package com.atlassian.security.auth.trustedapps;

import com.atlassian.security.auth.trustedapps.Transcoder;
import com.atlassian.security.auth.trustedapps.TransportErrorMessage;
import com.atlassian.security.auth.trustedapps.TrustedApplicationUtils;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider.class */
public class BouncyCastleEncryptionProvider extends BaseEncryptionProvider {
    private static final Provider PROVIDER = new BouncyCastleProvider();
    private static final String STREAM_CIPHER = "RC4";
    private static final String ASYM_CIPHER = "RSA/NONE/NoPadding";
    private static final String ASYM_ALGORITHM = "RSA";
    private final SecretKeyFactory secretKeyFactory;
    private final Transcoder transcoder;

    /* loaded from: input_file:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$BCKeyFactory.class */
    static class BCKeyFactory implements SecretKeyFactory {
        BCKeyFactory() {
        }

        @Override // com.atlassian.security.auth.trustedapps.BouncyCastleEncryptionProvider.SecretKeyFactory
        public SecretKey generateSecretKey() {
            try {
                return KeyGenerator.getInstance(BouncyCastleEncryptionProvider.STREAM_CIPHER, BouncyCastleEncryptionProvider.PROVIDER).generateKey();
            } catch (NoSuchAlgorithmException e) {
                throw new AssertionError(e);
            }
        }
    }

    /* loaded from: input_file:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyFactory.class */
    interface SecretKeyFactory {
        SecretKey generateSecretKey();
    }

    /* loaded from: input_file:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$SecretKeyValidator.class */
    interface SecretKeyValidator {
        boolean isValid(SecretKey secretKey);
    }

    /* loaded from: input_file:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$TransmissionValidator.class */
    static class TransmissionValidator implements SecretKeyValidator {
        TransmissionValidator() {
        }

        @Override // com.atlassian.security.auth.trustedapps.BouncyCastleEncryptionProvider.SecretKeyValidator
        public boolean isValid(SecretKey secretKey) {
            byte[] encoded = secretKey.getEncoded();
            return encoded.length == 16 && encoded[0] != 0;
        }
    }

    /* loaded from: input_file:com/atlassian/security/auth/trustedapps/BouncyCastleEncryptionProvider$ValidatingSecretKeyFactory.class */
    static class ValidatingSecretKeyFactory implements SecretKeyFactory {
        private final SecretKeyFactory delegate;
        private final SecretKeyValidator validator;

        ValidatingSecretKeyFactory(SecretKeyFactory secretKeyFactory, SecretKeyValidator secretKeyValidator) {
            this.delegate = secretKeyFactory;
            this.validator = secretKeyValidator;
        }

        @Override // com.atlassian.security.auth.trustedapps.BouncyCastleEncryptionProvider.SecretKeyFactory
        public SecretKey generateSecretKey() {
            SecretKey generateSecretKey = this.delegate.generateSecretKey();
            while (true) {
                SecretKey secretKey = generateSecretKey;
                if (this.validator.isValid(secretKey)) {
                    return secretKey;
                }
                generateSecretKey = this.delegate.generateSecretKey();
            }
        }
    }

    public BouncyCastleEncryptionProvider() {
        this(new ValidatingSecretKeyFactory(new BCKeyFactory(), new TransmissionValidator()), new Transcoder.Base64Transcoder());
    }

