package com.huaweicloud.sdk.iot.module.crypt;

import com.huaweicloud.sdk.iot.module.exception.CryptException;
import com.huaweicloud.sdk.iot.utils.CommUtil;
import com.huaweicloud.sdk.iot.utils.FileUtil;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:com/huaweicloud/sdk/iot/module/crypt/Crypt.class */
public class Crypt {
    private static final int KEY_LEN = 16;
    private static final String KEY = "0d28623fe037fb4814be67953db72622";
    private static final String INIT_IV = "5b858f34c6557f5012f5cee35f411018";
    private static final String ROOT_FILE = "449dda627abb9726";
    private static final String SECRET_FILE = "primary.ks";
    private static final int ITERATIONS = 1000;
    private static final String AES = "AES";
    private static final String AES_CBC_PKCS_5_PADDING = "AES/CBC/PKCS5Padding";
    private static final String HMAC_SHA_256 = "HmacSHA256";
    private byte[] rootKey;
    private Map<Integer, byte[]> keyStore = new HashMap();
    private String rootCfgKeyPath;
    private String keyStorePath;

    public Crypt(String str) throws CryptException {
        File file = new File(str);
        if (file.exists()) {
            if (!file.isDirectory()) {
                throw new CryptException(String.format("%s is not a directory", str));
            }
        } else if (!file.mkdirs()) {
            throw new CryptException(String.format("Create secret key store %s fail", str));
        }
        try {
            this.rootCfgKeyPath = str + "/" + ROOT_FILE;
            File file2 = new File(this.rootCfgKeyPath);
            if (file2.exists()) {
                this.rootKey = getRootKey(FileUtil.readBytes(file2));
            } else {
                this.rootKey = getRootKey(genCfgKeyPart());
            }
            this.keyStorePath = str + "/" + SECRET_FILE;
            if (new File(this.keyStorePath).exists()) {
                loadKeyStore();
            } else {
                genKeyStore();
            }
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | DecoderException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    private byte[] getRootKey(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException, CryptException, DecoderException {
        byte[] decodeHex = Hex.decodeHex(KEY);
        byte[] decodeHex2 = Hex.decodeHex(CommUtil.KEY);
        if (decodeHex.length != 16 || decodeHex2.length != 16 || bArr.length != 16) {
            throw new CryptException("Generate root key fail, key len error");
        }
        char[] cArr = new char[16];
        for (int i = 0; i < 16; i++) {
            cArr[i] = (char) ((decodeHex[i] ^ decodeHex2[i]) ^ bArr[i]);
        }
        return encryptPBKDF2WithSHA256(cArr, Hex.decodeHex(INIT_IV), 1000, 16);
    }

    private byte[] genCfgKeyPart() throws NoSuchAlgorithmException, IOException {
        byte[] genRandomByte = CommUtil.genRandomByte(16);
        FileUtil.writeBytes(new File(this.rootCfgKeyPath), genRandomByte);
        return genRandomByte;
    }

    private void loadKeyStore() throws IOException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, CryptException, DecoderException {
        for (Map.Entry entry : FileUtil.readProperties(new File(this.keyStorePath)).entrySet()) {
            this.keyStore.put(Integer.valueOf(Integer.parseInt(entry.getKey().toString())), decryptRaw(Hex.decodeHex(entry.getValue().toString()), this.rootKey));
        }
    }

    private void genKeyStore() throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
        this.keyStore.put(0, CommUtil.genRandomByte(16));
        saveKeyStore();
    }

    public void saveKey(int i, String str) throws CryptException {
        try {
            if (i < 1 || str == null) {
                throw new CryptException("Error domainId or key");
            }
            byte[] decodeHex = Hex.decodeHex(str);
            if (decodeHex.length != 16) {
                throw new CryptException("Error key length");
            }
            this.keyStore.put(Integer.valueOf(i), decodeHex);
            saveKeyStore();
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | DecoderException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    private void saveKeyStore() throws IOException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        Properties properties = new Properties();
        for (Map.Entry<Integer, byte[]> entry : this.keyStore.entrySet()) {
            properties.setProperty(entry.getKey().toString(), new String(Hex.encodeHex(encryptRaw(entry.getValue(), this.rootKey))));
        }
        FileUtil.writeProperties(new File(this.keyStorePath), properties);
    }

