package org.xwiki.crypto.password.internal.kdf.factory;

import javax.inject.Inject;
import javax.inject.Singleton;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.KeyDerivationFunc;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.xwiki.component.annotation.Component;
import org.xwiki.component.manager.ComponentLookupException;
import org.xwiki.component.manager.ComponentManager;
import org.xwiki.crypto.DigestFactory;
import org.xwiki.crypto.internal.digest.factory.AbstractBcDigestFactory;
import org.xwiki.crypto.internal.digest.factory.BcDigestFactory;
import org.xwiki.crypto.password.KeyDerivationFunction;
import org.xwiki.crypto.password.internal.kdf.AbstractBcPBKDF2;
import org.xwiki.crypto.password.internal.kdf.PBKDF2Params;
import org.xwiki.crypto.password.params.KeyDerivationFunctionParameters;
import org.xwiki.crypto.password.params.PBKDF2Parameters;

@Singleton
@Component(hints = {"PKCS5S2", "1.2.840.113549.1.5.12"})
/* loaded from: input_file:WEB-INF/lib/xwiki-commons-crypto-password-10.2.jar:org/xwiki/crypto/password/internal/kdf/factory/BcPKCS5S2KeyDerivationFunctionFactory.class */
public class BcPKCS5S2KeyDerivationFunctionFactory extends AbstractBcKDFFactory {
    private static final AlgorithmIdentifier HMAC_SHA1 = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA1, DERNull.INSTANCE);
    private static final AlgorithmIdentifier HMAC_SHA224 = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA224, DERNull.INSTANCE);
    private static final AlgorithmIdentifier HMAC_SHA256 = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA256, DERNull.INSTANCE);
    private static final AlgorithmIdentifier HMAC_SHA384 = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA384, DERNull.INSTANCE);
    private static final AlgorithmIdentifier HMAC_SHA512 = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_hmacWithSHA512, DERNull.INSTANCE);

    @Inject
    private ComponentManager manager;

    @Override // org.xwiki.crypto.password.KeyDerivationFunctionFactory
    public KeyDerivationFunction getInstance(KeyDerivationFunctionParameters keyDerivationFunctionParameters) {
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator;
        if (!(keyDerivationFunctionParameters instanceof PBKDF2Parameters)) {
            throw new IllegalArgumentException("Invalid parameter used for PKCS5S2 function: " + keyDerivationFunctionParameters.getClass().getName());
        }
        PBKDF2Parameters pBKDF2Parameters = (PBKDF2Parameters) keyDerivationFunctionParameters;
        BcDigestFactory bcDigestFactory = null;
        if (pBKDF2Parameters.getPseudoRandomFuntionHint() != null) {
            bcDigestFactory = getDigestFactory(pBKDF2Parameters.getPseudoRandomFuntionHint());
            pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(bcDigestFactory.getDigestInstance());
        } else {
            pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        }
        return new AbstractBcPBKDF2(pKCS5S2ParametersGenerator, (PBKDF2Parameters) keyDerivationFunctionParameters, bcDigestFactory != null ? toHmacAlgId(bcDigestFactory.getAlgorithmIdentifier()) : HMAC_SHA1) { // from class: org.xwiki.crypto.password.internal.kdf.factory.BcPKCS5S2KeyDerivationFunctionFactory.1
            @Override // org.xwiki.crypto.password.internal.kdf.AbstractBcKDF
            public KeyDerivationFunc getKeyDerivationFunction() {
                PBKDF2Parameters pBKDF2Parameters2 = (PBKDF2Parameters) getParameters();
                AlgorithmIdentifier pRFAlgorithmIdentifier = getPRFAlgorithmIdentifier();
                return new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, isKeySizeOverwritten() ? new PBKDF2Params(pBKDF2Parameters2.getSalt(), pBKDF2Parameters2.getIterationCount(), pRFAlgorithmIdentifier) : new PBKDF2Params(pBKDF2Parameters2.getSalt(), pBKDF2Parameters2.getIterationCount(), pBKDF2Parameters2.getKeySize(), pRFAlgorithmIdentifier));
            }
        };
    }

