package com.alibaba.nacos.client.aliyun;

import com.alibaba.nacos.api.config.filter.AbstractConfigFilter;
import com.alibaba.nacos.api.config.filter.IConfigFilterChain;
import com.alibaba.nacos.api.config.filter.IConfigRequest;
import com.alibaba.nacos.api.config.filter.IConfigResponse;
import com.alibaba.nacos.api.exception.NacosException;
import com.alibaba.nacos.api.utils.StringUtils;
import com.alibaba.nacos.client.aliyun.AliyunConst;
import com.alibaba.nacos.client.aliyun.KmsLocalCache;
import com.aliyun.dkms.gcs.openapi.models.Config;
import com.aliyun.kms.KmsTransferAcsClient;
import com.aliyuncs.IAcsClient;
import com.aliyuncs.auth.InstanceProfileCredentialsProvider;
import com.aliyuncs.exceptions.ClientException;
import com.aliyuncs.http.FormatType;
import com.aliyuncs.http.HttpClientConfig;
import com.aliyuncs.http.MethodType;
import com.aliyuncs.http.ProtocolType;
import com.aliyuncs.kms.model.v20160120.DecryptRequest;
import com.aliyuncs.kms.model.v20160120.DescribeKeyRequest;
import com.aliyuncs.kms.model.v20160120.DescribeKeyResponse;
import com.aliyuncs.kms.model.v20160120.EncryptRequest;
import com.aliyuncs.kms.model.v20160120.GenerateDataKeyRequest;
import com.aliyuncs.kms.model.v20160120.GenerateDataKeyResponse;
import com.aliyuncs.kms.model.v20160120.SetDeletionProtectionRequest;
import com.aliyuncs.profile.DefaultProfile;
import com.aliyuncs.profile.IClientProfile;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/alibaba/nacos/client/aliyun/AliyunConfigFilter.class */
public class AliyunConfigFilter extends AbstractConfigFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(AliyunConfigFilter.class);
    public static final int defaultRetryTimes = 3;
    public static final int defaultRetryIntervalMilliseconds = 200;
    public static final int defaultTimeoutMilliseconds = 3000;
    private AliyunConst.KmsVersion kmsVersion;
    private IAcsClient kmsClient;
    private String keyId;
    private AsyncProcessor asyncProcessor;
    private Exception localInitException;
    private boolean isUseLocalCache;
    private KmsLocalCache kmsLocalCache;
    private final Set<String> addedKeys = new HashSet();
    private boolean localCacheTestMode = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/alibaba/nacos/client/aliyun/AliyunConfigFilter$BlankStringException.class */
    public static class BlankStringException extends RuntimeException {
        public BlankStringException(String str) {
            super(str);
        }
    }

