package com.atlassian.db.config.password.ciphers.algorithm;

import com.atlassian.db.config.password.Cipher;
import com.atlassian.db.config.password.ciphers.algorithm.paramters.DecryptionParameters;
import com.atlassian.db.config.password.ciphers.algorithm.paramters.EncryptionParameters;
import com.atlassian.db.config.password.ciphers.algorithm.serialization.EnvironmentVarBasedConfiguration;
import com.atlassian.db.config.password.ciphers.algorithm.serialization.SerializationFileFactory;
import com.atlassian.db.config.password.ciphers.algorithm.serialization.UniqueFilePathGenerator;
import com.google.gson.Gson;
import java.io.Serializable;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.time.Clock;
import java.util.Base64;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.UnaryOperator;
import javax.crypto.KeyGenerator;
import javax.crypto.SealedObject;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.SerializationUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/db/config/password/ciphers/algorithm/AlgorithmCipher.class */
public class AlgorithmCipher implements Cipher {
    private static final Logger log = LoggerFactory.getLogger(AlgorithmCipher.class);
    private final Provider provider;
    private final Gson gson;
    private final SerializationFileFactory factory;
    private Clock clock;
    private Function<String, String> getSystemEnv;

    public AlgorithmCipher() {
        this.provider = new BouncyCastleProvider();
        this.gson = new Gson();
        this.clock = Clock.systemUTC();
        this.getSystemEnv = System::getenv;
        log.debug("Initiate AlgorithmCipher");
        Security.addProvider(this.provider);
        this.factory = new SerializationFileFactory();
    }

    AlgorithmCipher(SerializationFileFactory serializationFileFactory, Clock clock, Function<String, String> function) {
        this.provider = new BouncyCastleProvider();
        this.gson = new Gson();
        this.clock = Clock.systemUTC();
        this.getSystemEnv = System::getenv;
        this.factory = serializationFileFactory;
        this.clock = clock;
        this.getSystemEnv = function;
    }

    public String encrypt(String str) {
        log.debug("Encrypting data...");
        String json = this.gson.toJson(encrypt((EncryptionParameters) this.gson.fromJson(str, EncryptionParameters.class)));
        log.debug("Encryption done.");
        return json;
    }

    public String decrypt(String str) {
        log.debug("Decrypting data...");
        String plainTextPassword = decrypt((DecryptionParameters) this.gson.fromJson(str, DecryptionParameters.class)).getPlainTextPassword();
        log.debug("Decryption done.");
        return plainTextPassword;
    }

    private EncryptionParameters decrypt(DecryptionParameters decryptionParameters) {
        try {
            return new EncryptionParameters.Builder().setPlainTextPassword((String) getEncryptedPassword(decryptionParameters).getObject((Key) tryFromParamsThenEnvThenThrow(decryptionParameters.getKeyFilePath(), SecretKeySpec.class))).build();
        } catch (Exception e) {
            log.error("Runtime Exception thrown when decrypting: " + decryptionParameters, e);
            throw new RuntimeException(e);
        }
    }

    private SealedObject getEncryptedPassword(DecryptionParameters decryptionParameters) {
        return (SealedObject) Optional.ofNullable(decryptionParameters.getSerializedSealedObject()).map(this::base64ToObject).orElseGet(() -> {
            return (SealedObject) tryFromParamsThenEnvThenThrow(decryptionParameters.getSealedObjectFilePath(), SealedObject.class);
        });
    }

    private DecryptionParameters encrypt(EncryptionParameters encryptionParameters) {
        String objectToBase64;
        String str;
        try {
            UnaryOperator<String> unaryOperator = str2 -> {
                return buildFilePath(encryptionParameters.getOutputFilesBasePath(), str2);
            };
            AlgorithmParameters algorithmParameters = getAlgorithmParameters(encryptionParameters, unaryOperator);
            KeyWithPath keyOrGenerateNewAndGet = getKeyOrGenerateNewAndGet(encryptionParameters, unaryOperator);
            SecretKeySpec secretKeySpec = keyOrGenerateNewAndGet.getSecretKeySpec();
            javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(encryptionParameters.getAlgorithm(), this.provider);
            cipher.init(1, secretKeySpec, algorithmParameters);
            SealedObject sealedObject = new SealedObject(encryptionParameters.getPlainTextPassword(), cipher);
            if (encryptionParameters.isSaveSealedObjectToSeparateFile()) {
                str = (String) unaryOperator.apply(generateFileName(sealedObject.getClass().getName()));
                this.factory.getSerializationFile(str).createFileAndSave(sealedObject);
                objectToBase64 = null;
            } else {
                objectToBase64 = objectToBase64(sealedObject);
                str = null;
            }
            return new DecryptionParameters.Builder().setSealedObjectFilePath(str).serializedSealedObject(objectToBase64).setKeyFilePath(keyOrGenerateNewAndGet.getPath()).build();
        } catch (Exception e) {
            log.error("Exception thrown when encrypting: " + encryptionParameters, e);
            throw new RuntimeException(e);
        }
    }

