package com.alibaba.datax.core.util;

import com.alibaba.datax.common.exception.DataXException;
import com.alibaba.datax.common.util.Configuration;
import com.alibaba.datax.core.util.container.CoreConstant;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.tuple.ImmutableTriple;
import org.apache.commons.lang3.tuple.Triple;

/* loaded from: input_file:com/alibaba/datax/core/util/SecretUtil.class */
public class SecretUtil {
    private static Properties properties;
    private static Map<String, Triple<String, String, String>> versionKeyMap;
    private static final String ENCODING = "UTF-8";
    public static final String KEY_ALGORITHM_RSA = "RSA";
    public static final String KEY_ALGORITHM_3DES = "DESede";
    private static final String CIPHER_ALGORITHM_3DES = "DESede/ECB/PKCS5Padding";
    private static final Base64 base64 = new Base64();

    public static String encryptBASE64(byte[] bArr) throws Exception {
        return new String(base64.encode(bArr), ENCODING);
    }

    public static byte[] decryptBASE64(String str) {
        return base64.decode(str);
    }

    public static String encrypt(String str, String str2, String str3) {
        if (KEY_ALGORITHM_RSA.equals(str3)) {
            return encryptRSA(str, str2);
        }
        if (KEY_ALGORITHM_3DES.equals(str3)) {
            return encrypt3DES(str, str2);
        }
        throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, String.format("系统编程错误,不支持的加密类型", str3));
    }

    public static String decrypt(String str, String str2, String str3) {
        if (KEY_ALGORITHM_RSA.equals(str3)) {
            return decryptRSA(str, str2);
        }
        if (KEY_ALGORITHM_3DES.equals(str3)) {
            return decrypt3DES(str, str2);
        }
        throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, String.format("系统编程错误,不支持的加密类型", str3));
    }

    public static String encryptRSA(String str, String str2) {
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(decryptBASE64(str2));
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM_RSA);
            PublicKey generatePublic = keyFactory.generatePublic(x509EncodedKeySpec);
            Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
            cipher.init(1, generatePublic);
            return encryptBASE64(cipher.doFinal(str.getBytes(ENCODING)));
        } catch (Exception e) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, "rsa加密出错", e);
        }
    }

    public static String decryptRSA(String str, String str2) {
        try {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decryptBASE64(str2));
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM_RSA);
            PrivateKey generatePrivate = keyFactory.generatePrivate(pKCS8EncodedKeySpec);
            Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
            cipher.init(2, generatePrivate);
            return new String(cipher.doFinal(decryptBASE64(str)), ENCODING);
        } catch (Exception e) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, "rsa解密出错", e);
        }
    }

    public static String[] initKey() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM_RSA);
        keyPairGenerator.initialize(1024);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        return new String[]{encryptBASE64(((RSAPublicKey) generateKeyPair.getPublic()).getEncoded()), encryptBASE64(((RSAPrivateKey) generateKeyPair.getPrivate()).getEncoded())};
    }

    public static String encrypt3DES(String str, String str2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(build3DesKey(str2), KEY_ALGORITHM_3DES);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_3DES);
            cipher.init(1, secretKeySpec);
            return encryptBASE64(cipher.doFinal(str.getBytes(ENCODING)));
        } catch (Exception e) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, "3重DES加密出错", e);
        }
    }

    public static String decrypt3DES(String str, String str2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(build3DesKey(str2), KEY_ALGORITHM_3DES);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM_3DES);
            cipher.init(2, secretKeySpec);
            return new String(cipher.doFinal(decryptBASE64(str)), ENCODING);
        } catch (Exception e) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, "rsa解密出错", e);
        }
    }

    private static byte[] build3DesKey(String str) {
        try {
            byte[] bytes = "000000000000000000000000".getBytes(ENCODING);
            byte[] bytes2 = str.getBytes(ENCODING);
            if (bytes.length > bytes2.length) {
                System.arraycopy(bytes2, 0, bytes, 0, bytes2.length);
            } else {
                System.arraycopy(bytes2, 0, bytes, 0, bytes.length);
            }
            return bytes;
        } catch (Exception e) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, "构建三重DES密匙出错", e);
        }
    }

    public static synchronized Properties getSecurityProperties() {
        if (properties == null) {
            try {
                FileInputStream fileInputStream = new FileInputStream(CoreConstant.DATAX_SECRET_PATH);
                properties = new Properties();
                try {
                    properties.load(fileInputStream);
                    fileInputStream.close();
                } catch (IOException e) {
                    throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, "读取加解密配置文件出错", e);
                }
            } catch (FileNotFoundException e2) {
                throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, "DataX配置要求加解密，但无法找到密钥的配置文件");
            }
        }
        return properties;
    }

