package com.xforceplus.finance.dvas.kms;

import com.aliyuncs.DefaultAcsClient;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.FormatType;
import com.aliyuncs.http.HttpClientConfig;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.ProtocolType;
import com.aliyuncs.kms.model.v20160120.CreateKeyRequest;
import com.aliyuncs.kms.model.v20160120.CreateKeyResponse;
import com.aliyuncs.kms.model.v20160120.CreateSecretRequest;
import com.aliyuncs.kms.model.v20160120.CreateSecretResponse;
import com.aliyuncs.kms.model.v20160120.DecryptRequest;
import com.aliyuncs.kms.model.v20160120.DecryptResponse;
import com.aliyuncs.kms.model.v20160120.DescribeKeyRequest;
import com.aliyuncs.kms.model.v20160120.DescribeKeyResponse;
import com.aliyuncs.kms.model.v20160120.EncryptRequest;
import com.aliyuncs.kms.model.v20160120.EncryptResponse;
import com.aliyuncs.kms.model.v20160120.GenerateDataKeyRequest;
import com.aliyuncs.kms.model.v20160120.GenerateDataKeyResponse;
import com.aliyuncs.kms.model.v20160120.GetParametersForImportRequest;
import com.aliyuncs.kms.model.v20160120.GetParametersForImportResponse;
import com.aliyuncs.kms.model.v20160120.GetSecretValueRequest;
import com.aliyuncs.kms.model.v20160120.GetSecretValueResponse;
import com.aliyuncs.kms.model.v20160120.ImportKeyMaterialRequest;
import com.aliyuncs.kms.model.v20160120.ImportKeyMaterialResponse;
import com.aliyuncs.kms.model.v20160120.ListKeysRequest;
import com.aliyuncs.kms.model.v20160120.ListKeysResponse;
import com.aliyuncs.kms.model.v20160120.ListSecretsRequest;
import com.aliyuncs.kms.model.v20160120.ListSecretsResponse;
import com.aliyuncs.kms.model.v20160120.PutSecretValueRequest;
import com.aliyuncs.kms.model.v20160120.PutSecretValueResponse;
import com.aliyuncs.profile.DefaultProfile;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:com/xforceplus/finance/dvas/kms/KmsClient.class */
public class KmsClient {
    private DefaultAcsClient kmsClient;

    public static KmsClient getClientForPublicEndpoint(String str, String str2, String str3) {
        return new KmsClient(new DefaultAcsClient(DefaultProfile.getProfile(str, str2, str3)));
    }

    public static KmsClient getClientForVpcEndpoint(String str, String str2, String str3, String str4) {
        DefaultProfile.addEndpoint(str, "kms", str4);
        DefaultProfile profile = DefaultProfile.getProfile(str, str2, str3);
        profile.setHttpClientConfig(HttpClientConfig.getDefault());
        return new KmsClient(new DefaultAcsClient(profile));
    }

    private KmsClient(DefaultAcsClient defaultAcsClient) {
        this.kmsClient = defaultAcsClient;
    }

    public CreateKeyResponse createKey(String str, String str2) throws ClientException {
        CreateKeyRequest createKeyRequest = new CreateKeyRequest();
        createKeyRequest.setProtocol(ProtocolType.HTTPS);
        createKeyRequest.setAcceptFormat(FormatType.JSON);
        createKeyRequest.setMethod(MethodType.POST);
        createKeyRequest.setDescription(str);
        createKeyRequest.setKeyUsage(str2);
        return this.kmsClient.getAcsResponse(createKeyRequest);
    }

    public DescribeKeyResponse describeKey(String str) throws ClientException {
        DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest();
        describeKeyRequest.setProtocol(ProtocolType.HTTPS);
        describeKeyRequest.setAcceptFormat(FormatType.JSON);
        describeKeyRequest.setMethod(MethodType.POST);
        describeKeyRequest.setKeyId(str);
        return this.kmsClient.getAcsResponse(describeKeyRequest);
    }

    public ListKeysResponse listKey(int i, int i2) throws ClientException {
        ListKeysRequest listKeysRequest = new ListKeysRequest();
        listKeysRequest.setProtocol(ProtocolType.HTTPS);
        listKeysRequest.setAcceptFormat(FormatType.JSON);
        listKeysRequest.setMethod(MethodType.POST);
        listKeysRequest.setPageNumber(Integer.valueOf(i));
        listKeysRequest.setPageSize(Integer.valueOf(i2));
        return this.kmsClient.getAcsResponse(listKeysRequest);
    }

    public GenerateDataKeyResponse generateDataKey(String str, String str2, int i) throws ClientException {
        GenerateDataKeyRequest generateDataKeyRequest = new GenerateDataKeyRequest();
        generateDataKeyRequest.setProtocol(ProtocolType.HTTPS);
        generateDataKeyRequest.setAcceptFormat(FormatType.JSON);
        generateDataKeyRequest.setMethod(MethodType.POST);
        generateDataKeyRequest.setKeySpec(str2);
        generateDataKeyRequest.setKeyId(str);
        generateDataKeyRequest.setNumberOfBytes(Integer.valueOf(i));
        return this.kmsClient.getAcsResponse(generateDataKeyRequest);
    }

