package org.wildfly.security.password.impl;

import java.io.NotSerializableException;
import java.io.ObjectInputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.wildfly.common.math.HashMath;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.interfaces.ScramDigestPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.IteratedPasswordAlgorithmSpec;
import org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec;
import org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec;
import org.wildfly.security.password.spec.SaltedHashPasswordSpec;
import org.wildfly.security.password.spec.SaltedPasswordAlgorithmSpec;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/wildfly-elytron-1.12.1.Final.jar:org/wildfly/security/password/impl/ScramDigestPasswordImpl.class
 */
/* loaded from: input_file:BOOT-INF/lib/wildfly-elytron-password-impl-1.12.1.Final.jar:org/wildfly/security/password/impl/ScramDigestPasswordImpl.class */
class ScramDigestPasswordImpl extends AbstractPasswordImpl implements ScramDigestPassword {
    private static final long serialVersionUID = 5831469808883867480L;
    private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
    private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
    private static final String HMAC_SHA384_ALGORITHM = "HmacSHA384";
    private static final String HMAC_SHA512_ALGORITHM = "HmacSHA512";
    private final String algorithm;
    private final byte[] digest;
    private final byte[] salt;
    private final int iterationCount;

    ScramDigestPasswordImpl(String str, byte[] bArr, byte[] bArr2, int i) {
        this.algorithm = str;
        this.digest = bArr;
        this.salt = bArr2;
        this.iterationCount = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(ScramDigestPassword scramDigestPassword) {
        this(scramDigestPassword.getAlgorithm(), (byte[]) scramDigestPassword.getDigest().clone(), (byte[]) scramDigestPassword.getSalt().clone(), scramDigestPassword.getIterationCount());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, IteratedSaltedHashPasswordSpec iteratedSaltedHashPasswordSpec) {
        this(str, (byte[]) iteratedSaltedHashPasswordSpec.getHash().clone(), (byte[]) iteratedSaltedHashPasswordSpec.getSalt().clone(), iteratedSaltedHashPasswordSpec.getIterationCount());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, SaltedHashPasswordSpec saltedHashPasswordSpec) {
        this(str, (byte[]) saltedHashPasswordSpec.getHash().clone(), (byte[]) saltedHashPasswordSpec.getSalt().clone(), 20000);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, ClearPasswordSpec clearPasswordSpec) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException {
        this(str, clearPasswordSpec.getEncodedPassword(), PasswordUtil.generateRandomSalt(12), 20000);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, char[] cArr) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException {
        this(str, cArr, PasswordUtil.generateRandomSalt(12), 20000);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, char[] cArr, IteratedSaltedPasswordAlgorithmSpec iteratedSaltedPasswordAlgorithmSpec) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException {
        this(str, cArr, iteratedSaltedPasswordAlgorithmSpec.getSalt(), iteratedSaltedPasswordAlgorithmSpec.getIterationCount());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, char[] cArr, SaltedPasswordAlgorithmSpec saltedPasswordAlgorithmSpec) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException {
        this(str, cArr, saltedPasswordAlgorithmSpec.getSalt(), 20000);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, char[] cArr, IteratedPasswordAlgorithmSpec iteratedPasswordAlgorithmSpec) throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException {
        this(str, cArr, PasswordUtil.generateRandomSalt(12), iteratedPasswordAlgorithmSpec.getIterationCount());
    }

    ScramDigestPasswordImpl(String str, char[] cArr, byte[] bArr, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        this(str, scramDigest(str, getNormalizedPasswordBytes(cArr), bArr, i), bArr, i);
    }

    @Override // java.security.Key
    public String getAlgorithm() {
        return this.algorithm;
    }

    @Override // org.wildfly.security.password.interfaces.ScramDigestPassword
    public byte[] getDigest() {
        try {
            return (byte[]) this.digest.clone();
        } catch (NullPointerException e) {
            throw new IllegalStateException();
        }
    }

    @Override // org.wildfly.security.password.interfaces.ScramDigestPassword
    public byte[] getSalt() {
        try {
            return (byte[]) this.salt.clone();
        } catch (NullPointerException e) {
            throw new IllegalStateException();
        }
    }

