package com.huawei.wisesecurity.ucs_kms;

import android.content.Context;
import com.huawei.allianceapp.hh2;
import com.huawei.allianceapp.jh2;
import com.huawei.allianceapp.nh2;
import com.huawei.wisesecurity.ucs.kms.request.CipherAlgorithm;
import com.huawei.wisesecurity.ucs.kms.request.KeyAlgorithm;
import com.huawei.wisesecurity.ucs.kms.request.KeyInfo;
import com.huawei.wisesecurity.ucs.kms.request.KmsCryptoCtx;
import com.huawei.wisesecurity.ucs.kms.request.KmsEcdhCtx;
import com.huawei.wisesecurity.ucs.kms.request.KmsSignCtx;
import com.huawei.wisesecurity.ucs.kms.request.SignAlgorithm;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.json.JSONException;

/* loaded from: classes4.dex */
public class j implements r {
    public final void a(KmsCryptoCtx kmsCryptoCtx) throws hh2 {
        if (!r.b.contains(Integer.valueOf(kmsCryptoCtx.getCryptoAlg()))) {
            throw n.a("KmsAndroidService", "cipher algorithm not support", new Object[0], 4001L, "cipher algorithm not support");
        }
        kmsCryptoCtx.setTagLen(128);
        if (kmsCryptoCtx.getIv() == null || 12 != kmsCryptoCtx.getIv().length) {
            throw n.a("KmsAndroidService", "only 12 bytes long IV supported", new Object[0], 4014L, "only 12 bytes long IV supported");
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.r
    public byte[] a(KmsCryptoCtx kmsCryptoCtx, Context context, String str) throws hh2 {
        jh2.d("KmsAndroidService", "Start to encrypt.", new Object[0]);
        a(kmsCryptoCtx);
        try {
            Key a = i.a(str + "_" + kmsCryptoCtx.getAlias(), context);
            Cipher cipher = Cipher.getInstance(CipherAlgorithm.getCipherAlgValue(kmsCryptoCtx.getCryptoAlg()).getTransformation());
            cipher.init(1, a, new GCMParameterSpec(kmsCryptoCtx.getTagLen(), kmsCryptoCtx.getIv()));
            if (kmsCryptoCtx.getAad() != null) {
                cipher.updateAAD(kmsCryptoCtx.getAad());
            }
            return cipher.doFinal(kmsCryptoCtx.getSrcData());
        } catch (IOException | ClassCastException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | JSONException e) {
            jh2.a("KmsAndroidService", "Failed to encrypt, error: {0}.", e.getMessage());
            StringBuilder a2 = a.a("encrypt data error, ");
            a2.append(e.getMessage());
            throw new hh2(4009L, a2.toString());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.r
    public byte[] a(KmsEcdhCtx kmsEcdhCtx, Context context, String str) throws hh2 {
        jh2.d("KmsAndroidService", "Start to ecdh.", new Object[0]);
        throw new hh2(4001L, "Unsupported ecdh alg.");
    }