    public String encrypt(String str) throws CryptException {
        if (str == null) {
            return null;
        }
        try {
            return new String(Hex.encodeHex(encryptRaw(str.getBytes(StandardCharsets.UTF_8), this.keyStore.get(0))));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    public String decrypt(String str) throws CryptException {
        if (str == null) {
            return null;
        }
        try {
            return new String(decryptRaw(Hex.decodeHex(str.toCharArray()), this.keyStore.get(0)), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | DecoderException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    public String digest(String str) throws CryptException {
        if (str == null) {
            return null;
        }
        try {
            return new String(Hex.encodeHex(digestRaw(str.getBytes(StandardCharsets.UTF_8), this.keyStore.get(0))));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    public String encrypt(String str, int i) throws CryptException {
        if (str == null) {
            return null;
        }
        try {
            return new String(Hex.encodeHex(encryptRaw(str.getBytes(StandardCharsets.UTF_8), checkKey(i))));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    public String decrypt(String str, int i) throws CryptException {
        if (str == null) {
            return null;
        }
        try {
            return new String(decryptRaw(Hex.decodeHex(str.toCharArray()), checkKey(i)), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | DecoderException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    public String digest(String str, int i) throws CryptException {
        if (str == null) {
            return null;
        }
        try {
            return new String(Hex.encodeHex(digestRaw(str.getBytes(StandardCharsets.UTF_8), checkKey(i))));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    public static String encryptBase64(String str, String str2) throws CryptException {
        if (str == null) {
            return null;
        }
        if (str2 == null) {
            return str;
        }
        try {
            return new String(Base64.getUrlEncoder().encode(encryptRaw(str.getBytes(StandardCharsets.UTF_8), Base64.getUrlDecoder().decode(str2.getBytes(StandardCharsets.UTF_8)))), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    public static String decryptBase64(String str, String str2) throws CryptException {
        if (str == null) {
            return null;
        }
        if (str2 == null) {
            return str;
        }
        try {
            return new String(decryptRaw(Base64.getUrlDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), Base64.getUrlDecoder().decode(str2.getBytes(StandardCharsets.UTF_8))), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptException(e.getMessage(), e);
        }
    }

    private byte[] checkKey(int i) throws CryptException {
        byte[] bArr = this.keyStore.get(Integer.valueOf(i));
        if (bArr == null) {
            throw new CryptException("Key not exist");
        }
        return bArr;
    }

    private static byte[] encryptRaw(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, AES);
        byte[] genRandomByte = CommUtil.genRandomByte(16);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(genRandomByte);
        Cipher cipher = Cipher.getInstance(AES_CBC_PKCS_5_PADDING);
        cipher.init(1, secretKeySpec, ivParameterSpec);
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr3 = new byte[doFinal.length + 16];
        System.arraycopy(genRandomByte, 0, bArr3, 0, 16);
        System.arraycopy(doFinal, 0, bArr3, 16, doFinal.length);
        return bArr3;
    }

    private static byte[] decryptRaw(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, CryptException {
        if (bArr.length <= 16) {
            throw new CryptException("Cipher text too short");
        }
        byte[] bArr3 = new byte[16];
        byte[] bArr4 = new byte[bArr.length - 16];
        System.arraycopy(bArr, 0, bArr3, 0, 16);
        System.arraycopy(bArr, 16, bArr4, 0, bArr4.length);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, AES);
        Cipher cipher = Cipher.getInstance(AES_CBC_PKCS_5_PADDING);
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return cipher.doFinal(bArr4);
    }

    private static byte[] digestRaw(byte[] bArr, byte[] bArr2) throws InvalidKeyException, NoSuchAlgorithmException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, HMAC_SHA_256);
        Mac mac = Mac.getInstance(secretKeySpec.getAlgorithm());
        mac.init(secretKeySpec);
        return mac.doFinal(bArr);
    }

    private static byte[] encryptPBKDF2WithSHA256(char[] cArr, byte[] bArr, int i, int i2) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(cArr, bArr, i, i2 * 8)).getEncoded();
    }
}
