package com.aliyun.encryptionsdk.kms;

import com.aliyun.encryptionsdk.AliyunConfig;
import com.aliyun.encryptionsdk.exception.AliyunException;
import com.aliyun.encryptionsdk.kms.AliyunKms;
import com.aliyun.encryptionsdk.logger.CommonLogger;
import com.aliyun.encryptionsdk.model.CmkId;
import com.aliyun.encryptionsdk.model.Constants;
import com.aliyun.encryptionsdk.model.CryptoAlgorithm;
import com.aliyun.encryptionsdk.model.EncryptedDataKey;
import com.aliyun.encryptionsdk.model.SignatureAlgorithm;
import com.aliyuncs.AcsRequest;
import com.aliyuncs.AcsResponse;
import com.aliyuncs.IAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.FormatType;
import com.aliyuncs.kms.model.v20160120.AsymmetricSignRequest;
import com.aliyuncs.kms.model.v20160120.AsymmetricSignResponse;
import com.aliyuncs.kms.model.v20160120.AsymmetricVerifyRequest;
import com.aliyuncs.kms.model.v20160120.AsymmetricVerifyResponse;
import com.aliyuncs.kms.model.v20160120.CreateSecretRequest;
import com.aliyuncs.kms.model.v20160120.CreateSecretResponse;
import com.aliyuncs.kms.model.v20160120.DecryptRequest;
import com.aliyuncs.kms.model.v20160120.DecryptResponse;
import com.aliyuncs.kms.model.v20160120.EncryptRequest;
import com.aliyuncs.kms.model.v20160120.EncryptResponse;
import com.aliyuncs.kms.model.v20160120.GenerateDataKeyRequest;
import com.aliyuncs.kms.model.v20160120.GenerateDataKeyResponse;
import com.aliyuncs.kms.model.v20160120.GetPublicKeyRequest;
import com.aliyuncs.kms.model.v20160120.GetPublicKeyResponse;
import com.aliyuncs.kms.model.v20160120.GetSecretValueRequest;
import com.aliyuncs.kms.model.v20160120.GetSecretValueResponse;
import com.aliyuncs.kms.model.v20160120.ReEncryptRequest;
import com.aliyuncs.kms.model.v20160120.ReEncryptResponse;
import com.aliyuncs.utils.StringUtils;
import com.google.gson.Gson;
import java.util.Base64;
import java.util.Map;

/* loaded from: input_file:com/aliyun/encryptionsdk/kms/DefaultAliyunKms.class */
public class DefaultAliyunKms implements AliyunKms {
    private AliyunConfig config;

