package io.provis.jenkins.config.crypto;

import com.google.common.io.Files;
import io.provis.jenkins.config.security.ad.ActiveDirectoryConfig;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:io/provis/jenkins/config/crypto/SecretEncryptorFactory.class */
public class SecretEncryptorFactory {
    private static final String ALGORITHM = "AES";
    private static final int DEFAULT_KEY_SIZE = 128;
    private static final Charset UTF8 = Charset.forName("UTF-8");
    private static final SecureRandom sr = new SecureRandom();
    static final byte[] MAGIC = "::::MAGIC::::".getBytes();
    private byte[] masterKey;
    private int keyBytes;
    private Map<String, Encryptor> encryptors;

    /* loaded from: input_file:io/provis/jenkins/config/crypto/SecretEncryptorFactory$Encryptor.class */
    private static class Encryptor {
        final String keyId;
        final byte[] keyBytes;
        final SecretEncryptor encryptor;

        public Encryptor(String str, byte[] bArr, SecretEncryptor secretEncryptor) {
            this.keyId = str;
            this.keyBytes = bArr;
            this.encryptor = secretEncryptor;
        }
    }

    public SecretEncryptorFactory() {
        this(null);
    }

    public SecretEncryptorFactory(String str) {
        this(str, DEFAULT_KEY_SIZE);
    }

    public SecretEncryptorFactory(String str, int i) {
        this.encryptors = new HashMap();
        this.keyBytes = i / 8;
        this.masterKey = (str == null ? Hex.encodeHexString(randomBytes(ActiveDirectoryConfig.Cache.SIZE_256)) : str).getBytes(UTF8);
    }

    public SecretEncryptor encryptor(String str) {
        Encryptor encryptor = this.encryptors.get(str);
        if (encryptor == null) {
            byte[] randomBytes = randomBytes(ActiveDirectoryConfig.Cache.SIZE_256);
            encryptor = new Encryptor(str, randomBytes, new SecretEncryptor(createKey(randomBytes)));
            this.encryptors.put(str, encryptor);
        }
        return encryptor.encryptor;
    }

    private SecretKey createKey(byte[] bArr) {
        return new SecretKeySpec(bArr, 0, this.keyBytes, ALGORITHM);
    }

    private SecretKey createHashedKey(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.reset();
            messageDigest.update(bArr);
            return new SecretKeySpec(messageDigest.digest(), 0, this.keyBytes, ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private static byte[] randomBytes(int i) {
        byte[] bArr = new byte[i];
        sr.nextBytes(bArr);
        return bArr;
    }

    public void write(File file) throws IOException {
        Files.write(this.masterKey, new File(file, "master.key"));
        SecretKey createHashedKey = createHashedKey(this.masterKey);
        for (Encryptor encryptor : this.encryptors.values()) {
            try {
                Cipher cipher = Cipher.getInstance(ALGORITHM);
                cipher.init(1, createHashedKey);
                Throwable th = null;
                try {
                    FileOutputStream fileOutputStream = new FileOutputStream(new File(file, encryptor.keyId));
                    try {
                        CipherOutputStream cipherOutputStream = new CipherOutputStream(fileOutputStream, cipher);
                        try {
                            cipherOutputStream.write(encryptor.keyBytes);
                            cipherOutputStream.write(MAGIC);
                            if (cipherOutputStream != null) {
                                cipherOutputStream.close();
                            }
                            if (fileOutputStream != null) {
                                fileOutputStream.close();
                            }
                        } finally {
                            th = th;
                        }
                    } catch (Throwable th2) {
                        if (th == null) {
                            th = th2;
                        } else if (th != th2) {
                            th.addSuppressed(th2);
                        }
                        if (fileOutputStream != null) {
                            fileOutputStream.close();
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    throw th;
                }
            } catch (GeneralSecurityException e) {
                throw new IOException("Failed to persist the key: " + encryptor.keyId, e);
            }
        }
    }
}