    public void init(Properties properties) {
        LOGGER.info("init ConfigFilter: {}, for more information, please check: {}", getFilterName(), AliyunConst.MSE_ENCRYPTED_CONFIG_USAGE_DOCUMENT_URL);
        String property = properties.getProperty(AliyunConst.KMS_VERSION_KEY, System.getProperty(AliyunConst.KMS_VERSION_KEY, System.getenv(AliyunConst.KMS_VERSION_KEY)));
        if (StringUtils.isBlank(property)) {
            LOGGER.warn("kms version is not set, using kms v1 version.");
            this.kmsVersion = AliyunConst.KmsVersion.Kmsv1;
        } else {
            this.kmsVersion = AliyunConst.KmsVersion.fromValue(property);
            if (this.kmsVersion == AliyunConst.KmsVersion.UNKNOWN_VERSION) {
                LOGGER.warn("kms version is not supported, using kms v1 version.");
                this.kmsVersion = AliyunConst.KmsVersion.Kmsv1;
            } else {
                LOGGER.info("using kms version {}.", this.kmsVersion.getValue());
            }
        }
        if (this.kmsVersion == AliyunConst.KmsVersion.Kmsv1) {
            this.keyId = AliyunConst.KMS_DEFAULT_KEY_ID_VALUE;
            LOGGER.info("using default keyId {}.", this.keyId);
        } else if (this.kmsVersion == AliyunConst.KmsVersion.Kmsv3) {
            this.keyId = properties.getProperty(AliyunConst.KEY_ID, System.getProperty(AliyunConst.KEY_ID, System.getenv(AliyunConst.KEY_ID)));
            if (StringUtils.isBlank(this.keyId)) {
                this.localInitException = new RuntimeException("keyId is not set up yet, unable to encrypt the configuration.");
                LOGGER.error(AliyunConst.formatHelpMessage("keyId is not set up yet, unable to encrypt the configuration."), this.localInitException);
                return;
            }
            LOGGER.info("using keyId {}.", this.keyId);
        }
        this.isUseLocalCache = KmsUtils.parsePropertyValue(properties, AliyunConst.NACOS_CONFIG_ENCRYPTION_KMS_LOCAL_CACHE_SWITCH, true);
        if (isUseLocalCache()) {
            this.localCacheTestMode = KmsUtils.parsePropertyValue(properties, AliyunConst.NACOS_CONFIG_ENCRYPTION_KMS_LOCAL_CACHE_TEST_MODE, false);
            LOGGER.info("using kms encryption local cache.");
            this.kmsLocalCache = new KmsLocalCache(properties);
        }
        try {
            if (this.kmsVersion == AliyunConst.KmsVersion.Kmsv1) {
                this.kmsClient = createKmsV1Client(properties);
            } else if (this.kmsVersion == AliyunConst.KmsVersion.Kmsv3) {
                this.kmsClient = createKmsV3Client(properties);
            }
        } catch (Exception e) {
            LOGGER.error(AliyunConst.formatHelpMessage("create kms client failed."), e);
            this.localInitException = e;
        } catch (ClientException e2) {
            LOGGER.error(AliyunConst.formatHelpMessage("kms init failed."), e2);
            this.localInitException = e2;
        }
        try {
            this.asyncProcessor = new AsyncProcessor();
        } catch (Exception e3) {
            LOGGER.error("init async processor failed.", e3);
        }
    }

    private IAcsClient createKmsV1Client(Properties properties) {
        KmsTransferAcsClient kmsTransferAcsClient;
        String property = properties.getProperty(AliyunConst.REGION_ID, System.getProperty(AliyunConst.REGION_ID, System.getenv(AliyunConst.REGION_ID)));
        String property2 = properties.getProperty(AliyunConst.KMS_REGION_ID, System.getProperty(AliyunConst.KMS_REGION_ID, System.getenv(AliyunConst.KMS_REGION_ID)));
        if (StringUtils.isBlank(property)) {
            property = property2;
        }
        LOGGER.info("using regionId {}.", property);
        if (StringUtils.isBlank(property2)) {
            property2 = property;
        }
        LOGGER.info("using kms regionId {}.", property2);
        if (StringUtils.isBlank(property2) && StringUtils.isBlank(property)) {
            LOGGER.error(AliyunConst.formatHelpMessage("region is not set up yet"));
            this.localInitException = new RuntimeException("region is not set up yet");
            return null;
        }
        String property3 = properties.getProperty("ramRoleName", System.getProperty("ramRoleName", System.getenv("ramRoleName")));
        LOGGER.info("using ramRoleName {}.", property3);
        String property4 = properties.getProperty("accessKey", System.getProperty("accessKey", System.getenv("accessKey")));
        LOGGER.info("using accessKey {}.", property4);
        String property5 = properties.getProperty("secretKey", System.getProperty("secretKey", System.getenv("secretKey")));
        if (StringUtils.isBlank(property3)) {
            kmsTransferAcsClient = new KmsTransferAcsClient(DefaultProfile.getProfile(property, property4, property5));
            LOGGER.info("successfully create kms client by using ak/sk.");
        } else {
            kmsTransferAcsClient = new KmsTransferAcsClient(DefaultProfile.getProfile(property), new InstanceProfileCredentialsProvider(property3));
            LOGGER.info("successfully create kms client by using RAM role.");
        }
        return kmsTransferAcsClient;
    }

