package com.aliyun.encryptionsdk.ckm;

import com.aliyun.encryptionsdk.cache.DataKeyCache;
import com.aliyun.encryptionsdk.exception.AliyunException;
import com.aliyun.encryptionsdk.exception.InvalidArgumentException;
import com.aliyun.encryptionsdk.logger.CommonLogger;
import com.aliyun.encryptionsdk.model.Constants;
import com.aliyun.encryptionsdk.model.ContentType;
import com.aliyun.encryptionsdk.model.CryptoAlgorithm;
import com.aliyun.encryptionsdk.model.DecryptionMaterial;
import com.aliyun.encryptionsdk.model.EncryptedDataKey;
import com.aliyun.encryptionsdk.model.EncryptionMaterial;
import com.aliyun.encryptionsdk.model.SignatureMaterial;
import com.aliyun.encryptionsdk.model.VerifyMaterial;
import com.aliyun.encryptionsdk.provider.BaseDataKeyProvider;
import com.aliyun.encryptionsdk.provider.SignatureProvider;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.TreeSet;

/* loaded from: input_file:com/aliyun/encryptionsdk/ckm/CachingCryptoKeyManager.class */
public class CachingCryptoKeyManager implements CryptoKeyManager {
    private static final long MAX_TIME = 60000;
    private static final long MAX_BYTE = Long.MAX_VALUE;
    private static final long MAX_MESSAGE = Long.MAX_VALUE;
    private DataKeyCache cache;
    private long maxSurvivalTime = MAX_TIME;
    private long maxEncryptionBytes = Long.MAX_VALUE;
    private long maxEncryptionMessages = Long.MAX_VALUE;

    public CachingCryptoKeyManager(DataKeyCache dataKeyCache) {
        this.cache = dataKeyCache;
    }

    public long getMaxSurvivalTime() {
        return this.maxSurvivalTime;
    }

    public void setMaxSurvivalTime(long j) {
        if (j < 0) {
            throw new InvalidArgumentException("maxSurvivalTime must be set to positive");
        }
        this.maxSurvivalTime = j;
    }

    public long getMaxEncryptionBytes() {
        return this.maxEncryptionBytes;
    }

    public void setMaxEncryptionBytes(long j) {
        if (j < 0) {
            throw new InvalidArgumentException("maxEncryptionBytes must be set to positive");
        }
        this.maxEncryptionBytes = j;
    }

    public long getMaxEncryptionMessages() {
        return this.maxEncryptionMessages;
    }

    public void setMaxEncryptionMessages(long j) {
        if (j < 0) {
            throw new InvalidArgumentException("maxEncryptionMessages must be set to positive");
        }
        this.maxEncryptionMessages = j;
    }

    @Override // com.aliyun.encryptionsdk.ckm.CryptoKeyManager
    public EncryptionMaterial getEncryptDataKeyMaterial(BaseDataKeyProvider baseDataKeyProvider, Map<String, String> map, long j) {
        CommonLogger.getCommonLogger(Constants.MODE_NAME).infof("This encryption will enable caching", new Object[0]);
        EncryptionMaterial encryptionMaterial = new EncryptionMaterial();
        encryptionMaterial.setEncryptionContext(map);
        encryptionMaterial.setAlgorithm(baseDataKeyProvider.getAlgorithm());
        if (j == -1 || j > this.maxEncryptionBytes) {
            return baseDataKeyProvider.encryptDataKey(encryptionMaterial);
        }
        String cacheId = getCacheId(baseDataKeyProvider.getAlgorithm(), map);
        DataKeyCache.UsageInfo usageInfo = new DataKeyCache.UsageInfo(j, 1L);
        DataKeyCache.EncryptEntry encryptEntry = this.cache.getEncryptEntry(cacheId, usageInfo);
        if (encryptEntry != null) {
            if (!isExceedMaxLimit(encryptEntry.getUsageInfo())) {
                DataKeyCache.UsageInfo usageInfo2 = encryptEntry.getUsageInfo();
                CommonLogger.getCommonLogger(Constants.MODE_NAME).infof(String.format("This encryption hits the cache to obtain the encryptionMaterial[CacheId: %s, EncryptionBytes: Total(%d) Used(%d->%d), EncryptionMessages: Total(%d) Used(%d->%d)]", encryptEntry.getCacheId(), Long.valueOf(this.maxEncryptionBytes), Long.valueOf(usageInfo2.getEncryptedBytes() - j), Long.valueOf(usageInfo2.getEncryptedBytes()), Long.valueOf(this.maxEncryptionMessages), Long.valueOf(usageInfo2.getEncryptedMessages() - 1), Long.valueOf(usageInfo2.getEncryptedMessages())), new Object[0]);
                return encryptEntry.getMaterial();
            }
            encryptEntry.invalid();
        }
        CommonLogger.getCommonLogger(Constants.MODE_NAME).infof("This encryption misses the cache", new Object[0]);
        EncryptionMaterial encryptDataKey = baseDataKeyProvider.encryptDataKey(encryptionMaterial);
        this.cache.putEncryptEntry(cacheId, this.maxSurvivalTime, encryptDataKey, usageInfo);
        CommonLogger.getCommonLogger(Constants.MODE_NAME).infof(String.format("Cache a encryptionMaterial[CacheId: %s]", cacheId), new Object[0]);
        return encryptDataKey;
    }

    private boolean isExceedMaxLimit(DataKeyCache.UsageInfo usageInfo) {
        return usageInfo.getEncryptedBytes() > this.maxEncryptionBytes || usageInfo.getEncryptedMessages() > this.maxEncryptionMessages;
    }

    private String getCacheId(CryptoAlgorithm cryptoAlgorithm, Map<String, String> map) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            digestAlgorithm(messageDigest, cryptoAlgorithm);
            digestContext(messageDigest, map);
            return Base64.getEncoder().encodeToString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new AliyunException("SHA MessageDigest not available", e);
        }
    }

