package com.aliyun.oss.crypto;

import com.aliyun.oss.ClientException;
import com.aliyun.oss.common.utils.BinaryUtil;
import com.aliyun.oss.common.utils.StringUtils;
import com.aliyun.oss.internal.RequestParameters;
import com.imedcloud.common.util.RSAUtils;
import java.lang.reflect.Field;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:BOOT-INF/lib/aliyun-sdk-oss-3.17.1.jar:com/aliyun/oss/crypto/SimpleRSAEncryptionMaterials.class */
public class SimpleRSAEncryptionMaterials implements EncryptionMaterials {
    public static final String KEY_WRAP_ALGORITHM = "RSA/NONE/PKCS1Padding";
    private KeyPair keyPair;
    private Map<String, String> desc;
    private final LinkedHashMap<KeyPair, Map<String, String>> keyPairDescMaterials = new LinkedHashMap<>();

    public SimpleRSAEncryptionMaterials(KeyPair keyPair) {
        assertParameterNotNull(keyPair, "KeyPair");
        this.keyPair = keyPair;
        this.desc = new HashMap();
        this.keyPairDescMaterials.put(keyPair, this.desc);
    }

    public SimpleRSAEncryptionMaterials(KeyPair keyPair, Map<String, String> map) {
        assertParameterNotNull(keyPair, "KeyPair");
        this.keyPair = keyPair;
        this.desc = map == null ? new HashMap() : new HashMap(map);
        this.keyPairDescMaterials.put(keyPair, map);
    }

    public synchronized void addKeyPairDescMaterial(KeyPair keyPair, Map<String, String> map) {
        assertParameterNotNull(keyPair, "keyPair");
        if (map != null) {
            this.keyPairDescMaterials.put(keyPair, new HashMap(map));
        } else {
            this.keyPairDescMaterials.put(keyPair, new HashMap());
        }
    }

    private KeyPair findKeyPairByDescription(Map<String, String> map) {
        if (map == null) {
            return null;
        }
        for (Map.Entry<KeyPair, Map<String, String>> entry : this.keyPairDescMaterials.entrySet()) {
            if (map.equals(entry.getValue())) {
                return entry.getKey();
            }
        }
        return null;
    }

    private <K, V> Map.Entry<K, V> getTailByReflection(LinkedHashMap<K, V> linkedHashMap) throws NoSuchFieldException, IllegalAccessException {
        Field declaredField = linkedHashMap.getClass().getDeclaredField(RequestParameters.TAIL);
        declaredField.setAccessible(true);
        return (Map.Entry) declaredField.get(linkedHashMap);
    }

    @Override // com.aliyun.oss.crypto.EncryptionMaterials
    public void encryptCEK(ContentCryptoMaterialRW contentCryptoMaterialRW) {
        assertParameterNotNull(contentCryptoMaterialRW, "ContentCryptoMaterialRW");
        assertParameterNotNull(contentCryptoMaterialRW.getCEK(), "ContentCryptoMaterialRW#getCEK()");
        assertParameterNotNull(contentCryptoMaterialRW.getIV(), "ContentCryptoMaterialRW#getIV()");
        try {
            PublicKey publicKey = this.keyPair.getPublic();
            Cipher cipher = Cipher.getInstance(KEY_WRAP_ALGORITHM);
            cipher.init(1, publicKey, new SecureRandom());
            byte[] doFinal = cipher.doFinal(contentCryptoMaterialRW.getCEK().getEncoded());
            byte[] doFinal2 = cipher.doFinal(contentCryptoMaterialRW.getIV());
            contentCryptoMaterialRW.setEncryptedCEK(doFinal);
            contentCryptoMaterialRW.setEncryptedIV(doFinal2);
            contentCryptoMaterialRW.setKeyWrapAlgorithm(KEY_WRAP_ALGORITHM);
            contentCryptoMaterialRW.setMaterialsDescription(this.desc);
        } catch (Exception e) {
            throw new ClientException("Unable to encrypt content encryption key or iv." + e.getMessage(), e);
        }
    }

