package net.solarnetwork.pki.bc;

import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.solarnetwork.service.PasswordEncoder;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;

/* loaded from: input_file:net/solarnetwork/pki/bc/BCPBKDF2PasswordEncoder.class */
public class BCPBKDF2PasswordEncoder implements PasswordEncoder {
    public static final int DEFAULT_SALT_LENGTH = 8;
    public static final int DEFAULT_KEY_LENGTH = 32;
    public static final int DEFAULT_ITERATIONS = 131072;
    private static final Pattern ENCODING_PATTERN = Pattern.compile("(\\A[0-9a-fA-F]+)\\$(\\d+)\\$([0-9a-fA-F]+)");
    private int saltLength = 8;
    private int keyLength = 32;
    private int iterations = DEFAULT_ITERATIONS;
    private final SecureRandom random = new SecureRandom();

    public String encode(CharSequence charSequence) {
        int i = this.iterations;
        int i2 = this.keyLength * 8;
        byte[] bArr = new byte[this.saltLength];
        this.random.nextBytes(bArr);
        try {
            return Hex.encodeHexString(bArr) + '$' + i + '$' + Hex.encodeHexString(derivePBKDF2SHA256Key(charSequence.toString().getBytes("UTF-8"), bArr, i2, i));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Error encoding raw password as UTF-8", e);
        }
    }

    public boolean isPasswordEncrypted(CharSequence charSequence) {
        return charSequence != null && charSequence.length() > 0 && ENCODING_PATTERN.matcher(charSequence).matches();
    }

    public boolean matches(CharSequence charSequence, String str) {
        if (str == null || str.length() == 0) {
            return false;
        }
        Matcher matcher = ENCODING_PATTERN.matcher(str);
        if (!matcher.matches()) {
            return false;
        }
        try {
            byte[] decodeHex = Hex.decodeHex(matcher.group(1).toCharArray());
            int parseInt = Integer.parseInt(matcher.group(2));
            byte[] decodeHex2 = Hex.decodeHex(matcher.group(3).toCharArray());
            return Arrays.equals(derivePBKDF2SHA256Key(charSequence.toString().getBytes("UTF-8"), decodeHex, decodeHex2.length * 8, parseInt), decodeHex2);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Error decoding password as UTF-8", e);
        } catch (DecoderException e2) {
            throw new RuntimeException("Error decoding password as hex", e2);
        }
    }

    public static final byte[] derivePBKDF2SHA256Key(byte[] bArr, byte[] bArr2, int i, int i2) {
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA256Digest());
        pKCS5S2ParametersGenerator.init(bArr, bArr2, i2);
        return pKCS5S2ParametersGenerator.generateDerivedParameters(i).getKey();
    }

    public static final void main(String[] strArr) {
        if (strArr.length < 1) {
            System.err.println("Usage: " + BCPBKDF2PasswordEncoder.class.getName() + " <password>");
            System.exit(1);
        }
        System.out.println(strArr[0] + " = " + new BCPBKDF2PasswordEncoder().encode(strArr[0]));
    }

    public void setSaltLength(int i) {
        this.saltLength = i;
    }

    public void setKeyLength(int i) {
        this.keyLength = i;
    }

    public void setIterations(int i) {
        this.iterations = i;
    }
}
