Admittedly I'm not very well versed with P2SH so I'm not sure exactly how you could get the script that does not contain the <secret> nor public keys to actually work (but I do think this should be possible).
P2SH doesn't fundamentally change script. It is just another way of encoding everything using a template so that the scriptPubKey is effectively included when spending the coin.
You pay to OP_HASH160 <20-byte-hash-value> OP_EQUAL and the client interprets the hash value as the hash of the actual scriptPubKey you want to use.
Script works with a stack. For spending, the stack is initialized so that it doesn't result in a failure if the scriptPubKey is executed.
ProtocolAlice picks a random array "secret" and funds this Altcoin transaction.
OP_IF
OP_HASH160 <hash(secret)> OP_EQUALVERIFY <Bob's public key 1> OP_CHECKSIG
OP_ELSE
<now + 24 hours> OP_CHECKLOCKTIMEVERIFY <Alice's public key 1> OP_CHECKSIG
OP_ENDIF
If Bob knew the secret, he could spend this transaction output with this stack
<signature using Bob's public key 1> <secret> OP_1
Alice can spend this transaction output with this stack
<signature using Bob's public key 1> OP_0
OP_0 causes the else branch to execute and Alice doesn't have to provide the secret but she does have to wait 24 hours due to the locktime requirement.
This means that Alice can spend the output in 24 hours if Bob hasn't and Bob can only spend it if he finds out the secret.
Bob funds this output with BTC.
OP_IF
OP_HASH160 <hash(secret)> OP_EQUALVERIFY <Alice's public key 2> OP_CHECKSIG
OP_ELSE
<now + 12 hours> OP_CHECKLOCKTIMEVERIFY <Bob's public key 2> OP_CHECKSIG
OP_ENDIF
This means that he can get his money back after 12 hours or Alice can spend the output immediately. If she spends the output, she has to do it before 12 hours has passed. This means that Bob has another 12 hours to use the secret to spend the first output.
The steps are
1) Alice picks secret and broadcasts her transaction
2) Bob verifies that her transaction is confirmed and then sends his transaction
3) Alice verifies that his transaction is confirmed and then spends his transaction (requires publishing the secret)
4) Bob uses the secret to spend Alice's transaction
To show that it is atomic, you have to show that it can be reversed if anyone refuses to continue.
Bob refuses to complete step 2)
Alice keeps the secret a secret and waits 24 hours to get her money back
Alice refuses to complete step 3)
After 12 hours Bob can recover his money
Alice has to wait 12 more hours to get her money back. She needs to make sure to keep the secret a secret
Bob refuses to complete step 4)
He only harms himself by doing this. After the 24 hour lockout, Alice can take back her money. He needs to make sure to take back his money by then.
-----------------------------------------------------------------
Script executionThis is a step by step guide to the first script, when Bob spends it.
The script is initialized to
<signature using Bob's public key 1> <secret> OP_1
When OP_IF fires, it will read 1 off the stack and execute the top branch.
<signature using Bob's public key 1> <secret>
OP_HASH160 will read <secret> off the stack and then place hash(secret) onto the stack.
<signature using Bob's public key 1> <hash(secret)>
<hash(secret)> will push hash(secret) onto the stack
<signature using Bob's public key 1> <hash(secret)> <hash(secret)>
OP_EQUALVERIFY makes sure the top 2 elements on the stack match and fails otherwise (and removes them)
<signature using Bob's public key 1>
<Bob's public key 1> will push Bob's public key 1 onto the stack
<signature using Bob's public key 1> <Bob's public key 1>
and finally OP_CHECKSIG will verify the signature using the public key (and remove both)
If all goes well, OP_1 will be pushed onto the stack.
This counts as a successful script execution.