package ru.org.openam.crypt;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Random;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/crypt-14.8.2.1.jar:ru/org/openam/crypt/SSHA256.class */
public final class SSHA256 {
    private static final String SSHA = "{SSHA256}";
    private static final int DEFAULT_SALT_SIZE = 8;
    private static Logger logger = LoggerFactory.getLogger((Class<?>) SSHA256.class);
    private static final Random RANDOM = new SecureRandom();

    private SSHA256() {
    }

    public static String getSaltedPassword(byte[] bArr) throws NoSuchAlgorithmException {
        byte[] bArr2 = new byte[8];
        RANDOM.nextBytes(bArr2);
        return getSaltedPassword(bArr, bArr2);
    }

    protected static String getSaltedPassword(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(bArr);
        byte[] digest = messageDigest.digest(bArr2);
        byte[] bArr3 = new byte[digest.length + bArr2.length];
        for (int i = 0; i < digest.length; i++) {
            bArr3[i] = digest[i];
        }
        for (int i2 = 0; i2 < bArr2.length; i2++) {
            bArr3[digest.length + i2] = bArr2[i2];
        }
        String str = null;
        try {
            str = SSHA + new String(Base64.encodeBase64(bArr3), "UTF8");
        } catch (UnsupportedEncodingException e) {
            logger.error("getSaltedPassword", (Throwable) e);
        }
        return str;
    }

    public static boolean verifySaltedPassword(byte[] bArr, String str) {
        try {
            if (!str.startsWith(SSHA)) {
                throw new IllegalArgumentException("Hash not prefixed by {SSHA256}; is it really a salted hash?");
            }
            byte[] decodeBase64 = Base64.decodeBase64(str.substring(9).getBytes("UTF-8"));
            byte[] extractPasswordHash = extractPasswordHash(decodeBase64);
            byte[] extractSalt = extractSalt(decodeBase64);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return Arrays.equals(extractPasswordHash, messageDigest.digest(extractSalt));
        } catch (Exception e) {
            logger.error("verifySaltedPassword", (Throwable) e);
            return false;
        }
    }

    protected static byte[] extractPasswordHash(byte[] bArr) throws IllegalArgumentException {
        if (bArr.length < 32) {
            throw new IllegalArgumentException("Hash was less than 32 characters; could not extract password hash!");
        }
        byte[] bArr2 = new byte[32];
        for (int i = 0; i < 32; i++) {
            bArr2[i] = bArr[i];
        }
        return bArr2;
    }

    protected static byte[] extractSalt(byte[] bArr) throws IllegalArgumentException {
        if (bArr.length <= 32) {
            throw new IllegalArgumentException("Hash was less than 41 characters; we found no salt!");
        }
        byte[] bArr2 = new byte[bArr.length - 32];
        for (int i = 32; i < bArr.length; i++) {
            bArr2[i - 32] = bArr[i];
        }
        return bArr2;
    }
}
