package io.inverno.mod.security.authentication.password;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.inverno.mod.security.authentication.password.Password;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.Objects;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:io/inverno/mod/security/authentication/password/PBKDF2Password.class */
public class PBKDF2Password extends AbstractPassword<PBKDF2Password, Encoder> {

    /* loaded from: input_file:io/inverno/mod/security/authentication/password/PBKDF2Password$Encoder.class */
    public static class Encoder implements Password.Encoder<PBKDF2Password, Encoder> {
        public static final String PRF_SHA256 = "HmacSHA256";
        public static final String PRF_SHA384 = "HmacSHA384";
        public static final String PRF_SHA512 = "HmacSHA512";
        public static final String DEFAULT_PRF = "HmacSHA256";
        public static final int DEFAULT_SALT_LENGTH = 16;
        public static final int DEFAULT_HASH_LENGTH = 32;
        public static final int DEFAULT_ITERATION_COUNT = 1000;

        @JsonIgnore
        private final String prf;

        @JsonIgnore
        private final int iterationCount;

        @JsonIgnore
        private final int saltLength;

        @JsonIgnore
        private final int hashLength;

        @JsonIgnore
        private final SecureRandom secureRandom;

        public Encoder() {
            this("HmacSHA256", DEFAULT_ITERATION_COUNT, 16, 32, PasswordUtils.DEFAULT_SECURE_RANDOM);
        }

        public Encoder(String str) {
            this(str, DEFAULT_ITERATION_COUNT, 16, 32, PasswordUtils.DEFAULT_SECURE_RANDOM);
        }

        @JsonCreator
        public Encoder(@JsonProperty("prf") String str, @JsonProperty("iterationCount") int i, @JsonProperty("saltLength") int i2, @JsonProperty("hashLength") int i3) {
            this(str, i, i2, i3, PasswordUtils.DEFAULT_SECURE_RANDOM);
        }

        public Encoder(String str, int i, int i2, int i3, SecureRandom secureRandom) {
            this.prf = (String) Objects.requireNonNull(str);
            this.saltLength = i2;
            this.iterationCount = i;
            this.hashLength = i3;
            this.secureRandom = (SecureRandom) Objects.requireNonNull(secureRandom);
        }

        @JsonProperty("prf")
        public String getPseudoRandomFunction() {
            return this.prf;
        }

        @JsonProperty("iterationCount")
        public int getIterationCount() {
            return this.iterationCount;
        }

        @JsonProperty("saltLength")
        public int getSaltLength() {
            return this.saltLength;
        }

        @JsonProperty("hashLength")
        public int getHashLength() {
            return this.hashLength;
        }

        @JsonIgnore
        public SecureRandom getSecureRandom() {
            return this.secureRandom;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // io.inverno.mod.security.authentication.password.Password.Encoder
        public PBKDF2Password recover(String str) throws PasswordException {
            return new PBKDF2Password(str, this);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // io.inverno.mod.security.authentication.password.Password.Encoder
        public PBKDF2Password encode(String str) throws PasswordException {
            return new PBKDF2Password(PasswordUtils.BASE64_NOPAD_URL_ENCODER.encodeToString(encode(str.toCharArray(), PasswordUtils.generateSalt(this.secureRandom, this.saltLength))), this);
        }

        private byte[] encode(char[] cArr, byte[] bArr) throws PasswordException {
            try {
                byte[] encoded = SecretKeyFactory.getInstance("PBKDF2With" + this.prf).generateSecret(new PBEKeySpec(cArr, bArr, this.iterationCount, this.hashLength * 8)).getEncoded();
                byte[] bArr2 = new byte[bArr.length + encoded.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                System.arraycopy(encoded, 0, bArr2, bArr.length, encoded.length);
                return bArr2;
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new PasswordException(e);
            }
        }

        @Override // io.inverno.mod.security.authentication.password.Password.Encoder
        public boolean matches(String str, String str2) throws PasswordException {
            byte[] decode = Base64.getUrlDecoder().decode(str2);
            byte[] bArr = new byte[this.saltLength];
            System.arraycopy(decode, 0, bArr, 0, this.saltLength);
            return MessageDigest.isEqual(encode(str.toCharArray(), bArr), decode);
        }

        public int hashCode() {
            return (41 * ((41 * ((41 * ((41 * 7) + Objects.hashCode(this.prf))) + this.iterationCount)) + this.saltLength)) + this.hashLength;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Encoder encoder = (Encoder) obj;
            if (this.iterationCount == encoder.iterationCount && this.saltLength == encoder.saltLength && this.hashLength == encoder.hashLength) {
                return Objects.equals(this.prf, encoder.prf);
            }
            return false;
        }
    }

    @JsonCreator
    public PBKDF2Password(@JsonProperty("value") String str, @JsonProperty("encoder") Encoder encoder) {
        super(str, encoder);
    }
}
