package com.unboundid.ldap.sdk.unboundidds;

import com.unboundid.util.CryptoHelper;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadLocalSecureRandom;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.text.ParseException;
import java.util.Arrays;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Destroyable;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:BOOT-INF/lib/unboundid-ldapsdk-6.0.6.jar:com/unboundid/ldap/sdk/unboundidds/AES256EncodedPasswordSecretKey.class */
public final class AES256EncodedPasswordSecretKey implements Serializable {
    private static final long serialVersionUID = -5993762526459847323L;

    @NotNull
    private final AtomicReference<SecretKey> secretKeyRef;

    @NotNull
    private final byte[] encryptionSettingsDefinitionID;

    @NotNull
    private final byte[] keyFactorySalt;

    private AES256EncodedPasswordSecretKey(@NotNull byte[] bArr, @NotNull byte[] bArr2, @NotNull SecretKey secretKey) {
        this.encryptionSettingsDefinitionID = bArr;
        this.keyFactorySalt = bArr2;
        this.secretKeyRef = new AtomicReference<>(secretKey);
    }

    @NotNull
    public static AES256EncodedPasswordSecretKey generate(@NotNull String str, @NotNull String str2) throws GeneralSecurityException, ParseException {
        char[] charArray = str2.toCharArray();
        try {
            AES256EncodedPasswordSecretKey generate = generate(StaticUtils.fromHex(str), charArray);
            Arrays.fill(charArray, (char) 0);
            return generate;
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            throw th;
        }
    }

    @NotNull
    public static AES256EncodedPasswordSecretKey generate(@NotNull byte[] bArr, @NotNull char[] cArr) throws GeneralSecurityException {
        byte[] bArr2 = new byte[16];
        ThreadLocalSecureRandom.get().nextBytes(bArr2);
        return generate(bArr, cArr, bArr2);
    }

    @NotNull
    public static AES256EncodedPasswordSecretKey generate(@NotNull byte[] bArr, @NotNull char[] cArr, @NotNull byte[] bArr2) throws GeneralSecurityException {
        Validator.ensureNotNullOrEmpty(bArr, "AES256EncodedPasswordSecretKey.encryptionSettingsDefinitionID must not be null or empty.");
        Validator.ensureTrue(bArr.length <= 255, "AES256EncodedPasswordSecretKey.encryptionSettingsDefinitionID must have a length that is between 1 and 255 bytes, inclusive.");
        Validator.ensureNotNullOrEmpty(cArr, "AES256EncodedPasswordSecretKey.encryptionSettingsDefinitionPassphrase must not be null or empty.");
        Validator.ensureNotNull(bArr2, "AES256EncodedPasswordSecretKey.keyFactorySalt must not be null.");
        Validator.ensureTrue(bArr2.length == 16, "AES256EncodedPasswordSecretKey.keyFactorySalt must have a length of exactly 16 bytes.");
        return new AES256EncodedPasswordSecretKey(bArr, bArr2, new SecretKeySpec(CryptoHelper.getSecretKeyFactory(AES256EncodedPassword.ENCODING_VERSION_0_KEY_FACTORY_ALGORITHM).generateSecret(new PBEKeySpec(cArr, bArr2, 32768, 256)).getEncoded(), AES256EncodedPassword.ENCODING_VERSION_0_CIPHER_ALGORITHM));
    }

    @NotNull
    public byte[] getEncryptionSettingsDefinitionID() {
        return this.encryptionSettingsDefinitionID;
    }

    @NotNull
    public byte[] getKeyFactorySalt() {
        return this.keyFactorySalt;
    }

    @NotNull
    public SecretKey getSecretKey() {
        SecretKey secretKey = this.secretKeyRef.get();
        if (secretKey == null) {
            Validator.violation("An AES256EncodedPasswordSecretKey instance must not be used after it has been destroyed.");
        }
        return secretKey;
    }

    public void destroy() {
        SecretKey andSet = this.secretKeyRef.getAndSet(null);
        if (andSet == null || !(andSet instanceof Destroyable)) {
            return;
        }
        try {
            andSet.destroy();
        } catch (Exception e) {
            Debug.debugException(e);
        }
    }

    @NotNull
    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    public void toString(@NotNull StringBuilder sb) {
        sb.append("AES256EncodedPasswordSecretKey(encryptionSettingsDefinitionIDHex='");
        StaticUtils.toHex(this.encryptionSettingsDefinitionID, sb);
        sb.append("', keyFactorySaltBytesHex='");
        StaticUtils.toHex(this.keyFactorySalt, sb);
        sb.append("')");
    }
}
