package com.huawei.wisesecurity.ucs.credential.crypto.cipher;

import com.airbnb.lottie.parser.moshi.JsonScope;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.a;
import com.huawei.wisesecurity.kfs.exception.CodecException;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import com.huawei.wisesecurity.ucs.common.exception.UcsCryptoException;
import com.huawei.wisesecurity.ucs.common.exception.UcsErrorCode;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsParamException;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.SkDkEntity;
import com.huawei.wisesecurity.ucs_credential.h;
import defpackage.b;
import defpackage.dn;
import defpackage.hh;
import defpackage.jh;
import defpackage.tm1;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class CredentialDecryptHandler implements jh {
    private CredentialCipherText cipherText;
    private Credential credential;
    private CredentialClient credentialClient;

    public CredentialDecryptHandler(Credential credential, CredentialCipherText credentialCipherText, CredentialClient credentialClient) {
        this.credential = credential;
        this.cipherText = credentialCipherText;
        this.credentialClient = credentialClient;
    }

    private void doDecrypt() throws UcsCryptoException {
        AlgorithmParameterSpec gCMParameterSpec;
        tm1 tm1Var = new tm1();
        tm1Var.e();
        tm1Var.b.put("apiName", "appAuth.decrypt");
        tm1Var.b();
        try {
            try {
                this.cipherText.checkParam(false);
                byte[] decryptSkDk = SkDkEntity.from(this.credential.getDataKeyBytes()).decryptSkDk(h.a(this.credential));
                CipherAlg.getPreferredAlg("AES");
                SecretKeySpec secretKeySpec = new SecretKeySpec(decryptSkDk, "AES");
                CipherAlg cipherAlg = CipherAlg.AES_GCM;
                byte[] iv = this.cipherText.getIv();
                int i = b.a.a[cipherAlg.ordinal()];
                if (i != 1) {
                    if (i != 2 && i != 3) {
                        throw new CryptoException("unsupported cipher alg");
                    }
                    gCMParameterSpec = new IvParameterSpec(JsonScope.j(iv));
                } else {
                    gCMParameterSpec = new GCMParameterSpec(128, JsonScope.j(iv));
                }
                a aVar = new a();
                aVar.d = cipherAlg;
                a aVar2 = new a(secretKeySpec, aVar, gCMParameterSpec, 0);
                aVar2.b(this.cipherText.getCipherBytes());
                this.cipherText.setPlainBytes(aVar2.to());
                tm1Var.d(0);
            } catch (CryptoException e) {
                e = e;
                String str = "Fail to decrypt, errorMessage : " + e.getMessage();
                tm1Var.d(1003);
                tm1Var.c(str);
                throw new UcsCryptoException(UcsErrorCode.CRYPTO_ERROR, str);
            } catch (UcsParamException e2) {
                String str2 = "Fail to decrypt, errorMessage : " + e2.getMessage();
                tm1Var.d(1001);
                tm1Var.c(str2);
                throw new UcsCryptoException(UcsErrorCode.PARAM_ILLEGAL, str2);
            } catch (UcsException e3) {
                e = e3;
                String str3 = "Fail to decrypt, errorMessage : " + e.getMessage();
                tm1Var.d(1003);
                tm1Var.c(str3);
                throw new UcsCryptoException(UcsErrorCode.CRYPTO_ERROR, str3);
            }
        } finally {
            this.credentialClient.reportLogs(tm1Var);
        }
    }

    private CredentialDecryptHandler from(String str, hh hhVar) throws UcsCryptoException {
        try {
            m20from(hhVar.a(str));
            return this;
        } catch (CodecException e) {
            StringBuilder c = JsonScope.c("Fail to decode cipher text: ");
            c.append(e.getMessage());
            throw new UcsCryptoException(UcsErrorCode.CRYPTO_ERROR, c.toString());
        }
    }

    private String to(dn dnVar) throws UcsCryptoException {
        try {
            return dnVar.a(to());
        } catch (CodecException e) {
            StringBuilder c = JsonScope.c("Fail to encode plain text: ");
            c.append(e.getMessage());
            throw new UcsCryptoException(UcsErrorCode.CRYPTO_ERROR, c.toString());
        }
    }

    /* renamed from: from, reason: merged with bridge method [inline-methods] */
    public CredentialDecryptHandler m20from(byte[] bArr) throws UcsCryptoException {
        if (bArr == null) {
            throw new UcsCryptoException(UcsErrorCode.PARAM_ILLEGAL, "cipherBytes cannot null..");
        }
        this.cipherText.setCipherBytes(bArr);
        return this;
    }

    /* renamed from: fromBase64, reason: merged with bridge method [inline-methods] */
    public CredentialDecryptHandler m21fromBase64(String str) throws UcsCryptoException {
        return from(str, hh.a);
    }

    /* renamed from: fromBase64Url, reason: merged with bridge method [inline-methods] */
    public CredentialDecryptHandler m22fromBase64Url(String str) throws UcsCryptoException {
        return from(str, hh.b);
    }

    /* renamed from: fromHex, reason: merged with bridge method [inline-methods] */
    public CredentialDecryptHandler m23fromHex(String str) throws UcsCryptoException {
        return from(str, hh.c);
    }

    public byte[] to() throws UcsCryptoException {
        doDecrypt();
        return this.cipherText.getPlainBytes();
    }

    public String toBase64() throws UcsCryptoException {
        return to(dn.a);
    }

    public String toHex() throws UcsCryptoException {
        return to(dn.c);
    }

    public String toRawString() throws UcsCryptoException {
        return to(dn.d);
    }
}
