package org.dizitart.no2.store;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import lombok.Generated;
import org.dizitart.no2.common.Constants;
import org.dizitart.no2.common.util.SecureString;
import org.dizitart.no2.common.util.StringUtils;
import org.dizitart.no2.exceptions.NitriteSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dizitart/no2/store/UserAuthenticationService.class */
public class UserAuthenticationService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(UserAuthenticationService.class);
    private static final String HASH_ALGORITHM = "PBKDF2WithHmacSHA256";
    private static final String OLD_HASH_ALGORITHM = "PBKDF2WithHmacSHA1";
    private final SecureRandom random = new SecureRandom();
    private final NitriteStore<?> store;

    public UserAuthenticationService(NitriteStore<?> nitriteStore) {
        this.store = nitriteStore;
    }

    public void authenticate(String str, String str2) {
        boolean hasMap = this.store.hasMap(Constants.USER_MAP);
        if (StringUtils.isNullOrEmpty(str2) || StringUtils.isNullOrEmpty(str)) {
            if (hasMap) {
                throw new NitriteSecurityException("Username or password is invalid");
            }
            return;
        }
        if (!hasMap) {
            byte[] nextSalt = getNextSalt();
            byte[] hash = hash(str2.toCharArray(), nextSalt, HASH_ALGORITHM);
            UserCredential userCredential = new UserCredential();
            userCredential.setPasswordHash(hash);
            userCredential.setPasswordSalt(nextSalt);
            this.store.openMap(Constants.USER_MAP, String.class, UserCredential.class).put(str, userCredential);
            return;
        }
        UserCredential userCredential2 = (UserCredential) this.store.openMap(Constants.USER_MAP, String.class, UserCredential.class).get(str);
        if (userCredential2 == null) {
            throw new NitriteSecurityException("Username or password is invalid");
        }
        byte[] passwordSalt = userCredential2.getPasswordSalt();
        byte[] passwordHash = userCredential2.getPasswordHash();
        if (notExpectedPassword(str2.toCharArray(), passwordSalt, passwordHash, HASH_ALGORITHM) && notExpectedPassword(str2.toCharArray(), passwordSalt, passwordHash, OLD_HASH_ALGORITHM)) {
            throw new NitriteSecurityException("Username or password is invalid");
        }
    }

    public void addOrUpdatePassword(boolean z, String str, SecureString secureString, SecureString secureString2) {
        NitriteMap nitriteMap = null;
        if (z) {
            nitriteMap = this.store.openMap(Constants.USER_MAP, String.class, UserCredential.class);
            UserCredential userCredential = (UserCredential) nitriteMap.get(str);
            if (userCredential == null) {
                throw new NitriteSecurityException("Username or password is invalid");
            }
            if (notExpectedPassword(secureString.asString().toCharArray(), userCredential.getPasswordSalt(), userCredential.getPasswordHash(), HASH_ALGORITHM)) {
                throw new NitriteSecurityException("Username or password is invalid");
            }
        } else if (this.store.hasMap(Constants.USER_MAP)) {
            throw new NitriteSecurityException("Cannot add new credentials");
        }
        if (nitriteMap == null) {
            nitriteMap = this.store.openMap(Constants.USER_MAP, String.class, UserCredential.class);
        }
        byte[] nextSalt = getNextSalt();
        byte[] hash = hash(secureString2.asString().toCharArray(), nextSalt, HASH_ALGORITHM);
        UserCredential userCredential2 = new UserCredential();
        userCredential2.setPasswordHash(hash);
        userCredential2.setPasswordSalt(nextSalt);
        nitriteMap.put(str, userCredential2);
    }

    private byte[] getNextSalt() {
        byte[] bArr = new byte[16];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private byte[] hash(char[] cArr, byte[] bArr, String str) {
        PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr, bArr, Constants.HASH_ITERATIONS, Constants.HASH_KEY_LENGTH);
        Arrays.fill(cArr, (char) 0);
        try {
            try {
                byte[] encoded = SecretKeyFactory.getInstance(str).generateSecret(pBEKeySpec).getEncoded();
                pBEKeySpec.clearPassword();
                return encoded;
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                log.error("Error while hashing password", e);
                throw new NitriteSecurityException("Error while hashing a password: " + e.getMessage());
            }
        } catch (Throwable th) {
            pBEKeySpec.clearPassword();
            throw th;
        }
    }

    private boolean notExpectedPassword(char[] cArr, byte[] bArr, byte[] bArr2, String str) {
        byte[] hash = hash(cArr, bArr, str);
        Arrays.fill(cArr, (char) 0);
        if (hash.length != bArr2.length) {
            return true;
        }
        for (int i = 0; i < hash.length; i++) {
            if (hash[i] != bArr2[i]) {
                return true;
            }
        }
        return false;
    }
}