    private IAcsClient createKmsV3Client(Properties properties) throws ClientException {
        Config config = new Config();
        config.setProtocol("https");
        IClientProfile iClientProfile = null;
        String property = properties.getProperty(AliyunConst.KMS_CLIENT_KEY_CONTENT_KEY, System.getProperty(AliyunConst.KMS_CLIENT_KEY_CONTENT_KEY, System.getenv(AliyunConst.KMS_CLIENT_KEY_CONTENT_KEY)));
        if (StringUtils.isBlank(property)) {
            String str = null;
            LOGGER.info("{} is empty, will read from file.", AliyunConst.KMS_CLIENT_KEY_CONTENT_KEY);
            String property2 = properties.getProperty(AliyunConst.KMS_CLIENT_KEY_FILE_PATH_KEY, System.getProperty(AliyunConst.KMS_CLIENT_KEY_FILE_PATH_KEY, System.getenv(AliyunConst.KMS_CLIENT_KEY_FILE_PATH_KEY)));
            if (StringUtils.isBlank(property2)) {
                str = "kmsClientKeyFilePath is empty";
            } else if (StringUtils.isBlank(readFileToString(property2))) {
                str = "both config from kmsClientKeyContent and kmsClientKeyFilePath is empty";
            } else {
                LOGGER.info("using kmsClientKeyFilePath: {}.", property2);
                config.setClientKeyFile(property2);
            }
            if (!StringUtils.isBlank(str)) {
                this.localInitException = new RuntimeException(str);
                return null;
            }
        } else {
            LOGGER.info("using {}: {}.", AliyunConst.KMS_CLIENT_KEY_CONTENT_KEY, property);
            config.setClientKeyContent(property);
        }
        String property3 = properties.getProperty(AliyunConst.KMS_ENDPOINT, System.getProperty(AliyunConst.KMS_ENDPOINT, System.getenv(AliyunConst.KMS_ENDPOINT)));
        if (StringUtils.isBlank(property3)) {
            this.localInitException = new RuntimeException(String.format("%s is empty", AliyunConst.KMS_ENDPOINT));
            return null;
        }
        LOGGER.info("using kmsEndpoint: {}.", property3);
        config.setEndpoint(property3);
        String property4 = properties.getProperty(AliyunConst.KMS_PASSWORD_KEY, System.getProperty(AliyunConst.KMS_PASSWORD_KEY, System.getenv(AliyunConst.KMS_PASSWORD_KEY)));
        if (StringUtils.isBlank(property4)) {
            this.localInitException = new RuntimeException(String.format("%s is empty", AliyunConst.KMS_PASSWORD_KEY));
            return null;
        }
        LOGGER.info("using kmsPassword prefix: {}.", property4.substring(property4.length() / 8));
        config.setPassword(property4);
        String property5 = properties.getProperty(AliyunConst.KMS_CA_FILE_CONTENT, System.getProperty(AliyunConst.KMS_CA_FILE_CONTENT, System.getenv(AliyunConst.KMS_CA_FILE_CONTENT)));
        if (StringUtils.isBlank(property5)) {
            String str2 = null;
            LOGGER.info("{} is empty, will read from file.", AliyunConst.KMS_CA_FILE_CONTENT);
            String property6 = properties.getProperty(AliyunConst.KMS_CA_FILE_PATH_KEY, System.getProperty(AliyunConst.KMS_CA_FILE_PATH_KEY, System.getenv(AliyunConst.KMS_CA_FILE_PATH_KEY)));
            if (StringUtils.isBlank(property6)) {
                str2 = "kmsCaFilePath is empty";
                config.setCaFilePath((String) null);
            } else {
                config.setCaFilePath(property6);
            }
            if (!StringUtils.isBlank(str2)) {
                LOGGER.warn(AliyunConst.formatHelpMessage(str2));
                iClientProfile = DefaultProfile.getProfile(config.getRegionId(), "ak", "sk", "sts");
                HttpClientConfig httpClientConfig = HttpClientConfig.getDefault();
                httpClientConfig.setIgnoreSSLCerts(true);
                iClientProfile.setHttpClientConfig(httpClientConfig);
            }
        } else {
            LOGGER.info("using {}: {}.", AliyunConst.KMS_CA_FILE_CONTENT, property5);
            config.setCa(property5);
        }
        return iClientProfile == null ? new KmsTransferAcsClient(config) : new KmsTransferAcsClient(iClientProfile, config);
    }

