package com.atlassian.crowd.crypto;

import com.atlassian.crowd.embedded.api.Encryptor;
import com.atlassian.crowd.exception.crypto.MissingKeyException;
import com.atlassian.crowd.manager.property.EncryptionSettings;
import com.atlassian.secrets.api.SecretStore;
import com.atlassian.secrets.api.SecretStoreProvider;
import com.atlassian.secrets.store.algorithm.paramters.DecryptionParameters;
import com.atlassian.secrets.store.algorithm.paramters.EncryptionParameters;
import com.google.common.annotations.VisibleForTesting;
import com.google.gson.Gson;
import java.io.File;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/crypto/DbConfigPasswordCipherEncryptor.class */
public class DbConfigPasswordCipherEncryptor implements Encryptor {
    private static final Logger log = LoggerFactory.getLogger(DbConfigPasswordCipherEncryptor.class);
    private static final String CIPHER_PROVIDER_CLASS_NAME = "com.atlassian.secrets.store.algorithm.AlgorithmSecretStore";
    private final String algorithm;
    private final String algorithmKey;
    private final EncryptionSettings encryptionSettings;
    private final ClusterAwareCipherWrapper cipher;

    @VisibleForTesting
    DbConfigPasswordCipherEncryptor(String str, String str2, EncryptionSettings encryptionSettings, ClusterAwareCipherWrapper clusterAwareCipherWrapper) {
        this.algorithm = str;
        this.algorithmKey = str2;
        this.encryptionSettings = encryptionSettings;
        this.cipher = clusterAwareCipherWrapper;
    }

    public DbConfigPasswordCipherEncryptor(String str, String str2, EncryptionSettings encryptionSettings, SecretStoreProvider secretStoreProvider) {
        this(str, str2, encryptionSettings, getCipher(secretStoreProvider, encryptionSettings));
    }

    private static ClusterAwareCipherWrapper getCipher(SecretStoreProvider secretStoreProvider, EncryptionSettings encryptionSettings) {
        return new ClusterAwareCipherWrapper(encryptionSettings, (SecretStore) secretStoreProvider.getInstance(CIPHER_PROVIDER_CLASS_NAME).orElseThrow(() -> {
            return new IllegalStateException(String.format("Cipher %s not found", CIPHER_PROVIDER_CLASS_NAME));
        }), new FileChecker(), new EncryptionKeyFilePermissionChanger());
    }

    public String encrypt(String str) {
        Optional encryptionKeyPath = this.encryptionSettings.getEncryptionKeyPath(this.algorithmKey);
        if (encryptionKeyPath.isPresent()) {
            return new Gson().toJson(doEncrypt(str, (String) encryptionKeyPath.orElse(null)));
        }
        log.warn("Default encryption key is not present. Encryptor was not initialized properly.");
        throw new MissingKeyException();
    }

    public String decrypt(String str) {
        try {
            return this.cipher.decrypt((DecryptionParameters) new Gson().fromJson(str, DecryptionParameters.class));
        } catch (RuntimeException e) {
            log.error("Error during decryption", e);
            return str;
        }
    }

    public boolean changeEncryptionKey() {
        this.encryptionSettings.setEncryptionKeyPath(this.algorithmKey, doEncrypt("", null).getKeyFilePath());
        return true;
    }

    private DecryptionParameters doEncrypt(String str, String str2) {
        return this.cipher.encrypt(new EncryptionParameters.Builder().setAlgorithm(this.algorithm).setAlgorithmKey(this.algorithmKey).setKeyFilePath(str2).setOutputFilesBasePath(this.encryptionSettings.getKeyFilesDirectoryPath() + File.separator).setSaveAlgorithmParametersToSeparateFile(false).setSaveSealedObjectToSeparateFile(false).setPlainTextPassword(str).build());
    }
}
