package cfca.sadk.tls.kse;

import cfca.sadk.algorithm.common.CBCParam;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.system.SecureRandoms;
import cfca.sadk.tls.pure.impl.SMSDigest;
import cfca.sadk.tls.util.Args;
import cfca.sadk.util.Base64;
import java.nio.charset.Charset;
import java.security.Key;
import java.util.Arrays;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cfca/sadk/tls/kse/PasswordTool.class */
public final class PasswordTool {
    private static final Charset US_ASCII = Charset.forName("US-ASCII");
    private static final int PASSWORD_ENCRYPT_MIN_LEN = 16;
    private static final String PASSWORD_ENCRYPT_PREFIX = "ENCRYPT@";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:cfca/sadk/tls/kse/PasswordTool$IvAndKey.class */
    public static class IvAndKey {
        final byte[] iv = new byte[16];
        final byte[] kx = new byte[16];

        IvAndKey(byte[] bArr) {
            System.arraycopy(bArr, 0, this.iv, 0, this.iv.length);
            System.arraycopy(bArr, 16, this.kx, 0, this.kx.length);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final CBCParam iv(byte[] bArr) {
            byte[] bArr2 = (byte[]) bArr.clone();
            for (int i = 0; i < bArr.length; i++) {
                int i2 = i;
                bArr2[i2] = (byte) (bArr2[i2] ^ this.iv[i]);
            }
            return new CBCParam(bArr2);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Key key() {
            return new SecretKeySpec(this.kx, "SM4");
        }
    }

    public static final String restored(String str, String str2) throws Exception {
        try {
            return decrypt(str);
        } catch (Exception e) {
            throw new Exception(str2 + " restored password failure: " + str, e);
        }
    }

    public static final String encrypt(String str) throws Exception {
        Args.notNull(str, "plainPassword");
        byte[] genBytes = SecureRandoms.getInstance().genBytes(16);
        IvAndKey kdf = kdf();
        byte[] encrypt = BCSoftLib.INSTANCE().encrypt(new Mechanism(Mechanism.SM4_CBC, kdf.iv(genBytes)), kdf.key(), str.getBytes(US_ASCII));
        byte[] bArr = new byte[genBytes.length + encrypt.length];
        System.arraycopy(genBytes, 0, bArr, 0, genBytes.length);
        System.arraycopy(encrypt, 0, bArr, genBytes.length, encrypt.length);
        return PASSWORD_ENCRYPT_PREFIX + Base64.toBase64String((byte[]) bArr.clone());
    }

    public static final String decrypt(String str) throws Exception {
        Args.notNull(str, "base64EncryptPassword");
        String str2 = str;
        if (str.startsWith(PASSWORD_ENCRYPT_PREFIX)) {
            String substring = str.substring(PASSWORD_ENCRYPT_PREFIX.length());
            if (substring.length() < 16) {
                throw new Exception("the length of encrypted password must be more than 16!");
            }
            byte[] decode = Base64.decode(substring);
            byte[] copyOfRange = Arrays.copyOfRange(decode, 0, 16);
            IvAndKey kdf = kdf();
            str2 = new String(BCSoftLib.INSTANCE().decrypt(new Mechanism(Mechanism.SM4_CBC, kdf.iv(copyOfRange)), kdf.key(), Arrays.copyOfRange(decode, 16, decode.length)), US_ASCII);
        }
        return str2;
    }

    static IvAndKey kdf() throws Exception {
        byte[] bytes = "SeakJSSE@+s9fhSBDvmDBmVHsm%He&&LONG".getBytes("utf8");
        byte[] bArr = {0, 0, 0, 1};
        SMSDigest sMSDigest = new SMSDigest();
        sMSDigest.update(bytes, 0, bytes.length);
        sMSDigest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[32];
        sMSDigest.doFinal(bArr2, 0);
        return new IvAndKey(bArr2);
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length != 1) {
            System.err.println("command: password.sh <password>");
            return;
        }
        String encrypt = encrypt(strArr[0]);
        String decrypt = decrypt(encrypt);
        if (decrypt.equals(strArr[0])) {
            System.err.println(encrypt);
        } else {
            System.err.println("encrypt password failed: " + decrypt);
        }
    }
}
