package jenkins.security;

import hudson.FilePath;
import hudson.Util;
import hudson.util.Secret;
import hudson.util.TextFile;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import jenkins.model.Jenkins;
import org.apache.commons.io.IOUtils;
import org.w3c.tidy.Dict;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-1.643.jar:jenkins/security/DefaultConfidentialStore.class */
public class DefaultConfidentialStore extends ConfidentialStore {
    private final SecureRandom sr;
    private final File rootDir;
    private final SecretKey masterKey;
    private static final byte[] MAGIC = "::::MAGIC::::".getBytes();

    public DefaultConfidentialStore() throws IOException, InterruptedException {
        this(new File(Jenkins.getInstance().getRootDir(), "secrets"));
    }

    public DefaultConfidentialStore(File file) throws IOException, InterruptedException {
        this.sr = new SecureRandom();
        this.rootDir = file;
        if (file.mkdirs()) {
            new FilePath(file).chmod(Dict.VERS_PROPRIETARY);
        }
        TextFile textFile = new TextFile(new File(file, "master.key"));
        if (!textFile.exists()) {
            textFile.write(Util.toHexString(randomBytes(128)));
        }
        this.masterKey = Util.toAes128Key(textFile.readTrim());
    }

    @Override // jenkins.security.ConfidentialStore
    protected void store(ConfidentialKey confidentialKey, byte[] bArr) throws IOException {
        CipherOutputStream cipherOutputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            try {
                Cipher cipher = Secret.getCipher("AES");
                cipher.init(1, this.masterKey);
                FileOutputStream fileOutputStream2 = new FileOutputStream(getFileFor(confidentialKey));
                fileOutputStream = fileOutputStream2;
                cipherOutputStream = new CipherOutputStream(fileOutputStream2, cipher);
                cipherOutputStream.write(bArr);
                cipherOutputStream.write(MAGIC);
                IOUtils.closeQuietly((OutputStream) cipherOutputStream);
                IOUtils.closeQuietly((OutputStream) fileOutputStream);
            } catch (GeneralSecurityException e) {
                throw new IOException("Failed to persist the key: " + confidentialKey.getId(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((OutputStream) cipherOutputStream);
            IOUtils.closeQuietly((OutputStream) fileOutputStream);
            throw th;
        }
    }

    @Override // jenkins.security.ConfidentialStore
    protected byte[] load(ConfidentialKey confidentialKey) throws IOException {
        CipherInputStream cipherInputStream = null;
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    File fileFor = getFileFor(confidentialKey);
                    if (!fileFor.exists()) {
                        IOUtils.closeQuietly((InputStream) null);
                        IOUtils.closeQuietly((InputStream) null);
                        return null;
                    }
                    Cipher cipher = Secret.getCipher("AES");
                    cipher.init(2, this.masterKey);
                    FileInputStream fileInputStream2 = new FileInputStream(fileFor);
                    fileInputStream = fileInputStream2;
                    cipherInputStream = new CipherInputStream(fileInputStream2, cipher);
                    byte[] verifyMagic = verifyMagic(IOUtils.toByteArray(cipherInputStream));
                    IOUtils.closeQuietly((InputStream) cipherInputStream);
                    IOUtils.closeQuietly((InputStream) fileInputStream);
                    return verifyMagic;
                } catch (GeneralSecurityException e) {
                    throw new IOException("Failed to load the key: " + confidentialKey.getId(), e);
                }
            } catch (IOException e2) {
                if (!(e2.getCause() instanceof BadPaddingException)) {
                    throw e2;
                }
                IOUtils.closeQuietly((InputStream) cipherInputStream);
                IOUtils.closeQuietly((InputStream) fileInputStream);
                return null;
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) cipherInputStream);
            IOUtils.closeQuietly((InputStream) fileInputStream);
            throw th;
        }
    }

    private byte[] verifyMagic(byte[] bArr) {
        int length = bArr.length - MAGIC.length;
        if (length < 0) {
            return null;
        }
        for (int i = 0; i < MAGIC.length; i++) {
            if (bArr[length + i] != MAGIC[i]) {
                return null;
            }
        }
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    private File getFileFor(ConfidentialKey confidentialKey) {
        return new File(this.rootDir, confidentialKey.getId());
    }

    @Override // jenkins.security.ConfidentialStore
    public byte[] randomBytes(int i) {
        byte[] bArr = new byte[i];
        this.sr.nextBytes(bArr);
        return bArr;
    }
}
