package jenkins.security;

import hudson.util.Secret;
import java.io.IOException;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.398-rc33496.6500392940d6.jar:jenkins/security/CryptoConfidentialKey.class */
public class CryptoConfidentialKey extends ConfidentialKey {

    @Restricted({NoExternalUse.class})
    public static final int DEFAULT_IV_LENGTH = 16;
    private ConfidentialStore lastCS;
    private SecretKey secret;
    private static final String KEY_ALGORITHM = "AES";
    private static final String ALGORITHM = "AES/CBC/PKCS5Padding";

    public CryptoConfidentialKey(String str) {
        super(str);
    }

    public CryptoConfidentialKey(Class cls, String str) {
        this(cls.getName() + "." + str);
    }

    private synchronized SecretKey getKey() {
        ConfidentialStore confidentialStore = ConfidentialStore.get();
        if (this.secret == null || confidentialStore != this.lastCS) {
            this.lastCS = confidentialStore;
            try {
                byte[] load = load();
                if (load == null) {
                    load = confidentialStore.randomBytes(256);
                    store(load);
                }
                this.secret = new SecretKeySpec(load, 0, 16, "AES");
            } catch (IOException e) {
                throw new Error("Failed to load the key: " + getId(), e);
            }
        }
        return this.secret;
    }

    @Deprecated
    public Cipher encrypt() {
        try {
            Cipher cipher = Secret.getCipher("AES");
            cipher.init(1, getKey());
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    @Restricted({NoExternalUse.class})
    public Cipher encrypt(byte[] bArr) {
        try {
            Cipher cipher = Secret.getCipher(ALGORITHM);
            cipher.init(1, getKey(), new IvParameterSpec(bArr));
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    @Restricted({NoExternalUse.class})
    public Cipher decrypt(byte[] bArr) {
        try {
            Cipher cipher = Secret.getCipher(ALGORITHM);
            cipher.init(2, getKey(), new IvParameterSpec(bArr));
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    @Restricted({NoExternalUse.class})
    public byte[] newIv(int i) {
        return ConfidentialStore.get().randomBytes(i);
    }

    @Restricted({NoExternalUse.class})
    public byte[] newIv() {
        return newIv(16);
    }

    @Deprecated
    public Cipher decrypt() {
        try {
            Cipher cipher = Secret.getCipher("AES");
            cipher.init(2, getKey());
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }
}
