package org.apache.pulsar.websocket.proxy;

import com.fasterxml.jackson.core.JsonProcessingException;
import io.netty.buffer.ByteBuf;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import org.apache.pulsar.client.api.CryptoKeyReader;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.impl.crypto.MessageCryptoBc;
import org.apache.pulsar.common.allocator.PulsarByteBufAllocator;
import org.apache.pulsar.common.api.EncryptionContext;
import org.apache.pulsar.common.api.proto.CompressionType;
import org.apache.pulsar.common.api.proto.EncryptionKeys;
import org.apache.pulsar.common.api.proto.MessageMetadata;
import org.apache.pulsar.common.api.proto.SingleMessageMetadata;
import org.apache.pulsar.common.compression.CompressionCodec;
import org.apache.pulsar.common.compression.CompressionCodecProvider;
import org.apache.pulsar.common.protocol.Commands;
import org.apache.pulsar.common.util.ObjectMapperFactory;
import org.apache.pulsar.websocket.data.ConsumerMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/websocket/proxy/WssClientSideEncryptUtils.class */
public class WssClientSideEncryptUtils {
    private static final Logger log = LoggerFactory.getLogger(WssClientSideEncryptUtils.class);
    public static Charset UTF8 = StandardCharsets.UTF_8;

    /* loaded from: input_file:org/apache/pulsar/websocket/proxy/WssClientSideEncryptUtils$EncryptedPayloadAndParam.class */
    public static class EncryptedPayloadAndParam {
        public final String encryptedPayload;
        public final String encryptionParam;

        public EncryptedPayloadAndParam(String str, String str2) {
            this.encryptedPayload = str;
            this.encryptionParam = str2;
        }
    }

    public static String base64AndUrlEncode(String str) {
        return base64AndUrlEncode(str.getBytes(UTF8), UTF8);
    }

    public static String base64AndUrlEncode(String str, Charset charset) {
        return base64AndUrlEncode(str.getBytes(charset), charset);
    }

    public static String base64Encode(String str, Charset charset) {
        return Base64.getEncoder().encodeToString(str.getBytes(charset));
    }

    public static String base64Encode(String str) {
        return Base64.getEncoder().encodeToString(str.getBytes(UTF8));
    }

    public static byte[] base64Decode(String str) {
        return Base64.getDecoder().decode(str);
    }

    public static String base64Encode(byte[] bArr) {
        return Base64.getEncoder().encodeToString(bArr);
    }

    public static String base64AndUrlEncode(byte[] bArr) {
        return URLEncoder.encode(Base64.getEncoder().encodeToString(bArr), UTF8);
    }

    public static String base64AndUrlEncode(byte[] bArr, Charset charset) {
        return URLEncoder.encode(Base64.getEncoder().encodeToString(bArr), charset);
    }

    public static String urlEncode(String str) {
        return URLEncoder.encode(str, UTF8);
    }

    public static String urlEncode(String str, Charset charset) {
        return URLEncoder.encode(str, charset);
    }

    public static byte[] calculateEncryptedKeyValue(MessageCryptoBc messageCryptoBc, CryptoKeyReader cryptoKeyReader, String str) throws PulsarClientException.CryptoException {
        return calculateEncryptedKeyValue(messageCryptoBc, cryptoKeyReader.getPublicKey(str, Collections.emptyMap()).getKey());
    }

    public static String toJSONAndBase64AndUrlEncode(Object obj) throws PulsarClientException.CryptoException {
        try {
            return urlEncode(base64Encode(ObjectMapperFactory.getThreadLocal().writeValueAsString(obj)));
        } catch (JsonProcessingException e) {
            throw new PulsarClientException.CryptoException(String.format("Serialize object %s failed", obj));
        }
    }

    public static byte[] calculateEncryptedKeyValue(MessageCryptoBc messageCryptoBc, byte[] bArr) throws PulsarClientException.CryptoException {
        try {
            return loadAndInitCipher(MessageCryptoBc.loadPublicKey(bArr)).doFinal(messageCryptoBc.getDataKey().getEncoded());
        } catch (Exception e) {
            log.error("Failed to encrypt data key. {}", e.getMessage());
            throw new PulsarClientException.CryptoException(e.getMessage());
        }
    }

    private static Cipher loadAndInitCipher(PublicKey publicKey) throws PulsarClientException.CryptoException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        Cipher cipher;
        if ("RSA".equals(publicKey.getAlgorithm())) {
            cipher = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding", "BC");
        } else {
            if (!"ECDSA".equals(publicKey.getAlgorithm())) {
                String str = "Unsupported key type " + publicKey.getAlgorithm();
                log.error(str);
                throw new PulsarClientException.CryptoException(str);
            }
            cipher = Cipher.getInstance("ECIES", "BC");
        }
        if (0 != 0) {
            cipher.init(1, publicKey, (AlgorithmParameterSpec) null);
        } else {
            cipher.init(1, publicKey);
        }
        return cipher;
    }

