package de.slevermann.pwhash.pbkdf2;

import de.slevermann.pwhash.HashStrategy;
import de.slevermann.pwhash.InvalidHashException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:de/slevermann/pwhash/pbkdf2/Pbkdf2Strategy.class */
public class Pbkdf2Strategy implements HashStrategy {
    public static final int DEFAULT_ITERATIONS = 20000;
    public static final int DEFAULT_SALT_LENGTH = 16;
    private SecretKeyFactory keyFactory;
    private String id;
    private SecureRandom secureRandom = new SecureRandom();
    private int saltLength;
    private int dkLength;
    private int iterations;

    /* JADX INFO: Access modifiers changed from: protected */
    public Pbkdf2Strategy(int i, int i2, int i3, String str) {
        this.saltLength = i;
        this.dkLength = i2;
        this.iterations = i3;
        try {
            this.keyFactory = SecretKeyFactory.getInstance(str);
            this.id = str.toLowerCase();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Missing " + str + " implementation", e);
        }
    }

    public String hash(String str) {
        String str2 = "$" + this.id + "$iterations=" + this.iterations + "$";
        byte[] bArr = new byte[this.saltLength];
        this.secureRandom.nextBytes(bArr);
        Base64.Encoder withoutPadding = Base64.getEncoder().withoutPadding();
        return (str2 + withoutPadding.encodeToString(bArr) + "$") + withoutPadding.encodeToString(computeHash(str, bArr, this.iterations));
    }

    public boolean verify(String str, String str2) throws InvalidHashException {
        String[] split = str2.split("\\$");
        if (split.length != 5) {
            throw new InvalidHashException("Invalid hash format");
        }
        if (!split[1].equals(this.id)) {
            throw new InvalidHashException("Invalid hash identifier");
        }
        String[] split2 = split[2].split("=");
        if (split2.length != 2) {
            throw new InvalidHashException("Invalid hash parameter format");
        }
        if (!split2[0].equals("iterations")) {
            throw new InvalidHashException("Invalid hash parameter name");
        }
        try {
            int parseInt = Integer.parseInt(split2[1]);
            Base64.Decoder decoder = Base64.getDecoder();
            return MessageDigest.isEqual(decoder.decode(split[4]), computeHash(str, decoder.decode(split[3]), parseInt));
        } catch (NumberFormatException e) {
            throw new InvalidHashException("Non-numeric iteration count", e);
        }
    }

    public boolean needsRehash(String str, String str2) {
        try {
            return verify(str, str2) && Integer.parseInt(str2.split("\\$")[2].split("=")[1]) != this.iterations;
        } catch (InvalidHashException e) {
            return false;
        }
    }

    private byte[] computeHash(String str, byte[] bArr, int i) {
        try {
            return this.keyFactory.generateSecret(new PBEKeySpec(str.toCharArray(), bArr, i, this.dkLength * 8)).getEncoded();
        } catch (InvalidKeySpecException e) {
            throw new IllegalStateException("Error on secret generation. This may mean that cryptographic primitives are missing from the JDK.\nIt may also mean that this is a severe bug in the pwhash library.", e);
        }
    }
}
