package org.keycloak.credential.hash;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.keycloak.Config;
import org.keycloak.common.util.Base64;
import org.keycloak.credential.CredentialModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.PasswordPolicy;

/* loaded from: input_file:org/keycloak/credential/hash/Pbkdf2PasswordHashProvider.class */
public class Pbkdf2PasswordHashProvider implements PasswordHashProviderFactory, PasswordHashProvider {
    public static final String ID = "pbkdf2";
    private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final int DERIVED_KEY_SIZE = 512;

    public CredentialModel encode(String str, int i) {
        byte[] salt = getSalt();
        String encode = encode(str, i, salt);
        CredentialModel credentialModel = new CredentialModel();
        credentialModel.setAlgorithm("pbkdf2");
        credentialModel.setType("password");
        credentialModel.setSalt(salt);
        credentialModel.setHashIterations(i);
        credentialModel.setValue(encode);
        return credentialModel;
    }

    @Override // org.keycloak.credential.hash.PasswordHashProvider
    public boolean policyCheck(PasswordPolicy passwordPolicy, CredentialModel credentialModel) {
        return credentialModel.getHashIterations() == passwordPolicy.getHashIterations() && "pbkdf2".equals(credentialModel.getAlgorithm());
    }

    @Override // org.keycloak.credential.hash.PasswordHashProvider
    public void encode(String str, PasswordPolicy passwordPolicy, CredentialModel credentialModel) {
        byte[] salt = getSalt();
        String encode = encode(str, passwordPolicy.getHashIterations(), salt);
        credentialModel.setAlgorithm("pbkdf2");
        credentialModel.setType("password");
        credentialModel.setSalt(salt);
        credentialModel.setHashIterations(passwordPolicy.getHashIterations());
        credentialModel.setValue(encode);
    }

    @Override // org.keycloak.credential.hash.PasswordHashProvider
    public boolean verify(String str, CredentialModel credentialModel) {
        return encode(str, credentialModel.getHashIterations(), credentialModel.getSalt()).equals(credentialModel.getValue());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.provider.ProviderFactory
    public PasswordHashProvider create(KeycloakSession keycloakSession) {
        return this;
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void init(Config.Scope scope) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void close() {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return "pbkdf2";
    }

    private String encode(String str, int i, byte[] bArr) {
        try {
            return Base64.encodeBytes(getSecretKeyFactory().generateSecret(new PBEKeySpec(str.toCharArray(), bArr, i, DERIVED_KEY_SIZE)).getEncoded());
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException("Credential could not be encoded", e);
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new RuntimeException(e2);
        }
    }

    private byte[] getSalt() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private SecretKeyFactory getSecretKeyFactory() {
        try {
            return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("PBKDF2 algorithm not found", e);
        }
    }
}
