package org.sonatype.security.ldap.upgrade.cipher;

import java.io.ByteArrayOutputStream;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64Encoder;
import org.codehaus.plexus.component.annotations.Component;
import org.codehaus.plexus.component.annotations.Configuration;
import org.codehaus.plexus.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(role = PlexusCipher.class)
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.6.3-01/dependencies/nexus-ldap-common-2.6.3-01.jar:org/sonatype/security/ldap/upgrade/cipher/DefaultPlexusCipher.class */
public class DefaultPlexusCipher implements PlexusCipher {
    private static final int SALT_SIZE = 8;
    private static final String STRING_ENCODING = "UTF8";
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Configuration("PBEWithSHAAnd128BitRC4")
    protected String algorithm = "PBEWithSHAAnd128BitRC4";

    @Configuration("23")
    protected int iterationCount = 23;
    private final BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();

    protected Logger getLogger() {
        return this.logger;
    }

    private Cipher init(String str, byte[] bArr, boolean z) throws PlexusCipherException {
        int i = z ? 1 : 2;
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance(this.algorithm, this.bouncyCastleProvider).generateSecret(new PBEKeySpec(str.toCharArray()));
            Cipher cipher = Cipher.getInstance(this.algorithm, this.bouncyCastleProvider);
            cipher.init(i, generateSecret, new PBEParameterSpec(bArr, this.iterationCount));
            return cipher;
        } catch (Exception e) {
            throw new PlexusCipherException(e);
        }
    }

    private byte[] getSalt(int i) throws NoSuchAlgorithmException, NoSuchProviderException {
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(System.currentTimeMillis());
        return secureRandom.generateSeed(i);
    }

    @Override // org.sonatype.security.ldap.upgrade.cipher.PlexusCipher
    public String encrypt(String str, String str2) throws PlexusCipherException {
        try {
            byte[] salt = getSalt(8);
            byte[] doFinal = init(str2, salt, true).doFinal(str.getBytes(STRING_ENCODING));
            Base64Encoder base64Encoder = new Base64Encoder();
            byte length = (byte) (salt.length & 255);
            int length2 = doFinal.length;
            byte[] bArr = new byte[salt.length + length2 + 1];
            bArr[0] = length;
            System.arraycopy(salt, 0, bArr, 1, length);
            System.arraycopy(doFinal, 0, bArr, length + 1, length2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length * 2);
            base64Encoder.encode(bArr, 0, bArr.length, byteArrayOutputStream);
            return byteArrayOutputStream.toString(STRING_ENCODING);
        } catch (Exception e) {
            throw new PlexusCipherException(e);
        }
    }

    @Override // org.sonatype.security.ldap.upgrade.cipher.PlexusCipher
    public String encryptAndDecorate(String str, String str2) throws PlexusCipherException {
        return decorate(encrypt(str, str2));
    }

    @Override // org.sonatype.security.ldap.upgrade.cipher.PlexusCipher
    public String decrypt(String str, String str2) throws PlexusCipherException {
        if (StringUtils.isEmpty(str)) {
            return str;
        }
        try {
            Base64Encoder base64Encoder = new Base64Encoder();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            base64Encoder.decode(str, byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            int i = byteArray[0] & 255;
            if (i != 8) {
                throw new Exception("default.plexus.cipher.encryptedStringCorruptedStructure");
            }
            if (byteArray.length < i + 2) {
                throw new Exception("default.plexus.cipher.encryptedStringCorruptedLength");
            }
            byte[] bArr = new byte[i];
            System.arraycopy(byteArray, 1, bArr, 0, i);
            int length = (byteArray.length - i) - 1;
            if (length < 1) {
                throw new Exception("default.plexus.cipher.encryptedStringCorruptedSize");
            }
            byte[] bArr2 = new byte[length];
            System.arraycopy(byteArray, i + 1, bArr2, 0, length);
            return new String(init(str2, bArr, false).doFinal(bArr2), STRING_ENCODING);
        } catch (Exception e) {
            throw new PlexusCipherException(e);
        }
    }

    @Override // org.sonatype.security.ldap.upgrade.cipher.PlexusCipher
    public String decryptDecorated(String str, String str2) throws PlexusCipherException {
        return StringUtils.isEmpty(str) ? str : isEncryptedString(str) ? decrypt(unDecorate(str), str2) : decrypt(str, str2);
    }

    @Override // org.sonatype.security.ldap.upgrade.cipher.PlexusCipher
    public boolean isEncryptedString(String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        int indexOf = str.indexOf(123);
        int indexOf2 = str.indexOf(125);
        return (indexOf == -1 || indexOf2 == -1 || indexOf2 <= indexOf + 1) ? false : true;
    }

    @Override // org.sonatype.security.ldap.upgrade.cipher.PlexusCipher
    public String unDecorate(String str) throws PlexusCipherException {
        if (!isEncryptedString(str)) {
            throw new PlexusCipherException("default.plexus.cipher.badEncryptedPassword");
        }
        return str.substring(str.indexOf(123) + 1, str.indexOf(125));
    }

    @Override // org.sonatype.security.ldap.upgrade.cipher.PlexusCipher
    public String decorate(String str) {
        return '{' + (str == null ? "" : str) + '}';
    }
}