    public static byte[] compressionIfNeeded(CompressionType compressionType, byte[] bArr) {
        if (compressionType == null || CompressionType.NONE.equals(compressionType)) {
            return bArr;
        }
        CompressionCodec compressionCodec = CompressionCodecProvider.getCompressionCodec(compressionType);
        ByteBuf buffer = PulsarByteBufAllocator.DEFAULT.buffer(bArr.length, bArr.length);
        buffer.writeBytes(bArr);
        ByteBuf encode = compressionCodec.encode(buffer);
        buffer.release();
        byte[] bArr2 = new byte[encode.readableBytes()];
        encode.readBytes(bArr2);
        encode.release();
        return bArr2;
    }

    public static EncryptedPayloadAndParam encryptPayload(CryptoKeyReader cryptoKeyReader, MessageCryptoBc messageCryptoBc, byte[] bArr, String str) throws PulsarClientException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        ByteBuffer allocate = ByteBuffer.allocate(wrap.remaining() + 512);
        MessageMetadata messageMetadata = new MessageMetadata();
        messageCryptoBc.encrypt(Collections.singleton(str), cryptoKeyReader, () -> {
            return messageMetadata;
        }, wrap, allocate);
        byte[] bArr2 = new byte[allocate.remaining()];
        allocate.get(bArr2);
        return new EncryptedPayloadAndParam(base64Encode(bArr2), base64Encode(messageMetadata.getEncryptionParam()));
    }

    public static byte[] decryptMsgPayload(String str, EncryptionContext encryptionContext, CryptoKeyReader cryptoKeyReader, MessageCryptoBc messageCryptoBc) {
        byte[] base64Decode = base64Decode(str);
        if (encryptionContext == null) {
            return base64Decode;
        }
        MessageMetadata messageMetadata = new MessageMetadata();
        for (Map.Entry entry : encryptionContext.getKeys().entrySet()) {
            EncryptionKeys value = messageMetadata.addEncryptionKey().setKey((String) entry.getKey()).setValue(((EncryptionContext.EncryptionKey) entry.getValue()).getKeyValue());
            if (((EncryptionContext.EncryptionKey) entry.getValue()).getMetadata() != null) {
                for (Map.Entry entry2 : ((EncryptionContext.EncryptionKey) entry.getValue()).getMetadata().entrySet()) {
                    value.addMetadata().setKey((String) entry2.getKey()).setValue((String) entry2.getValue());
                }
            }
        }
        messageMetadata.setEncryptionParam(encryptionContext.getParam());
        ByteBuffer allocate = ByteBuffer.allocate(base64Decode.length);
        ByteBuffer allocate2 = ByteBuffer.allocate(messageCryptoBc.getMaxOutputSize(base64Decode.length));
        allocate.put(base64Decode);
        allocate.flip();
        messageCryptoBc.decrypt(() -> {
            return messageMetadata;
        }, allocate, allocate2, cryptoKeyReader);
        byte[] bArr = new byte[allocate2.limit()];
        allocate2.get(bArr);
        return bArr;
    }

    public static byte[] unCompressionIfNeeded(byte[] bArr, EncryptionContext encryptionContext) throws IOException {
        if (encryptionContext.getCompressionType() == null || org.apache.pulsar.client.api.CompressionType.NONE.equals(encryptionContext.getCompressionType())) {
            return bArr;
        }
        CompressionCodec compressionCodec = CompressionCodecProvider.getCompressionCodec(encryptionContext.getCompressionType());
        ByteBuf buffer = PulsarByteBufAllocator.DEFAULT.buffer(bArr.length, bArr.length);
        buffer.writeBytes(bArr);
        ByteBuf decode = compressionCodec.decode(buffer, encryptionContext.getUncompressedMessageSize());
        buffer.release();
        byte[] bArr2 = new byte[decode.readableBytes()];
        decode.readBytes(bArr2);
        decode.release();
        return bArr2;
    }

    public static List<ConsumerMessage> extractBatchMessagesIfNeeded(byte[] bArr, EncryptionContext encryptionContext) throws IOException {
        ByteBuf buffer = PulsarByteBufAllocator.DEFAULT.buffer(bArr.length);
        buffer.writeBytes(bArr);
        if (!encryptionContext.getBatchSize().isPresent()) {
            ConsumerMessage consumerMessage = new ConsumerMessage();
            consumerMessage.payload = new String(bArr, UTF8);
            return Collections.singletonList(consumerMessage);
        }
        ArrayList arrayList = new ArrayList();
        int intValue = ((Integer) encryptionContext.getBatchSize().get()).intValue();
        for (int i = 0; i < intValue; i++) {
            ConsumerMessage consumerMessage2 = new ConsumerMessage();
            SingleMessageMetadata singleMessageMetadata = new SingleMessageMetadata();
            ByteBuf deSerializeSingleMessageInBatch = Commands.deSerializeSingleMessageInBatch(buffer, singleMessageMetadata, i, intValue);
            if (singleMessageMetadata.getPayloadSize() < 1) {
                consumerMessage2.payload = null;
            } else {
                byte[] bArr2 = new byte[deSerializeSingleMessageInBatch.readableBytes()];
                deSerializeSingleMessageInBatch.readBytes(bArr2);
                consumerMessage2.payload = new String(bArr2, UTF8);
            }
            arrayList.add(consumerMessage2);
        }
        return arrayList;
    }
}
