package org.forgerock.selfservice.core.crypto;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import org.forgerock.util.encode.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/forgerock/selfservice/core/crypto/FieldStorageSchemeImpl.class */
public class FieldStorageSchemeImpl implements FieldStorageScheme {
    private static final Logger logger = LoggerFactory.getLogger(FieldStorageSchemeImpl.class);
    private static final int NUM_SALT_BYTES = 16;
    private MessageDigest messageDigest;
    private Object digestLock = new Object();
    private SecureRandom random = new SecureRandom();
    private int digestSize;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FieldStorageSchemeImpl(int i, String str) throws Exception {
        this.messageDigest = MessageDigest.getInstance(str);
        this.digestSize = i;
    }

    @Override // org.forgerock.selfservice.core.crypto.FieldStorageScheme
    public String hashField(String str) {
        byte[] digest;
        int length = str.length();
        byte[] bArr = new byte[NUM_SALT_BYTES];
        byte[] bArr2 = new byte[length + NUM_SALT_BYTES];
        System.arraycopy(str.getBytes(), 0, bArr2, 0, length);
        synchronized (this.digestLock) {
            try {
                try {
                    this.random.nextBytes(bArr);
                    System.arraycopy(bArr, 0, bArr2, length, NUM_SALT_BYTES);
                    digest = this.messageDigest.digest(bArr2);
                    Arrays.fill(bArr2, (byte) 0);
                } catch (Throwable th) {
                    Arrays.fill(bArr2, (byte) 0);
                    throw th;
                }
            } catch (Exception e) {
                logger.error("Cannot encode field: " + e.getMessage(), e);
                throw e;
            }
        }
        byte[] bArr3 = new byte[digest.length + NUM_SALT_BYTES];
        System.arraycopy(digest, 0, bArr3, 0, digest.length);
        System.arraycopy(bArr, 0, bArr3, digest.length, NUM_SALT_BYTES);
        return Base64.encode(bArr3);
    }

    @Override // org.forgerock.selfservice.core.crypto.FieldStorageScheme
    public boolean fieldMatches(String str, String str2) {
        byte[] digest;
        byte[] bArr = new byte[this.digestSize];
        try {
            byte[] decode = Base64.decode(str2);
            int length = decode.length - this.digestSize;
            if (length <= 0) {
                logger.error("Invalid decoded stored field", str2);
                return false;
            }
            byte[] bArr2 = new byte[length];
            System.arraycopy(decode, 0, bArr, 0, this.digestSize);
            System.arraycopy(decode, this.digestSize, bArr2, 0, length);
            int length2 = str.length();
            byte[] bArr3 = new byte[length2 + length];
            System.arraycopy(str.getBytes(), 0, bArr3, 0, length2);
            System.arraycopy(bArr2, 0, bArr3, length2, length);
            synchronized (this.digestLock) {
                try {
                    try {
                        digest = this.messageDigest.digest(bArr3);
                        Arrays.fill(bArr3, (byte) 0);
                    } catch (Throwable th) {
                        Arrays.fill(bArr3, (byte) 0);
                        throw th;
                    }
                } catch (Exception e) {
                    logger.error("Cannot encode field", str2, e);
                    Arrays.fill(bArr3, (byte) 0);
                    return false;
                }
            }
            return Arrays.equals(bArr, digest);
        } catch (Exception e2) {
            logger.error("Cannot decode stored field", str2, e2);
            return false;
        }
    }
}
