package no.kantega.security.api.impl.dbuser.password;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:no/kantega/security/api/impl/dbuser/password/Pbkdf2WithHmacSha1PasswordHasher.class */
public class Pbkdf2WithHmacSha1PasswordHasher implements PasswordHasher {
    private static final int SALT_LENGTH = 16;
    private static final int KEY_LENGTH = 512;
    private static final String ALGORITHM = "PBKDF2WithHmacSha1";

    @Override // no.kantega.security.api.impl.dbuser.password.PasswordHasher
    public PasswordHash hashPassword(String str) {
        byte[] createSalt = createSalt();
        PasswordHashAlgorithm passwordHashAlgorithm = new PasswordHashAlgorithm();
        passwordHashAlgorithm.setId(ALGORITHM);
        passwordHashAlgorithm.put("iterations", 1000);
        passwordHashAlgorithm.put("salt", Hex.encodeHexString(createSalt));
        return hashPassword(str, passwordHashAlgorithm);
    }

    @Override // no.kantega.security.api.impl.dbuser.password.PasswordHasher
    public PasswordHash hashPassword(String str, PasswordHashAlgorithm passwordHashAlgorithm) {
        if (!ALGORITHM.equals(passwordHashAlgorithm.getId())) {
            throw new IllegalArgumentException("This password hasher is unable to hash password using algorithm " + passwordHashAlgorithm.getId());
        }
        try {
            byte[] generateHash = generateHash(new PBEKeySpec(str.toCharArray(), Hex.decodeHex(((String) passwordHashAlgorithm.get("salt")).toCharArray()), ((Integer) passwordHashAlgorithm.get("iterations")).intValue(), KEY_LENGTH), getSecretKeyFactory());
            PasswordHash passwordHash = new PasswordHash();
            passwordHash.setHash(Hex.encodeHexString(generateHash));
            passwordHash.addAlgorithm(passwordHashAlgorithm);
            return passwordHash;
        } catch (DecoderException e) {
            throw new RuntimeException("Failed to decode salt from hex format", e);
        }
    }

    @Override // no.kantega.security.api.impl.dbuser.password.PasswordHasher
    public String getAlgorithm() {
        return ALGORITHM;
    }

    private static byte[] createSalt() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[SALT_LENGTH];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    private static SecretKeyFactory getSecretKeyFactory() {
        try {
            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Unable to create SecretKeyFactory", e);
        }
    }

    private byte[] generateHash(PBEKeySpec pBEKeySpec, SecretKeyFactory secretKeyFactory) {
        try {
            return secretKeyFactory.generateSecret(pBEKeySpec).getEncoded();
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException("Failed to generate password hash", e);
        }
    }
}
