePasswordEncoder
    public void doConfigure(Properties properties, String str) {
        this.secret = toBytes(parseString(properties, str, AbstractPbkdf2PasswordEncoder.KEY_SECRET, ""));
        this.hashLengthBits = parseInt(properties, str, "hashLen", 512);
        if (this.hashLengthBits < 1) {
            throw new EncryptorConfigurationException("Hash length must be > 0");
        }
        int parseInt = parseInt(properties, str, "saltLen", 64);
        if (parseInt % 8 != 0) {
            throw new EncryptorConfigurationException("Salt length must be specified in bits and must be a multiple of 8");
        }
        this.saltLengthBytes = parseInt / 8;
        this.iterations = parseInt(properties, str, "iterations", AbstractPbkdf2PasswordEncoder.DEFAULT_ITERATIONS);
        if (this.iterations < 1) {
            throw new EncryptorConfigurationException("Iterations must be > 0");
        }
        this.algorithm = parseString(properties, str, "algorithm", DEFAULT_ALGORITHM);
        String parseString = parseString(properties, str, "providerName", null);
        Provider provider = null;
        String parseString2 = parseString(properties, str, "providerClass", null);
        if (TextUtil.hasLength(parseString2)) {
            try {
                provider = (Provider) Class.forName(parseString2).newInstance();
            } catch (Exception e) {
                throw new EncryptorConfigurationException("Error instantiating: " + parseString2, e);
            }
        }
        try {
            if (provider != null) {
                this.skf = SecretKeyFactory.getInstance(this.algorithm, provider);
            } else if (TextUtil.hasLength(parseString)) {
                this.skf = SecretKeyFactory.getInstance(this.algorithm, parseString);
            } else {
                this.skf = SecretKeyFactory.getInstance(this.algorithm);
            }
            this.random = getRandom(properties, str);
        } catch (GeneralSecurityException e2) {
            throw new EncryptorConfigurationException("Error initializing algorithm: " + this.algorithm, e2);
        }
    }

    @Override // org.antfarmer.ejce.password.AbstractConfigurablePasswordEncoder
    public String doEncode(CharSequence charSequence) {
        byte[] bArr = new byte[this.saltLengthBytes];
        this.random.nextBytes(bArr);
        return encodeBytes(encode(charSequence, bArr));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v1, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r1v5, types: [byte[], byte[][]] */
    private byte[] encode(CharSequence charSequence, byte[] bArr) {
        char[] charArray = charSequence.toString().toCharArray();
        try {
            try {
                byte[] concatenate = concatenate(new byte[]{bArr, this.skf.generateSecret(new PBEKeySpec(charArray, concatenate(new byte[]{bArr, this.secret}), this.iterations, this.hashLengthBits)).getEncoded()});
                ByteUtil.clear(charArray);
                return concatenate;
            } catch (GeneralSecurityException e) {
                throw new IllegalStateException("Could not create hash", e);
            }
        } catch (Throwable th) {
            ByteUtil.clear(charArray);
            throw th;
        }
    }

    @Override // org.antfarmer.ejce.password.AbstractConfigurablePasswordEncoder
    public boolean isMatch(CharSequence charSequence, String str) {
        byte[] decodeBytes = decodeBytes(str);
        return Arrays.equals(decodeBytes, encode(charSequence, Arrays.copyOfRange(decodeBytes, 0, this.saltLengthBytes)));
    }

    private byte[] concatenate(byte[]... bArr) {
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        for (byte[] bArr4 : bArr) {
            System.arraycopy(bArr4, 0, bArr3, i2, bArr4.length);
            i2 += bArr4.length;
        }
        return bArr3;
    }

    static {
        DEFAULT_ALGORITHM = EnvironmentUtil.JAVA_VERSION >= 1.8d ? ALGORITHM_PBKDF2_HMAC_SHA512 : ALGORITHM_PBKDF2_HMAC_SHA1;
    }
}
