package org.sonatype.nexus.crypto.internal;

import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import javax.annotation.concurrent.ThreadSafe;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.encoders.Base64Encoder;
import org.sonatype.nexus.crypto.CryptoHelper;

@ThreadSafe
/* loaded from: input_file:org/sonatype/nexus/crypto/internal/PasswordCipher.class */
public class PasswordCipher {
    private static final int SPICE_SIZE = 16;
    private static final int SALT_SIZE = 8;
    private static final int CHUNK_SIZE = 16;
    private static final String DIGEST_ALG = "SHA-256";
    private static final String KEY_ALG = "AES";
    private static final String CIPHER_ALG = "AES/CBC/PKCS5Padding";
    private final CryptoHelper cryptoHelper;
    private final Base64Encoder base64Encoder = new Base64Encoder();
    private final SecureRandom secureRandom;

    public PasswordCipher(CryptoHelper cryptoHelper) {
        this.cryptoHelper = (CryptoHelper) Preconditions.checkNotNull(cryptoHelper);
        this.secureRandom = cryptoHelper.createSecureRandom();
        this.secureRandom.setSeed(System.nanoTime());
    }

    public byte[] encrypt(byte[] bArr, String str) {
        Preconditions.checkNotNull(bArr);
        Preconditions.checkNotNull(str);
        try {
            byte[] bArr2 = new byte[SALT_SIZE];
            this.secureRandom.nextBytes(bArr2);
            byte[] doFinal = createCipher(str, bArr2, 1).doFinal(bArr);
            int length = doFinal.length;
            byte b = (byte) (16 - (((SALT_SIZE + length) + 1) % 16));
            byte[] bArr3 = new byte[SALT_SIZE + length + b + 1];
            this.secureRandom.nextBytes(bArr3);
            System.arraycopy(bArr2, 0, bArr3, 0, SALT_SIZE);
            bArr3[SALT_SIZE] = b;
            System.arraycopy(doFinal, 0, bArr3, 9, length);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr3.length * 2);
            this.base64Encoder.encode(bArr3, 0, bArr3.length, byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    public byte[] decrypt(byte[] bArr, String str) {
        Preconditions.checkNotNull(bArr);
        Preconditions.checkNotNull(str);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.base64Encoder.decode(bArr, 0, bArr.length, byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            int length = byteArray.length;
            byte[] bArr2 = new byte[SALT_SIZE];
            System.arraycopy(byteArray, 0, bArr2, 0, SALT_SIZE);
            byte[] bArr3 = new byte[((length - SALT_SIZE) - 1) - byteArray[SALT_SIZE]];
            System.arraycopy(byteArray, 9, bArr3, 0, bArr3.length);
            return createCipher(str, bArr2, 2).doFinal(bArr3);
        } catch (IOException e) {
            throw new IllegalArgumentException("Invalid payload (base64 problem)", e);
        } catch (Exception e2) {
            throw Throwables.propagate(e2);
        }
    }

    private Cipher createCipher(String str, byte[] bArr, int i) throws Exception {
        MessageDigest createDigest = this.cryptoHelper.createDigest(DIGEST_ALG);
        byte[] bArr2 = new byte[32];
        if (bArr == null || bArr.length == 0) {
            bArr = null;
        }
        int i2 = 0;
        while (i2 < bArr2.length) {
            createDigest.update(str.getBytes(Charsets.UTF_8));
            if (bArr != null) {
                createDigest.update(bArr, 0, SALT_SIZE);
            }
            byte[] digest = createDigest.digest();
            int length = bArr2.length - i2;
            if (digest.length > length) {
                byte[] bArr3 = new byte[length];
                System.arraycopy(digest, 0, bArr3, 0, bArr3.length);
                digest = bArr3;
            }
            System.arraycopy(digest, 0, bArr2, i2, digest.length);
            i2 += digest.length;
            if (i2 < bArr2.length) {
                createDigest.reset();
                createDigest.update(digest);
            }
        }
        byte[] bArr4 = new byte[16];
        byte[] bArr5 = new byte[16];
        System.arraycopy(bArr2, 0, bArr4, 0, bArr4.length);
        System.arraycopy(bArr2, bArr4.length, bArr5, 0, bArr5.length);
        Cipher cipher = Cipher.getInstance(CIPHER_ALG);
        cipher.init(i, new SecretKeySpec(bArr4, KEY_ALG), new IvParameterSpec(bArr5));
        return cipher;
    }
}
