package com.volcengine.util;

import com.kuaishou.weapon.p0.b;
import com.volcengine.model.Credentials;
import com.volcengine.model.sts2.InnerToken;
import com.volcengine.model.sts2.Policy;
import com.volcengine.model.sts2.SecurityToken2;
import com.volcengine.model.sts2.Statement;
import com.volcengine.model.tls.Const;
import e0.Cbreak;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.util.List;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.http.HttpHeaders;
import org.slf4j.Marker;

/* loaded from: classes4.dex */
public class Sts2Utils {
    public static String aesEncryptCBC(String str, byte[] bArr) {
        if (bArr == null) {
            throw new RuntimeException("Key为空null");
        }
        if (bArr.length == 16) {
            return Base64.encodeBase64String(encrypt(str, new String(bArr, "ISO-8859-1")));
        }
        throw new RuntimeException("Key长度不是16位");
    }

    public static InnerToken createInnerToken(Credentials credentials, SecurityToken2 securityToken2, Policy policy, long j10) {
        InnerToken innerToken = new InnerToken();
        innerToken.setLtAccessKeyId(credentials.getAccessKeyID());
        innerToken.setAccessKeyId(securityToken2.getAccessKeyId());
        innerToken.setExpiredTime(j10);
        byte[] genMD5Checksum = genMD5Checksum(credentials.getSecretAccessKey().getBytes());
        innerToken.setSignedSecretAccessKey(aesEncryptCBC(securityToken2.getSecretAccessKey(), genMD5Checksum));
        innerToken.setPolicyString(Cbreak.N(policy));
        innerToken.setSignature(sha256Hex(genMD5Checksum, String.format("%s|%s|%d|%s|%s", innerToken.getLtAccessKeyId(), innerToken.getAccessKeyId(), Long.valueOf(innerToken.getExpiredTime()), innerToken.getSignedSecretAccessKey(), innerToken.getPolicyString())));
        return innerToken;
    }

    public static byte[] encrypt(String str, String str2) {
        byte[] bytes = str2.getBytes("ISO-8859-1");
        Cipher cipher = Cipher.getInstance(b.f34326a);
        int blockSize = cipher.getBlockSize();
        byte[] bytes2 = str.getBytes();
        int length = bytes2.length;
        byte[] bArr = new byte[length + (blockSize - (length % blockSize))];
        System.arraycopy(bytes2, 0, bArr, 0, bytes2.length);
        cipher.init(1, new SecretKeySpec(str2.getBytes("ISO-8859-1"), "AES"), new IvParameterSpec(bytes));
        return cipher.doFinal(bArr);
    }

    public static byte[] genMD5Checksum(byte[] bArr) {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    public static String generateAccessKeyId(String str) {
        return str + Base64.encodeBase64String(UUID.randomUUID().toString().replace(Const.SEPARATOR, "").getBytes()).replace("=", "").replace("/", "").replace(Marker.ANY_NON_NULL_MARKER, "").replace(Const.SEPARATOR, "");
    }

    public static String generateSecretKey() {
        return aesEncryptCBC(RandomStringUtils.randomAlphabetic(32), "bytedance-isgood".getBytes("ISO-8859-1"));
    }

    public static Statement newAllowStatement(List<String> list, List<String> list2) {
        Statement statement = new Statement();
        statement.setEffect(HttpHeaders.ALLOW);
        statement.setAction(list);
        statement.setResource(list2);
        return statement;
    }

    public static Statement newDenyStatement(List<String> list, List<String> list2) {
        Statement statement = new Statement();
        statement.setEffect("Deny");
        statement.setAction(list);
        statement.setResource(list2);
        return statement;
    }

    private static String sha256Hex(byte[] bArr, String str) {
        Charset forName = Charset.forName("UTF-8");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
        return new String(Hex.encodeHex(mac.doFinal(str.getBytes(forName))));
    }
}
