package com.alibaba.nacos.plugin.encryption;

import com.alibaba.nacos.api.utils.StringUtils;
import com.alibaba.nacos.common.codec.Base64;
import com.alibaba.nacos.plugin.encryption.spi.EncryptionPluginService;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/alibaba/nacos/plugin/encryption/AesEncryptionPluginService.class */
public class AesEncryptionPluginService implements EncryptionPluginService {
    private static final Logger LOGGER = LoggerFactory.getLogger(AesEncryptionPluginService.class);
    public static final String AES_NAME = "aes";
    private static final String AES_MODE = "AES/CBC/PKCS5Padding";
    private static final String IV_PARAMETER = "fa6fa5207b3286b2";
    private static final String DEFAULT_SECRET_KEY = "nacos6b31e19f931a7603ae5473250b4";
    private static final int IV_LENGTH = 16;

    public String encrypt(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            return str2;
        }
        try {
            String str3 = new String(Base64.decodeBase64(str.getBytes(StandardCharsets.UTF_8)));
            SecretKeySpec secretKeySpec = new SecretKeySpec(Hex.decodeHex(str3.toCharArray()), AES_NAME);
            Cipher cipher = Cipher.getInstance(AES_MODE);
            cipher.init(1, secretKeySpec, generateIv(str3));
            return Hex.encodeHexString(cipher.doFinal(str2.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            LOGGER.error("[AesEncryptionPluginService] encrypt error", e);
            return str2;
        }
    }

    public String decrypt(String str, String str2) {
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
            return str2;
        }
        try {
            String str3 = new String(Base64.decodeBase64(str.getBytes(StandardCharsets.UTF_8)));
            SecretKeySpec secretKeySpec = new SecretKeySpec(Hex.decodeHex(str3.toCharArray()), AES_NAME);
            Cipher cipher = Cipher.getInstance(AES_MODE);
            cipher.init(2, secretKeySpec, generateIv(str3));
            return new String(cipher.doFinal(Hex.decodeHex(str2.toCharArray())));
        } catch (Exception e) {
            LOGGER.error("[AesEncryptionPluginService] decrypt error", e);
            return str2;
        }
    }

    public String generateSecretKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AES_NAME);
            keyGenerator.init(new SecureRandom());
            return new String(Base64.encodeBase64(Hex.encodeHexString(keyGenerator.generateKey().getEncoded()).getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            LOGGER.error("[AesEncryptionPluginService] generate key error", e);
            return DEFAULT_SECRET_KEY;
        }
    }

    private IvParameterSpec generateIv(String str) {
        if (StringUtils.isBlank(str) || str.length() < IV_LENGTH) {
            new IvParameterSpec(IV_PARAMETER.getBytes(StandardCharsets.UTF_8));
        }
        return new IvParameterSpec(str.substring(0, IV_LENGTH).getBytes(StandardCharsets.UTF_8));
    }

    public String algorithmName() {
        return AES_NAME;
    }

    public String encryptSecretKey(String str) {
        return str;
    }

    public String decryptSecretKey(String str) {
        return str;
    }
}
