package com.atlassian.secrets.service.aes;

import com.atlassian.secrets.api.SecretServiceException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.GeneralSecurityException;
import java.time.Clock;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.UUID;
import java.util.function.Supplier;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/secrets/service/aes/AESKeyGenerator.class */
public class AESKeyGenerator {
    private static final Logger log = LoggerFactory.getLogger(AESKeyGenerator.class);
    private final Clock clock;
    private final Supplier<String> entropySupplier;

    public AESKeyGenerator() {
        this(Clock.systemUTC(), AESKeyGenerator::getUUIDEntropy);
    }

    public AESKeyGenerator(Clock clock, Supplier<String> supplier) {
        this.clock = clock;
        this.entropySupplier = supplier;
    }

    public Path generateDefaultKey(Path path) {
        try {
            SecretKeySpec generateSecretKey = generateSecretKey();
            Path resolve = path.resolve(String.format("%s%d_%s_%s", AESEncryptionBackend.AES_ALGORITHM, Integer.valueOf(AESEncryptionBackend.MAX_AES_KEY_SIZE), DateTimeFormatter.ofPattern("yyyy-MM-dd-HHmmss").withZone(ZoneOffset.UTC).format(this.clock.instant()), this.entropySupplier.get()));
            if (!Files.exists(path, new LinkOption[0])) {
                Files.createDirectories(path, new FileAttribute[0]);
            }
            Files.write(resolve, generateSecretKey.getEncoded(), new OpenOption[0]);
            return resolve.toAbsolutePath();
        } catch (Exception e) {
            log.error("Problem when trying to write the default AES encryption key file.");
            throw new SecretServiceException("Problem when trying to write the default AES encryption key file.", e);
        } catch (SecretServiceException e2) {
            throw e2;
        }
    }

    private SecretKeySpec generateSecretKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AESEncryptionBackend.AES_ALGORITHM, SecurityProvider.get());
            keyGenerator.init(AESEncryptionBackend.MAX_AES_KEY_SIZE);
            return (SecretKeySpec) keyGenerator.generateKey();
        } catch (GeneralSecurityException e) {
            throw new SecretServiceException("Error when generating the AES key", e);
        }
    }

    public static String getUUIDEntropy() {
        return UUID.randomUUID().toString();
    }
}
