package pl.edu.icm.unity.stdext.credential.pass;

import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Random;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.SCrypt;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:pl/edu/icm/unity/stdext/credential/pass/PasswordEngine.class */
public class PasswordEngine {
    private static final int SALT_LENGTH = 32;
    private Random random = new SecureRandom();

    public PasswordInfo prepareForStore(PasswordCredential passwordCredential, String str) {
        byte[] genSalt = genSalt();
        ScryptParams scryptParams = passwordCredential.getScryptParams();
        return new PasswordInfo(PasswordHashMethod.SCRYPT, scrypt(str, genSalt, scryptParams), genSalt, scryptParams.toMap(), System.currentTimeMillis());
    }

    public boolean verify(PasswordInfo passwordInfo, String str) {
        PasswordHashMethod method = passwordInfo.getMethod();
        switch (method) {
            case SCRYPT:
                return verifySCrypt(passwordInfo, str);
            case SHA256:
                return verifySHA2(passwordInfo, str);
            default:
                throw new IllegalStateException("Shouldn't happen: unsupported password hash method: " + method);
        }
    }

    private boolean verifySHA2(PasswordInfo passwordInfo, String str) {
        int intValue = ((Integer) passwordInfo.getMethodParams().getOrDefault("rehashNumber", 1)).intValue();
        byte[] bytes = ((passwordInfo.getSalt() == null ? "" : new String(passwordInfo.getSalt(), StandardCharsets.UTF_8)) + str).getBytes(StandardCharsets.UTF_8);
        SHA256Digest sHA256Digest = new SHA256Digest();
        int digestSize = sHA256Digest.getDigestSize();
        for (int i = 0; i < intValue; i++) {
            bytes = sha2hash(bytes, digestSize, sHA256Digest);
        }
        return Arrays.areEqual(bytes, passwordInfo.getHash());
    }

    private boolean verifySCrypt(PasswordInfo passwordInfo, String str) {
        return Arrays.areEqual(scrypt(str, passwordInfo.getSalt(), new ScryptParams(passwordInfo.getMethodParams())), passwordInfo.getHash());
    }

    public boolean checkParamsUpToDate(PasswordCredential passwordCredential, PasswordInfo passwordInfo) {
        if (passwordInfo.getMethod() != PasswordHashMethod.SCRYPT) {
            return passwordCredential.isAllowLegacy();
        }
        return passwordCredential.getScryptParams().equals(new ScryptParams(passwordInfo.getMethodParams()));
    }

    private byte[] scrypt(String str, byte[] bArr, ScryptParams scryptParams) {
        return SCrypt.generate(str.getBytes(StandardCharsets.UTF_8), bArr, 1 << scryptParams.getWorkFactor(), scryptParams.getBlockSize(), scryptParams.getParallelization(), scryptParams.getLength());
    }

    private byte[] genSalt() {
        byte[] bArr = new byte[SALT_LENGTH];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private byte[] sha2hash(byte[] bArr, int i, SHA256Digest sHA256Digest) {
        sHA256Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[i];
        sHA256Digest.doFinal(bArr2, 0);
        return bArr2;
    }
}
