package org.wildfly.security.password.impl;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.password.PasswordUtil;
import org.wildfly.security.password.interfaces.ScramDigestPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.EncryptablePasswordSpec;
import org.wildfly.security.password.spec.HashedPasswordAlgorithmSpec;
import org.wildfly.security.password.spec.ScramDigestPasswordSpec;

/* loaded from: input_file:org/wildfly/security/password/impl/ScramDigestPasswordImpl.class */
class ScramDigestPasswordImpl extends AbstractPasswordImpl implements ScramDigestPassword {
    private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
    private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
    private final String algorithm;
    private final byte[] digest;
    private final byte[] salt;
    private final int iterationCount;

    ScramDigestPasswordImpl(String str, byte[] bArr, byte[] bArr2, int i) {
        this.algorithm = str;
        this.digest = bArr;
        this.salt = bArr2;
        this.iterationCount = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(ScramDigestPassword scramDigestPassword) {
        this(scramDigestPassword.getAlgorithm(), (byte[]) scramDigestPassword.getDigest().clone(), (byte[]) scramDigestPassword.getSalt().clone(), scramDigestPassword.getIterationCount());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, ScramDigestPasswordSpec scramDigestPasswordSpec) {
        this(str, (byte[]) scramDigestPasswordSpec.getDigest().clone(), (byte[]) scramDigestPasswordSpec.getSalt().clone(), scramDigestPasswordSpec.getIterationCount());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, ClearPasswordSpec clearPasswordSpec) throws InvalidKeySpecException {
        this.algorithm = str;
        this.salt = PasswordUtil.generateRandomSalt(12);
        this.iterationCount = ScramDigestPassword.DEFAULT_ITERATION_COUNT;
        try {
            this.digest = scramDigest(this.algorithm, getNormalizedPasswordBytes(clearPasswordSpec.getEncodedPassword()), this.salt, this.iterationCount);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new InvalidKeySpecException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramDigestPasswordImpl(String str, EncryptablePasswordSpec encryptablePasswordSpec) throws InvalidKeySpecException {
        this(str, encryptablePasswordSpec.getPassword(), (HashedPasswordAlgorithmSpec) encryptablePasswordSpec.getAlgorithmParameterSpec());
    }

    private ScramDigestPasswordImpl(String str, char[] cArr, HashedPasswordAlgorithmSpec hashedPasswordAlgorithmSpec) throws InvalidKeySpecException {
        this.algorithm = str;
        this.salt = hashedPasswordAlgorithmSpec.getSalt() == null ? PasswordUtil.generateRandomSalt(12) : (byte[]) hashedPasswordAlgorithmSpec.getSalt().clone();
        this.iterationCount = hashedPasswordAlgorithmSpec.getIterationCount() == 0 ? ScramDigestPassword.DEFAULT_ITERATION_COUNT : hashedPasswordAlgorithmSpec.getIterationCount();
        try {
            this.digest = scramDigest(str, getNormalizedPasswordBytes(cArr), this.salt, this.iterationCount);
        } catch (Exception e) {
            throw new InvalidKeySpecException(e);
        }
    }

    @Override // java.security.Key
    public String getAlgorithm() {
        return this.algorithm;
    }

    @Override // org.wildfly.security.password.interfaces.ScramDigestPassword
    public byte[] getDigest() {
        try {
            return (byte[]) this.digest.clone();
        } catch (NullPointerException e) {
            throw new IllegalStateException();
        }
    }

    @Override // org.wildfly.security.password.interfaces.ScramDigestPassword
    public byte[] getSalt() {
        try {
            return (byte[]) this.salt.clone();
        } catch (NullPointerException e) {
            throw new IllegalStateException();
        }
    }

    @Override // org.wildfly.security.password.interfaces.ScramDigestPassword
    public int getIterationCount() {
        return this.iterationCount;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public <T extends KeySpec> boolean convertibleTo(Class<T> cls) {
        return cls.isAssignableFrom(ScramDigestPasswordSpec.class);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public boolean verify(char[] cArr) throws InvalidKeyException {
        try {
            return Arrays.equals(this.digest, scramDigest(getAlgorithm(), getNormalizedPasswordBytes(cArr), getSalt(), getIterationCount()));
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidKeyException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.password.impl.AbstractPasswordImpl
    public <S extends KeySpec> S getKeySpec(Class<S> cls) throws InvalidKeySpecException {
        if (cls.isAssignableFrom(ScramDigestPasswordSpec.class)) {
            return cls.cast(new ScramDigestPasswordSpec(getDigest(), getSalt(), getIterationCount()));
        }
        throw new InvalidKeySpecException();
    }

    static byte[] scramDigest(String str, byte[] bArr, byte[] bArr2, int i) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac macInstance = getMacInstance(str, bArr);
        macInstance.update(bArr2);
        macInstance.update("������\u0001".getBytes(StandardCharsets.UTF_8));
        byte[] doFinal = macInstance.doFinal();
        byte[] bArr3 = doFinal;
        for (int i2 = 1; i2 < i; i2++) {
            macInstance.update(bArr3);
            bArr3 = macInstance.doFinal();
            for (int i3 = 0; i3 < doFinal.length; i3++) {
                int i4 = i3;
                doFinal[i4] = (byte) (doFinal[i4] ^ bArr3[i3]);
            }
        }
        return doFinal;
    }

    private static Mac getMacInstance(String str, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1757081455:
                if (str.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_1)) {
                    z = false;
                    break;
                }
                break;
            case -633128269:
                if (str.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_256)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                Mac mac = Mac.getInstance("HmacSHA1");
                mac.init(new SecretKeySpec(bArr, "HmacSHA1"));
                return mac;
            case true:
                Mac mac2 = Mac.getInstance("HmacSHA256");
                mac2.init(new SecretKeySpec(bArr, "HmacSHA256"));
                return mac2;
            default:
                throw ElytronMessages.log.noSuchAlgorithmInvalidAlgorithm(str);
        }
    }
}