    @Override // org.wildfly.security.password.interfaces.ScramDigestPassword
    public int getIterationCount() {
        return this.iterationCount;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public <T extends KeySpec> boolean convertibleTo(Class<T> cls) {
        return cls.isAssignableFrom(IteratedSaltedHashPasswordSpec.class);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public Password translate(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
            IteratedSaltedPasswordAlgorithmSpec iteratedSaltedPasswordAlgorithmSpec = (IteratedSaltedPasswordAlgorithmSpec) algorithmParameterSpec;
            byte[] salt = iteratedSaltedPasswordAlgorithmSpec.getSalt();
            if (salt != null && !Arrays.equals(salt, this.salt)) {
                throw new InvalidAlgorithmParameterException();
            }
            int iterationCount = iteratedSaltedPasswordAlgorithmSpec.getIterationCount();
            if (iterationCount < this.iterationCount) {
                throw new InvalidAlgorithmParameterException();
            }
            if (iterationCount == this.iterationCount) {
                return this;
            }
            byte[] bArr = (byte[]) this.digest.clone();
            try {
                addIterations(bArr, getMacInstance(this.algorithm, bArr), this.iterationCount, iterationCount);
                return new ScramDigestPasswordImpl(this.algorithm, bArr, salt, iterationCount);
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new InvalidKeyException(e);
            }
        }
        if (!(algorithmParameterSpec instanceof IteratedPasswordAlgorithmSpec)) {
            if (!(algorithmParameterSpec instanceof SaltedPasswordAlgorithmSpec)) {
                throw new InvalidAlgorithmParameterException();
            }
            byte[] salt2 = ((SaltedPasswordAlgorithmSpec) algorithmParameterSpec).getSalt();
            if (salt2 == null || Arrays.equals(salt2, this.salt)) {
                return this;
            }
            throw new InvalidAlgorithmParameterException();
        }
        int iterationCount2 = ((IteratedPasswordAlgorithmSpec) algorithmParameterSpec).getIterationCount();
        if (iterationCount2 < this.iterationCount) {
            throw new InvalidAlgorithmParameterException();
        }
        if (iterationCount2 == this.iterationCount) {
            return this;
        }
        try {
            addIterations(this.digest, getMacInstance(this.algorithm, this.digest), this.iterationCount, iterationCount2);
            return new ScramDigestPasswordImpl(this.algorithm, this.digest, this.salt, iterationCount2);
        } catch (InvalidKeyException | NoSuchAlgorithmException e2) {
            throw new InvalidKeyException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public boolean verify(char[] cArr) throws InvalidKeyException {
        if (cArr.length == 0) {
            return false;
        }
        try {
            return Arrays.equals(this.digest, scramDigest(getAlgorithm(), getNormalizedPasswordBytes(cArr), getSalt(), getIterationCount()));
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidKeyException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public <S extends KeySpec> S getKeySpec(Class<S> cls) throws InvalidKeySpecException {
        if (cls.isAssignableFrom(IteratedSaltedHashPasswordSpec.class)) {
            return cls.cast(new IteratedSaltedHashPasswordSpec(getDigest(), getSalt(), getIterationCount()));
        }
        throw new InvalidKeySpecException();
    }

    static byte[] scramDigest(String str, byte[] bArr, byte[] bArr2, int i) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac macInstance = getMacInstance(str, bArr);
        macInstance.update(bArr2);
        macInstance.update("������\u0001".getBytes(StandardCharsets.UTF_8));
        byte[] doFinal = macInstance.doFinal();
        addIterations(doFinal, macInstance, 1, i);
        return doFinal;
    }

    static void addIterations(byte[] bArr, Mac mac, int i, int i2) {
        byte[] bArr2 = bArr;
        for (int i3 = i; i3 < i2; i3++) {
            mac.update(bArr2);
            bArr2 = mac.doFinal();
            for (int i4 = 0; i4 < bArr.length; i4++) {
                int i5 = i4;
                bArr[i5] = (byte) (bArr[i5] ^ bArr2[i4]);
            }
        }
    }

    private static Mac getMacInstance(String str, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1757081455:
                if (str.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_1)) {
                    z = false;
                    break;
                }
                break;
            case -633128269:
                if (str.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_256)) {
                    z = true;
                    break;
                }
                break;
            case -633127217:
                if (str.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_384)) {
                    z = 2;
                    break;
                }
                break;
            case -633125514:
                if (str.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_512)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
                mac.init(new SecretKeySpec(bArr, HMAC_SHA1_ALGORITHM));
                return mac;
            case true:
                Mac mac2 = Mac.getInstance(HMAC_SHA256_ALGORITHM);
                mac2.init(new SecretKeySpec(bArr, HMAC_SHA256_ALGORITHM));
                return mac2;
            case true:
                Mac mac3 = Mac.getInstance(HMAC_SHA384_ALGORITHM);
                mac3.init(new SecretKeySpec(bArr, HMAC_SHA384_ALGORITHM));
                return mac3;
            case true:
                Mac mac4 = Mac.getInstance(HMAC_SHA512_ALGORITHM);
                mac4.init(new SecretKeySpec(bArr, HMAC_SHA512_ALGORITHM));
                return mac4;
            default:
                throw ElytronMessages.log.noSuchAlgorithmInvalidAlgorithm(str);
        }
    }

    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public int hashCode() {
        return HashMath.multiHashOrdered(HashMath.multiHashOrdered(HashMath.multiHashOrdered(Arrays.hashCode(this.digest), Arrays.hashCode(this.salt)), this.iterationCount), this.algorithm.hashCode());
    }

    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public boolean equals(Object obj) {
        if (!(obj instanceof ScramDigestPasswordImpl)) {
            return false;
        }
        ScramDigestPasswordImpl scramDigestPasswordImpl = (ScramDigestPasswordImpl) obj;
        return this.iterationCount == scramDigestPasswordImpl.iterationCount && this.algorithm.equals(scramDigestPasswordImpl.algorithm) && Arrays.equals(this.digest, scramDigestPasswordImpl.digest) && Arrays.equals(this.salt, scramDigestPasswordImpl.salt);
    }

    private void readObject(ObjectInputStream objectInputStream) throws NotSerializableException {
        throw new NotSerializableException();
    }

    Object writeReplace() {
        return ScramDigestPassword.createRaw(this.algorithm, this.digest, this.salt, this.iterationCount);
    }

    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    /* renamed from: clone */
    public ScramDigestPasswordImpl mo6581clone() {
        return this;
    }
}
