package com.jd.security.tdeclient;

import com.jd.open.api.sdk.DefaultJdClient;
import com.jd.open.api.sdk.request.directional.JosMasterKeyGetRequest;
import com.jd.open.api.sdk.response.directional.JosMasterKeyGetResponse;
import com.jd.security.tde.InvalidTokenException;
import com.jd.security.tde.KeyRequest;
import com.jd.security.tde.KeyResponse;
import com.jd.security.tde.MKData;
import com.jd.security.tde.MKey;
import com.jd.security.tde.MalformedException;
import com.jd.security.tde.ServiceKeyInfo;
import com.jd.security.tde.Token;
import com.jd.security.tde.util.Base64;
import com.jd.security.tde.util.TDEStatus;
import com.jd.security.tde.util.UtilTools;
import com.jd.security.tdeclient.CacheKeyStore;
import com.jd.security.tdeclient.HttpReportLogClient;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/classes/libs/open-api-sdk-2.0.jar:com/jd/security/tdeclient/KMClient.class
 */
/* loaded from: input_file:BOOT-INF/lib/open-api-sdk-2.0.jar-2.0.jar:com/jd/security/tdeclient/KMClient.class */
public class KMClient {
    private static final Logger LOGGER = Logger.getLogger(KMClient.class.getName());
    private static final String emptyStr = "";
    private HttpReportLogClient reporter;
    private Token userToken;
    private CacheKeyStore cacheKs;
    private int majorKeyVer;
    private int majorSdkVer;
    private String serverUrl;
    private String accessToken;
    private String appKey;
    private String appSecret;
    private boolean keyChainIsReady = false;
    private Set<String> corruptKeylist = new HashSet();
    private HashMap<String, Integer> availableKeylist = new HashMap<>();

    public KMClient(HttpReportLogClient httpReportLogClient, CacheKeyStore cacheKeyStore, Token token, String str, String str2, String str3, String str4, String str5) {
        this.majorSdkVer = 0;
        this.reporter = httpReportLogClient;
        this.cacheKs = cacheKeyStore;
        this.userToken = token;
        this.majorSdkVer = Integer.parseInt(str.substring(0, 1));
        this.serverUrl = str2;
        this.accessToken = str3;
        this.appKey = str4;
        this.appSecret = str5;
        LOGGER.fine("major_sdk_version = " + this.majorSdkVer);
    }

    public int getMajorKeyVersion() {
        return this.majorKeyVer;
    }

    public boolean isKeyChainReady() {
        return this.keyChainIsReady;
    }

    public void resetKeyChainFlag() {
        this.keyChainIsReady = false;
    }

    private void checkValidKeyChain() throws NoValidKeyException {
        this.keyChainIsReady = false;
        if (this.cacheKs.numOfKeys(CacheKeyStore.KStoreType.DEC_STROE) + this.cacheKs.numOfKeys(CacheKeyStore.KStoreType.ENC_STORE) == 0) {
            LOGGER.severe(TDEStatus.SDK_HAS_NO_AVAILABLE_KEYS.message);
            this.reporter.insertErrReport(TDEStatus.SDK_HAS_NO_AVAILABLE_KEYS.code, TDEStatus.SDK_HAS_NO_AVAILABLE_KEYS.message, "", HttpReportLogClient.MsgLevel.SEVERE);
            throw new NoValidKeyException(TDEStatus.SDK_HAS_NO_AVAILABLE_KEYS.message);
        }
        LOGGER.fine("# of enc keys:" + this.cacheKs.numOfKeys(CacheKeyStore.KStoreType.ENC_STORE) + " and # of dec keys:" + this.cacheKs.numOfKeys(CacheKeyStore.KStoreType.DEC_STROE));
        LOGGER.fine("Max key version for major service:" + this.majorKeyVer);
        this.keyChainIsReady = true;
    }

