package top.beanshell.rbac.util;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:top/beanshell/rbac/util/PasswordStorage.class */
public final class PasswordStorage {
    public static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA1";
    public static final int SALT_BYTE_SIZE = 24;
    public static final int HASH_BYTE_SIZE = 18;
    public static final int PBKDF2_ITERATIONS = 64000;
    public static final int HASH_SECTIONS = 5;
    public static final int HASH_ALGORITHM_INDEX = 0;
    public static final int ITERATION_INDEX = 1;
    public static final int HASH_SIZE_INDEX = 2;
    public static final int SALT_INDEX = 3;
    public static final int PBKDF2_INDEX = 4;

    /* loaded from: input_file:top/beanshell/rbac/util/PasswordStorage$CannotPerformOperationException.class */
    public static class CannotPerformOperationException extends Exception {
        public CannotPerformOperationException(String str) {
            super(str);
        }

        public CannotPerformOperationException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* loaded from: input_file:top/beanshell/rbac/util/PasswordStorage$InvalidHashException.class */
    public static class InvalidHashException extends Exception {
        public InvalidHashException(String str) {
            super(str);
        }

        public InvalidHashException(String str, Throwable th) {
            super(str, th);
        }
    }

    public static String createHash(String str) throws CannotPerformOperationException {
        return createHash(str.toCharArray());
    }

    public static String createHash(char[] cArr) throws CannotPerformOperationException {
        byte[] bArr = new byte[24];
        new SecureRandom().nextBytes(bArr);
        byte[] pbkdf2 = pbkdf2(cArr, bArr, PBKDF2_ITERATIONS, 18);
        return "sha1:64000:" + pbkdf2.length + ":" + toBase64(bArr) + ":" + toBase64(pbkdf2);
    }

    public static boolean verifyPassword(String str, String str2) throws CannotPerformOperationException, InvalidHashException {
        return verifyPassword(str.toCharArray(), str2);
    }

    public static boolean verifyPassword(char[] cArr, String str) throws CannotPerformOperationException, InvalidHashException {
        String[] split = str.split(":");
        if (split.length != 5) {
            throw new InvalidHashException("Fields are missing from the password hash.");
        }
        if (!split[0].equals("sha1")) {
            throw new CannotPerformOperationException("Unsupported hash type.");
        }
        try {
            int parseInt = Integer.parseInt(split[1]);
            if (parseInt < 1) {
                throw new InvalidHashException("Invalid number of iterations. Must be >= 1.");
            }
            try {
                byte[] fromBase64 = fromBase64(split[3]);
                try {
                    byte[] fromBase642 = fromBase64(split[4]);
                    try {
                        if (Integer.parseInt(split[2]) != fromBase642.length) {
                            throw new InvalidHashException("Hash length doesn't match stored hash length.");
                        }
                        return slowEquals(fromBase642, pbkdf2(cArr, fromBase64, parseInt, fromBase642.length));
                    } catch (NumberFormatException e) {
                        throw new InvalidHashException("Could not parse the hash size as an integer.", e);
                    }
                } catch (IllegalArgumentException e2) {
                    throw new InvalidHashException("Base64 decoding of pbkdf2 output failed.", e2);
                }
            } catch (IllegalArgumentException e3) {
                throw new InvalidHashException("Base64 decoding of salt failed.", e3);
            }
        } catch (NumberFormatException e4) {
            throw new InvalidHashException("Could not parse the iteration count as an integer.", e4);
        }
    }

    private static boolean slowEquals(byte[] bArr, byte[] bArr2) {
        int length = bArr.length ^ bArr2.length;
        for (int i = 0; i < bArr.length && i < bArr2.length; i++) {
            length |= bArr[i] ^ bArr2[i];
        }
        return length == 0;
    }

    private static byte[] pbkdf2(char[] cArr, byte[] bArr, int i, int i2) throws CannotPerformOperationException {
        try {
            return SecretKeyFactory.getInstance(PBKDF2_ALGORITHM).generateSecret(new PBEKeySpec(cArr, bArr, i, i2 * 8)).getEncoded();
        } catch (NoSuchAlgorithmException e) {
            throw new CannotPerformOperationException("Hash algorithm not supported.", e);
        } catch (InvalidKeySpecException e2) {
            throw new CannotPerformOperationException("Invalid key spec.", e2);
        }
    }

    private static byte[] fromBase64(String str) throws IllegalArgumentException {
        return Base64.getDecoder().decode(str);
    }

    private static String toBase64(byte[] bArr) {
        return Base64.getEncoder().encodeToString(bArr);
    }
}
