package org.keycloak.models.utils;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import net.iharder.Base64;

/* loaded from: input_file:org/keycloak/models/utils/Pbkdf2PasswordEncoder.class */
public class Pbkdf2PasswordEncoder {
    public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
    public static final String RNG_ALGORITHM = "SHA1PRNG";
    private static final int DERIVED_KEY_SIZE = 512;
    private static final int ITERATIONS = 20000;
    private final int iterations;
    private byte[] salt;

    public Pbkdf2PasswordEncoder(byte[] bArr, int i) {
        this.salt = bArr;
        this.iterations = i;
    }

    public Pbkdf2PasswordEncoder(byte[] bArr) {
        this(bArr, ITERATIONS);
    }

    public String encode(String str) {
        try {
            return Base64.encodeBytes(getSecretKeyFactory().generateSecret(new PBEKeySpec(str.toCharArray(), this.salt, this.iterations, DERIVED_KEY_SIZE)).getEncoded());
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException("Credential could not be encoded");
        }
    }

    public boolean verify(String str, String str2) {
        return encode(str).equals(str2);
    }

    public static byte[] getSalt() {
        byte[] bArr = new byte[16];
        try {
            SecureRandom.getInstance(RNG_ALGORITHM).nextBytes(bArr);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("RNG algorithm not found");
        }
    }

    private static SecretKeyFactory getSecretKeyFactory() {
        try {
            return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("PBKDF2 algorithm not found");
        }
    }
}