    private void ImportMKeys(KeyResponse keyResponse) throws ServiceErrorException, MalformedException, NoSuchAlgorithmException, NoValidKeyException, CorruptKeyException {
        if (!keyResponse.getEnc_service().equals(this.userToken.get_service_name())) {
            LOGGER.severe(TDEStatus.SDK_RECEIVED_WRONG_KEYRESPONSE1.message);
            this.reporter.insertErrReport(TDEStatus.SDK_RECEIVED_WRONG_KEYRESPONSE1.code, TDEStatus.SDK_RECEIVED_WRONG_KEYRESPONSE1.message, "", HttpReportLogClient.MsgLevel.ERROR);
            throw new ServiceErrorException(TDEStatus.SDK_RECEIVED_WRONG_KEYRESPONSE1.message);
        }
        if (!keyResponse.getTid().equals(this.userToken.get_id())) {
            LOGGER.severe(TDEStatus.SDK_RECEIVED_WRONG_KEYRESPONSE2.message);
            this.reporter.insertErrReport(TDEStatus.SDK_RECEIVED_WRONG_KEYRESPONSE2.code, TDEStatus.SDK_RECEIVED_WRONG_KEYRESPONSE2.message, "", HttpReportLogClient.MsgLevel.ERROR);
            throw new ServiceErrorException(TDEStatus.SDK_RECEIVED_WRONG_KEYRESPONSE2.message);
        }
        List<String> keyIDList = this.cacheKs.getKeyIDList(CacheKeyStore.KStoreType.ENC_STORE);
        List<String> keyIDList2 = this.cacheKs.getKeyIDList(CacheKeyStore.KStoreType.DEC_STROE);
        List<ServiceKeyInfo> service_key_list = keyResponse.getService_key_list();
        this.cacheKs.resetFutureKeyIDs();
        for (ServiceKeyInfo serviceKeyInfo : service_key_list) {
            List<MKData> keys = serviceKeyInfo.getKeys();
            this.availableKeylist.put(serviceKeyInfo.getService(), Integer.valueOf(keys.size() - 1));
            for (MKData mKData : keys) {
                MKey mKey = new MKey(serviceKeyInfo.getService(), Base64.decode(mKData.getId()), Base64.decode(mKData.getKey_string()), mKData.getKey_digest(), mKData.getVersion(), mKData.getKey_effective(), mKData.getKey_exp(), mKData.getKey_type(), serviceKeyInfo.getGrant_usage(), mKData.getKey_status());
                if (!mKey.isValid()) {
                    this.corruptKeylist.add(Base64.encodeToString(mKey.getID()));
                } else if (serviceKeyInfo.getService().equals(this.userToken.get_service_name())) {
                    this.majorKeyVer = serviceKeyInfo.getCurrent_key_version();
                    this.cacheKs.updateKey(mKData.getId(), mKey, CacheKeyStore.KStoreType.ENC_STORE);
                    this.cacheKs.updateKey(mKData.getId(), mKey, CacheKeyStore.KStoreType.DEC_STROE);
                    keyIDList.remove(mKData.getId());
                    keyIDList2.remove(mKData.getId());
                } else {
                    this.cacheKs.updateKey(mKData.getId(), mKey, CacheKeyStore.KStoreType.DEC_STROE);
                    keyIDList2.remove(mKData.getId());
                }
            }
            this.cacheKs.updateFutureKeyIDs(serviceKeyInfo.getService(), serviceKeyInfo.getCurrent_key_version());
        }
        this.reporter.insertKeyUpdateEventReport(TDEStatus.SDK_REPORT_CUR_KEYVER.code, TDEStatus.SDK_REPORT_CUR_KEYVER.message + String.valueOf(this.majorKeyVer), this.majorKeyVer, this.availableKeylist);
        this.availableKeylist.clear();
        if (keyIDList.size() > 0) {
            this.cacheKs.removeKeysViaList(keyIDList, CacheKeyStore.KStoreType.ENC_STORE);
        }
        if (keyIDList2.size() > 0) {
            this.cacheKs.removeKeysViaList(keyIDList2, CacheKeyStore.KStoreType.DEC_STROE);
        }
        sendCorruptReport();
        checkValidKeyChain();
    }

    private void sendCorruptReport() throws CorruptKeyException {
        if (this.corruptKeylist.isEmpty()) {
            return;
        }
        LOGGER.severe(TDEStatus.SDK_HAS_CORRUPTED_KEYS.message);
        String str = "keyids:";
        Iterator<String> it = this.corruptKeylist.iterator();
        while (it.hasNext()) {
            str = str + it.next() + ",";
        }
        this.reporter.insertErrReport(TDEStatus.SDK_HAS_CORRUPTED_KEYS.code, TDEStatus.SDK_HAS_CORRUPTED_KEYS.message, str.substring(0, str.length() - 1), HttpReportLogClient.MsgLevel.ERROR);
        throw new CorruptKeyException(TDEStatus.SDK_HAS_CORRUPTED_KEYS.message);
    }

