package cfca.sadk.timestamp.client.utils;

import cfca.sadk.algorithm.common.CBCParam;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.org.bouncycastle.crypto.digests.SM3DigestKit;
import cfca.sadk.system.SecureRandoms;
import cfca.sadk.timestamp.client.env.DefaultSessionLib;
import cfca.sadk.timestamp.exception.TSAException;
import cfca.sadk.util.Base64;
import java.security.Key;
import java.util.Arrays;
import javax.crypto.spec.SecretKeySpec;
import org.apache.http.util.Args;

/* loaded from: input_file:cfca/sadk/timestamp/client/utils/TscPasswordTool.class */
public final class TscPasswordTool {
    private static final int PASSWORD_ENCRYPT_MIN_LEN = 16;
    private static final String PASSWORD_ENCRYPT_PREFIX = "ENCRYPT@";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cfca/sadk/timestamp/client/utils/TscPasswordTool$IvAndKey.class */
    public static final class IvAndKey {
        final byte[] iv = new byte[TscPasswordTool.PASSWORD_ENCRYPT_MIN_LEN];
        final byte[] kx = new byte[TscPasswordTool.PASSWORD_ENCRYPT_MIN_LEN];

        IvAndKey(byte[] bArr) {
            System.arraycopy(bArr, 0, this.iv, 0, this.iv.length);
            System.arraycopy(bArr, TscPasswordTool.PASSWORD_ENCRYPT_MIN_LEN, this.kx, 0, this.kx.length);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final CBCParam iv(byte[] bArr) {
            byte[] bArr2 = (byte[]) bArr.clone();
            for (int i = 0; i < bArr.length; i++) {
                int i2 = i;
                bArr2[i2] = (byte) (bArr2[i2] ^ this.iv[i]);
            }
            return new CBCParam(bArr2);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Key key() {
            return new SecretKeySpec(this.kx, "SM4");
        }
    }

    public static final String readPassword(String str, String str2) throws TSAException {
        String str3;
        if (str == null || !str.startsWith(PASSWORD_ENCRYPT_PREFIX)) {
            str3 = str;
        } else {
            try {
                str3 = decryptPassword(str.substring(PASSWORD_ENCRYPT_PREFIX.length()));
            } catch (Exception e) {
                throw new TSAException(str2 + " restored [decryptPassword]  failure: " + str, e);
            }
        }
        return str3;
    }

    public static final String encryptPassword(String str) throws Exception {
        Args.notNull(str, "plainPassword");
        byte[] genBytes = SecureRandoms.getInstance().genBytes(PASSWORD_ENCRYPT_MIN_LEN);
        IvAndKey kdf = kdf();
        byte[] encrypt = DefaultSessionLib.SESSION.encrypt(new Mechanism(Mechanism.SM4_CBC, kdf.iv(genBytes)), kdf.key(), TscStrings.getUTF8Bytes(str));
        byte[] bArr = new byte[genBytes.length + encrypt.length];
        System.arraycopy(genBytes, 0, bArr, 0, genBytes.length);
        System.arraycopy(encrypt, 0, bArr, genBytes.length, encrypt.length);
        return TscStrings.toBase64String((byte[]) bArr.clone());
    }

    public static final String decryptPassword(String str) throws Exception {
        Args.notNull(str, "base64EncryptPassword");
        if (str.length() < PASSWORD_ENCRYPT_MIN_LEN) {
            throw new Exception("the length of encrepted password must be more than 16!");
        }
        byte[] decode = Base64.decode(str);
        byte[] copyOfRange = Arrays.copyOfRange(decode, 0, PASSWORD_ENCRYPT_MIN_LEN);
        IvAndKey kdf = kdf();
        return TscStrings.toUTF8String((byte[]) DefaultSessionLib.SESSION.decrypt(new Mechanism(Mechanism.SM4_CBC, kdf.iv(copyOfRange)), kdf.key(), Arrays.copyOfRange(decode, PASSWORD_ENCRYPT_MIN_LEN, decode.length)).clone());
    }

    static final IvAndKey kdf() throws Exception {
        byte[] bytes = "OCSP@+VSEXAMLONGINX%He&&LONG".getBytes("utf8");
        byte[] bArr = {0, 0, 0, 1};
        SM3DigestKit sM3DigestKit = new SM3DigestKit();
        sM3DigestKit.update(bytes, 0, bytes.length);
        sM3DigestKit.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[32];
        sM3DigestKit.doFinal(bArr2, 0);
        return new IvAndKey(bArr2);
    }
}
