package hudson.util;

import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import com.trilead.ssh2.crypto.Base64;
import hudson.Util;
import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.crypto.Cipher;
import jenkins.security.CryptoConfidentialKey;
import jenkins.util.SystemProperties;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.Stapler;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.130-rc15798.1083a3f5c648.jar:hudson/util/Secret.class */
public final class Secret implements Serializable {
    private static final byte PAYLOAD_V1 = 1;

    @Nonnull
    private final String value;
    private byte[] iv;

    @Restricted({NoExternalUse.class})
    public static final Pattern ENCRYPTED_VALUE_PATTERN = Pattern.compile("\\{?[A-Za-z0-9+/]+={0,2}}?");
    private static final String PROVIDER = SystemProperties.getString(Secret.class.getName() + ".provider");
    static String SECRET = null;
    private static final CryptoConfidentialKey KEY = new CryptoConfidentialKey(Secret.class.getName());
    private static final long serialVersionUID = 1;

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.130-rc15798.1083a3f5c648.jar:hudson/util/Secret$ConverterImpl.class */
    public static final class ConverterImpl implements Converter {
        @Override // com.thoughtworks.xstream.converters.ConverterMatcher
        public boolean canConvert(Class cls) {
            return cls == Secret.class;
        }

        @Override // com.thoughtworks.xstream.converters.Converter
        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            hierarchicalStreamWriter.setValue(((Secret) obj).getEncryptedValue());
        }

        @Override // com.thoughtworks.xstream.converters.Converter
        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            return Secret.fromString(hierarchicalStreamReader.getValue());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Secret(String str) {
        this.value = str;
    }

    Secret(String str, byte[] bArr) {
        this.value = str;
        this.iv = bArr;
    }

    @Deprecated
    public String toString() {
        return this.value;
    }

    @Nonnull
    public String getPlainText() {
        return this.value;
    }

    public boolean equals(Object obj) {
        return (obj instanceof Secret) && this.value.equals(((Secret) obj).value);
    }

    public int hashCode() {
        return this.value.hashCode();
    }

    public String getEncryptedValue() {
        try {
            synchronized (this) {
                if (this.iv == null) {
                    this.iv = KEY.newIv();
                }
            }
            byte[] doFinal = KEY.encrypt(this.iv).doFinal(this.value.getBytes(StandardCharsets.UTF_8));
            byte[] bArr = new byte[9 + this.iv.length + doFinal.length];
            int i = 0 + 1;
            bArr[0] = 1;
            int i2 = i + 1;
            bArr[i] = (byte) (this.iv.length >> 24);
            int i3 = i2 + 1;
            bArr[i2] = (byte) (this.iv.length >> 16);
            int i4 = i3 + 1;
            bArr[i3] = (byte) (this.iv.length >> 8);
            int i5 = i4 + 1;
            bArr[i4] = (byte) this.iv.length;
            int i6 = i5 + 1;
            bArr[i5] = (byte) (doFinal.length >> 24);
            int i7 = i6 + 1;
            bArr[i6] = (byte) (doFinal.length >> 16);
            int i8 = i7 + 1;
            bArr[i7] = (byte) (doFinal.length >> 8);
            int i9 = i8 + 1;
            bArr[i8] = (byte) doFinal.length;
            System.arraycopy(this.iv, 0, bArr, i9, this.iv.length);
            System.arraycopy(doFinal, 0, bArr, i9 + this.iv.length, doFinal.length);
            return "{" + new String(Base64.encode(bArr)) + "}";
        } catch (GeneralSecurityException e) {
            throw new Error(e);
        }
    }

    @CheckForNull
    public static Secret decrypt(@CheckForNull String str) {
        if (!isValidData(str)) {
            return null;
        }
        if (!str.startsWith("{") || !str.endsWith("}")) {
            try {
                return HistoricalSecrets.decrypt(str, KEY);
            } catch (UnsupportedEncodingException e) {
                throw new Error(e);
            } catch (IOException e2) {
                return null;
            } catch (GeneralSecurityException e3) {
                return null;
            }
        }
        try {
            byte[] decode = Base64.decode(str.substring(1, str.length() - 1).toCharArray());
            switch (decode[0]) {
                case 1:
                    int i = ((decode[1] & 255) << 24) | ((decode[2] & 255) << 16) | ((decode[3] & 255) << 8) | (decode[4] & 255);
                    if (decode.length != 9 + i + (((decode[5] & 255) << 24) | ((decode[6] & 255) << 16) | ((decode[7] & 255) << 8) | (decode[8] & 255))) {
                        return null;
                    }
                    byte[] copyOfRange = Arrays.copyOfRange(decode, 9, 9 + i);
                    try {
                        return new Secret(new String(KEY.decrypt(copyOfRange).doFinal(Arrays.copyOfRange(decode, 9 + i, decode.length)), StandardCharsets.UTF_8), copyOfRange);
                    } catch (GeneralSecurityException e4) {
                        return null;
                    }
                default:
                    return null;
            }
        } catch (IOException e5) {
            return null;
        }
    }

    private static boolean isValidData(String str) {
        if (str == null || "{}".equals(str) || "".equals(str.trim())) {
            return false;
        }
        return (str.startsWith("{") && str.endsWith("}") && "".equals(str.substring(1, str.length() - 1).trim())) ? false : true;
    }

    public static Cipher getCipher(String str) throws GeneralSecurityException {
        return PROVIDER != null ? Cipher.getInstance(str, PROVIDER) : Cipher.getInstance(str);
    }

    @Nonnull
    public static Secret fromString(@CheckForNull String str) {
        String fixNull = Util.fixNull(str);
        Secret decrypt = decrypt(fixNull);
        if (decrypt == null) {
            decrypt = new Secret(fixNull);
        }
        return decrypt;
    }

    @Nonnull
    public static String toString(@CheckForNull Secret secret) {
        return secret == null ? "" : secret.value;
    }

    @Restricted({NoExternalUse.class})
    static void resetKeyForTest() {
        KEY.resetForTest();
    }

    static {
        Stapler.CONVERT_UTILS.register(new org.apache.commons.beanutils.Converter() { // from class: hudson.util.Secret.1
            @Override // org.apache.commons.beanutils.Converter
            public Secret convert(Class cls, Object obj) {
                return Secret.fromString(obj.toString());
            }
        }, Secret.class);
    }
}
