package net.nemerosa.ontrack.service.security;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:net/nemerosa/ontrack/service/security/CryptoConfidentialKey.class */
public class CryptoConfidentialKey implements ConfidentialKey {
    private final ConfidentialStore confidentialStore;
    private final String id;
    private volatile SecretKey secret;
    private static final String ALGORITHM = "AES";

    public CryptoConfidentialKey(ConfidentialStore confidentialStore, String str) {
        this.confidentialStore = confidentialStore;
        this.id = str;
    }

    @Override // net.nemerosa.ontrack.service.security.ConfidentialKey
    public String getId() {
        return this.id;
    }

    private SecretKey getKey() {
        try {
            if (this.secret == null) {
                synchronized (this) {
                    if (this.secret == null) {
                        byte[] load = this.confidentialStore.load(this);
                        if (load == null) {
                            load = this.confidentialStore.randomBytes(256);
                            this.confidentialStore.store(this, load);
                        }
                        this.secret = new SecretKeySpec(load, 0, 16, ALGORITHM);
                    }
                }
            }
            return this.secret;
        } catch (IOException e) {
            throw new Error("Failed to load the key: " + getId(), e);
        }
    }

    @Override // net.nemerosa.ontrack.service.security.ConfidentialKey
    public String encrypt(String str) {
        try {
            Cipher encrypt = encrypt();
            encrypt.init(1, getKey());
            return Base64.getEncoder().encodeToString(encrypt.doFinal(str.getBytes(DefaultConfidentialStore.ENCODING)));
        } catch (IOException | GeneralSecurityException e) {
            throw new EncryptionException(e);
        }
    }

    @Override // net.nemerosa.ontrack.service.security.ConfidentialKey
    public String decrypt(String str) {
        try {
            Cipher decrypt = decrypt();
            decrypt.init(2, getKey());
            return new String(decrypt.doFinal(Base64.getDecoder().decode(str)), DefaultConfidentialStore.ENCODING);
        } catch (IOException | GeneralSecurityException e) {
            throw new EncryptionException(e);
        }
    }

    @Override // net.nemerosa.ontrack.service.security.ConfidentialKey
    public Cipher encrypt() {
        try {
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(1, getKey());
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }

    @Override // net.nemerosa.ontrack.service.security.ConfidentialKey
    public Cipher decrypt() {
        try {
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(2, getKey());
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }
}