    public void doFilter(IConfigRequest iConfigRequest, IConfigResponse iConfigResponse, IConfigFilterChain iConfigFilterChain) throws NacosException {
        String str = null;
        String str2 = null;
        if (iConfigRequest != null) {
            try {
                String str3 = (String) iConfigRequest.getParameter(AliyunConst.DATA_ID);
                if (str3.startsWith(AliyunConst.CIPHER_PREFIX) && !StringUtils.isBlank((String) iConfigRequest.getParameter(AliyunConst.CONTENT))) {
                    iConfigRequest.putParameter(AliyunConst.CONTENT, encrypt(this.keyId, iConfigRequest));
                }
                iConfigFilterChain.doFilter(iConfigRequest, iConfigResponse);
            } catch (ClientException e) {
                throw new NacosException(-500, AliyunConst.formatHelpMessage(String.format("KMS message:[%s], error message:[%s], dataId: %s, groupId: %s", e.getMessage(), e.getErrMsg(), str, str2)), e);
            } catch (Exception e2) {
                throw new NacosException(400, AliyunConst.formatHelpMessage(e2.getMessage()), e2);
            }
        }
        if (iConfigResponse != null) {
            str = (String) iConfigResponse.getParameter(AliyunConst.DATA_ID);
            str2 = (String) iConfigResponse.getParameter(AliyunConst.GROUP);
            if (str.startsWith(AliyunConst.CIPHER_PREFIX) && !StringUtils.isBlank((String) iConfigResponse.getParameter(AliyunConst.CONTENT))) {
                iConfigResponse.putParameter(AliyunConst.CONTENT, decrypt(iConfigResponse));
            }
        }
    }

    private String decrypt(IConfigResponse iConfigResponse) throws Exception {
        checkIfKmsClientIsReady();
        String str = (String) iConfigResponse.getParameter(AliyunConst.DATA_ID);
        String str2 = (String) iConfigResponse.getParameter(AliyunConst.GROUP);
        String str3 = (String) iConfigResponse.getParameter(AliyunConst.CONTENT);
        String str4 = (String) iConfigResponse.getParameter(AliyunConst.ENCRYPTED_DATA_KEY);
        String str5 = null;
        String str6 = null;
        Exception exc = null;
        String str7 = "decrypt from kms failed.";
        boolean z = true;
        try {
            if (str.startsWith(AliyunConst.CIPHER_KMS_AES_128_PREFIX) || str.startsWith(AliyunConst.CIPHER_KMS_AES_256_PREFIX)) {
                throwExceptionIfStringBlankWithErrorKey(str4, GroupKeyUtils.getGroupKey2(str, str2), "decrypt failed", "response.getParameter(ENCRYPTED_DATA_KEY)");
                str5 = decrypt(str4);
                str6 = AesUtils.decrypt(str3, str5, AliyunConst.ENCODE_UTF8);
            } else if (str.startsWith(AliyunConst.CIPHER_PREFIX)) {
                str6 = decrypt(str3);
            }
        } catch (BlankStringException e) {
            throw e;
        } catch (Exception e2) {
            LOGGER.error("decrypt config:[{}] failed by using kms service: {}.", new Object[]{GroupKeyUtils.getGroupKey2(str, str2), e2.getMessage(), e2});
            exc = e2;
        }
        if (this.localCacheTestMode) {
            exc = exc == null ? new RuntimeException("test mode exception to use local cache") : exc;
            str6 = null;
        }
        if (exc != null || StringUtils.isBlank(str6)) {
            LOGGER.warn("decrypt config [{}] failed with exception or empty result by using kms service. try to use local cache.", GroupKeyUtils.getGroupKey2(str, str2));
            str6 = getDecryptedContentByUsingLocalCache(str2, str, str4, str3);
            if (exc != null && StringUtils.isBlank(str6)) {
                throw exc;
            }
            if (StringUtils.isBlank(str6)) {
                str7 = str7 + "and no kms decryption local cache.";
            }
        } else {
            z = false;
        }
        throwExceptionIfStringBlankWithErrorKey(str6, GroupKeyUtils.getGroupKey2(str, str2), "decrypt failed", str7);
        if (!z) {
            updateLocalCacheItem(str2, str, str4, str3, str5, str6);
        }
        return str6;
    }