    public static Configuration encryptSecretKey(Configuration configuration) {
        String string = configuration.getString(CoreConstant.DATAX_JOB_SETTING_KEYVERSION);
        if (StringUtils.isBlank(string)) {
            return configuration;
        }
        Map<String, Triple<String, String, String>> privateKeyMap = getPrivateKeyMap();
        if (null == privateKeyMap.get(string)) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, String.format("DataX配置的密钥版本为[%s]，但在系统中没有配置，任务密钥配置错误，不存在您配置的密钥版本", string));
        }
        String str = (String) privateKeyMap.get(string).getRight();
        String str2 = (String) privateKeyMap.get(string).getMiddle();
        if (StringUtils.isBlank(str)) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, String.format("DataX配置的密钥版本为[%s]，但在系统中没有配置，可能是任务密钥配置错误，也可能是系统维护问题", string));
        }
        for (String str3 : configuration.getSecretKeyPathSet()) {
            String encrypt = encrypt(configuration.getString(str3), str, str2);
            int lastIndexOf = str3.lastIndexOf(".") + 1;
            configuration.set(str3.substring(0, lastIndexOf) + "*" + str3.substring(lastIndexOf), encrypt);
            configuration.remove(str3);
        }
        return configuration;
    }

    public static Configuration decryptSecretKey(Configuration configuration) {
        String string = configuration.getString(CoreConstant.DATAX_JOB_SETTING_KEYVERSION);
        if (StringUtils.isBlank(string)) {
            return configuration;
        }
        Map<String, Triple<String, String, String>> privateKeyMap = getPrivateKeyMap();
        if (null == privateKeyMap.get(string)) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, String.format("DataX配置的密钥版本为[%s]，但在系统中没有配置，任务密钥配置错误，不存在您配置的密钥版本", string));
        }
        String str = (String) privateKeyMap.get(string).getLeft();
        String str2 = (String) privateKeyMap.get(string).getMiddle();
        if (StringUtils.isBlank(str)) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, String.format("DataX配置的密钥版本为[%s]，但在系统中没有配置，可能是任务密钥配置错误，也可能是系统维护问题", string));
        }
        for (String str3 : configuration.getKeys()) {
            int lastIndexOf = str3.lastIndexOf(".") + 1;
            String substring = str3.substring(lastIndexOf);
            if (substring.length() > 1 && substring.charAt(0) == '*' && substring.charAt(1) != '*') {
                Object obj = configuration.get(str3);
                if (obj instanceof String) {
                    String str4 = str3.substring(0, lastIndexOf) + substring.substring(1);
                    configuration.set(str4, decrypt((String) obj, str, str2));
                    configuration.addSecretKeyPath(str4);
                    configuration.remove(str3);
                }
            }
        }
        return configuration;
    }

    private static synchronized Map<String, Triple<String, String, String>> getPrivateKeyMap() {
        if (versionKeyMap == null) {
            versionKeyMap = new HashMap();
            Properties securityProperties = getSecurityProperties();
            String[] strArr = {CoreConstant.LAST_SERVICE_USERNAME, CoreConstant.CURRENT_SERVICE_USERNAME};
            String[] strArr2 = {CoreConstant.LAST_SERVICE_PASSWORD, CoreConstant.CURRENT_SERVICE_PASSWORD};
            for (int i = 0; i < strArr.length; i++) {
                String property = securityProperties.getProperty(strArr[i]);
                if (StringUtils.isNotBlank(property)) {
                    String property2 = securityProperties.getProperty(strArr2[i]);
                    if (!StringUtils.isNotBlank(property2)) {
                        throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, String.format("DataX配置要求加解密，但配置的密钥版本[%s]存在密钥为空的情况", property));
                    }
                    versionKeyMap.put(property, ImmutableTriple.of(property2, KEY_ALGORITHM_3DES, property2));
                }
            }
            String[] strArr3 = {CoreConstant.LAST_KEYVERSION, CoreConstant.CURRENT_KEYVERSION};
            String[] strArr4 = {CoreConstant.LAST_PRIVATEKEY, CoreConstant.CURRENT_PRIVATEKEY};
            String[] strArr5 = {CoreConstant.LAST_PUBLICKEY, CoreConstant.CURRENT_PUBLICKEY};
            for (int i2 = 0; i2 < strArr3.length; i2++) {
                String property3 = securityProperties.getProperty(strArr3[i2]);
                if (StringUtils.isNotBlank(property3)) {
                    String property4 = securityProperties.getProperty(strArr4[i2]);
                    String property5 = securityProperties.getProperty(strArr5[i2]);
                    if (!StringUtils.isNotBlank(property4) || !StringUtils.isNotBlank(property5)) {
                        throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, String.format("DataX配置要求加解密，但配置的公私钥对存在为空的情况，版本[%s]", property3));
                    }
                    versionKeyMap.put(property3, ImmutableTriple.of(property4, KEY_ALGORITHM_RSA, property5));
                }
            }
        }
        if (versionKeyMap.size() <= 0) {
            throw DataXException.asDataXException(FrameworkErrorCode.SECRET_ERROR, "DataX配置要求加解密，但无法找到加解密配置");
        }
        return versionKeyMap;
    }
}
