package com.huawei.wisesecurity.ucs_kms;

import android.content.Context;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import com.huawei.wisesecurity.ucs.common.utils.SpUtil;
import com.huawei.wisesecurity.ucs.kms.request.CipherAlgorithm;
import com.huawei.wisesecurity.ucs.kms.request.DecryptRequest;
import com.huawei.wisesecurity.ucs.kms.request.EcdhRequest;
import com.huawei.wisesecurity.ucs.kms.request.EncryptRequest;
import com.huawei.wisesecurity.ucs.kms.request.GetKeyInfoRequest;
import com.huawei.wisesecurity.ucs.kms.request.HmacRequest;
import com.huawei.wisesecurity.ucs.kms.request.KeyAlgorithm;
import com.huawei.wisesecurity.ucs.kms.request.KeyInfo;
import com.huawei.wisesecurity.ucs.kms.request.SignDataRequest;
import com.huawei.wisesecurity.ucs.kms.request.StoreType;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.json.JSONException;

/* loaded from: classes8.dex */
public class i implements m {
    private void a(EncryptRequest encryptRequest) throws UcsException {
        if (!m.b.contains(encryptRequest.getCipherAlgorithm().getAlgName())) {
            LogUcs.e("KmsAndroidService", "cipher algorithm not support", new Object[0]);
            throw new UcsException(3001L, "cipher algorithm not support");
        }
        encryptRequest.setTagLen(128);
        if (encryptRequest.getIv() == null || 12 != encryptRequest.getIv().length) {
            LogUcs.e("KmsAndroidService", "only 12 bytes long IV supported", new Object[0]);
            throw new UcsException(3014L, "only 12 bytes long IV supported");
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public KeyInfo a(GetKeyInfoRequest getKeyInfoRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsAndroidService", "Start to getKeyInfo.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Key key = keyStore.getKey(str + "_" + getKeyInfoRequest.getAlias(), null);
            if (key == null) {
                throw new UcsException(3105L, "keyInfo is null, alias is: " + getKeyInfoRequest.getAlias());
            }
            KeyInfo keyInfo = new KeyInfo();
            keyInfo.setAlias(getKeyInfoRequest.getAlias());
            keyInfo.setKeyAlgorithm(KeyAlgorithm.getKeyAlgorithm(key.getAlgorithm()));
            keyInfo.setStoreType(StoreType.ANDROID_STORE);
            LogUcs.i("KmsAndroidService", "End to getKeyInfo.", new Object[0]);
            return keyInfo;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            LogUcs.e("KmsAndroidService", "Get KeyInfo error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            throw new UcsException(3006L, "Get KeyInfo error. " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(DecryptRequest decryptRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsAndroidService", "Start to decrypt.", new Object[0]);
        a(decryptRequest);
        try {
            Key a2 = com.huawei.wisesecurity.ucs.kms.util.a.a(str + "_" + decryptRequest.getAlias(), context);
            Cipher cipher = Cipher.getInstance(CipherAlgorithm.getCipherAlgValue(decryptRequest.getCipherAlgorithm().getAlgName()).getTransformation());
            cipher.init(2, a2, new GCMParameterSpec(decryptRequest.getTagLen(), decryptRequest.getIv()));
            if (decryptRequest.getAad() != null) {
                cipher.updateAAD(decryptRequest.getAad());
            }
            return cipher.doFinal(decryptRequest.getData());
        } catch (IOException | ClassCastException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | JSONException e) {
            LogUcs.e("KmsAndroidService", "Failed to decrypt, error: {0}.", e.getMessage());
            throw new UcsException(3009L, "decrypt data error, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(EcdhRequest ecdhRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsAndroidService", "Start to ecdh.", new Object[0]);
        throw new UcsException(3001L, "Unsupported ecdh alg.");
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(EncryptRequest encryptRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsAndroidService", "Start to encrypt.", new Object[0]);
        a(encryptRequest);
        try {
            Key a2 = com.huawei.wisesecurity.ucs.kms.util.a.a(str + "_" + encryptRequest.getAlias(), context);
            Cipher cipher = Cipher.getInstance(CipherAlgorithm.getCipherAlgValue(encryptRequest.getCipherAlgorithm().getAlgName()).getTransformation());
            cipher.init(1, a2, new GCMParameterSpec(encryptRequest.getTagLen(), encryptRequest.getIv()));
            if (encryptRequest.getAad() != null) {
                cipher.updateAAD(encryptRequest.getAad());
            }
            return cipher.doFinal(encryptRequest.getData());
        } catch (IOException | ClassCastException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | JSONException e) {
            LogUcs.e("KmsAndroidService", "Failed to encrypt, error: {0}.", e.getMessage());
            throw new UcsException(3009L, "encrypt data error, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(HmacRequest hmacRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsAndroidService", "Start to hmac.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(str + "_" + hmacRequest.getAlias(), null);
            Mac mac = Mac.getInstance(hmacRequest.getSignAlgorithm().getAlgValue());
            mac.init(secretKey);
            mac.update(hmacRequest.getData());
            return mac.doFinal();
        } catch (IOException | ClassCastException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            LogUcs.e("KmsAndroidService", "Sign data error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            throw new UcsException(3012L, "Sign data error, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(SignDataRequest signDataRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsAndroidService", "Start to sign.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str + "_" + signDataRequest.getAlias(), null);
            Signature signature = Signature.getInstance(signDataRequest.getSignAlgorithm().getAlgValue());
            signature.initSign(privateKey);
            signature.update(signDataRequest.getData());
            LogUcs.i("KmsAndroidService", "End to sign.", new Object[0]);
            return signature.sign();
        } catch (IOException | ClassCastException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableKeyException | CertificateException e) {
            LogUcs.e("KmsAndroidService", "Sign data error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            throw new UcsException(3004L, "Sign data error. " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(String str, Context context, String str2) throws UcsException {
        LogUcs.i("KmsAndroidService", "Start to getPublicKey.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate(str2 + "_" + str);
            if (certificate == null) {
                throw new UcsException(3006L, "Get publicKey error. Unknown public key.");
            }
            LogUcs.i("KmsAndroidService", "End to getPublicKey.", new Object[0]);
            return certificate.getPublicKey().getEncoded();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LogUcs.e("KmsAndroidService", "Get publicKey error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            SpUtil.remove(str, context);
            throw new UcsException(3006L, "Get publicKey error. " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public void b(String str, Context context, String str2) throws UcsException {
        LogUcs.i("KmsAndroidService", "Start to removeKey.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(str2 + "_" + str);
            SpUtil.remove(str2 + "_" + str, context);
            LogUcs.i("KmsAndroidService", "End to removeKey.", new Object[0]);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LogUcs.e("KmsAndroidService", "Remove Key error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            throw new UcsException(3007L, "Remove Key error. " + e.getMessage());
        }
    }
}
