package keywhiz.hkdf;

import com.sun.crypto.provider.SunJCE;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Objects;
import javax.annotation.Nullable;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:keywhiz/hkdf/Hkdf.class */
public class Hkdf {
    private static Hash DEFAULT_HASH = Hash.SHA256;
    private static Provider DEFAULT_PROVIDER = new SunJCE();
    private final Hash hash;
    private final Provider provider;

    private Hkdf(Hash hash, Provider provider) {
        this.hash = hash;
        this.provider = provider;
    }

    public static Hkdf usingDefaults() {
        return new Hkdf(DEFAULT_HASH, DEFAULT_PROVIDER);
    }

    public static Hkdf usingHash(Hash hash) {
        return new Hkdf((Hash) Objects.requireNonNull(hash), DEFAULT_PROVIDER);
    }

    public static Hkdf usingProvider(Provider provider) {
        return new Hkdf(DEFAULT_HASH, (Provider) Objects.requireNonNull(provider));
    }

    public SecretKey extract(@Nullable SecretKey secretKey, byte[] bArr) {
        Objects.requireNonNull(bArr, "ikm must not be null");
        if (secretKey == null) {
            secretKey = new SecretKeySpec(new byte[this.hash.getByteLength()], this.hash.getAlgorithm());
        }
        return new SecretKeySpec(initMac(secretKey).doFinal(bArr), this.hash.getAlgorithm());
    }

    public byte[] expand(SecretKey secretKey, @Nullable byte[] bArr, int i) {
        Objects.requireNonNull(secretKey, "key must not be null");
        if (i < 1) {
            throw new IllegalArgumentException("outputLength must be positive");
        }
        int byteLength = this.hash.getByteLength();
        if (i > 255 * byteLength) {
            throw new IllegalArgumentException("outputLength must be less than or equal to 255*HashLen");
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        int i2 = i % byteLength == 0 ? i / byteLength : (i / byteLength) + 1;
        byte[] bArr2 = new byte[0];
        ByteBuffer allocate = ByteBuffer.allocate(Math.multiplyExact(i2, byteLength));
        Mac initMac = initMac(secretKey);
        for (int i3 = 1; i3 <= i2; i3++) {
            initMac.reset();
            initMac.update(bArr2);
            initMac.update(bArr);
            initMac.update((byte) i3);
            bArr2 = initMac.doFinal();
            allocate.put(bArr2);
        }
        byte[] bArr3 = new byte[i];
        allocate.rewind();
        allocate.get(bArr3, 0, i);
        return bArr3;
    }

    public SecretKey randomSalt() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[this.hash.getByteLength()];
        secureRandom.nextBytes(bArr);
        return new SecretKeySpec(bArr, this.hash.getAlgorithm());
    }

    private Mac initMac(SecretKey secretKey) {
        try {
            Mac mac = Mac.getInstance(this.hash.getAlgorithm(), this.provider);
            mac.init(secretKey);
            return mac;
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }
}