    @Override // com.huawei.wisesecurity.ucs_kms.r
    public byte[] a(KmsSignCtx kmsSignCtx, Context context, String str) throws hh2 {
        jh2.d("KmsAndroidService", "Start to sign.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(str + "_" + kmsSignCtx.getAlias(), null);
            Signature signature = Signature.getInstance(SignAlgorithm.getSignAlgValue(kmsSignCtx.getSignAlg()));
            signature.initSign(privateKey);
            signature.update(kmsSignCtx.getData());
            jh2.d("KmsAndroidService", "End to sign.", new Object[0]);
            return signature.sign();
        } catch (IOException | ClassCastException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableKeyException | CertificateException e) {
            jh2.a("KmsAndroidService", "Sign data error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            StringBuilder a = a.a("Sign data error. ");
            a.append(e.getMessage());
            throw new hh2(4004L, a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.r
    public byte[] a(String str, Context context, String str2) throws hh2 {
        jh2.d("KmsAndroidService", "Start to getPublicKey.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Certificate certificate = keyStore.getCertificate(str2 + "_" + str);
            if (certificate == null) {
                throw new hh2(4006L, "Get publicKey error. Unknown public key.");
            }
            jh2.d("KmsAndroidService", "End to getPublicKey.", new Object[0]);
            return certificate.getPublicKey().getEncoded();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            jh2.a("KmsAndroidService", "Get publicKey error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            nh2.e(str, context);
            StringBuilder a = a.a("Get publicKey error. ");
            a.append(e.getMessage());
            throw new hh2(4006L, a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.r
    public void b(String str, Context context, String str2) throws hh2 {
        jh2.d("KmsAndroidService", "Start to removeKey.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(str2 + "_" + str);
            nh2.e(str2 + "_" + str, context);
            jh2.d("KmsAndroidService", "End to removeKey.", new Object[0]);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            jh2.a("KmsAndroidService", "Remove Key error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            StringBuilder a = a.a("Remove Key error. ");
            a.append(e.getMessage());
            throw new hh2(4007L, a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.r
    public byte[] b(KmsCryptoCtx kmsCryptoCtx, Context context, String str) throws hh2 {
        jh2.d("KmsAndroidService", "Start to decrypt.", new Object[0]);
        a(kmsCryptoCtx);
        try {
            Key a = i.a(str + "_" + kmsCryptoCtx.getAlias(), context);
            Cipher cipher = Cipher.getInstance(CipherAlgorithm.getCipherAlgValue(kmsCryptoCtx.getCryptoAlg()).getTransformation());
            cipher.init(2, a, new GCMParameterSpec(kmsCryptoCtx.getTagLen(), kmsCryptoCtx.getIv()));
            if (kmsCryptoCtx.getAad() != null) {
                cipher.updateAAD(kmsCryptoCtx.getAad());
            }
            return cipher.doFinal(kmsCryptoCtx.getSrcData());
        } catch (IOException | ClassCastException | InvalidAlgorithmParameterException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | JSONException e) {
            jh2.a("KmsAndroidService", "Failed to decrypt, error: {0}.", e.getMessage());
            StringBuilder a2 = a.a("decrypt data error, ");
            a2.append(e.getMessage());
            throw new hh2(4010L, a2.toString());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.r
    public byte[] b(KmsSignCtx kmsSignCtx, Context context, String str) throws hh2 {
        jh2.d("KmsAndroidService", "Start to hmac.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey = (SecretKey) keyStore.getKey(str + "_" + kmsSignCtx.getAlias(), null);
            Mac mac = Mac.getInstance(SignAlgorithm.getSignAlgValue(kmsSignCtx.getSignAlg()));
            mac.init(secretKey);
            mac.update(kmsSignCtx.getData());
            return mac.doFinal();
        } catch (IOException | ClassCastException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            jh2.a("KmsAndroidService", "Sign data error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            StringBuilder a = a.a("Sign data error, ");
            a.append(e.getMessage());
            throw new hh2(4012L, a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.r
    public KeyInfo c(String str, Context context, String str2) throws hh2 {
        jh2.d("KmsAndroidService", "Start to getKeyInfo.", new Object[0]);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            Key key = keyStore.getKey(str2 + "_" + str, null);
            if (key == null) {
                throw new hh2(4105L, "keyInfo is null, alias is: " + str);
            }
            KeyInfo keyInfo = new KeyInfo();
            keyInfo.setAlias(str);
            keyInfo.setKeyAlgorithm(KeyAlgorithm.getKeyAlgorithm(key.getAlgorithm()));
            keyInfo.setStoreType(2);
            jh2.d("KmsAndroidService", "End to getKeyInfo.", new Object[0]);
            return keyInfo;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            jh2.a("KmsAndroidService", "Get KeyInfo error. {0} {1}", e.getClass().getSimpleName(), e.getMessage());
            StringBuilder a = a.a("Get KeyInfo error. ");
            a.append(e.getMessage());
            throw new hh2(4006L, a.toString());
        }
    }
}