    @Override // com.aliyun.encryptionsdk.ckm.CryptoKeyManager
    public DecryptionMaterial getDecryptDataKeyMaterial(BaseDataKeyProvider baseDataKeyProvider, Map<String, String> map, List<EncryptedDataKey> list) {
        CommonLogger.getCommonLogger(Constants.MODE_NAME).infof("This decryption will enable caching", new Object[0]);
        DecryptionMaterial decryptionMaterial = new DecryptionMaterial();
        decryptionMaterial.setEncryptionContext(map);
        decryptionMaterial.setAlgorithm(baseDataKeyProvider.getAlgorithm());
        String cacheId = getCacheId(baseDataKeyProvider.getAlgorithm(), map, list);
        DataKeyCache.DecryptEntry decryptEntry = this.cache.getDecryptEntry(cacheId);
        if (decryptEntry != null) {
            CommonLogger.getCommonLogger(Constants.MODE_NAME).infof(String.format("This decryption hits the cache to obtain the decryptionMaterial[CacheId: %s]", decryptEntry.getCacheId()), new Object[0]);
            return decryptEntry.getMaterial();
        }
        CommonLogger.getCommonLogger(Constants.MODE_NAME).infof("This decryption misses the cache", new Object[0]);
        DecryptionMaterial decryptDataKey = baseDataKeyProvider.decryptDataKey(decryptionMaterial, list);
        this.cache.putDecryptEntry(cacheId, this.maxSurvivalTime, decryptDataKey);
        CommonLogger.getCommonLogger(Constants.MODE_NAME).infof(String.format("Cache a decryptionMaterial[CacheId: %s]", cacheId), new Object[0]);
        return decryptDataKey;
    }

    private String getCacheId(CryptoAlgorithm cryptoAlgorithm, Map<String, String> map, List<EncryptedDataKey> list) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            digestAlgorithm(messageDigest, cryptoAlgorithm);
            digestContext(messageDigest, map);
            digestEncryptedDataKeys(messageDigest, list);
            return Base64.getEncoder().encodeToString(messageDigest.digest());
        } catch (Exception e) {
            throw new AliyunException("SHA MessageDigest not available", e);
        }
    }

    private void digestAlgorithm(MessageDigest messageDigest, CryptoAlgorithm cryptoAlgorithm) {
        if (cryptoAlgorithm == null) {
            messageDigest.update((byte) 0);
        } else {
            messageDigest.update((byte) 1);
            cryptoAlgorithm.digestAlgorithm(messageDigest);
        }
    }

    private void digestContext(MessageDigest messageDigest, Map<String, String> map) {
        if (map == null) {
            messageDigest.update((byte) 0);
            return;
        }
        messageDigest.update((byte) 1);
        messageDigest.update((byte) map.size());
        new TreeMap(map).forEach((str, str2) -> {
            messageDigest.update(str.getBytes(ENCODING));
            messageDigest.update(str2.getBytes(ENCODING));
        });
    }

    private void digestEncryptedDataKeys(MessageDigest messageDigest, List<EncryptedDataKey> list) {
        if (list == null) {
            messageDigest.update((byte) 0);
            return;
        }
        messageDigest.update((byte) 1);
        messageDigest.update((byte) list.size());
        new TreeSet(list).forEach(encryptedDataKey -> {
            messageDigest.update(encryptedDataKey.getKeyId());
            messageDigest.update(encryptedDataKey.getDataKey());
        });
    }

    @Override // com.aliyun.encryptionsdk.ckm.CryptoKeyManager
    public SignatureMaterial getSignatureMaterial(SignatureProvider signatureProvider, byte[] bArr, ContentType contentType) {
        SignatureMaterial signatureMaterial = new SignatureMaterial();
        signatureMaterial.setSignatureAlgorithm(signatureProvider.getSignatureAlgorithm());
        if (contentType.equals(ContentType.DIGEST)) {
            signatureMaterial.setDigest(bArr);
        } else {
            signatureMaterial.setMessage(bArr);
        }
        return signatureProvider.sign(signatureMaterial);
    }

    @Override // com.aliyun.encryptionsdk.ckm.CryptoKeyManager
    public VerifyMaterial getVerifyMaterial(SignatureProvider signatureProvider, byte[] bArr, byte[] bArr2, ContentType contentType) {
        VerifyMaterial verifyMaterial = new VerifyMaterial();
        verifyMaterial.setSignature(bArr2);
        verifyMaterial.setSignatureAlgorithm(signatureProvider.getSignatureAlgorithm());
        if (contentType.equals(ContentType.DIGEST)) {
            verifyMaterial.setDigest(bArr);
        } else {
            verifyMaterial.setMessage(bArr);
        }
        return signatureProvider.verify(verifyMaterial);
    }
}
