package org.opensaml.xmlsec.derivation.impl;

import com.google.common.base.Charsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.codec.DecodingException;
import net.shibboleth.utilities.java.support.codec.EncodingException;
import net.shibboleth.utilities.java.support.component.AbstractInitializableComponent;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.xmlsec.agreement.CloneableKeyAgreementParameter;
import org.opensaml.xmlsec.agreement.KeyAgreementException;
import org.opensaml.xmlsec.agreement.KeyAgreementParameter;
import org.opensaml.xmlsec.agreement.XMLExpressableKeyAgreementParameter;
import org.opensaml.xmlsec.agreement.impl.KeyAgreementParameterParser;
import org.opensaml.xmlsec.algorithm.AlgorithmDescriptor;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.algorithm.MACAlgorithm;
import org.opensaml.xmlsec.derivation.KeyDerivation;
import org.opensaml.xmlsec.derivation.KeyDerivationException;
import org.opensaml.xmlsec.derivation.KeyDerivationSupport;
import org.opensaml.xmlsec.encryption.IterationCount;
import org.opensaml.xmlsec.encryption.KeyDerivationMethod;
import org.opensaml.xmlsec.encryption.KeyLength;
import org.opensaml.xmlsec.encryption.PBKDF2Params;
import org.opensaml.xmlsec.encryption.PRF;
import org.opensaml.xmlsec.encryption.Salt;
import org.opensaml.xmlsec.encryption.Specified;
import org.opensaml.xmlsec.encryption.support.EncryptionConstants;

/* loaded from: input_file:BOOT-INF/lib/opensaml-xmlsec-impl-4.1.1.jar:org/opensaml/xmlsec/derivation/impl/PBKDF2.class */
public class PBKDF2 extends AbstractInitializableComponent implements KeyDerivation, XMLExpressableKeyAgreementParameter, CloneableKeyAgreementParameter {
    public static final String DEFAULT_PRF = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
    public static final Integer DEFAULT_ITERATION_COUNT = 2000;
    public static final Integer DEFAULT_GENERATED_SALT_LENGTH = 8;
    private static final String PBKDF2_JCA_ALGORITHM_BASE = "PBKDF2With";

    @Nullable
    private String salt;

    @NonnullAfterInit
    private Integer generatedSaltLength;

    @NonnullAfterInit
    private SecureRandom secureRandom;

    @NonnullAfterInit
    private Integer iterationCount;

    @Nullable
    private Integer keyLength;

    @NonnullAfterInit
    private String prf;

    /* loaded from: input_file:BOOT-INF/lib/opensaml-xmlsec-impl-4.1.1.jar:org/opensaml/xmlsec/derivation/impl/PBKDF2$Parser.class */
    public static class Parser implements KeyAgreementParameterParser {
        @Override // org.opensaml.xmlsec.agreement.impl.KeyAgreementParameterParser
        public boolean handles(@Nonnull XMLObject xMLObject) {
            return KeyDerivationMethod.class.isInstance(xMLObject) && EncryptionConstants.ALGO_ID_KEYDERIVATION_PBKDF2.equals(((KeyDerivationMethod) KeyDerivationMethod.class.cast(xMLObject)).getAlgorithm());
        }

        @Override // org.opensaml.xmlsec.agreement.impl.KeyAgreementParameterParser
        public KeyAgreementParameter parse(@Nonnull XMLObject xMLObject) throws KeyAgreementException {
            if (!handles(xMLObject)) {
                throw new KeyAgreementException("This implementation does not handle: " + xMLObject.getClass().getName());
            }
            try {
                return PBKDF2.fromXMLObject((KeyDerivationMethod) KeyDerivationMethod.class.cast(xMLObject));
            } catch (ComponentInitializationException e) {
                throw new KeyAgreementException(e);
            }
        }
    }

    @Override // org.opensaml.xmlsec.derivation.KeyDerivation
    public String getAlgorithm() {
        return EncryptionConstants.ALGO_ID_KEYDERIVATION_PBKDF2;
    }

    @Nullable
    public String getSalt() {
        return this.salt;
    }

    public void setSalt(@Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.salt = StringSupport.trimOrNull(str);
    }

    @NonnullAfterInit
    public Integer getGeneratedSaltLength() {
        return this.generatedSaltLength;
    }

    public void setGeneratedSaltLength(@Nullable Integer num) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.generatedSaltLength = num;
    }

    @NonnullAfterInit
    public SecureRandom getRandom() {
        return this.secureRandom;
    }

    public void setRandom(@Nullable SecureRandom secureRandom) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.secureRandom = secureRandom;
    }

