package com.alibaba.csp.ahas.shaded.com.alibaba.edas.acm.filter;

import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.DefaultAcsClient;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.auth.InstanceProfileCredentialsProvider;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.exceptions.ClientException;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.http.FormatType;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.http.MethodType;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.http.ProtocolType;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.kms.model.v20160120.DecryptRequest;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.kms.model.v20160120.DecryptResponse;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.kms.model.v20160120.EncryptRequest;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.kms.model.v20160120.EncryptResponse;
import com.alibaba.csp.ahas.shaded.com.alibaba.acm.shaded.com.aliyuncs.profile.DefaultProfile;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.exception.DiamondException;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.identify.Constants;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IConfigFilterChain;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IConfigRequest;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IConfigResponse;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IFilterConfig;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.impl.ConfigRequest;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.impl.ConfigResponse;
import com.alibaba.csp.ahas.shaded.com.taobao.diamond.utils.StringUtils;

/* loaded from: input_file:com/alibaba/csp/ahas/shaded/com/alibaba/edas/acm/filter/KMSConfigFilter.class */
public class KMSConfigFilter implements IACMConfigFilter {
    private DefaultAcsClient kmsClient;
    private String keyId;
    private int order = 100;
    private static final String SAFE_CONFIG_PREFIX = "cipher-";

    @Override // com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IConfigFilter
    public void doFilter(IConfigRequest iConfigRequest, IConfigResponse iConfigResponse, IConfigFilterChain iConfigFilterChain) throws DiamondException {
        try {
            ConfigRequest configRequest = (ConfigRequest) iConfigRequest;
            ConfigResponse configResponse = (ConfigResponse) iConfigResponse;
            if (iConfigRequest != null && configRequest.getDataId().startsWith(SAFE_CONFIG_PREFIX) && configRequest.getContent() != null) {
                configRequest.setContent(encrypt(this.keyId, configRequest.getContent()));
            }
            iConfigFilterChain.doFilter(configRequest, configResponse);
            if (configResponse != null && configResponse.getDataId().startsWith(SAFE_CONFIG_PREFIX) && configResponse.getContent() != null) {
                configResponse.setContent(decrypt(configResponse.getContent()));
            }
        } catch (ClientException e) {
            throw new DiamondException(500, "KMS error, errCode: " + e.getErrCode() + " ,errMsg: " + e.getErrMsg());
        }
    }

    private DefaultAcsClient kmsClient(String str, String str2, String str3) {
        return new DefaultAcsClient(DefaultProfile.getProfile(str, str2, str3));
    }

    private DefaultAcsClient kmsClient(String str, String str2) {
        return new DefaultAcsClient(DefaultProfile.getProfile(str), new InstanceProfileCredentialsProvider(str2));
    }

    private DecryptResponse Decrypt(String str) throws ClientException {
        DecryptRequest decryptRequest = new DecryptRequest();
        decryptRequest.setProtocol(ProtocolType.HTTPS);
        decryptRequest.setAcceptFormat(FormatType.JSON);
        decryptRequest.setMethod(MethodType.POST);
        decryptRequest.setCiphertextBlob(str);
        return (DecryptResponse) this.kmsClient.getAcsResponse(decryptRequest);
    }

    public String decrypt(String str) throws ClientException {
        return Decrypt(str).getPlaintext();
    }

    private EncryptResponse Encrypt(String str, String str2) throws ClientException {
        EncryptRequest encryptRequest = new EncryptRequest();
        encryptRequest.setProtocol(ProtocolType.HTTPS);
        encryptRequest.setAcceptFormat(FormatType.JSON);
        encryptRequest.setMethod(MethodType.POST);
        encryptRequest.setKeyId(str);
        encryptRequest.setPlaintext(str2);
        return (EncryptResponse) this.kmsClient.getAcsResponse(encryptRequest);
    }

    private String encrypt(String str, String str2) throws ClientException {
        return Encrypt(str, str2).getCiphertextBlob();
    }

    @Override // com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IConfigFilter
    public void init(IFilterConfig iFilterConfig) {
        this.keyId = (String) iFilterConfig.getInitParameter("keyId");
        String str = (String) iFilterConfig.getInitParameter("regionId");
        String str2 = (String) iFilterConfig.getInitParameter("ramRoleName");
        if (StringUtils.isBlank(str2)) {
            this.kmsClient = kmsClient(str, (String) iFilterConfig.getInitParameter(Constants.ACCESS_KEY), (String) iFilterConfig.getInitParameter(Constants.SECRET_KEY));
        } else {
            this.kmsClient = kmsClient(str, str2);
        }
        Object initParameter = iFilterConfig.getInitParameter("order");
        if (initParameter != null) {
            this.order = ((Integer) initParameter).intValue();
        }
    }

    @Override // com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IConfigFilter
    public void deploy() {
        this.kmsClient = null;
    }

    @Override // com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IConfigFilter
    public int getOrder() {
        return this.order;
    }

    @Override // com.alibaba.csp.ahas.shaded.com.taobao.diamond.manager.IConfigFilter
    public String getFilterName() {
        return getClass().getName();
    }
}
