package com.oscar.ae;

import com.oscar.Driver;
import com.oscar.ae.EncryptionCommon;
import com.oscar.util.Hex;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.CopyOnWriteArrayList;

/* loaded from: input_file:com/oscar/ae/CekManager.class */
public class CekManager {
    protected boolean logFlag;
    private final List<ColumnEncryptionKey> CEK_LIST;
    private OscarCekLocalKmsProvider provider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/oscar/ae/CekManager$SingletonHandler.class */
    public static class SingletonHandler {
        private static final CekManager INSTANCE = new CekManager();

        private SingletonHandler() {
        }
    }

    private CekManager() {
        this.logFlag = Driver.getLogLevel() >= 2;
        this.CEK_LIST = new CopyOnWriteArrayList();
        this.provider = new OscarCekLocalKmsProvider();
    }

    public static CekManager singleton() {
        return SingletonHandler.INSTANCE;
    }

    public ColumnEncryptionKey getCek(String str, String str2, String str3) throws Exception {
        ColumnEncryptionKey columnEncryptionKey;
        int binarySearch = Collections.binarySearch(this.CEK_LIST, str);
        if (binarySearch >= 0) {
            columnEncryptionKey = this.CEK_LIST.get(binarySearch);
            if (columnEncryptionKey.getKeyValueRaw() != null) {
                return columnEncryptionKey;
            }
        } else {
            columnEncryptionKey = new ColumnEncryptionKey();
            columnEncryptionKey.setEncryptedValue(str);
            columnEncryptionKey.setAlgorithmName(str3);
        }
        ColumnMasterKey cmkOrFind = CmkManager.singleton().getCmkOrFind(str2, false);
        if (cmkOrFind == null) {
            throw new SQLException("找不到cmk:" + str2);
        }
        if (columnEncryptionKey.getCmk() != null) {
            cmkOrFind.setKeystoreName(columnEncryptionKey.getCmk().getKeystoreName());
        }
        String decryptCek = decryptCek(str, cmkOrFind, str3);
        columnEncryptionKey.setCmk(cmkOrFind);
        columnEncryptionKey.setKeyValueRaw(decryptCek);
        cache(columnEncryptionKey);
        return columnEncryptionKey;
    }

    public synchronized void cache(ColumnEncryptionKey columnEncryptionKey) {
        int binarySearch = Collections.binarySearch(this.CEK_LIST, columnEncryptionKey);
        if (binarySearch < 0) {
            this.CEK_LIST.add((-binarySearch) - 1, columnEncryptionKey);
        }
    }

    public ColumnEncryptionKey generateNew(Connection connection, String str, ColumnMasterKey columnMasterKey) throws Exception {
        String createCekRaw = createCekRaw();
        String str2 = new String(this.provider.encryptColumnEncryptionKey(columnMasterKey.getPath(), EncryptionCommon.ColumnEncryptionAlgorithm.AEAD_AES_128_CBC_HMAC_SHA256.name(), createCekRaw.getBytes()), EncryptionCommon.ISO_8859_1);
        try {
            saveTo(connection, columnMasterKey.getKeyName(), str, EncryptionCommon.ColumnEncryptionAlgorithm.AEAD_AES_128_CBC_HMAC_SHA256.name(), str2);
            ColumnEncryptionKey columnEncryptionKey = new ColumnEncryptionKey(str);
            columnEncryptionKey.setCmk(columnMasterKey);
            columnEncryptionKey.setKeyValueRaw(createCekRaw);
            columnEncryptionKey.setAlgorithmName(EncryptionCommon.ColumnEncryptionAlgorithm.AEAD_AES_128_CBC_HMAC_SHA256.name());
            columnEncryptionKey.setEncryptedValue(str2);
            return columnEncryptionKey;
        } catch (SQLException e) {
            e.printStackTrace();
            throw e;
        }
    }

    public String decryptCek(String str, ColumnMasterKey columnMasterKey, String str2) throws Exception {
        byte[] hexStringToByte = Hex.hexStringToByte(str);
        byte[] decryptColumnEncryptionKey = this.provider.decryptColumnEncryptionKey(columnMasterKey.getPath(), str2, hexStringToByte);
        if (this.logFlag) {
            Driver.writeLog("cmk明文 公钥:" + Arrays.toString(columnMasterKey.getPublicKeyInfo().getKeyValueRawBytes()));
            Driver.writeLog("cek十六进制：" + str);
            Driver.writeLog("cek密文：" + new String(hexStringToByte));
            Driver.writeLog("cek明文:" + new String(decryptColumnEncryptionKey, EncryptionCommon.ISO_8859_1));
        }
        return new String(decryptColumnEncryptionKey, EncryptionCommon.ISO_8859_1);
    }

    private String createCekRaw() {
        return UUID.randomUUID().toString().replace("-", "").substring(0, 16);
    }

    public void saveTo(Connection connection, String str, String str2, String str3, String str4) throws SQLException {
        String replaceFirst = "CREATE COLUMN ENCRYPTION KEY %key_name%   \r\nWITH VALUES  \r\n  (  \r\n    COLUMN_MASTER_KEY = '%COLUMN_MASTER_KEY%',   \r\n    ALGORITHM = '%ALGORITHM%',     \r\n    ENCRYPTED_VALUE = '%ENCRYPTED_VALUE%'  \r\n  )".replaceFirst("%key_name%", str2).replaceFirst("%COLUMN_MASTER_KEY%", str).replaceFirst("%ALGORITHM%", str3).replaceFirst("%ENCRYPTED_VALUE%", str4);
        Statement statement = null;
        try {
            statement = connection.createStatement();
            statement.execute(replaceFirst);
            if (statement != null) {
                statement.close();
            }
        } catch (Throwable th) {
            if (statement != null) {
                statement.close();
            }
            throw th;
        }
    }

    public void selectCekOid(Connection connection, ColumnEncryptionKey columnEncryptionKey) throws SQLException {
        PreparedStatement preparedStatement = null;
        try {
            preparedStatement = connection.prepareStatement("select cek.CEKOID from v_sys_attribute_encrypted_key_values m,v_sys_attribute_master_keys cmk,v_sys_attribute_encrypted_keys cek where cmk.cmkoid=m.cmkoid and m.cekoid=cek.cekoid and cek.cekname=? and cmk.CMKNAME=?");
            preparedStatement.setString(1, columnEncryptionKey.getKeyName());
            preparedStatement.setString(2, columnEncryptionKey.getCmk().getKeyName());
            ResultSet resultSet = null;
            try {
                ResultSet executeQuery = preparedStatement.executeQuery();
                if (!executeQuery.next()) {
                    throw new SQLException("没有查询到cek oid, cekname:" + columnEncryptionKey.getKeyName() + ", cmkname:" + columnEncryptionKey.getCmk().getKeyName());
                }
                columnEncryptionKey.setOid(executeQuery.getLong(1));
                if (executeQuery != null) {
                    executeQuery.close();
                }
                if (preparedStatement != null) {
                    preparedStatement.close();
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    resultSet.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            if (preparedStatement != null) {
                preparedStatement.close();
            }
            throw th2;
        }
    }

    public void dropCek(Connection connection, String str) throws SQLException {
        String str2 = "DROP COLUMN ENCRYPTION KEY " + str;
        Statement statement = null;
        try {
            statement = connection.createStatement();
            statement.execute(str2);
            if (statement != null) {
                statement.close();
            }
        } catch (Throwable th) {
            if (statement != null) {
                statement.close();
            }
            throw th;
        }
    }
}