    private String encrypt(String str, IConfigRequest iConfigRequest) throws Exception {
        checkIfKmsClientIsReady();
        throwExceptionIfStringBlankWithErrorKey(str, "", "keyId is not set.", AliyunConst.KEY_ID);
        protectKeyId(str);
        String str2 = (String) iConfigRequest.getParameter(AliyunConst.DATA_ID);
        String str3 = (String) iConfigRequest.getParameter(AliyunConst.GROUP);
        String str4 = (String) iConfigRequest.getParameter(AliyunConst.CONTENT);
        String str5 = null;
        String str6 = null;
        String str7 = null;
        try {
            if (str2.startsWith(AliyunConst.CIPHER_KMS_AES_128_PREFIX) || str2.startsWith(AliyunConst.CIPHER_KMS_AES_256_PREFIX)) {
                GenerateDataKeyResponse generateDataKey = generateDataKey(str, KmsUtils.getKeySpecByDataIdPrefix(str2));
                str5 = generateDataKey.getPlaintext();
                throwExceptionIfStringBlankWithErrorKey(str5, GroupKeyUtils.getGroupKey2(str2, str3), "generateDataKeyResponse.getPlaintext()", "plainDataKey");
                str6 = generateDataKey.getCiphertextBlob();
                throwExceptionIfStringBlankWithErrorKey(str6, GroupKeyUtils.getGroupKey2(str2, str3), "generateDataKeyResponse.getCiphertextBlob()", AliyunConst.ENCRYPTED_DATA_KEY);
                iConfigRequest.putParameter(AliyunConst.ENCRYPTED_DATA_KEY, str6);
                str7 = AesUtils.encrypt(str4, str5, AliyunConst.ENCODE_UTF8);
            } else if (str2.startsWith(AliyunConst.CIPHER_PREFIX)) {
                str7 = encrypt(str, str4);
            }
            throwExceptionIfStringBlankWithErrorKey(str7, GroupKeyUtils.getGroupKey2(str2, str3), "encrypt failed", "encrypt from kms failed.");
            updateLocalCacheItem(str3, str2, str6, str7, str5, str4);
            return str7;
        } catch (Exception e) {
            LOGGER.error("encrypt config:[{}] failed by using kms service: {}.", new Object[]{GroupKeyUtils.getGroupKey2(str2, str3), e.getMessage(), e});
            throw e;
        }
    }

    @Deprecated
    private String getEncryptedContentByUsingLocalCache(String str, String str2, String str3, IConfigRequest iConfigRequest) throws Exception {
        KmsLocalCache.LocalCacheItem localCacheItem = getLocalCacheItem(str, str2, str3);
        String str4 = null;
        if (localCacheItem != null) {
            if (!StringUtils.isBlank(localCacheItem.getPlainDataKey())) {
                str4 = AesUtils.encrypt(str3, localCacheItem.getPlainDataKey(), AliyunConst.ENCODE_UTF8);
                iConfigRequest.putParameter(AliyunConst.ENCRYPTED_DATA_KEY, localCacheItem.getEncryptedDataKey());
            } else if (!StringUtils.isBlank(localCacheItem.getPlainContent())) {
                str4 = localCacheItem.getEncryptedContent();
            }
        }
        return str4;
    }

    private String getDecryptedContentByUsingLocalCache(String str, String str2, String str3, String str4) throws Exception {
        KmsLocalCache.LocalCacheItem localCacheItem = getLocalCacheItem(str, str2, str3, str4);
        if (localCacheItem == null) {
            return null;
        }
        if (!StringUtils.isBlank(localCacheItem.getPlainDataKey())) {
            return AesUtils.decrypt(str4, localCacheItem.getPlainDataKey(), AliyunConst.ENCODE_UTF8);
        }
        if (StringUtils.isBlank(localCacheItem.getPlainContent())) {
            return null;
        }
        return localCacheItem.getPlainContent();
    }