    @NonnullAfterInit
    public Integer getIterationCount() {
        return this.iterationCount;
    }

    public void setIterationCount(@Nullable Integer num) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.iterationCount = num;
    }

    @Nullable
    public Integer getKeyLength() {
        return this.keyLength;
    }

    public void setKeyLength(@Nullable Integer num) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.keyLength = num;
    }

    @NonnullAfterInit
    public String getPRF() {
        return this.prf;
    }

    public void setPRF(@Nullable String str) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.prf = StringSupport.trimOrNull(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        if (this.salt != null) {
            try {
                Base64Support.decode(this.salt);
            } catch (DecodingException e) {
                throw new ComponentInitializationException("Salt value was not valid Base64", e);
            }
        }
        if (this.generatedSaltLength == null) {
            this.generatedSaltLength = DEFAULT_GENERATED_SALT_LENGTH;
        }
        if (this.secureRandom == null) {
            this.secureRandom = new SecureRandom();
        }
        if (this.iterationCount == null) {
            this.iterationCount = DEFAULT_ITERATION_COUNT;
        }
        if (this.keyLength != null && this.keyLength.intValue() % 8 != 0) {
            throw new ComponentInitializationException("Specified key length in bits is not a multiple of 8");
        }
        if (this.prf == null) {
            this.prf = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
            return;
        }
        AlgorithmDescriptor algorithmDescriptor = AlgorithmSupport.getGlobalAlgorithmRegistry().get(this.prf);
        if (algorithmDescriptor == null) {
            throw new ComponentInitializationException("Specified PRF algorithm is unknown: " + this.prf);
        }
        if (!MACAlgorithm.class.isInstance(algorithmDescriptor)) {
            throw new ComponentInitializationException("Specified PRF algorithm is not a MAC algorithm: " + this.prf);
        }
    }

    @Override // org.opensaml.xmlsec.derivation.KeyDerivation
    public SecretKey derive(@Nonnull byte[] bArr, @Nonnull String str, @Nullable Integer num) throws KeyDerivationException {
        Constraint.isNotNull(bArr, "Secret byte[] was null");
        Constraint.isNotNull(str, "Key algorithm was null");
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        String jCAKeyAlgorithm = KeyDerivationSupport.getJCAKeyAlgorithm(str);
        byte[] effectiveSalt = getEffectiveSalt();
        Integer effectiveKeyLength = getEffectiveKeyLength(str, num);
        String algorithmID = AlgorithmSupport.getAlgorithmID(this.prf);
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2With" + algorithmID).generateSecret(new PBEKeySpec(new String(bArr, Charsets.UTF_8).toCharArray(), effectiveSalt, this.iterationCount.intValue(), effectiveKeyLength.intValue())).getEncoded(), jCAKeyAlgorithm);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new KeyDerivationException("Error generating SecretKey via PBKDF2", e);
        }
    }

    protected byte[] getEffectiveSalt() throws KeyDerivationException {
        byte[] decode;
        if (this.salt == null) {
            decode = new byte[this.generatedSaltLength.intValue()];
            this.secureRandom.nextBytes(decode);
            try {
                this.salt = Base64Support.encode(decode, false);
            } catch (EncodingException e) {
                throw new KeyDerivationException("Error Base64-encoding generated salt", e);
            }
        } else {
            try {
                decode = Base64Support.decode(this.salt);
            } catch (DecodingException e2) {
                throw new KeyDerivationException("Error Base64-decoding supplied salt", e2);
            }
        }
        return decode;
    }

    protected Integer getEffectiveKeyLength(@Nonnull String str, @Nullable Integer num) throws KeyDerivationException {
        Integer effectiveKeyLength = KeyDerivationSupport.getEffectiveKeyLength(str, num);
        if (this.keyLength == null) {
            this.keyLength = effectiveKeyLength;
        } else if (!this.keyLength.equals(effectiveKeyLength)) {
            throw new KeyDerivationException(String.format("Specified key length '%d' does not match URI: %s", this.keyLength, str));
        }
        return this.keyLength;
    }

    @Override // org.opensaml.xmlsec.agreement.CloneableKeyAgreementParameter
    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public PBKDF2 m18736clone() {
        try {
            return (PBKDF2) super.clone();
        } catch (CloneNotSupportedException e) {
            return null;
        }
    }

