package com.ibm.ws.security.javaeesec.cdi.beans.hash;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.enterprise.context.Dependent;
import javax.enterprise.inject.Default;
import javax.security.enterprise.identitystore.Pbkdf2PasswordHash;

@Default
@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Dependent
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/javaeesec/cdi/beans/hash/Pbkdf2PasswordHashImpl.class */
public class Pbkdf2PasswordHashImpl implements Pbkdf2PasswordHash {
    private static final String PARAM_ALGORITHM = "Pbkdf2PasswordHash.Algorithm";
    private static final String PARAM_ITERATIONS = "Pbkdf2PasswordHash.Iterations";
    private static final String PARAM_SALTSIZE = "Pbkdf2PasswordHash.SaltSizeBytes";
    private static final String PARAM_KEYSIZE = "Pbkdf2PasswordHash.KeySizeBytes";
    private static final int DEFAULT_ALGORITHM = 1;
    private static final int DEFAULT_ITERATIONS = 2048;
    private static final int DEFAULT_SALTSIZE = 32;
    private static final int DEFAULT_KEYSIZE = 32;
    private static final int MINIMUM_ITERATIONS = 1024;
    private static final int MINIMUM_SALTSIZE = 16;
    private static final int MINIMUM_KEYSIZE = 16;
    private int generateAlgorithm = DEFAULT_ALGORITHM;
    private int generateIterations = DEFAULT_ITERATIONS;
    private int generateSaltSize = 32;
    private int generateKeySize = 32;
    static final long serialVersionUID = 8265946135746936410L;
    private static final TraceComponent tc = Tr.register(Pbkdf2PasswordHashImpl.class, "security", "com.ibm.ws.security.javaeesec.cdi.internal.resources.JavaEESecMessages");
    private static final List<String> SUPPORTED_ALGORITHMS = Arrays.asList("PBKDF2WithHmacSHA224", "PBKDF2WithHmacSHA256", "PBKDF2WithHmacSHA384", "PBKDF2WithHmacSHA512");

    public void initialize(Map<String, String> map) {
        parseParams(map);
    }

    public String generate(@Sensitive char[] cArr) {
        byte[] generateSalt = generateSalt(this.generateSaltSize);
        return format(SUPPORTED_ALGORITHMS.get(this.generateAlgorithm), this.generateIterations, generateSalt, generate(SUPPORTED_ALGORITHMS.get(this.generateAlgorithm), this.generateIterations, this.generateKeySize, generateSalt, cArr));
    }

    public boolean verify(@Sensitive char[] cArr, String str) {
        String[] parseData = parseData(str);
        byte[] base64DecodeString = Base64Coder.base64DecodeString(parseData[3]);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "original Hash length : " + (base64DecodeString != null ? Integer.valueOf(base64DecodeString.length) : "null"), new Object[0]);
        }
        if (base64DecodeString == null) {
            String formatMessage = Tr.formatMessage(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_INVALID_DATA", new Object[]{Tr.formatMessage(tc, "JAVAEESEC_CDI_INVALID_HASH_VALUE", new Object[0])});
            Tr.error(tc, formatMessage, new Object[0]);
            throw new IllegalArgumentException(formatMessage);
        }
        byte[] base64DecodeString2 = Base64Coder.base64DecodeString(parseData[2]);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "original Salt length : " + (base64DecodeString2 != null ? Integer.valueOf(base64DecodeString2.length) : "null"), new Object[0]);
        }
        if (base64DecodeString2 != null) {
            return Arrays.equals(base64DecodeString, generate(parseData[0], Integer.parseInt(parseData[DEFAULT_ALGORITHM]), base64DecodeString.length, base64DecodeString2, cArr));
        }
        String formatMessage2 = Tr.formatMessage(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_INVALID_DATA", new Object[]{Tr.formatMessage(tc, "JAVAEESEC_CDI_INVALID_SALT_VALUE", new Object[0])});
        Tr.error(tc, formatMessage2, new Object[0]);
        throw new IllegalArgumentException(formatMessage2);
    }

