package com.jd.security.tde;

import com.jd.open.api.sdk.internal.JSON.JSONMapper;
import com.jd.security.tde.util.Base64;
import com.microsoft.azure.storage.Constants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/open-api-sdk-2.0.jar:com/jd/security/tde/Token.class */
public class Token implements TokenCipher, TokenSignature {
    private String label;
    private long effectiveTs;
    private long expiredTs;
    private int minutesBuffer = 600000;
    private String id;
    private byte[] key;
    private String service;
    private int stype;
    private boolean isVerify;
    private static X509Certificate scert = null;
    private String zone;
    private DataEncryption de;

    /* loaded from: input_file:WEB-INF/lib/open-api-sdk-2.0.jar:com/jd/security/tde/Token$origin.class */
    enum origin {
        UNDEFINED(0),
        IDC(1),
        BETA(2),
        DEV(3);

        int val;

        origin(int i) {
            this.val = i;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/open-api-sdk-2.0.jar:com/jd/security/tde/Token$state.class */
    public enum state {
        VALID,
        EXPIREWARNING,
        EXPIRED
    }

    private static void loadCert() {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Constants.TMS_PROD_TOKEN_CERT.getBytes());
            scert = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
        } catch (IOException e) {
            scert = null;
        } catch (CertificateException e2) {
            scert = null;
        }
    }

    public Token(String str, String str2, byte[] bArr, long j, long j2, int i, String str3, String str4) throws NoSuchAlgorithmException, InvalidKeyException {
        this.service = "Unknown";
        this.isVerify = false;
        this.zone = "CN-0";
        this.label = str;
        this.effectiveTs = j;
        this.expiredTs = j2;
        this.id = str2;
        this.key = bArr;
        this.service = str3;
        this.stype = i;
        this.isVerify = true;
        if (str4 != null) {
            this.zone = str4;
        }
        this.de = new DataEncryption(this.key);
    }

    public static Token parseFromString(String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidTokenException {
        Map map = (Map) JSONMapper.parseString(str, Map.class);
        String jSONString = JSONMapper.toJSONString(map.get("data"));
        byte[] decode = Base64.decode((String) map.get(Constants.QueryConstants.SIGNATURE), 2);
        Map map2 = (Map) map.get("data");
        String str2 = (String) map2.get("act");
        Long l = (Long) map2.get("effective");
        Long l2 = (Long) map2.get("expired");
        String str3 = (String) map2.get("id");
        byte[] decode2 = Base64.decode((String) map2.get("key"), 2);
        String str4 = (String) map2.get("service");
        Integer num = (Integer) map2.get("stype");
        loadCert();
        if (scert == null) {
            throw new RuntimeException("No Trust Anchor Certificate Available");
        }
        Signature signature = Signature.getInstance(Constants.default_token_verify_algo);
        signature.initVerify(scert.getPublicKey());
        signature.update(jSONString.getBytes());
        if (signature.verify(decode)) {
            return new Token(str2, str3, decode2, l.longValue(), l2.longValue(), num.intValue(), str4, null);
        }
        throw new InvalidTokenException("Token Signature Validation Failed.");
    }

    public String get_id() {
        return this.id;
    }

    public String get_service_name() {
        return this.service;
    }

    public int getOriginType() {
        return this.stype;
    }

    public boolean check_effective() {
        return new Date().getTime() >= this.effectiveTs - ((long) this.minutesBuffer);
    }

    public state check_expired(long j) {
        long time = new Date().getTime();
        return this.expiredTs >= time ? state.VALID : this.expiredTs + j >= time ? state.EXPIREWARNING : state.EXPIRED;
    }

    public String getExpiredDate() {
        return new Date(this.expiredTs).toString();
    }

    public long getExpiredDateInLong() {
        return this.expiredTs;
    }

    public String getEffectiveDate() {
        return new Date(this.effectiveTs).toString();
    }

    public String getZone() {
        return this.zone;
    }

    public String getTokenOrigin() {
        return (this.stype < 0 || this.stype >= origin.values().length) ? origin.UNDEFINED.name() : origin.values()[this.stype].name();
    }

    @Override // com.jd.security.tde.TokenSignature
    public byte[] do_sign(byte[] bArr) throws InvalidTokenException, InvalidKeyException, NoSuchAlgorithmException {
        if (!this.isVerify) {
            throw new InvalidTokenException("Not a verified token.");
        }
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(this.key, "HmacSHA256"));
        byte[] doFinal = mac.doFinal(bArr);
        mac.reset();
        return doFinal;
    }

    @Override // com.jd.security.tde.TokenSignature
    public boolean do_verify(byte[] bArr, byte[] bArr2) throws InvalidTokenException, InvalidKeyException, NoSuchAlgorithmException {
        if (!this.isVerify) {
            throw new InvalidTokenException("Not a verified token.");
        }
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(this.key, "HmacSHA256"));
        byte[] doFinal = mac.doFinal(bArr);
        mac.reset();
        return Arrays.equals(bArr2, doFinal);
    }

    @Override // com.jd.security.tde.TokenCipher
    public byte[] do_encrypt(byte[] bArr) throws BadPaddingException, InvalidKeyException, IllegalBlockSizeException, NoSuchAlgorithmException, InvalidTokenException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        if (this.isVerify) {
            return this.de.encrypt(bArr);
        }
        throw new InvalidTokenException("Not a verified token.");
    }

    @Override // com.jd.security.tde.TokenCipher
    public byte[] do_decrypt(byte[] bArr) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalArgumentException, NoSuchPaddingException, InvalidTokenException, IllegalBlockSizeException, BadPaddingException {
        if (this.isVerify) {
            return this.de.decrypt(bArr);
        }
        throw new InvalidTokenException("Not a verified token.");
    }
}