    public EncryptResponse encrypt(String str, String str2) throws ClientException {
        EncryptRequest encryptRequest = new EncryptRequest();
        encryptRequest.setProtocol(ProtocolType.HTTPS);
        encryptRequest.setAcceptFormat(FormatType.JSON);
        encryptRequest.setMethod(MethodType.POST);
        encryptRequest.setKeyId(str);
        encryptRequest.setPlaintext(str2);
        return this.kmsClient.getAcsResponse(encryptRequest);
    }

    public DecryptResponse decrypt(String str) throws ClientException {
        DecryptRequest decryptRequest = new DecryptRequest();
        decryptRequest.setProtocol(ProtocolType.HTTPS);
        decryptRequest.setAcceptFormat(FormatType.JSON);
        decryptRequest.setMethod(MethodType.POST);
        decryptRequest.setCiphertextBlob(str);
        return this.kmsClient.getAcsResponse(decryptRequest);
    }

    public ImportKeyMaterialResponse createAndImportKey(String str, String str2) throws Exception {
        String keyId = createKey().getKeyMetadata().getKeyId();
        byte[] bArr = new byte[32];
        new Random().nextBytes(bArr);
        GetParametersForImportResponse parametersForImport = getParametersForImport(keyId, str, str2);
        String importToken = parametersForImport.getImportToken();
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(DatatypeConverter.parseBase64Binary(parametersForImport.getPublicKey())));
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
        cipher.init(1, generatePublic, new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT));
        return importKeyMaterial(keyId, DatatypeConverter.printBase64Binary(cipher.doFinal(bArr)), importToken, 0L);
    }

    private ImportKeyMaterialResponse importKeyMaterial(String str, String str2, String str3, Long l) throws ClientException {
        ImportKeyMaterialRequest importKeyMaterialRequest = new ImportKeyMaterialRequest();
        importKeyMaterialRequest.setKeyId(str);
        importKeyMaterialRequest.setEncryptedKeyMaterial(str2);
        importKeyMaterialRequest.setImportToken(str3);
        importKeyMaterialRequest.setKeyMaterialExpireUnix(l);
        return this.kmsClient.getAcsResponse(importKeyMaterialRequest);
    }

    public GetParametersForImportResponse getParametersForImport(String str, String str2, String str3) throws ClientException {
        GetParametersForImportRequest getParametersForImportRequest = new GetParametersForImportRequest();
        getParametersForImportRequest.setKeyId(str);
        getParametersForImportRequest.setWrappingAlgorithm(str2);
        getParametersForImportRequest.setWrappingKeySpec(str3);
        return this.kmsClient.getAcsResponse(getParametersForImportRequest);
    }

    public CreateKeyResponse createKey() throws Exception {
        CreateKeyRequest createKeyRequest = new CreateKeyRequest();
        createKeyRequest.setOrigin("EXTERNAL");
        return this.kmsClient.getAcsResponse(createKeyRequest);
    }

    public ListSecretsResponse listSecret(String str, Integer num, Integer num2) throws ClientException {
        ListSecretsRequest listSecretsRequest = new ListSecretsRequest();
        listSecretsRequest.setFetchTags(str);
        listSecretsRequest.setPageNumber(num);
        listSecretsRequest.setPageSize(num2);
        return this.kmsClient.getAcsResponse(listSecretsRequest);
    }

    public GetSecretValueResponse getSecretValue(String str) throws ClientException {
        GetSecretValueRequest getSecretValueRequest = new GetSecretValueRequest();
        getSecretValueRequest.setSecretName(str);
        return this.kmsClient.getAcsResponse(getSecretValueRequest);
    }

    public CreateSecretResponse createSecret(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws ClientException {
        CreateSecretRequest createSecretRequest = new CreateSecretRequest();
        createSecretRequest.setSecretName(str);
        createSecretRequest.setVersionId(str2);
        createSecretRequest.setSecretData(str3);
        createSecretRequest.setEncryptionKeyId(str4);
        createSecretRequest.setSecretDataType(str5);
        createSecretRequest.setDescription(str6);
        createSecretRequest.setTags(str7);
        return this.kmsClient.getAcsResponse(createSecretRequest);
    }

    public PutSecretValueResponse updateSecretValue(String str, String str2, String str3) throws ClientException {
        PutSecretValueRequest putSecretValueRequest = new PutSecretValueRequest();
        putSecretValueRequest.setVersionId(str);
        putSecretValueRequest.setSecretName(str2);
        putSecretValueRequest.setSecretData(str3);
        return this.kmsClient.getAcsResponse(putSecretValueRequest);
    }
}