    private String[] parseData(String str) throws IllegalArgumentException {
        String formatMessage;
        String[] split = str.split(":");
        if (split.length != 4) {
            formatMessage = Tr.formatMessage(tc, "JAVAEESEC_CDI_INVALID_ELEMENTS", new Object[]{Integer.valueOf(split.length)});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Invalid format: the number of the elements is not 4 but " + split.length, new Object[0]);
            }
        } else if (SUPPORTED_ALGORITHMS.contains(split[0])) {
            try {
                Integer.parseInt(split[DEFAULT_ALGORITHM]);
                return split;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.beans.hash.Pbkdf2PasswordHashImpl", "125", this, new Object[]{str});
                formatMessage = Tr.formatMessage(tc, "JAVAEESEC_CDI_INVALID_ITERATION", new Object[]{split[DEFAULT_ALGORITHM]});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid format: the iterations is not a number : " + split[DEFAULT_ALGORITHM], new Object[0]);
                }
            }
        } else {
            formatMessage = Tr.formatMessage(tc, "JAVAEESEC_CDI_INVALID_ALGORITHM", new Object[]{split[0]});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Invalid format: the hash algorithm is not supported : " + split[0], new Object[0]);
            }
        }
        String formatMessage2 = Tr.formatMessage(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_INVALID_DATA", new Object[]{formatMessage});
        Tr.error(tc, formatMessage2, new Object[0]);
        throw new IllegalArgumentException(formatMessage2);
    }

    protected void parseParams(Map<String, String> map) {
        this.generateAlgorithm = indexOf(PARAM_ALGORITHM, DEFAULT_ALGORITHM, SUPPORTED_ALGORITHMS, map.get(PARAM_ALGORITHM));
        this.generateIterations = parseInt(PARAM_ITERATIONS, map.get(PARAM_ITERATIONS), DEFAULT_ITERATIONS, MINIMUM_ITERATIONS);
        this.generateSaltSize = parseInt(PARAM_SALTSIZE, map.get(PARAM_SALTSIZE), 32, 16);
        this.generateKeySize = parseInt(PARAM_KEYSIZE, map.get(PARAM_KEYSIZE), 32, 16);
    }

    private int indexOf(String str, int i, List<String> list, String str2) {
        int i2 = i;
        if (str2 != null) {
            int indexOf = SUPPORTED_ALGORITHMS.indexOf(str2);
            if (indexOf < 0) {
                Tr.error(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_INVALID_PARAM", new Object[]{str2, str});
                throw new IllegalArgumentException(Tr.formatMessage(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_INVALID_PARAM", new Object[]{str2, str}));
            }
            i2 = indexOf;
        }
        return i2;
    }

    private int parseInt(String str, String str2, int i, int i2) {
        int i3 = i;
        if (str2 != null) {
            try {
                i3 = Integer.parseInt(str2);
                if (i3 < i2) {
                    Tr.error(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_BELOW_MINIMUM_PARAM", new Object[]{str2, str, Integer.valueOf(i2)});
                    throw new IllegalArgumentException(Tr.formatMessage(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_BELOW_MINIMUM_PARAM", new Object[]{str2, str, Integer.valueOf(i2)}));
                }
            } catch (NumberFormatException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.beans.hash.Pbkdf2PasswordHashImpl", "183", this, new Object[]{str, str2, Integer.valueOf(i), Integer.valueOf(i2)});
                Tr.error(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_INVALID_PARAM", new Object[]{str2, str});
                throw new IllegalArgumentException(Tr.formatMessage(tc, "JAVAEESEC_CDI_ERROR_PASSWORDHASH_INVALID_PARAM", new Object[]{str2, str}));
            }
        }
        return i3;
    }

    private byte[] generateSalt(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private String format(String str, int i, byte[] bArr, byte[] bArr2) {
        StringBuffer stringBuffer = new StringBuffer(str);
        stringBuffer.append(':').append(i).append(':').append(Base64Coder.base64EncodeToString(bArr)).append(':').append(Base64Coder.base64EncodeToString(bArr2));
        return stringBuffer.toString();
    }

    public byte[] generate(String str, int i, int i2, byte[] bArr, @Sensitive char[] cArr) {
        try {
            return SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr, bArr, i, i2 * 8)).getEncoded();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.javaeesec.cdi.beans.hash.Pbkdf2PasswordHashImpl", "214", this, new Object[]{str, Integer.valueOf(i), Integer.valueOf(i2), bArr, "<sensitive char[]>"});
            throw new RuntimeException(e);
        }
    }

    protected String getAlgorithmString(int i) {
        return SUPPORTED_ALGORITHMS.get(i);
    }

    protected int getAlgorithm() {
        return this.generateAlgorithm;
    }

    protected int getIterations() {
        return this.generateIterations;
    }

    protected int getSaltSize() {
        return this.generateSaltSize;
    }

    protected int getKeySize() {
        return this.generateKeySize;
    }
}
