package org.xipki.ca.gateway;

import java.math.BigInteger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.xipki.audit.services.MacAuditService;
import org.xipki.util.Args;
import org.xipki.util.RandomUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/gateway-common-6.3.0.jar:org/xipki/ca/gateway/PasswordHash.class */
public class PasswordHash {
    public static final int SALT_BYTE_SIZE = 24;
    public static final int DERIVED_KEY_SIZE = 32;
    public static final int PBKDF2_ITERATIONS = 10000;
    public static final int ITERATION_INDEX = 0;
    public static final int SALT_INDEX = 1;
    public static final int PBKDF2_INDEX = 2;
    private static final PKCS5S2ParametersGenerator GEN = new PKCS5S2ParametersGenerator(new SHA256Digest());

    private PasswordHash() {
    }

    public static String createHash(String str) {
        Args.notBlank(str, MacAuditService.KEY_PASSWORD);
        return createHash(StringUtil.toUtf8Bytes(str));
    }

    public static String createHash(byte[] bArr) {
        return createHash(bArr, 24, PBKDF2_ITERATIONS, 32);
    }

    public static String createHash(byte[] bArr, int i, int i2, int i3) {
        Args.notNull(bArr, MacAuditService.KEY_PASSWORD);
        byte[] nextBytes = RandomUtil.nextBytes(i);
        return i2 + ParameterizedMessage.ERROR_MSG_SEPARATOR + toHex(nextBytes) + ParameterizedMessage.ERROR_MSG_SEPARATOR + toHex(pbkdf2(bArr, nextBytes, i2, i3));
    }

    public static boolean validatePassword(String str, String str2) {
        Args.notBlank(str, MacAuditService.KEY_PASSWORD);
        return validatePassword(StringUtil.toUtf8Bytes(str), str2);
    }

    public static boolean validatePassword(byte[] bArr, String str) {
        Args.notNull(bArr, MacAuditService.KEY_PASSWORD);
        String[] split = str.split(ParameterizedMessage.ERROR_MSG_SEPARATOR);
        int parseInt = Integer.parseInt(split[0]);
        byte[] fromHex = fromHex(split[1]);
        byte[] fromHex2 = fromHex(split[2]);
        return slowEquals(fromHex2, pbkdf2(bArr, fromHex, parseInt, fromHex2.length));
    }

    private static boolean slowEquals(byte[] bArr, byte[] bArr2) {
        int length = bArr.length ^ bArr2.length;
        for (int i = 0; i < bArr.length && i < bArr2.length; i++) {
            length |= bArr[i] ^ bArr2[i];
        }
        return length == 0;
    }

    public static byte[] pbkdf2(byte[] bArr, byte[] bArr2, int i, int i2) {
        byte[] key;
        synchronized (GEN) {
            GEN.init(bArr, bArr2, i);
            key = GEN.generateDerivedParameters(i2 * 8).getKey();
        }
        return key;
    }

    private static byte[] fromHex(String str) {
        byte[] bArr = new byte[str.length() / 2];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) Integer.parseInt(str.substring(2 * i, (2 * i) + 2), 16);
        }
        return bArr;
    }

    private static String toHex(byte[] bArr) {
        String bigInteger = new BigInteger(1, bArr).toString(16);
        int length = (bArr.length * 2) - bigInteger.length();
        return length > 0 ? String.format("%0" + length + "d", 0) + bigInteger : bigInteger;
    }
}