    public DefaultAliyunKms(AliyunConfig aliyunConfig) {
        this.config = aliyunConfig;
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public AliyunKms.GenerateDataKeyResult generateDataKey(CmkId cmkId, CryptoAlgorithm cryptoAlgorithm, Map<String, String> map) {
        GenerateDataKeyRequest generateDataKeyRequest = new GenerateDataKeyRequest();
        generateDataKeyRequest.setKeyId(cmkId.getRawKeyId());
        if (cryptoAlgorithm.getKeySpec().equals("SM4_128")) {
            generateDataKeyRequest.setNumberOfBytes(16);
        } else {
            generateDataKeyRequest.setKeySpec(cryptoAlgorithm.getKeySpec());
        }
        generateDataKeyRequest.setKeySpec(cryptoAlgorithm.getKeySpec());
        generateDataKeyRequest.setEncryptionContext(map.isEmpty() ? null : new Gson().toJson(map));
        GenerateDataKeyResponse result = getResult(GenerateDataKeyResponse.class, generateDataKeyRequest, cmkId);
        return new AliyunKms.GenerateDataKeyResult(cmkId.getKeyId(), result.getKeyVersionId(), result.getPlaintext(), result.getCiphertextBlob());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public AliyunKms.DecryptDataKeyResult decryptDataKey(EncryptedDataKey encryptedDataKey, Map<String, String> map) {
        DecryptRequest decryptRequest = new DecryptRequest();
        decryptRequest.setCiphertextBlob(encryptedDataKey.getDataKeyString());
        decryptRequest.setEncryptionContext(map.isEmpty() ? null : new Gson().toJson(map));
        DecryptResponse result = getResult(DecryptResponse.class, decryptRequest, new CmkId(encryptedDataKey.getKeyIdString()));
        return new AliyunKms.DecryptDataKeyResult(result.getKeyId(), result.getKeyVersionId(), result.getPlaintext());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public EncryptedDataKey encryptDataKey(CmkId cmkId, String str, Map<String, String> map) {
        EncryptRequest encryptRequest = new EncryptRequest();
        encryptRequest.setKeyId(cmkId.getRawKeyId());
        encryptRequest.setPlaintext(str);
        encryptRequest.setEncryptionContext(map.isEmpty() ? null : new Gson().toJson(map));
        return new EncryptedDataKey(cmkId.getKeyId(), getResult(EncryptResponse.class, encryptRequest, cmkId).getCiphertextBlob());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public EncryptedDataKey reEncryptDataKey(CmkId cmkId, EncryptedDataKey encryptedDataKey, Map<String, String> map) {
        ReEncryptRequest reEncryptRequest = new ReEncryptRequest();
        reEncryptRequest.setCiphertextBlob(encryptedDataKey.getDataKeyString());
        Gson gson = new Gson();
        reEncryptRequest.setSourceEncryptionContext(map.isEmpty() ? null : gson.toJson(map));
        reEncryptRequest.setDestinationKeyId(cmkId.getRawKeyId());
        reEncryptRequest.setDestinationEncryptionContext(map.isEmpty() ? null : gson.toJson(map));
        return new EncryptedDataKey(cmkId.getKeyId(), getResult(ReEncryptResponse.class, reEncryptRequest, new CmkId(encryptedDataKey.getKeyIdString())).getCiphertextBlob());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public AliyunKms.AsymmetricSignResult asymmetricSign(CmkId cmkId, String str, SignatureAlgorithm signatureAlgorithm, byte[] bArr) {
        AsymmetricSignRequest asymmetricSignRequest = new AsymmetricSignRequest();
        String encodeToString = Base64.getEncoder().encodeToString(bArr);
        asymmetricSignRequest.setAcceptFormat(FormatType.JSON);
        asymmetricSignRequest.setKeyId(cmkId.getRawKeyId());
        asymmetricSignRequest.setKeyVersionId(str);
        asymmetricSignRequest.setAlgorithm(signatureAlgorithm.getAlgorithm());
        asymmetricSignRequest.setDigest(encodeToString);
        AsymmetricSignResponse result = getResult(AsymmetricSignResponse.class, asymmetricSignRequest, cmkId);
        return new AliyunKms.AsymmetricSignResult(result.getKeyId(), result.getKeyVersionId(), result.getValue());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public AliyunKms.AsymmetricVerifyResult asymmetricVerify(CmkId cmkId, String str, SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2) {
        AsymmetricVerifyRequest asymmetricVerifyRequest = new AsymmetricVerifyRequest();
        String encodeToString = Base64.getEncoder().encodeToString(bArr);
        String encodeToString2 = Base64.getEncoder().encodeToString(bArr2);
        asymmetricVerifyRequest.setAcceptFormat(FormatType.JSON);
        asymmetricVerifyRequest.setKeyId(cmkId.getRawKeyId());
        asymmetricVerifyRequest.setKeyVersionId(str);
        asymmetricVerifyRequest.setAlgorithm(signatureAlgorithm.getAlgorithm());
        asymmetricVerifyRequest.setDigest(encodeToString);
        asymmetricVerifyRequest.setValue(encodeToString2);
        AsymmetricVerifyResponse result = getResult(AsymmetricVerifyResponse.class, asymmetricVerifyRequest, cmkId);
        return new AliyunKms.AsymmetricVerifyResult(result.getKeyId(), result.getKeyVersionId(), result.getValue());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public AliyunKms.CreateSecretResult createSecret(CmkId cmkId, String str, String str2, String str3, String str4) {
        CreateSecretRequest createSecretRequest = new CreateSecretRequest();
        createSecretRequest.setVersionId(str2);
        createSecretRequest.setEncryptionKeyId(cmkId.getRawKeyId());
        createSecretRequest.setSecretName(str);
        createSecretRequest.setSecretData(str3);
        createSecretRequest.setSecretDataType(str4);
        CreateSecretResponse result = getResult(CreateSecretResponse.class, createSecretRequest, cmkId);
        return new AliyunKms.CreateSecretResult(result.getArn(), result.getSecretName(), result.getVersionId());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public AliyunKms.GetSecretValueResult getSecretValue(CmkId cmkId, String str) {
        GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest();
        getSecretValueRequest.setSecretName(str);
        GetSecretValueResponse result = getResult(GetSecretValueResponse.class, getSecretValueRequest, cmkId);
        return new AliyunKms.GetSecretValueResult(result.getSecretName(), result.getSecretData(), result.getSecretDataType());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public AliyunKms.GetSecretValueResult getSecretValue(CmkId cmkId, String str, String str2) {
        GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest();
        getSecretValueRequest.setSecretName(str);
        getSecretValueRequest.setVersionId(str2);
        GetSecretValueResponse result = getResult(GetSecretValueResponse.class, getSecretValueRequest, cmkId);
        return new AliyunKms.GetSecretValueResult(result.getSecretName(), result.getSecretData(), result.getSecretDataType());
    }

    @Override // com.aliyun.encryptionsdk.kms.AliyunKms
    public String getPublicKey(CmkId cmkId, String str) {
        GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest();
        getPublicKeyRequest.setAcceptFormat(FormatType.JSON);
        getPublicKeyRequest.setKeyId(cmkId.getRawKeyId());
        getPublicKeyRequest.setKeyVersionId(str);
        return getResult(GetPublicKeyResponse.class, getPublicKeyRequest, cmkId).getPublicKey();
    }

    private <T extends AcsResponse> T getResult(Class<T> cls, AcsRequest<T> acsRequest, CmkId cmkId) {
        if (StringUtils.isEmpty(cmkId.getRegion())) {
            throw new AliyunException("region information not obtained");
        }
        IAcsClient client = AliyunKmsClientFactory.getClient(this.config, cmkId.getRegion());
        int maxRetries = this.config.getMaxRetries();
        if (maxRetries <= 0) {
            maxRetries = 1;
        }
        for (int i = 0; i < maxRetries; i++) {
            try {
                return cls.cast(client.getAcsResponse(acsRequest));
            } catch (ClientException e) {
                CommonLogger.getCommonLogger(Constants.MODE_NAME).errorf("Request kms error", e);
                if (!BackoffUtils.judgeNeedBackoff(e)) {
                    throw new AliyunException(e.getMessage(), e);
                }
                try {
                    Thread.sleep(this.config.getBackoffStrategy().getWaitTimeExponential(i + 1));
                } catch (InterruptedException e2) {
                }
            }
        }
        CommonLogger.getCommonLogger(Constants.MODE_NAME).errorf("No results obtained after retrying " + maxRetries + " times", new Object[0]);
        throw new AliyunException("No results obtained after retrying " + maxRetries + " times");
    }
}