    @Override // org.opensaml.xmlsec.agreement.XMLExpressableKeyAgreementParameter
    public XMLObject buildXMLObject() {
        ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this);
        if (this.keyLength == null) {
            throw new IllegalStateException("PBKDF2 is missing KeyLength element data");
        }
        if (this.salt == null) {
            throw new IllegalStateException("PBKDF2 is missing Salt element data");
        }
        KeyDerivationMethod keyDerivationMethod = (KeyDerivationMethod) XMLObjectSupport.buildXMLObject(KeyDerivationMethod.DEFAULT_ELEMENT_NAME);
        keyDerivationMethod.setAlgorithm(getAlgorithm());
        PBKDF2Params pBKDF2Params = (PBKDF2Params) XMLObjectSupport.buildXMLObject(PBKDF2Params.DEFAULT_ELEMENT_NAME);
        Salt salt = (Salt) XMLObjectSupport.buildXMLObject(Salt.DEFAULT_ELEMENT_NAME);
        Specified specified = (Specified) XMLObjectSupport.buildXMLObject(Specified.DEFAULT_ELEMENT_NAME);
        specified.setValue(this.salt);
        salt.setSpecified(specified);
        pBKDF2Params.setSalt(salt);
        IterationCount iterationCount = (IterationCount) XMLObjectSupport.buildXMLObject(IterationCount.DEFAULT_ELEMENT_NAME);
        iterationCount.setValue(this.iterationCount);
        pBKDF2Params.setIterationCount(iterationCount);
        KeyLength keyLength = (KeyLength) XMLObjectSupport.buildXMLObject(KeyLength.DEFAULT_ELEMENT_NAME);
        keyLength.setValue(Integer.valueOf(this.keyLength.intValue() / 8));
        pBKDF2Params.setKeyLength(keyLength);
        PRF prf = (PRF) XMLObjectSupport.buildXMLObject(PRF.DEFAULT_ELEMENT_NAME);
        prf.setAlgorithm(this.prf);
        pBKDF2Params.setPRF(prf);
        keyDerivationMethod.getUnknownXMLObjects().add(pBKDF2Params);
        return keyDerivationMethod;
    }

    @Nonnull
    public static PBKDF2 fromXMLObject(@Nonnull KeyDerivationMethod keyDerivationMethod) throws ComponentInitializationException {
        Constraint.isNotNull(keyDerivationMethod, "XMLObject was null");
        if (!EncryptionConstants.ALGO_ID_KEYDERIVATION_PBKDF2.equals(keyDerivationMethod.getAlgorithm())) {
            throw new ComponentInitializationException("KeyDerivationMethod contains unsupported algorithm: " + keyDerivationMethod.getAlgorithm());
        }
        if (keyDerivationMethod.getUnknownXMLObjects().size() != 1 || keyDerivationMethod.getUnknownXMLObjects(PBKDF2Params.DEFAULT_ELEMENT_NAME).size() != 1) {
            throw new ComponentInitializationException("KeyDerivationMethod contains unsupported children");
        }
        PBKDF2Params pBKDF2Params = (PBKDF2Params) keyDerivationMethod.getUnknownXMLObjects(PBKDF2Params.DEFAULT_ELEMENT_NAME).get(0);
        validateXMLObjectParameters(pBKDF2Params);
        PBKDF2 pbkdf2 = new PBKDF2();
        pbkdf2.setIterationCount(pBKDF2Params.getIterationCount().getValue());
        pbkdf2.setKeyLength(Integer.valueOf(pBKDF2Params.getKeyLength().getValue().intValue() * 8));
        pbkdf2.setPRF(pBKDF2Params.getPRF().getAlgorithm());
        pbkdf2.setSalt(pBKDF2Params.getSalt().getSpecified().getValue());
        pbkdf2.initialize();
        return pbkdf2;
    }

    private static void validateXMLObjectParameters(@Nonnull PBKDF2Params pBKDF2Params) throws ComponentInitializationException {
        if (pBKDF2Params.getIterationCount() == null || pBKDF2Params.getIterationCount().getValue() == null) {
            throw new ComponentInitializationException("PBKDF2-params did not contain IterationCount value");
        }
        if (pBKDF2Params.getKeyLength() == null || pBKDF2Params.getKeyLength().getValue() == null) {
            throw new ComponentInitializationException("PBKDF2-params did not contain KeyLength value");
        }
        if (pBKDF2Params.getPRF() == null || pBKDF2Params.getPRF().getAlgorithm() == null) {
            throw new ComponentInitializationException("PBKDF2-params did not contain PRF value");
        }
        if (pBKDF2Params.getPRF().getParameters() != null) {
            throw new ComponentInitializationException("PBKDF2-params contained unsupported PRF parameters");
        }
        if (pBKDF2Params.getSalt() == null || pBKDF2Params.getSalt().getSpecified() == null || pBKDF2Params.getSalt().getSpecified().getValue() == null) {
            throw new ComponentInitializationException("PBKDF2-params did not contain Salt Specified value");
        }
    }
}
