package dk.alexandra.fresco.framework.util;

import java.security.InvalidKeyException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.function.Supplier;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dk/alexandra/fresco/framework/util/HmacDrbg.class */
public class HmacDrbg implements Drbg {
    private final Logger logger;
    private static final String DEFAULT_ALGORITHM = "HmacSHA256";
    private final String algorithm;
    private Mac mac;
    private byte[] val;
    private byte[] key;
    long reseedCounter;
    private List<byte[]> seeds;
    static final long MAX_RESEED_COUNT = 281474976710656L;

    public HmacDrbg(byte[]... bArr) {
        this(null, bArr);
    }

    public HmacDrbg(Supplier<Mac> supplier, byte[]... bArr) {
        this.logger = LoggerFactory.getLogger((Class<?>) HmacDrbg.class);
        this.mac = null;
        this.val = null;
        this.key = null;
        this.seeds = new ArrayList();
        Collections.addAll(this.seeds, bArr);
        if (this.seeds.size() < 1) {
            this.logger.warn("DRBG initialized with no seeds. Using the very insecure 0 seed. Should only be used during testing");
            this.seeds.add(new byte[]{0});
        }
        if (supplier == null) {
            this.mac = (Mac) ExceptionConverter.safe(() -> {
                return Mac.getInstance(DEFAULT_ALGORITHM);
            }, "Missing algorithm");
        } else {
            this.mac = supplier.get();
        }
        this.algorithm = this.mac.getAlgorithm();
        this.key = new byte[64];
        this.val = new byte[64];
        for (int i = 0; i < this.val.length; i++) {
            this.val[i] = 1;
        }
        initializeMac(this.key);
        setSeed(this.seeds.remove(0));
    }

    @Override // dk.alexandra.fresco.framework.util.Drbg
    public synchronized void nextBytes(byte[] bArr) {
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= bArr.length) {
                break;
            }
            this.val = this.mac.doFinal(this.val);
            int length = this.val.length;
            if (length > bArr.length - i2) {
                length = bArr.length - i2;
            }
            System.arraycopy(this.val, 0, bArr, i2, length);
            i = i2 + length;
        }
        update(null);
        this.reseedCounter++;
        if (this.reseedCounter >= MAX_RESEED_COUNT) {
            if (this.seeds.isEmpty()) {
                throw new IllegalStateException("No more seeds available. Security guarantees no longer holds. Please restart the application using more seeds to continue beyond this point.");
            }
            setSeed(this.seeds.remove(0));
        }
    }

    private void update(byte[] bArr) {
        this.mac.update(this.val);
        this.key = this.mac.doFinal(new byte[]{0});
        initializeMac(this.key);
        this.val = this.mac.doFinal(this.val);
        if (bArr == null) {
            return;
        }
        this.mac.update(this.val);
        this.mac.update(new byte[]{1});
        this.key = this.mac.doFinal(bArr);
        initializeMac(this.key);
        this.val = this.mac.doFinal(this.val);
    }

    private void initializeMac(byte[] bArr) {
        safeInitialize(new SecretKeySpec(bArr, this.algorithm));
    }

    void safeInitialize(SecretKey secretKey) {
        try {
            this.mac.init(secretKey);
        } catch (InvalidKeyException e) {
            throw new IllegalStateException("Key could not be generated from given data", e);
        }
    }

    private void setSeed(byte[] bArr) {
        update(bArr);
        this.reseedCounter = 0L;
    }
}