    private void updateLocalCacheItem(String str, String str2, String str3, String str4, String str5, String str6) {
        if (isLocalCacheAvailable()) {
            if (str2.startsWith(AliyunConst.CIPHER_KMS_AES_128_PREFIX) || str2.startsWith(AliyunConst.CIPHER_KMS_AES_256_PREFIX)) {
                getKmsLocalCache().put(GroupKeyUtils.getGroupKey2(str2, str), new KmsLocalCache.LocalCacheItem(str3, str4, str5));
            } else if (str2.startsWith(AliyunConst.CIPHER_PREFIX)) {
                getKmsLocalCache().put(GroupKeyUtils.getGroupKey2(str2, str), new KmsLocalCache.LocalCacheItem(str4, str6));
            }
        }
    }

    private String decrypt(String str) throws Exception {
        AtomicReference atomicReference = new AtomicReference();
        DecryptRequest decryptRequest = new DecryptRequest();
        decryptRequest.setSysProtocol(ProtocolType.HTTPS);
        decryptRequest.setSysMethod(MethodType.POST);
        decryptRequest.setAcceptFormat(FormatType.XML);
        decryptRequest.setCiphertextBlob(str);
        locallyRunWithRetryTimesAndTimeout(() -> {
            try {
                atomicReference.set(this.kmsClient.getAcsResponse(decryptRequest).getPlaintext());
                return !StringUtils.isBlank((CharSequence) atomicReference.get());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }, 3, 3000L);
        return (String) atomicReference.get();
    }

    public String encrypt(String str, String str2) throws Exception {
        AtomicReference atomicReference = new AtomicReference();
        EncryptRequest encryptRequest = new EncryptRequest();
        encryptRequest.setProtocol(ProtocolType.HTTPS);
        encryptRequest.setAcceptFormat(FormatType.XML);
        encryptRequest.setMethod(MethodType.POST);
        encryptRequest.setKeyId(str);
        encryptRequest.setPlaintext(str2);
        locallyRunWithRetryTimesAndTimeout(() -> {
            try {
                atomicReference.set(this.kmsClient.getAcsResponse(encryptRequest).getCiphertextBlob());
                return !StringUtils.isBlank((CharSequence) atomicReference.get());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }, defaultRetryIntervalMilliseconds, 3000L);
        return (String) atomicReference.get();
    }

    public GenerateDataKeyResponse generateDataKey(String str, String str2) throws Exception {
        GenerateDataKeyRequest generateDataKeyRequest = new GenerateDataKeyRequest();
        generateDataKeyRequest.setAcceptFormat(FormatType.XML);
        generateDataKeyRequest.setKeyId(str);
        generateDataKeyRequest.setKeySpec(str2);
        AtomicReference atomicReference = new AtomicReference();
        locallyRunWithRetryTimesAndTimeout(() -> {
            try {
                atomicReference.set(this.kmsClient.getAcsResponse(generateDataKeyRequest));
                return atomicReference.get() != null;
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }, 3, 3000L);
        return (GenerateDataKeyResponse) atomicReference.get();
    }

    private void protectKeyId(final String str) {
        if (this.addedKeys.contains(str)) {
            return;
        }
        synchronized (this.addedKeys) {
            if (this.addedKeys.contains(str)) {
                return;
            }
            this.addedKeys.add(str);
            this.asyncProcessor.addTack(new Runnable() { // from class: com.alibaba.nacos.client.aliyun.AliyunConfigFilter.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        if (AliyunConfigFilter.this.kmsClient == null) {
                            AliyunConfigFilter.LOGGER.error("kms client hasn't initiated.");
                            return;
                        }
                        DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest();
                        describeKeyRequest.setKeyId(str);
                        try {
                            DescribeKeyResponse acsResponse = AliyunConfigFilter.this.kmsClient.getAcsResponse(describeKeyRequest);
                            if (acsResponse.getKeyMetadata() == null) {
                                AliyunConfigFilter.this.addedKeys.remove(str);
                                AliyunConfigFilter.LOGGER.warn("keyId meta is null, cannot set key protection");
                            } else {
                                if (!"Enabled".equals(acsResponse.getKeyMetadata().getKeyState())) {
                                    throw new RuntimeException("Key not available");
                                }
                                String arn = acsResponse.getKeyMetadata().getArn();
                                AliyunConfigFilter.LOGGER.info("set deletion protection for keyId[{}], arn[{}]", str, arn);
                                SetDeletionProtectionRequest setDeletionProtectionRequest = new SetDeletionProtectionRequest();
                                setDeletionProtectionRequest.setProtectedResourceArn(arn);
                                setDeletionProtectionRequest.setEnableDeletionProtection(true);
                                setDeletionProtectionRequest.setDeletionProtectionDescription("key is used by mse");
                                try {
                                    AliyunConfigFilter.this.kmsClient.getAcsResponse(setDeletionProtectionRequest);
                                } catch (ClientException e) {
                                    AliyunConfigFilter.LOGGER.error("set deletion protect failed, keyId: {}.", str);
                                    throw e;
                                }
                            }
                        } catch (ClientException e2) {
                            AliyunConfigFilter.LOGGER.error("describe key failed, keyId: {}.", str);
                            throw e2;
                        }
                    } catch (Exception e3) {
                        AliyunConfigFilter.this.addedKeys.remove(str);
                        AliyunConfigFilter.LOGGER.error("execute async task failed", e3);
                    }
                }
            });
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:19:0x0062, code lost:
    