    @Override // com.aliyun.oss.crypto.EncryptionMaterials
    public void decryptCEK(ContentCryptoMaterialRW contentCryptoMaterialRW) {
        assertParameterNotNull(contentCryptoMaterialRW, "ContentCryptoMaterialRW");
        assertParameterNotNull(contentCryptoMaterialRW.getEncryptedCEK(), "ContentCryptoMaterialRW#getEncryptedCEK");
        assertParameterNotNull(contentCryptoMaterialRW.getEncryptedIV(), "ContentCryptoMaterialRW#getEncryptedIV");
        assertParameterNotNull(contentCryptoMaterialRW.getKeyWrapAlgorithm(), "ContentCryptoMaterialRW#getKeyWrapAlgorithm");
        if (!contentCryptoMaterialRW.getKeyWrapAlgorithm().toLowerCase().equals(KEY_WRAP_ALGORITHM.toLowerCase())) {
            throw new ClientException("Unrecognize your object key wrap algorithm: " + contentCryptoMaterialRW.getKeyWrapAlgorithm());
        }
        try {
            KeyPair findKeyPairByDescription = findKeyPairByDescription(contentCryptoMaterialRW.getMaterialsDescription());
            if (findKeyPairByDescription == null) {
                findKeyPairByDescription = (KeyPair) getTailByReflection(this.keyPairDescMaterials).getKey();
            }
            PrivateKey privateKey = findKeyPairByDescription.getPrivate();
            Cipher cipher = Cipher.getInstance(KEY_WRAP_ALGORITHM);
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(contentCryptoMaterialRW.getEncryptedCEK());
            byte[] doFinal2 = cipher.doFinal(contentCryptoMaterialRW.getEncryptedIV());
            contentCryptoMaterialRW.setCEK(new SecretKeySpec(doFinal, ""));
            contentCryptoMaterialRW.setIV(doFinal2);
        } catch (Exception e) {
            throw new ClientException("Unable to decrypt the secured content key and iv. " + e.getMessage(), e);
        }
    }

    public static RSAPrivateKey getPrivateKeyFromPemPKCS1(String str) {
        try {
            String replace = StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(str, "-----BEGIN PRIVATE KEY-----", ""), "-----BEGIN RSA PRIVATE KEY-----", ""), "-----END PRIVATE KEY-----", ""), "-----END RSA PRIVATE KEY-----", "").replace("\n", "");
            CryptoRuntime.enableBouncyCastle();
            return (RSAPrivateKey) KeyFactory.getInstance(RSAUtils.KEY_ALGORITHM).generatePrivate(CryptoRuntime.convertPemPKCS1ToPrivateKey(BinaryUtil.fromBase64String(replace)));
        } catch (Exception e) {
            throw new ClientException("get private key from PKCS1 pem String error." + e.getMessage(), e);
        }
    }

    public static RSAPrivateKey getPrivateKeyFromPemPKCS8(String str) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance(RSAUtils.KEY_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(BinaryUtil.fromBase64String(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(str, "-----BEGIN PRIVATE KEY-----", ""), "-----BEGIN RSA PRIVATE KEY-----", ""), "-----END PRIVATE KEY-----", ""), "-----END RSA PRIVATE KEY-----", "").replace("\n", ""))));
        } catch (Exception e) {
            throw new ClientException("Get private key from PKCS8 pem String error: " + e.getMessage(), e);
        }
    }

    public static RSAPublicKey getPublicKeyFromPemX509(String str) {
        try {
            return (RSAPublicKey) KeyFactory.getInstance(RSAUtils.KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(BinaryUtil.fromBase64String(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(str, "-----BEGIN PUBLIC KEY-----", ""), "-----BEGIN RSA PUBLIC KEY-----", ""), "-----END PUBLIC KEY-----", ""), "-----END RSA PUBLIC KEY-----", "").replace("\n", ""))));
        } catch (Exception e) {
            throw new ClientException("Get public key from X509 pem String error." + e.getMessage(), e);
        }
    }

    private void assertParameterNotNull(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(str);
        }
    }

    static {
        CryptoRuntime.enableBouncyCastle();
    }
}