    public void FetchMKeys() throws ServiceErrorException, NoValidKeyException, MalformedException, RuntimeException, InvalidTokenException, NoSuchAlgorithmException, CorruptKeyException, IOException {
        try {
            KeyResponse requestMk = requestMk();
            this.corruptKeylist.clear();
            if (requestMk.getStatus_code() == 0) {
                ImportMKeys(requestMk);
                return;
            }
            LOGGER.fine("ERR CODE:" + requestMk.getStatus_code());
            LOGGER.fine(requestMk.getStatus_message());
            if (requestMk.getStatus_code() == TDEStatus.TMS_REQUEST_VERIFY_FAILED.code || requestMk.getStatus_code() == TDEStatus.TMS_TOKEN_EXPIRE.code || requestMk.getStatus_code() == TDEStatus.TMS_NO_AVAILABLE_GRANTS_FOR_SERVICE.code || requestMk.getStatus_code() == TDEStatus.TMS_TOKEN_IS_FROZEN.code || requestMk.getStatus_code() == TDEStatus.TMS_TOKEN_IS_REVOKE.code || requestMk.getStatus_code() == TDEStatus.TMS_DB_DATA_NOTFOUND_ERROR.code) {
                this.reporter.insertErrReport(requestMk.getStatus_code(), requestMk.getStatus_message(), "", HttpReportLogClient.MsgLevel.SEVERE);
                this.cacheKs.removeAllMKeys();
                this.keyChainIsReady = false;
            } else {
                this.reporter.insertErrReport(requestMk.getStatus_code(), requestMk.getStatus_message(), "", HttpReportLogClient.MsgLevel.ERROR);
            }
            throw new ServiceErrorException(requestMk.getStatus_message());
        } catch (Exception e) {
            LOGGER.severe(e.getLocalizedMessage());
            this.reporter.insertErrReport(TDEStatus.SDK_CANNOT_REACH_KMS.code, TDEStatus.SDK_CANNOT_REACH_KMS.message, UtilTools.extractStackTrace(e), HttpReportLogClient.MsgLevel.SEVERE);
        }
    }

    private KeyResponse requestMk() {
        KeyRequest CreateNewKeyRequest;
        JosMasterKeyGetResponse josMasterKeyGetResponse;
        KeyResponse keyResponse = null;
        FetchKeyException fetchKeyException = null;
        boolean z = false;
        for (int i = 0; i < 2 && !z; i++) {
            try {
                CreateNewKeyRequest = KeyRequest.CreateNewKeyRequest(this.userToken, this.majorSdkVer);
                JosMasterKeyGetRequest josMasterKeyGetRequest = new JosMasterKeyGetRequest();
                josMasterKeyGetRequest.setTid(CreateNewKeyRequest.getData().getTid());
                josMasterKeyGetRequest.setSdk_ver(String.valueOf(this.majorSdkVer));
                josMasterKeyGetRequest.setTs(String.valueOf(CreateNewKeyRequest.getData().getTs()));
                josMasterKeyGetRequest.setSig(CreateNewKeyRequest.getSig());
                josMasterKeyGetResponse = (JosMasterKeyGetResponse) new DefaultJdClient(this.serverUrl, this.accessToken, this.appKey, this.appSecret, 3000, 3000).execute(josMasterKeyGetRequest);
            } catch (Exception e) {
                LOGGER.warning("MKey Request: " + e);
                fetchKeyException = new FetchKeyException(e);
            }
            if (!"0".equals(josMasterKeyGetResponse.getCode())) {
                throw new ServiceErrorException("gw platform error ->" + josMasterKeyGetResponse.getMsg());
                break;
            }
            z = true;
            if (josMasterKeyGetResponse.getResponse().getStatus_code() != 0) {
                LOGGER.warning("mkey api error ->: " + josMasterKeyGetResponse.getResponse().getStatus_message());
            }
            keyResponse = josMasterKeyGetResponse.getResponse();
            LOGGER.fine("MKey Request Success: " + CreateNewKeyRequest);
        }
        if (z) {
            return keyResponse;
        }
        throw fetchKeyException;
    }
}
