package org.xipki.password;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Base64;

/* loaded from: input_file:org/xipki/password/PBEPasswordService.class */
public class PBEPasswordService {
    public static final String PROTOCOL_PBE = "PBE";

    public static char[] decryptPassword(char[] cArr, String str) throws PasswordResolverException {
        Args.notNull(cArr, "masterPassword");
        Args.notNull(str, "passwordHint");
        String trim = str.trim();
        if (!trim.startsWith("PBE:")) {
            throw new PasswordResolverException("encrypted password does not start with 'PBE:'");
        }
        String substring = trim.substring(4);
        int length = substring.length();
        if (length % 4 != 0) {
            char[] cArr2 = new char[4 - (length % 4)];
            Arrays.fill(cArr2, '=');
            substring = substring + new String(cArr2);
        }
        byte[] decode = Base64.getDecoder().decode(substring);
        int length2 = decode.length;
        if (length2 <= 16 && length2 != 0) {
            throw new PasswordResolverException("invalid length of the encrypted password");
        }
        int i = 0 + 1;
        byte b = decode[0];
        int i2 = b < 0 ? 256 + b : b;
        PBEAlgo forCode = PBEAlgo.forCode(i2);
        if (forCode == null) {
            throw new PasswordResolverException("unknown algorithm code " + i2);
        }
        byte[] copyOfRange = Arrays.copyOfRange(decode, i, i + 2);
        int i3 = i + 2;
        try {
            byte[] decrypt = PasswordBasedEncryption.decrypt(forCode, Arrays.copyOfRange(decode, i3 + 16, length2), cArr, new BigInteger(1, copyOfRange).intValue(), Arrays.copyOfRange(decode, i3, i3 + 16));
            char[] cArr3 = new char[decrypt.length];
            for (int i4 = 0; i4 < decrypt.length; i4++) {
                cArr3[i4] = (char) decrypt[i4];
            }
            return cArr3;
        } catch (GeneralSecurityException e) {
            throw new PasswordResolverException("could not decrypt the password: " + e.getMessage());
        }
    }

    public static String encryptPassword(PBEAlgo pBEAlgo, int i, char[] cArr, char[] cArr2) throws PasswordResolverException {
        Args.range(i, "iterationCount", 1, 65535);
        Args.notNull(cArr, "masterPassword");
        Args.notNull(cArr2, "password");
        byte[] bArr = {(byte) (i >>> 8), (byte) (i & 255)};
        byte[] nextBytes = Args.nextBytes(16);
        try {
            byte[] encrypt = PasswordBasedEncryption.encrypt(pBEAlgo, Args.toUtf8Bytes(new String(cArr2)), cArr, i, nextBytes);
            byte[] bArr2 = new byte[3 + nextBytes.length + encrypt.length];
            int i2 = 0 + 1;
            bArr2[0] = (byte) (pBEAlgo.code() & 255);
            System.arraycopy(bArr, 0, bArr2, i2, 2);
            int i3 = i2 + 2;
            System.arraycopy(nextBytes, 0, bArr2, i3, nextBytes.length);
            System.arraycopy(encrypt, 0, bArr2, i3 + nextBytes.length, encrypt.length);
            String encodeToString = Base64.getEncoder().encodeToString(bArr2);
            int length = encodeToString.length();
            while (encodeToString.charAt(length - 1) == '=') {
                length--;
            }
            return "PBE:" + encodeToString.substring(0, length);
        } catch (GeneralSecurityException e) {
            throw new PasswordResolverException("could not encrypt the password: " + e.getMessage());
        }
    }
}
