package org.xipki.password;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import org.xipki.security.pkcs11.proxy.P11ProxyConstants;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/password-5.3.5.jar:org/xipki/password/PBEPasswordService.class */
public class PBEPasswordService {
    public static char[] decryptPassword(char[] cArr, String str) throws PasswordResolverException {
        Args.notNull(cArr, "masterPassword");
        Args.notNull(str, "passwordHint");
        byte[] decode = Base64.decode(str.substring("PBE:".length()));
        int length = decode.length;
        if (length <= 16 && length != 0) {
            throw new PasswordResolverException("invalid length of the encrypted password");
        }
        int i = 0 + 1;
        byte b = decode[0];
        int i2 = b < 0 ? P11ProxyConstants.VERSION_V1_0 + b : b;
        PBEAlgo forCode = PBEAlgo.forCode(i2);
        if (forCode == null) {
            throw new PasswordResolverException("unknown algorithm code " + i2);
        }
        byte[] copyOfRange = Arrays.copyOfRange(decode, i, i + 2);
        int i3 = i + 2;
        try {
            byte[] decrypt = PasswordBasedEncryption.decrypt(forCode, Arrays.copyOfRange(decode, i3 + 16, length), cArr, new BigInteger(1, copyOfRange).intValue(), Arrays.copyOfRange(decode, i3, i3 + 16));
            char[] cArr2 = new char[decrypt.length];
            for (int i4 = 0; i4 < decrypt.length; i4++) {
                cArr2[i4] = (char) decrypt[i4];
            }
            return cArr2;
        } catch (GeneralSecurityException e) {
            throw new PasswordResolverException("could not decrypt the password: " + e.getMessage());
        }
    }

    public static String encryptPassword(PBEAlgo pBEAlgo, int i, char[] cArr, char[] cArr2) throws PasswordResolverException {
        Args.range(i, "iterationCount", 1, 65535);
        Args.notNull(cArr, "masterPassword");
        Args.notNull(cArr2, "password");
        byte[] bArr = {(byte) (i >>> 8), (byte) (i & 255)};
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        try {
            byte[] encrypt = PasswordBasedEncryption.encrypt(pBEAlgo, StringUtil.toUtf8Bytes(new String(cArr2)), cArr, i, bArr2);
            byte[] bArr3 = new byte[3 + bArr2.length + encrypt.length];
            int i2 = 0 + 1;
            bArr3[0] = (byte) (pBEAlgo.code() & 255);
            System.arraycopy(bArr, 0, bArr3, i2, 2);
            int i3 = i2 + 2;
            System.arraycopy(bArr2, 0, bArr3, i3, bArr2.length);
            System.arraycopy(encrypt, 0, bArr3, i3 + bArr2.length, encrypt.length);
            return StringUtil.concat("PBE:", Base64.encodeToString(bArr3));
        } catch (GeneralSecurityException e) {
            throw new PasswordResolverException("could not encrypt the password: " + e.getMessage());
        }
    }
}