    @Override // org.xwiki.crypto.password.internal.kdf.factory.AbstractBcKDFFactory
    public KeyDerivationFunction getInstance(ASN1Encodable aSN1Encodable) {
        KeyDerivationFunc keyDerivationFunc = KeyDerivationFunc.getInstance(aSN1Encodable);
        if (!keyDerivationFunc.getAlgorithm().equals(PKCSObjectIdentifiers.id_PBKDF2)) {
            throw new IllegalArgumentException("Illegal algorithm identifier for PBKDF2: " + keyDerivationFunc.getAlgorithm().getId());
        }
        PBKDF2Params pBKDF2Params = PBKDF2Params.getInstance(keyDerivationFunc.getParameters());
        return getInstance(new PBKDF2Parameters(pBKDF2Params.getKeyLength() != null ? pBKDF2Params.getKeyLength().intValue() : -1, pBKDF2Params.getIterationCount().intValue(), pBKDF2Params.getSalt(), toDigestHint(pBKDF2Params.getPseudoRandomFunctionIdentifier())));
    }

    private BcDigestFactory getDigestFactory(String str) {
        try {
            DigestFactory digestFactory = (DigestFactory) this.manager.getInstance(DigestFactory.class, str);
            if (digestFactory instanceof BcDigestFactory) {
                return (AbstractBcDigestFactory) digestFactory;
            }
            throw new IllegalArgumentException("Requested digest algorithm is not implemented by a factory compatible with this factory. Factory found: " + digestFactory.getClass().getName());
        } catch (ComponentLookupException e) {
            throw new UnsupportedOperationException("Digest algorithm not found: " + str, e);
        }
    }

    private AlgorithmIdentifier toHmacAlgId(AlgorithmIdentifier algorithmIdentifier) {
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        AlgorithmIdentifier algorithmIdentifier2 = null;
        if (algorithm.equals(X509ObjectIdentifiers.id_SHA1)) {
            algorithmIdentifier2 = HMAC_SHA1;
        } else if (algorithm.equals(NISTObjectIdentifiers.id_sha224)) {
            algorithmIdentifier2 = HMAC_SHA224;
        } else if (algorithm.equals(NISTObjectIdentifiers.id_sha256)) {
            algorithmIdentifier2 = HMAC_SHA256;
        } else if (algorithm.equals(NISTObjectIdentifiers.id_sha384)) {
            algorithmIdentifier2 = HMAC_SHA384;
        } else if (algorithm.equals(NISTObjectIdentifiers.id_sha512)) {
            algorithmIdentifier2 = HMAC_SHA512;
        }
        if (algorithmIdentifier2 == null) {
            throw new IllegalArgumentException("HMac algorithm not found for digest: " + algorithm.getId());
        }
        return algorithmIdentifier2;
    }

    private String toDigestHint(AlgorithmIdentifier algorithmIdentifier) {
        if (algorithmIdentifier == null) {
            return null;
        }
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        String str = null;
        if (algorithm.equals(HMAC_SHA1.getAlgorithm())) {
            str = X509ObjectIdentifiers.id_SHA1.getId();
        } else if (algorithm.equals(HMAC_SHA224.getAlgorithm())) {
            str = NISTObjectIdentifiers.id_sha224.getId();
        } else if (algorithm.equals(HMAC_SHA256.getAlgorithm())) {
            str = NISTObjectIdentifiers.id_sha256.getId();
        } else if (algorithm.equals(HMAC_SHA384.getAlgorithm())) {
            str = NISTObjectIdentifiers.id_sha384.getId();
        } else if (algorithm.equals(HMAC_SHA512.getAlgorithm())) {
            str = NISTObjectIdentifiers.id_sha512.getId();
        }
        if (str == null) {
            throw new IllegalArgumentException("Digest hint not found for HMac algorithm: " + algorithm.getId());
        }
        return str;
    }
}
