package com.atlassian.bamboo.crypto.instance;

import com.atlassian.bandana.BandanaManager;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Throwables;
import io.atlassian.util.concurrent.Lazy;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import java.util.Random;
import java.util.function.Supplier;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.log4j.Logger;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/crypto/instance/SecretEncryptionServiceInternalImpl.class */
public class SecretEncryptionServiceInternalImpl implements SecretEncryptionServiceInternal {
    private static final Logger log = Logger.getLogger(SecretEncryptionServiceInternalImpl.class);

    @Inject
    private BandanaManager bandanaManager;
    InstanceCipherProvider instanceCipherProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/bamboo/crypto/instance/SecretEncryptionServiceInternalImpl$ArmoredString.class */
    public static final class ArmoredString {
        private static final char SEPARATOR_CHAR = '@';
        private static final String BAMSCRT = "BAMSCRT";
        private final CipherSpec cipherSpec;
        private final byte[] ciphertext;

        public ArmoredString(CipherSpec cipherSpec, byte[] bArr) {
            this.cipherSpec = cipherSpec;
            this.ciphertext = bArr;
        }

        public byte[] getCiphertext() {
            return this.ciphertext;
        }

        public CipherSpec getCipherSpec() {
            return this.cipherSpec;
        }

        public static ArmoredString from(@NotNull String str) {
            Objects.requireNonNull(str, "Ciphertext must not be null");
            String[] split = StringUtils.split(str, '@');
            if (split.length != 4) {
                throw new IllegalArgumentException("Unknown encrypted data format: [" + str + ']');
            }
            return new ArmoredString(new CipherSpec(Integer.valueOf(split[1]).intValue(), Integer.valueOf(split[2]).intValue()), Base64.getDecoder().decode(split[3]));
        }

        public static ArmoredString from(CipherSpec cipherSpec, byte[] bArr) {
            return new ArmoredString(cipherSpec, bArr);
        }

        public String toString() {
            return "BAMSCRT@" + this.cipherSpec.getAlgorithmId() + '@' + this.cipherSpec.getCipherDataId() + '@' + Base64.getEncoder().encodeToString(this.ciphertext);
        }

        public static boolean is(@Nullable String str) {
            return StringUtils.startsWith(str, BAMSCRT);
        }
    }

    @PostConstruct
    private void postConstruct() {
        try {
            this.instanceCipherProvider = new InstanceCipherProvider(new InstanceSecretStorage(this.bandanaManager));
            this.instanceCipherProvider.initialiseCurrentCipher();
        } catch (Error | RuntimeException e) {
            log.fatal("", e);
        }
    }

    @Override // com.atlassian.bamboo.crypto.instance.SecretEncryptionServiceInternal
    public boolean isEncrypted(@NotNull String str) {
        return ArmoredString.is(str);
    }

    @Override // com.atlassian.bamboo.crypto.instance.SecretEncryptionServiceInternal
    @NotNull
    public String decrypt(@NotNull String str) {
        ArmoredString from = ArmoredString.from(str);
        return new String(decrypt(this.instanceCipherProvider.getDecryptor(from.getCipherSpec()), from.getCiphertext()), StandardCharsets.UTF_8);
    }

    @Override // com.atlassian.bamboo.crypto.instance.SecretEncryptionServiceInternal
    @NotNull
    public String encrypt(@NotNull String str) {
        return encrypt(str.getBytes(StandardCharsets.UTF_8)).toString();
    }

    @Override // com.atlassian.bamboo.crypto.instance.SecretEncryptionServiceInternal
    public void reloadCipher() {
        this.instanceCipherProvider.reloadCurrentCipher();
    }

    private ArmoredString encrypt(byte[] bArr) {
        EncryptorWithSpec encryptor = this.instanceCipherProvider.getEncryptor();
        return ArmoredString.from(encryptor.getCipherSpec(), encrypt(encryptor.getEncryptor(), bArr));
    }

    private static byte[] decrypt(PaddedBufferedBlockCipher paddedBufferedBlockCipher, byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length];
        int processBytes = paddedBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr2, 0);
        try {
            return Arrays.copyOfRange(bArr2, 0, processBytes + paddedBufferedBlockCipher.doFinal(bArr2, processBytes));
        } catch (InvalidCipherTextException e) {
            throw Throwables.propagate(e);
        }
    }

    protected byte[] encrypt(PaddedBufferedBlockCipher paddedBufferedBlockCipher, byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + (2 * paddedBufferedBlockCipher.getBlockSize())];
        int processBytes = paddedBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr2, 0);
        try {
            return Arrays.copyOfRange(bArr2, 0, processBytes + paddedBufferedBlockCipher.doFinal(bArr2, processBytes));
        } catch (InvalidCipherTextException e) {
            throw Throwables.propagate(e);
        }
    }

    @VisibleForTesting
    public static SecretEncryptionService forTesting() {
        SecretEncryptionServiceInternalImpl secretEncryptionServiceInternalImpl = new SecretEncryptionServiceInternalImpl();
        secretEncryptionServiceInternalImpl.instanceCipherProvider = new InstanceCipherProvider(new InstanceSecretStorage(null)) { // from class: com.atlassian.bamboo.crypto.instance.SecretEncryptionServiceInternalImpl.1
            private final Supplier<Pair<byte[], byte[]>> keyAndIv = Lazy.supplier(() -> {
                Random random = new Random();
                byte[] bArr = new byte[32];
                random.nextBytes(bArr);
                byte[] bArr2 = new byte[16];
                random.nextBytes(bArr2);
                return Pair.of(bArr, bArr2);
            });

            @Override // com.atlassian.bamboo.crypto.instance.InstanceCipherProvider
            @NotNull
            protected Pair<byte[], byte[]> getKeyAndIv(CipherSpec cipherSpec, BlockCipher blockCipher, boolean z) {
                return this.keyAndIv.get();
            }
        };
        SecretEncryptionServiceImpl secretEncryptionServiceImpl = new SecretEncryptionServiceImpl();
        secretEncryptionServiceImpl.setSecretEncryptionService(secretEncryptionServiceInternalImpl);
        return secretEncryptionServiceImpl;
    }
}