    private BouncyCastleEncryptionProvider(SecretKeyFactory secretKeyFactory, Transcoder transcoder) {
        Null.not("secretKeyFactory", secretKeyFactory);
        Null.not("transcoder", transcoder);
        this.secretKeyFactory = secretKeyFactory;
        this.transcoder = transcoder;
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public PublicKey toPublicKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance(ASYM_ALGORITHM, PROVIDER).generatePublic(new X509EncodedKeySpec(bArr));
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public PrivateKey toPrivateKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance(ASYM_ALGORITHM, PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public KeyPair generateNewKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        return KeyPairGenerator.getInstance(ASYM_ALGORITHM, PROVIDER).generateKeyPair();
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public ApplicationCertificate decodeEncryptedCertificate(EncryptedCertificate encryptedCertificate, PublicKey publicKey, String str) throws InvalidCertificateException {
        try {
            Cipher cipher = Cipher.getInstance(ASYM_CIPHER, PROVIDER);
            cipher.init(2, publicKey);
            String magicNumber = encryptedCertificate.getMagicNumber();
            if (magicNumber != null) {
                TrustedApplicationUtils.validateMagicNumber("public key", str, encryptedCertificate.getProtocolVersion(), new String(cipher.doFinal(this.transcoder.decode(magicNumber)), TrustedApplicationUtils.Constant.CHARSET_NAME));
            } else if (encryptedCertificate.getProtocolVersion() != null) {
                throw new InvalidCertificateException(new TransportErrorMessage.BadMagicNumber("public key", str));
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(this.transcoder.decode(encryptedCertificate.getSecretKey())), STREAM_CIPHER);
            Cipher cipher2 = Cipher.getInstance(STREAM_CIPHER, PROVIDER);
            cipher2.init(2, secretKeySpec);
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(cipher2.doFinal(this.transcoder.decode(encryptedCertificate.getCertificate()))), TrustedApplicationUtils.Constant.CHARSET_NAME));
            try {
                String readLine = bufferedReader.readLine();
                String readLine2 = bufferedReader.readLine();
                TrustedApplicationUtils.validateMagicNumber("secret key", str, encryptedCertificate.getProtocolVersion(), bufferedReader.readLine());
                return new DefaultApplicationCertificate(str, readLine2, Long.parseLong(readLine));
            } catch (IOException e) {
                throw new RuntimeException(e);
            } catch (NumberFormatException e2) {
                throw new SystemException(str, e2);
            }
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        } catch (NumberFormatException e4) {
            throw new SystemException(str, e4);
        } catch (SecurityException e5) {
            throw new InvalidCertificateException(new TransportErrorMessage.BadMagicNumber("secret key", str));
        } catch (InvalidKeyException e6) {
            throw new InvalidCertificateException(new TransportErrorMessage.BadMagicNumber("secret key", str));
        } catch (NoSuchAlgorithmException e7) {
            throw new AssertionError(e7);
        } catch (BadPaddingException e8) {
            throw new SystemException(str, e8);
        } catch (IllegalBlockSizeException e9) {
            throw new SystemException(str, e9);
        } catch (NoSuchPaddingException e10) {
            throw new AssertionError(e10);
        }
    }

    @Override // com.atlassian.security.auth.trustedapps.EncryptionProvider
    public EncryptedCertificate createEncryptedCertificate(String str, PrivateKey privateKey, String str2) {
        try {
            SecretKey generateSecretKey = this.secretKeyFactory.generateSecretKey();
            Cipher cipher = Cipher.getInstance(STREAM_CIPHER, PROVIDER);
            cipher.init(1, generateSecretKey);
            Cipher cipher2 = Cipher.getInstance(ASYM_CIPHER, PROVIDER);
            cipher2.init(1, privateKey);
            String encode = this.transcoder.encode(cipher2.doFinal(generateSecretKey.getEncoded()));
            String encode2 = this.transcoder.encode(cipher2.doFinal(this.transcoder.getBytes(TrustedApplicationUtils.Constant.MAGIC)));
            StringWriter stringWriter = new StringWriter();
            stringWriter.write(String.valueOf(System.currentTimeMillis()));
            stringWriter.write(10);
            stringWriter.write(str);
            stringWriter.write(10);
            stringWriter.write(TrustedApplicationUtils.Constant.MAGIC);
            stringWriter.flush();
            return new DefaultEncryptedCertificate(str2, encode, this.transcoder.encode(cipher.doFinal(this.transcoder.getBytes(stringWriter.toString()))), TrustedApplicationUtils.Constant.VERSION, encode2);
        } catch (InvalidKeyException e) {
            throw new AssertionError(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        } catch (BadPaddingException e3) {
            throw new RuntimeException(str2, e3);
        } catch (IllegalBlockSizeException e4) {
            throw new RuntimeException(str2, e4);
        } catch (NoSuchPaddingException e5) {
            throw new AssertionError(e5);
        }
    }
}