        throw r12;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void locallyRunWithRetryTimesAndTimeout(java.util.function.Supplier<java.lang.Boolean> r7, int r8, long r9) throws java.lang.Exception {
        /*
            r0 = 0
            r11 = r0
            r0 = 0
            r12 = r0
            long r0 = java.lang.System.currentTimeMillis()
            r13 = r0
        Lb:
            r0 = r11
            int r11 = r11 + 1
            r1 = r8
            if (r0 >= r1) goto L63
            long r0 = java.lang.System.currentTimeMillis()
            r1 = r13
            r2 = r9
            long r1 = r1 + r2
            int r0 = (r0 > r1 ? 1 : (r0 == r1 ? 0 : -1))
            if (r0 >= 0) goto L63
            r0 = r7
            java.lang.Object r0 = r0.get()     // Catch: java.lang.Exception -> L34
            java.lang.Boolean r0 = (java.lang.Boolean) r0     // Catch: java.lang.Exception -> L34
            boolean r0 = r0.booleanValue()     // Catch: java.lang.Exception -> L34
            if (r0 == 0) goto L31
            goto L63
        L31:
            goto L3a
        L34:
            r15 = move-exception
            r0 = r15
            r12 = r0
        L3a:
            r0 = r12
            if (r0 == 0) goto L57
            r0 = r12
            if (r0 == 0) goto L60
            r0 = r12
            boolean r0 = r0 instanceof com.aliyuncs.exceptions.ClientException
            if (r0 == 0) goto L60
            r0 = r12
            com.aliyuncs.exceptions.ClientException r0 = (com.aliyuncs.exceptions.ClientException) r0
            boolean r0 = com.alibaba.nacos.client.aliyun.KmsUtils.judgeNeedRecoveryException(r0)
            if (r0 == 0) goto L60
        L57:
            r0 = 200(0xc8, double:9.9E-322)
            java.lang.Thread.sleep(r0)
            goto Lb
        L60:
            r0 = r12
            throw r0
        L63:
            r0 = r12
            if (r0 == 0) goto L6b
            r0 = r12
            throw r0
        L6b:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.alibaba.nacos.client.aliyun.AliyunConfigFilter.locallyRunWithRetryTimesAndTimeout(java.util.function.Supplier, int, long):void");
    }

    private static String readFileToString(String str) {
        File fileByPath = getFileByPath(str);
        if (fileByPath == null || !fileByPath.exists()) {
            return null;
        }
        try {
            return new String(Files.readAllBytes(Paths.get(fileByPath.getAbsolutePath(), new String[0])), StandardCharsets.UTF_8);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static File getFileByPath(String str) {
        File file = new File(str);
        if (!file.exists()) {
            File file2 = new File(AliyunConfigFilter.class.getClassLoader().getResource("").getPath() + str);
            file = file2;
            if (!file2.exists()) {
                File file3 = new File(Paths.get(str, new String[0]).toAbsolutePath().toString());
                file = file3;
                if (!file3.exists()) {
                    return null;
                }
            }
        }
        return file;
    }

