package org.apache.tomee.security;

import jakarta.enterprise.context.Dependent;
import jakarta.security.enterprise.identitystore.Pbkdf2PasswordHash;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.Map;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.hsqldb.Tokens;

@Dependent
/* loaded from: input_file:lib/tomee-security-9.1.0.jar:org/apache/tomee/security/TomEEPbkdf2PasswordHash.class */
public class TomEEPbkdf2PasswordHash implements Pbkdf2PasswordHash {
    public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
    public static final int SALT_BYTE_SIZE = 24;
    public static final int HASH_BYTE_SIZE = 18;
    public static final int PBKDF2_ITERATIONS = 64000;
    private SecureRandom random = new SecureRandom();
    private String configuredAlgorithm = PBKDF2_ALGORITHM;
    private int configuredIterations = PBKDF2_ITERATIONS;
    private int configuredSaltSize = 24;
    private int configuredHashSize = 18;

    @Override // jakarta.security.enterprise.identitystore.PasswordHash
    public void initialize(Map<String, String> map) {
        String str = map.get("Pbkdf2PasswordHash.Algorithm");
        if (str != null) {
            this.configuredAlgorithm = str;
        }
        String str2 = map.get("Pbkdf2PasswordHash.Iterations");
        if (str2 != null) {
            this.configuredIterations = Integer.parseInt(str2);
        }
        String str3 = map.get("Pbkdf2PasswordHash.SaltSizeBytes");
        if (str3 != null) {
            this.configuredSaltSize = Integer.parseInt(str3);
        }
        String str4 = map.get("Pbkdf2PasswordHash.KeySizeBytes");
        if (str4 != null) {
            this.configuredHashSize = Integer.parseInt(str4);
        }
    }

    @Override // jakarta.security.enterprise.identitystore.PasswordHash
    public String generate(char[] cArr) {
        byte[] bArr = new byte[this.configuredSaltSize];
        this.random.nextBytes(bArr);
        return toString(this.configuredAlgorithm, this.configuredIterations, bArr, pbkdf2(cArr, bArr, this.configuredIterations, this.configuredHashSize, this.configuredAlgorithm));
    }

    @Override // jakarta.security.enterprise.identitystore.PasswordHash
    public boolean verify(char[] cArr, String str) {
        String[] split = str.split(Tokens.T_COLON);
        if (split.length != 4) {
            throw new RuntimeException("Missing fields in hashed password.");
        }
        String str2 = split[0];
        try {
            int parseInt = Integer.parseInt(split[1]);
            if (parseInt < 1) {
                throw new RuntimeException("Invalid number of iterations. Must be >= 1.");
            }
            try {
                byte[] fromBase64 = fromBase64(split[2]);
                try {
                    byte[] fromBase642 = fromBase64(split[3]);
                    return slowEquals(fromBase642, pbkdf2(cArr, fromBase64, parseInt, fromBase642.length, str2));
                } catch (IllegalArgumentException e) {
                    throw new RuntimeException("Base64 decoding of pbkdf2 output failed.", e);
                }
            } catch (IllegalArgumentException e2) {
                throw new RuntimeException("Base64 decoding of salt failed.", e2);
            }
        } catch (NumberFormatException e3) {
            throw new RuntimeException("Could not parse the iteration as an integer.", e3);
        }
    }

    private byte[] pbkdf2(char[] cArr, byte[] bArr, int i, int i2, String str) {
        try {
            return SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr, bArr, i, i2 * 8)).getEncoded();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Hash algorithm not supported.", e);
        } catch (InvalidKeySpecException e2) {
            throw new RuntimeException("Invalid key spec.", e2);
        }
    }

    private static String toString(String str, int i, byte[] bArr, byte[] bArr2) {
        return str + ":" + i + ":" + toBase64(bArr) + ":" + toBase64(bArr2);
    }

    private static byte[] fromBase64(String str) throws IllegalArgumentException {
        return Base64.getDecoder().decode(str);
    }

    private static String toBase64(byte[] bArr) {
        return Base64.getEncoder().encodeToString(bArr);
    }

    private static boolean slowEquals(byte[] bArr, byte[] bArr2) {
        int length = bArr.length ^ bArr2.length;
        for (int i = 0; i < bArr.length && i < bArr2.length; i++) {
            length |= bArr[i] ^ bArr2[i];
        }
        return length == 0;
    }
}
