package com.xebialabs.deployit.security;

import com.xebialabs.deployit.checks.Checks;
import com.xebialabs.deployit.checksum.ChecksumAlgorithmProvider;
import com.xebialabs.deployit.checksum.DefaultChecksumAlgorithmProviderFactory;
import com.xebialabs.overthere.util.OverthereUtils;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.PKCS7Padding;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* loaded from: input_file:META-INF/lib/xl-core-9.7.0-alpha.22.jar:com/xebialabs/deployit/security/SecretKeyHolder.class */
public class SecretKeyHolder {
    private static final AtomicReference<SecretKeyHolder> instance = new AtomicReference<>();
    private final SecretKey secretKey;

    public static void init(SecretKey secretKey) {
        instance.set(new SecretKeyHolder(secretKey));
    }

    public static void reset() {
        instance.set(null);
    }

    public static SecretKeyHolder get() {
        SecretKeyHolder secretKeyHolder = instance.get();
        OverthereUtils.checkState(secretKeyHolder != null, "EncryptionKeyHolder not yet set, please construct one.", new Object[0]);
        return secretKeyHolder;
    }

    public SecretKeyHolder(SecretKey secretKey) {
        Checks.checkNotNull(secretKey, "secretKey cannot be null");
        this.secretKey = secretKey;
    }

    public String getKeyFingerprint() {
        return getKeyFingerprintWithProvider(DefaultChecksumAlgorithmProviderFactory.defaultComparisonAlgorithm());
    }

    public String getKeyFingerprint(String str) {
        return getKeyFingerprintWithProvider(DefaultChecksumAlgorithmProviderFactory.create(str));
    }

    private String getKeyFingerprintWithProvider(ChecksumAlgorithmProvider checksumAlgorithmProvider) {
        return Hex.encodeHexString(checksumAlgorithmProvider.getMessageDigest().digest(this.secretKey.getEncoded()));
    }

    public BufferedBlockCipher getEncryption() {
        return getCipher(true);
    }

    public BufferedBlockCipher getDecryption() {
        return getCipher(false);
    }

    private BufferedBlockCipher getCipher(boolean z) {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new AESEngine());
        paddedBufferedBlockCipher.reset();
        paddedBufferedBlockCipher.init(z, new KeyParameter(this.secretKey.getEncoded()));
        return paddedBufferedBlockCipher;
    }

    public BufferedBlockCipher getEncryption(byte[] bArr) {
        return getCipher(true, bArr);
    }

    public BufferedBlockCipher getDecryption(byte[] bArr) {
        return getCipher(false, bArr);
    }

    private BufferedBlockCipher getCipher(boolean z, byte[] bArr) {
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
        ParametersWithIV parametersWithIV = new ParametersWithIV(new KeyParameter(this.secretKey.getEncoded()), bArr);
        paddedBufferedBlockCipher.reset();
        paddedBufferedBlockCipher.init(z, parametersWithIV);
        return paddedBufferedBlockCipher;
    }
}
