package cn.com.duiba.idmaker.service.api.client.kms;

import cn.com.duiba.idmaker.service.api.dto.kms.TimeBasedRollingKeyDto;
import cn.com.duiba.idmaker.service.api.enums.kms.KeyTypeEnums;
import cn.com.duiba.idmaker.service.api.enums.kms.KeyUseTypeEnums;
import cn.com.duiba.idmaker.service.api.remoteservice.kms.RemoteKmsService;
import cn.com.duiba.wolf.utils.BlowfishUtils;
import cn.com.duiba.wolf.utils.SecurityUtils;
import java.nio.charset.Charset;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:cn/com/duiba/idmaker/service/api/client/kms/KmsClient.class */
public class KmsClient {
    private final RemoteKmsService remoteKmsService;
    private volatile List<TimeBasedRollingKeyDto> cachedKeys;
    private volatile TimeBasedRollingKeyDto currentCachedKey;

    public KmsClient(RemoteKmsService remoteKmsService) {
        this.remoteKmsService = remoteKmsService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RemoteKmsService getRemoteKmsService() {
        return this.remoteKmsService;
    }

    public TimeBasedRollingKeyDto getCachedTimeBasedRollingKey(KeyUseTypeEnums keyUseTypeEnums, KeyTypeEnums keyTypeEnums, long j) {
        long currentTimeMillis = System.currentTimeMillis();
        long j2 = currentTimeMillis - 86400000;
        if (j > currentTimeMillis + 300000) {
            throw new IllegalArgumentException("timestamp must not after now");
        }
        if (j < j2) {
            throw new IllegalArgumentException("timestamp must not before oneDayAgo");
        }
        if (this.currentCachedKey == null || !this.currentCachedKey.isMatch(currentTimeMillis)) {
            synchronized (this) {
                if (this.currentCachedKey == null || !this.currentCachedKey.isMatch(currentTimeMillis)) {
                    this.cachedKeys = (List) this.remoteKmsService.getTimeBasedRollingKey(keyUseTypeEnums.getType(), keyTypeEnums).getResult();
                    Iterator<TimeBasedRollingKeyDto> it = this.cachedKeys.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        TimeBasedRollingKeyDto next = it.next();
                        if (next.isMatch(currentTimeMillis)) {
                            this.currentCachedKey = next;
                            break;
                        }
                    }
                }
            }
        }
        for (TimeBasedRollingKeyDto timeBasedRollingKeyDto : this.cachedKeys) {
            if (timeBasedRollingKeyDto.isMatch(j)) {
                return timeBasedRollingKeyDto;
            }
        }
        throw new IllegalStateException("timeBasedKey not found,timestamp is " + j + ",currentCachedKeys:" + this.cachedKeys);
    }

    public String encrypt(String str, TimeBasedRollingKeyDto timeBasedRollingKeyDto) {
        if (timeBasedRollingKeyDto == null) {
            throw new NullPointerException("keyDto must not be null");
        }
        if (timeBasedRollingKeyDto.getKeyType() == KeyTypeEnums.BLOWFISH_120) {
            return BlowfishUtils.encryptBlowfish(str, timeBasedRollingKeyDto.getSecretKey());
        }
        if (timeBasedRollingKeyDto.getKeyType() == KeyTypeEnums.AES_128 || timeBasedRollingKeyDto.getKeyType() == KeyTypeEnums.AES_256) {
            return SecurityUtils.encode2StringByBase64(SecurityUtils.encodeByAes(str, timeBasedRollingKeyDto.getSecretKey()));
        }
        throw new IllegalArgumentException("Invalid KeyType");
    }

    public String decrypt(String str, TimeBasedRollingKeyDto timeBasedRollingKeyDto) {
        if (timeBasedRollingKeyDto == null) {
            throw new NullPointerException("keyDto must not be null");
        }
        if (timeBasedRollingKeyDto.getKeyType() == KeyTypeEnums.BLOWFISH_120) {
            return BlowfishUtils.decryptBlowfish(str, timeBasedRollingKeyDto.getSecretKey());
        }
        if (timeBasedRollingKeyDto.getKeyType() == KeyTypeEnums.AES_128 || timeBasedRollingKeyDto.getKeyType() == KeyTypeEnums.AES_256) {
            return new String(SecurityUtils.decodeByAes(SecurityUtils.decodeBase64(str), timeBasedRollingKeyDto.getSecretKey()), Charset.forName("UTF-8"));
        }
        throw new IllegalArgumentException("Invalid KeyType");
    }
}
