package com.atlassian.bamboo.crypto.agent;

import com.atlassian.bamboo.buildqueue.PipelineDefinition;
import com.atlassian.bamboo.buildqueue.dao.AgentDao;
import com.atlassian.bamboo.crypto.instance.SecretEncryptionService;
import com.atlassian.security.random.DefaultSecureRandomService;
import com.atlassian.security.random.SecureRandomService;
import io.atlassian.util.concurrent.ManagedLock;
import io.atlassian.util.concurrent.ManagedLocks;
import java.util.Base64;
import java.util.function.Function;
import javax.inject.Inject;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.engines.AESEngine;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/crypto/agent/AgentCipherProviderServiceImpl.class */
public class AgentCipherProviderServiceImpl implements AgentCipherProviderService {
    private static final Logger log = LogManager.getLogger(AgentCipherProviderServiceImpl.class);
    private static final int BLOCK_SIZE = new AESEngine().getBlockSize();
    private static final int KEY_LENGTH_BITS = 256;

    @Inject
    private AgentCipherDao agentCipherDao;

    @Inject
    private AgentDao agentDao;

    @Inject
    private SecretEncryptionService secretEncryptionService;
    private final SecureRandomService secureRandomService = DefaultSecureRandomService.getInstance();
    private final Function<Long, ManagedLock> lockManager = ManagedLocks.weakManagedLockFactory();

    @NotNull
    public Pair<byte[], byte[]> getKeyAndIv(long j) {
        return (Pair) this.lockManager.apply(Long.valueOf(j)).withLock(() -> {
            AgentCipher findByAgentId = this.agentCipherDao.findByAgentId(j);
            if (findByAgentId != null) {
                return decodeCipher(findByAgentId);
            }
            log.debug("Generating new cipher for {}", Long.valueOf(j));
            return generateAndSaveCipher(j);
        });
    }

    private Pair<byte[], byte[]> decodeCipher(AgentCipher agentCipher) {
        return Pair.of(decode(agentCipher.getKey()), decode(agentCipher.getIv()));
    }

    private Pair<byte[], byte[]> generateAndSaveCipher(long j) {
        PipelineDefinition agentById = this.agentDao.getAgentById(j);
        if (agentById == null) {
            throw new IllegalArgumentException("Unknown agent " + j);
        }
        byte[] bArr = new byte[32];
        byte[] bArr2 = new byte[BLOCK_SIZE];
        this.secureRandomService.nextBytes(bArr);
        this.secureRandomService.nextBytes(bArr2);
        this.agentCipherDao.saveCipher(agentById, encode(bArr), encode(bArr2));
        return Pair.of(bArr, bArr2);
    }

    private String encode(byte[] bArr) {
        return this.secretEncryptionService.encrypt(Base64.getEncoder().encodeToString(bArr));
    }

    private byte[] decode(String str) {
        return Base64.getDecoder().decode(this.secretEncryptionService.decryptIfDecryptable(str));
    }
}