    private AlgorithmParameters getAlgorithmParameters(EncryptionParameters encryptionParameters, UnaryOperator<String> unaryOperator) {
        AlgorithmParameters read;
        String str = (String) ObjectUtils.firstNonNull(new String[]{encryptionParameters.getAlgorithmParametersFilePath(), getFromEnv(AlgorithmParameters.class.getName())});
        if (str == null) {
            read = generateAlgorithmParameters(encryptionParameters.getAlgorithmKey());
            if (encryptionParameters.isSaveAlgorithmParametersToSeparateFile()) {
                String str2 = (String) unaryOperator.apply(generateFileName(AlgorithmParameters.class.getName()));
                this.factory.getAlgorithmParametersSerializationFile(str2).createFileAndSave(read);
                log.debug("Name of generated file with algorithm params used for encryption: {}", str2);
            } else {
                log.debug("Generation of file for algorithm params has been skipped");
            }
        } else {
            read = this.factory.getAlgorithmParametersSerializationFile(str).read(encryptionParameters.getAlgorithmKey());
        }
        return read;
    }

    private KeyWithPath getKeyOrGenerateNewAndGet(EncryptionParameters encryptionParameters, UnaryOperator<String> unaryOperator) {
        SecretKeySpec secretKeySpec;
        String str = (String) ObjectUtils.firstNonNull(new String[]{encryptionParameters.getKeyFilePath(), getFromEnv(SecretKeySpec.class.getName())});
        if (str == null) {
            secretKeySpec = generateSecretKey(encryptionParameters.getAlgorithmKey());
            str = (String) unaryOperator.apply(generateFileName(SecretKeySpec.class.getName()));
            this.factory.getSerializationFile(str).createFileAndSave(secretKeySpec);
        } else {
            secretKeySpec = (SecretKeySpec) this.factory.getSerializationFile(str).read(SecretKeySpec.class);
        }
        return new KeyWithPath(secretKeySpec, str);
    }

    private SecretKeySpec generateSecretKey(String str) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str, this.provider);
            keyGenerator.init(getKeySize(str));
            return (SecretKeySpec) keyGenerator.generateKey();
        } catch (Exception e) {
            log.error("Exception thrown when generating key for algorithm: " + str, e);
            throw new RuntimeException(e);
        }
    }

    private AlgorithmParameters generateAlgorithmParameters(String str) {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(str, this.provider);
            algorithmParameterGenerator.init(new SecureRandom().nextInt(), new SecureRandom());
            return algorithmParameterGenerator.generateParameters();
        } catch (Exception e) {
            log.error("Exception thrown when generating algorithm parameters for algorithm: " + str, e);
            throw new RuntimeException(e);
        }
    }

    private int getKeySize(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 64687:
                if (str.equals("AES")) {
                    z = false;
                    break;
                }
                break;
            case 67570:
                if (str.equals("DES")) {
                    z = true;
                    break;
                }
                break;
            case 2013078132:
                if (str.equals("DESede")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return 128;
            case true:
                return 56;
            case true:
                return 168;
            default:
                return 24;
        }
    }

    private String getFromEnv(String str) {
        return new EnvironmentVarBasedConfiguration(str, this.getSystemEnv).getFromEnv();
    }

    private String generateFileName(String str) {
        return new UniqueFilePathGenerator(str, this.clock).generateName();
    }

    private String buildFilePath(String str, String str2) {
        return (String) Optional.of(str2).map(str3 -> {
            return ((String) Optional.ofNullable(str).orElse("")) + str3;
        }).orElse(null);
    }

    private SealedObject base64ToObject(String str) {
        return (SealedObject) SerializationUtils.deserialize(Base64.getDecoder().decode(str));
    }

    private String objectToBase64(Serializable serializable) {
        return Base64.getEncoder().encodeToString(SerializationUtils.serialize(serializable));
    }

    private <T> T tryFromParamsThenEnvThenThrow(String str, Class<T> cls) {
        return (T) this.factory.getSerializationFile((String) Optional.ofNullable(str).orElseGet(() -> {
            return (String) Optional.ofNullable(getFromEnv(cls.getName())).orElseThrow(() -> {
                return new IllegalArgumentException("Missing file path for: " + cls.getName());
            });
        })).read(cls);
    }
}