    private boolean isUseLocalCache() {
        return this.isUseLocalCache;
    }

    private KmsLocalCache getKmsLocalCache() {
        return this.kmsLocalCache;
    }

    private KmsLocalCache.LocalCacheItem getLocalCacheItem(String str, String str2, String str3, String str4) {
        KmsLocalCache.LocalCacheItem localCacheItem;
        if (isLocalCacheAvailable() && (localCacheItem = getKmsLocalCache().get(GroupKeyUtils.getGroupKey2(str2, str))) != null && checkIfKmsCacheItemValidByDecrypt(localCacheItem, str2, str3, str4)) {
            return localCacheItem;
        }
        return null;
    }

    private KmsLocalCache.LocalCacheItem getLocalCacheItem(String str, String str2, String str3) {
        KmsLocalCache.LocalCacheItem localCacheItem;
        if (!isLocalCacheAvailable() || (localCacheItem = getKmsLocalCache().get(GroupKeyUtils.getGroupKey2(str2, str))) == null || checkIfKmsCacheItemValidByEncrypt(localCacheItem, str2, str3)) {
            return null;
        }
        return localCacheItem;
    }

    private boolean checkIfKmsCacheItemValidByEncrypt(KmsLocalCache.LocalCacheItem localCacheItem, String str, String str2) {
        return (str.startsWith(AliyunConst.CIPHER_KMS_AES_128_PREFIX) || str.startsWith(AliyunConst.CIPHER_KMS_AES_256_PREFIX)) ? (StringUtils.isBlank(localCacheItem.getEncryptedDataKey()) || StringUtils.isBlank(localCacheItem.getPlainDataKey())) ? false : true : str.startsWith(AliyunConst.CIPHER_PREFIX) && !StringUtils.isBlank(localCacheItem.getEncryptedContent()) && !StringUtils.isBlank(localCacheItem.getPlainContent()) && localCacheItem.getPlainContent().equals(str2);
    }

    private boolean checkIfKmsCacheItemValidByDecrypt(KmsLocalCache.LocalCacheItem localCacheItem, String str, String str2, String str3) {
        String md5Hex = MD5Utils.md5Hex(str3, AliyunConst.ENCODE_UTF8);
        return (str.startsWith(AliyunConst.CIPHER_KMS_AES_128_PREFIX) || str.startsWith(AliyunConst.CIPHER_KMS_AES_256_PREFIX)) ? (StringUtils.isBlank(localCacheItem.getEncryptedDataKey()) || StringUtils.isBlank(localCacheItem.getEncryptedContentMD5()) || StringUtils.isBlank(localCacheItem.getPlainDataKey()) || !StringUtils.equals(localCacheItem.getEncryptedDataKey(), str2) || !StringUtils.equals(localCacheItem.getEncryptedContentMD5(), md5Hex)) ? false : true : str.startsWith(AliyunConst.CIPHER_PREFIX) && !StringUtils.isBlank(localCacheItem.getEncryptedContentMD5()) && !StringUtils.isBlank(localCacheItem.getPlainContent()) && StringUtils.equals(localCacheItem.getEncryptedContentMD5(), md5Hex);
    }

    private void checkIfKmsClientIsReady() throws Exception {
        if (this.kmsClient == null) {
            if (this.localInitException == null) {
                throw new RuntimeException("kms client isn't initialized. For more information, please check: https://help.aliyun.com/zh/mse/user-guide/create-and-use-encrypted-configurations?spm=a2c4g.11186623.0.0.55587becdOW3jf");
            }
            throw this.localInitException;
        }
    }

    private void throwExceptionIfStringBlankWithErrorKey(String str, String str2, String str3, String str4) throws Exception {
        if (StringUtils.isBlank(str)) {
            throw new BlankStringException(String.format(AliyunConst.STRING_VALUE_BLANK_ERROR_MSG_FORMAT, str2, str3, str4) + "For more information, please check: " + AliyunConst.MSE_ENCRYPTED_CONFIG_USAGE_DOCUMENT_URL);
        }
    }

    private boolean isLocalCacheAvailable() {
        return isUseLocalCache() && getKmsLocalCache() != null;
    }

    public int getOrder() {
        return 1;
    }

    public String getFilterName() {
        return getClass().getName();
    }
}
