package com.unboundid.ldap.listener;

import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.Modification;
import com.unboundid.ldap.sdk.ReadOnlyEntry;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;

/* compiled from: ProGuard */
@ThreadSafety(level = ThreadSafetyLevel.NOT_THREADSAFE)
/* loaded from: classes7.dex */
public final class SaltedMessageDigestInMemoryPasswordEncoder extends InMemoryPasswordEncoder {
    private final int digestLengthBytes;
    private final MessageDigest messageDigest;
    private final int numSaltBytes;
    private final SecureRandom random;
    private final boolean saltAfterClearPassword;
    private final boolean saltAfterMessageDigest;

    public SaltedMessageDigestInMemoryPasswordEncoder(String str, PasswordEncoderOutputFormatter passwordEncoderOutputFormatter, MessageDigest messageDigest, int i11, boolean z11, boolean z12) {
        super(str, passwordEncoderOutputFormatter);
        Validator.ensureNotNull(messageDigest);
        this.messageDigest = messageDigest;
        int digestLength = messageDigest.getDigestLength();
        this.digestLengthBytes = digestLength;
        Validator.ensureTrue(digestLength > 0, "The message digest use a fixed digest length, and that length must be greater than zero.");
        this.numSaltBytes = i11;
        Validator.ensureTrue(i11 > 0, "numSaltBytes must be greater than zero.");
        this.saltAfterClearPassword = z11;
        this.saltAfterMessageDigest = z12;
        this.random = new SecureRandom();
    }

    private static byte[] concatenate(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    @Override // com.unboundid.ldap.listener.InMemoryPasswordEncoder
    public byte[] encodePassword(byte[] bArr, ReadOnlyEntry readOnlyEntry, List<Modification> list) throws LDAPException {
        byte[] bArr2 = new byte[this.numSaltBytes];
        this.random.nextBytes(bArr2);
        byte[] digest = this.messageDigest.digest(this.saltAfterClearPassword ? concatenate(bArr, bArr2) : concatenate(bArr2, bArr));
        return this.saltAfterMessageDigest ? concatenate(digest, bArr2) : concatenate(bArr2, digest);
    }

    @Override // com.unboundid.ldap.listener.InMemoryPasswordEncoder
    public void ensurePreEncodedPasswordAppearsValid(byte[] bArr, ReadOnlyEntry readOnlyEntry, List<Modification> list) throws LDAPException {
        if (bArr.length <= this.digestLengthBytes) {
            throw new LDAPException(ResultCode.PARAM_ERROR, b.ERR_SALTED_DIGEST_PW_ENCODER_PRE_ENCODED_LENGTH_MISMATCH.c(this.messageDigest.getAlgorithm(), Integer.valueOf(bArr.length), Integer.valueOf(this.digestLengthBytes + 1)));
        }
    }

    @Override // com.unboundid.ldap.listener.InMemoryPasswordEncoder
    public byte[] extractClearPassword(byte[] bArr, ReadOnlyEntry readOnlyEntry) throws LDAPException {
        throw new LDAPException(ResultCode.NOT_SUPPORTED, b.ERR_SALTED_DIGEST_PW_ENCODER_NOT_REVERSIBLE.b());
    }

    public String getDigestAlgorithm() {
        return this.messageDigest.getAlgorithm();
    }

    public int getDigestLengthBytes() {
        return this.digestLengthBytes;
    }

    public int getNumSaltBytes() {
        return this.numSaltBytes;
    }

    public boolean isSaltAfterClearPassword() {
        return this.saltAfterClearPassword;
    }

    public boolean isSaltAfterMessageDigest() {
        return this.saltAfterMessageDigest;
    }

    @Override // com.unboundid.ldap.listener.InMemoryPasswordEncoder
    public boolean passwordMatches(byte[] bArr, byte[] bArr2, ReadOnlyEntry readOnlyEntry) throws LDAPException {
        int length = bArr2.length;
        int i11 = this.digestLengthBytes;
        int i12 = length - i11;
        if (i12 <= 0) {
            return false;
        }
        byte[] bArr3 = new byte[i12];
        byte[] bArr4 = new byte[i11];
        if (this.saltAfterMessageDigest) {
            System.arraycopy(bArr2, 0, bArr4, 0, i11);
            System.arraycopy(bArr2, this.digestLengthBytes, bArr3, 0, i12);
        } else {
            System.arraycopy(bArr2, 0, bArr3, 0, i12);
            System.arraycopy(bArr2, i12, bArr4, 0, this.digestLengthBytes);
        }
        return Arrays.equals(this.messageDigest.digest(this.saltAfterClearPassword ? concatenate(bArr, bArr3) : concatenate(bArr3, bArr)), bArr4);
    }

    @Override // com.unboundid.ldap.listener.InMemoryPasswordEncoder
    public void toString(StringBuilder sb2) {
        sb2.append("SaltedMessageDigestInMemoryPasswordEncoder(prefix='");
        sb2.append(getPrefix());
        sb2.append("', outputFormatter=");
        PasswordEncoderOutputFormatter outputFormatter = getOutputFormatter();
        if (outputFormatter == null) {
            sb2.append("null");
        } else {
            outputFormatter.toString(sb2);
        }
        sb2.append(", digestAlgorithm='");
        sb2.append(this.messageDigest.getAlgorithm());
        sb2.append("', digestLengthBytes=");
        sb2.append(this.messageDigest.getDigestLength());
        sb2.append(", numSaltBytes=");
        sb2.append(this.numSaltBytes);
        sb2.append(", saltAfterClearPassword=");
        sb2.append(this.saltAfterClearPassword);
        sb2.append(", saltAfterMessageDigest=");
        sb2.append(this.saltAfterMessageDigest);
        sb2.append(')');
    }
}
