package kd.bos.encrypt.aes;

import com.google.common.base.Charsets;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kd.bos.encrypt.EncryptException;
import kd.bos.encrypt.key.EncryptKeyFactory;
import kd.bos.encrypt.key.MCEncryptKeyManagerImpl;
import kd.bos.util.AESUtils;
import kd.bos.util.StringUtils;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:kd/bos/encrypt/aes/AESEncrypterImpl.class */
public class AESEncrypterImpl implements AESEncrypter {
    private static final Object LOCKER = new Object();
    private static final Object LOCKER2 = new Object();
    private static final String KEY_ALGORITHM = "AES";
    private static final String AES_DEFAULT_LENGTH = "128";
    private static final String AES_KEY_LENGTH = "kd.bos.encrypt.keyLength";
    private static final String AES_CIPHER_ALGORITHM = "kd.bos.encrypt.aesAlgorithm";
    private static final String DEFAULT_CIPHER_ALGORITHM = "AES";
    private IvParameterSpec ivBytesFromCache;
    private Cipher cipher = null;
    private SecretKeySpec keyFromCache = null;
    private SecureRandom secureRandom = new SecureRandom();
    private String aesCipherAlgorithm = AESUtils.KEY_ALGORITHM;

    private Cipher getCipherInstance() {
        if (this.cipher == null) {
            synchronized (LOCKER) {
                if (this.cipher == null) {
                    initCipher();
                }
            }
        }
        return this.cipher;
    }

    private void initCipher() {
        if (!(StringUtils.isNotEmpty(System.getProperty(MCEncryptKeyManagerImpl.ENCRYPT_KEY)) || StringUtils.isNotEmpty(System.getProperty("redis.serversForSession")))) {
            throw new EncryptException("cannot init AESEncrypt, because the AES_KEY[MC-Key:kd.bos.encrypt.encryptKey]from zookeeper) is still null.");
        }
        try {
            this.aesCipherAlgorithm = System.getProperty(AES_CIPHER_ALGORITHM, AESUtils.KEY_ALGORITHM);
            this.cipher = Cipher.getInstance(this.aesCipherAlgorithm);
        } catch (Exception e) {
            throw new EncryptException("Failed to create AESEncrypt because the cipher initialization is failed, reason:", e);
        }
    }

    private SecretKeySpec getAesKey() {
        if (this.keyFromCache != null) {
            return this.keyFromCache;
        }
        String encryptKey = EncryptKeyFactory.getEncrypterKeyManager().getEncryptKey();
        int parseInt = Integer.parseInt(System.getProperty(AES_KEY_LENGTH, AES_DEFAULT_LENGTH));
        if (!StringUtils.isNotEmpty(encryptKey)) {
            throw new EncryptException("get encrypt key failed(encrypt key cannot be empty)");
        }
        SecretKeySpec aESKeyFromString = getAESKeyFromString(encryptKey, parseInt);
        this.keyFromCache = aESKeyFromString;
        this.ivBytesFromCache = getAESIvFromString(EncryptKeyFactory.getEncrypterKeyManager().getEncryptIvKey());
        return aESKeyFromString;
    }

    @Override // kd.bos.encrypt.aes.AESEncrypter
    public String encrypt(String str) throws EncryptException {
        try {
            return encrypt(str, getAesKey(), this.ivBytesFromCache);
        } catch (Exception e) {
            throw new EncryptException(e);
        }
    }

    @Override // kd.bos.encrypt.aes.AESEncrypter
    public String decrypt(String str) throws EncryptException {
        try {
            return decrypt(str, getAesKey(), this.ivBytesFromCache);
        } catch (Exception e) {
            throw new EncryptException(e);
        }
    }

    @Override // kd.bos.encrypt.aes.AESEncrypter
    public String encrypt(String str, String str2, int i) throws EncryptException {
        try {
            return encrypt(str, getAESKeyFromString(str2, i), getAESIvFromString(str2));
        } catch (Exception e) {
            throw new EncryptException(e);
        }
    }

    @Override // kd.bos.encrypt.aes.AESEncrypter
    public String decrypt(String str, String str2, int i) throws EncryptException {
        try {
            return decrypt(str, getAESKeyFromString(str2, i), getAESIvFromString(str2));
        } catch (Exception e) {
            throw new EncryptException(e);
        }
    }

    private SecretKeySpec getAESKeyFromBuiltinResource(int i) {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream("/kd/bos/aes/aeskey.txt");
            Throwable th = null;
            try {
                try {
                    SecretKeySpec aESKeyFromString = getAESKeyFromString(new BufferedReader(new InputStreamReader(resourceAsStream)).readLine(), i);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return aESKeyFromString;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new EncryptException(e);
        }
    }

    private SecretKeySpec getAESKeyFromString(String str, int i) throws EncryptException {
        if (str == null || str.length() < i / 8) {
            throw new EncryptException("The given AES key is too short.");
        }
        try {
            return new SecretKeySpec(str.substring(0, i / 8).getBytes(Charsets.UTF_8), AESUtils.KEY_ALGORITHM);
        } catch (Exception e) {
            throw new EncryptException("An error has occurred when getting AES key:" + e.getMessage(), e);
        }
    }

    private IvParameterSpec getAESIvFromString(String str) throws EncryptException {
        if (str == null || str.length() < 16) {
            throw new EncryptException("The given AES IvKey is too short.");
        }
        try {
            return new IvParameterSpec(str.getBytes(Charsets.UTF_8), 0, 16);
        } catch (Exception e) {
            throw new EncryptException("An error has occurred when getting AES IvKey:" + e.getMessage(), e);
        }
    }

    private void cipherInit(int i, Key key, IvParameterSpec ivParameterSpec) throws InvalidAlgorithmParameterException, InvalidKeyException {
        if (getCipherInstance() == null) {
            throw new EncryptException("Failed to create encrypt because the cipher initialization is failed");
        }
        if (this.aesCipherAlgorithm.equals(AESUtils.KEY_ALGORITHM) || this.aesCipherAlgorithm.startsWith("AES/ECB")) {
            getCipherInstance().init(i, key, this.secureRandom);
        } else {
            getCipherInstance().init(i, key, ivParameterSpec);
        }
    }

    private String encrypt(String str, SecretKeySpec secretKeySpec, IvParameterSpec ivParameterSpec) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        byte[] doFinal;
        if (str == null) {
            return null;
        }
        synchronized (LOCKER2) {
            cipherInit(1, secretKeySpec, ivParameterSpec);
            doFinal = getCipherInstance().doFinal(str.getBytes(Charsets.UTF_8));
        }
        return new BASE64Encoder().encode(doFinal);
    }

    private String decrypt(String str, Key key, IvParameterSpec ivParameterSpec) throws InvalidKeyException, IOException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        byte[] doFinal;
        if (str == null) {
            return null;
        }
        byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(str);
        synchronized (LOCKER2) {
            cipherInit(2, key, ivParameterSpec);
            doFinal = getCipherInstance().doFinal(decodeBuffer);
        }
        return new String(doFinal);
    }
}
