package com.atlassian.bamboo.v2.build.agent.remote.crypto;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.bamboo.crypto.agent.AgentCipherProviderService;
import com.atlassian.bamboo.crypto.instance.CipherSpec;
import com.atlassian.bamboo.crypto.instance.EncryptorWithSpec;
import com.atlassian.bamboo.crypto.instance.SecretEncryptionService;
import com.atlassian.bamboo.crypto.instance.SecretEncryptor;
import com.atlassian.bamboo.utils.SystemProperty;
import com.atlassian.bamboo.v2.build.agent.remote.AgentConfiguration;
import io.atlassian.fugue.Suppliers;
import java.util.Objects;
import java.util.function.Supplier;
import javax.annotation.concurrent.NotThreadSafe;
import javax.inject.Inject;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.jetbrains.annotations.NotNull;

@NotThreadSafe
/* loaded from: input_file:com/atlassian/bamboo/v2/build/agent/remote/crypto/RemoteAgentSecretEncryptionService.class */
public class RemoteAgentSecretEncryptionService implements SecretEncryptionService {
    private static final boolean FOR_ENCRYPTION = true;

    @Inject
    private AgentConfiguration agentConfiguration;

    @Inject
    private AgentCipherProviderService agentCipherProviderService;
    private final CipherProvider cipherProvider;
    private final Supplier<EncryptorWithSpec> encryptorSupplier;
    private final Supplier<PaddedBufferedBlockCipher> decryptorSupplier;
    private static final Logger log = LogManager.getLogger(RemoteAgentSecretEncryptionService.class);
    private static final boolean FOR_DECRYPTION = false;
    private static final CipherSpec CURRENT_CIPHER_SPEC = new CipherSpec(FOR_DECRYPTION, 100);

    /* loaded from: input_file:com/atlassian/bamboo/v2/build/agent/remote/crypto/RemoteAgentSecretEncryptionService$CipherProvider.class */
    private class CipherProvider {
        private CipherProvider() {
        }

        @NotNull
        EncryptorWithSpec getEncryptor() {
            return new EncryptorWithSpec(getCipher(true, RemoteAgentSecretEncryptionService.CURRENT_CIPHER_SPEC), RemoteAgentSecretEncryptionService.CURRENT_CIPHER_SPEC);
        }

        @NotNull
        PaddedBufferedBlockCipher getDecryptor() {
            return getCipher(false, RemoteAgentSecretEncryptionService.CURRENT_CIPHER_SPEC);
        }

        @NotNull
        private PaddedBufferedBlockCipher getCipher(boolean z, CipherSpec cipherSpec) {
            BlockCipher newCipher = newCipher();
            Pair<byte[], byte[]> keyAndIv = getKeyAndIv(cipherSpec, newCipher);
            RemoteAgentSecretEncryptionService.log.debug("got {} bytes of key and {} bytes of iv", Integer.valueOf(((byte[]) keyAndIv.getLeft()).length), Integer.valueOf(((byte[]) keyAndIv.getRight()).length));
            PaddedBufferedBlockCipher makePaddedCbcCipher = makePaddedCbcCipher(newCipher);
            makePaddedCbcCipher.init(z, new ParametersWithIV(new KeyParameter((byte[]) keyAndIv.getKey()), (byte[]) keyAndIv.getValue()));
            return makePaddedCbcCipher;
        }

        @NotNull
        protected Pair<byte[], byte[]> getKeyAndIv(CipherSpec cipherSpec, BlockCipher blockCipher) {
            return RemoteAgentSecretEncryptionService.this.agentCipherProviderService.getKeyAndIv(RemoteAgentSecretEncryptionService.this.agentConfiguration.getAgentId());
        }

        @NotNull
        private PaddedBufferedBlockCipher makePaddedCbcCipher(BlockCipher blockCipher) {
            return new PaddedBufferedBlockCipher(new CBCBlockCipher(blockCipher));
        }

        private BlockCipher newCipher() {
            return new AESEngine();
        }
    }

    public RemoteAgentSecretEncryptionService() {
        this(true);
    }

    @VisibleForTesting
    protected RemoteAgentSecretEncryptionService(boolean z) {
        this.cipherProvider = new CipherProvider();
        if (z) {
            CipherProvider cipherProvider = this.cipherProvider;
            Objects.requireNonNull(cipherProvider);
            this.encryptorSupplier = Suppliers.memoize(cipherProvider::getEncryptor);
            CipherProvider cipherProvider2 = this.cipherProvider;
            Objects.requireNonNull(cipherProvider2);
            this.decryptorSupplier = Suppliers.memoize(cipherProvider2::getDecryptor);
            return;
        }
        CipherProvider cipherProvider3 = this.cipherProvider;
        Objects.requireNonNull(cipherProvider3);
        this.encryptorSupplier = cipherProvider3::getEncryptor;
        CipherProvider cipherProvider4 = this.cipherProvider;
        Objects.requireNonNull(cipherProvider4);
        this.decryptorSupplier = cipherProvider4::getDecryptor;
    }

    public boolean isEncrypted(@NotNull String str) {
        return SecretEncryptor.ArmoredString.is(str);
    }

    public boolean isDecryptable(@NotNull String str) {
        if (!isEncrypted(str)) {
            return false;
        }
        try {
            decryptUnchecked(str);
            return true;
        } catch (Exception e) {
            log.trace(e.getMessage());
            return false;
        }
    }

    @NotNull
    private String decryptUnchecked(@NotNull String str) {
        if (SystemProperty.DISABLE_ENCRYPTION.getTypedValue()) {
            return str;
        }
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = this.decryptorSupplier.get();
        paddedBufferedBlockCipher.reset();
        return SecretEncryptor.decrypt(str, armoredString -> {
            return paddedBufferedBlockCipher;
        });
    }

    @NotNull
    public String decrypt(@NotNull String str) {
        return decryptUnchecked(str);
    }

    @NotNull
    public String decryptIfDecryptable(@NotNull String str) {
        return !isEncrypted(str) ? str : decryptUnchecked(str);
    }

    @NotNull
    public String encrypt(@NotNull String str) {
        EncryptorWithSpec encryptorWithSpec = this.encryptorSupplier.get();
        encryptorWithSpec.getEncryptor().reset();
        return SecretEncryptor.encrypt(str, () -> {
            return encryptorWithSpec;
        });
    }
}
