package org.apache.wiki.util;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.Random;

/* loaded from: input_file:org/apache/wiki/util/CryptoUtil.class */
public final class CryptoUtil {
    private static final String SSHA = "{SSHA}";
    private static final String SHA1 = "{SHA-1}";
    private static final String SHA256 = "{SHA-256}";
    private static final int DEFAULT_SALT_SIZE = 8;
    private static final Random RANDOM = new SecureRandom();
    private static final Object HELP = "--help";
    private static final Object HASH = "--hash";
    private static final Object VERIFY = "--verify";

    private CryptoUtil() {
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length == 0 || (strArr.length == 1 && HELP.equals(strArr[0]))) {
            System.out.println("Usage: CryptoUtil [options] ");
            System.out.println("   --hash   password algorithm             create hash for password");
            System.out.println("   --verify password digest algorithm      verify password for digest");
            System.out.println("Valid algorithm options are {SSHA} and {SHA-256}. If no algorithm is specified or an unsupported algorithm is specified, SHA-256 is used.");
        }
        if (HASH.equals(strArr[0])) {
            if (strArr.length < 2) {
                throw new IllegalArgumentException("Error: --hash requires a 'password' argument.");
            }
            System.out.println(getSaltedPassword(strArr[1].trim().getBytes(StandardCharsets.UTF_8), strArr.length > 2 ? strArr[2].trim() : SHA256));
            return;
        }
        if (!VERIFY.equals(strArr[0])) {
            System.out.println("Wrong usage. Try --help.");
        } else {
            if (strArr.length < 3) {
                throw new IllegalArgumentException("Error: --hash requires 'password' and 'digest' arguments.");
            }
            System.out.println(verifySaltedPassword(strArr[1].trim().getBytes(StandardCharsets.UTF_8), strArr[2].trim()));
        }
    }

    public static String getSaltedPassword(byte[] bArr, String str) throws NoSuchAlgorithmException {
        byte[] bArr2 = new byte[8];
        RANDOM.nextBytes(bArr2);
        return getSaltedPassword(bArr, bArr2, str);
    }

    static String getSaltedPassword(byte[] bArr, byte[] bArr2, String str) throws NoSuchAlgorithmException {
        String str2 = str.equals(SSHA) ? SHA1 : str;
        MessageDigest messageDigest = MessageDigest.getInstance(str2.substring(1, str2.length() - 1));
        messageDigest.update(bArr);
        byte[] digest = messageDigest.digest(bArr2);
        byte[] bArr3 = new byte[digest.length + bArr2.length];
        System.arraycopy(digest, 0, bArr3, 0, digest.length);
        System.arraycopy(bArr2, 0, bArr3, digest.length + 0, bArr2.length);
        return str + new String(Base64.getEncoder().encode(bArr3), StandardCharsets.UTF_8);
    }

    public static boolean verifySaltedPassword(byte[] bArr, String str) throws NoSuchAlgorithmException {
        if (!str.startsWith(SSHA) && !str.startsWith(SHA256)) {
            throw new IllegalArgumentException("Hash not prefixed by expected algorithm; is it really a salted hash?");
        }
        String str2 = str.startsWith(SSHA) ? SSHA : SHA256;
        byte[] decode = Base64.getDecoder().decode(str.substring(str2.length()).getBytes(StandardCharsets.UTF_8));
        byte[] extractPasswordHash = extractPasswordHash(decode, str2.equals(SSHA) ? 20 : 32);
        byte[] extractSalt = extractSalt(decode, str2.equals(SSHA) ? 20 : 32);
        String str3 = str2.equals(SSHA) ? SHA1 : str2;
        MessageDigest messageDigest = MessageDigest.getInstance(str3.substring(1, str3.length() - 1));
        messageDigest.update(bArr);
        return Arrays.equals(extractPasswordHash, messageDigest.digest(extractSalt));
    }

    static byte[] extractPasswordHash(byte[] bArr, int i) throws IllegalArgumentException {
        if (bArr.length < i) {
            throw new IllegalArgumentException("Hash was shorter than expected; could not extract password hash!");
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 0, bArr2, 0, i);
        return bArr2;
    }

    static byte[] extractSalt(byte[] bArr, int i) throws IllegalArgumentException {
        if (bArr.length <= i) {
            throw new IllegalArgumentException("Hash was shorter than expected; we found no salt!");
        }
        byte[] bArr2 = new byte[bArr.length - i];
        System.arraycopy(bArr, i, bArr2, 0, bArr.length - i);
        return bArr2;
    }
}
