package com.huawei.iotplatform.security.e2esecurity.local.keystore.impl;

import android.content.Context;
import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import com.huawei.iotplatform.security.common.crypto.AesGcmUtil;
import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.IotKeyStoreException;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.KeyStoreService;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.util.KeyStoreConstants;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.util.KeyType;
import com.huawei.iotplatform.security.whitebox.openapi.TypeEnum;
import com.huawei.iotplatform.security.whitebox.openapi.WhiteBox;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public class WhiteBoxKeyStoreServiceImpl implements KeyStoreService {
    private static final int AES_IV_LENGTH = 12;
    private static final int KEY_SIZE_128BITS = 16;
    private static final int KEY_SIZE_256BITS = 32;
    private static final String TAG = "WhiteBoxKeyStoreServiceImpl";
    private static final int TAG_SIZE = 128;
    private static final int WHITE_BOX_IV_SIZE = 16;
    private SharedPreferences mSharedPreference;

    public WhiteBoxKeyStoreServiceImpl(@NonNull Context context) throws IotKeyStoreException {
        if (context == null) {
            throw new IotKeyStoreException("Context object is null");
        }
        this.mSharedPreference = context.getSharedPreferences(KeyStoreConstants.INIT_NAME, 0);
        initWhiteBoxService();
    }

    private void generateAesKey(@NonNull KeyType keyType) throws IotKeyStoreException {
        int i;
        if (keyType == KeyType.SYMMETRIC_KEY_256_BITS) {
            i = 16;
        } else {
            if (keyType != KeyType.BUSINESS_SYMMETRIC_KEY_256_BITS) {
                throw new IotKeyStoreException("Unsupported key type");
            }
            i = 32;
        }
        if (TextUtils.isEmpty(this.mSharedPreference.getString(keyType.getKeyAlias(), ""))) {
            LogUtil.info(TAG, "generate new AES key");
            byte[] bArr = new byte[i];
            byte[] bArr2 = new byte[16];
            SecureRandom secureRandom = new SecureRandom();
            secureRandom.nextBytes(bArr);
            secureRandom.nextBytes(bArr2);
            byte[] whiteBoxEncrypt = WhiteBox.whiteBoxEncrypt(TypeEnum.TYPE_HOST_MASTER_KEY, bArr2, bArr);
            CommonUtil.clearBytes(bArr);
            if (CommonUtil.isEmpty(whiteBoxEncrypt)) {
                throw new IotKeyStoreException("WhiteBox encrypt failed");
            }
            String encodeToString = Base64.encodeToString(CommonUtil.concatenateAll(whiteBoxEncrypt, bArr2), 2);
            SharedPreferences.Editor edit = this.mSharedPreference.edit();
            edit.putString(keyType.getKeyAlias(), encodeToString);
            edit.apply();
        }
    }

    private byte[] getSymmetricKey(@NonNull KeyType keyType) throws IotKeyStoreException {
        String string = this.mSharedPreference.getString(keyType.getKeyAlias(), "");
        if (TextUtils.isEmpty(string)) {
            throw new IotKeyStoreException("Can not find the symmetric key");
        }
        byte[] decode = Base64.decode(string, 2);
        if (decode.length <= 16) {
            throw new IotKeyStoreException("The symmetric key is invalid");
        }
        int length = decode.length - 16;
        byte[] bArr = new byte[length];
        byte[] bArr2 = new byte[16];
        CommonUtil.copyByteArray(decode, 0, bArr, 0, length);
        CommonUtil.copyByteArray(decode, length, bArr2, 0, 16);
        return WhiteBox.whiteBoxDecrypt(TypeEnum.TYPE_HOST_MASTER_KEY, bArr2, bArr);
    }

    private void initWhiteBoxService() throws IotKeyStoreException {
        WhiteBox.init();
        generateAesKey(KeyType.SYMMETRIC_KEY_256_BITS);
        generateAesKey(KeyType.BUSINESS_SYMMETRIC_KEY_256_BITS);
    }

    private byte[] symmetricDecrypt(@NonNull byte[] bArr) throws IotKeyStoreException {
        byte[] bArr2 = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                byte[] bArr3 = new byte[12];
                                int length = bArr.length - 12;
                                byte[] bArr4 = new byte[length];
                                CommonUtil.copyByteArray(bArr, 0, bArr4, 0, length);
                                CommonUtil.copyByteArray(bArr, length, bArr3, 0, 12);
                                GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr3);
                                bArr2 = getSymmetricKey(KeyType.SYMMETRIC_KEY_128_BITS);
                                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, KeyStoreConstants.AES_GCM_ALGORITHM);
                                Cipher cipher = Cipher.getInstance(KeyStoreConstants.AES_GCM_ALGORITHM);
                                cipher.init(2, secretKeySpec, gCMParameterSpec);
                                return cipher.doFinal(bArr4);
                            } catch (NoSuchAlgorithmException unused) {
                                throw new IotKeyStoreException("NoSuchAlgorithmException occurs when decryption with key store.");
                            }
                        } catch (IllegalBlockSizeException unused2) {
                            throw new IotKeyStoreException("IllegalBlockSizeException occurs when decryption with key store.");
                        }
                    } catch (InvalidAlgorithmParameterException unused3) {
                        throw new IotKeyStoreException("InvalidAlgorithmParameterException occurs when decryption with key store.");
                    }
                } catch (NumberFormatException unused4) {
                    throw new IotKeyStoreException("NumberFormatException occurs when decryption with key store.");
                } catch (NoSuchPaddingException unused5) {
                    throw new IotKeyStoreException("NoSuchPaddingException occurs when decryption with key store.");
                }
            } catch (InvalidKeyException unused6) {
                throw new IotKeyStoreException("InvalidKeyException occurs when decryption with key store.");
            } catch (BadPaddingException e) {
                StringBuilder sb = new StringBuilder("BadPaddingException occurs when decryption with key store.");
                sb.append(e.getMessage());
                throw new IotKeyStoreException(sb.toString());
            }
        } finally {
            CommonUtil.clearBytes(bArr2);
        }
    }

    private byte[] symmetricEncrypt(@NonNull byte[] bArr) throws IotKeyStoreException {
        byte[] bArr2 = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                bArr2 = getSymmetricKey(KeyType.SYMMETRIC_KEY_128_BITS);
                                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, KeyStoreConstants.AES_GCM_ALGORITHM);
                                Cipher cipher = Cipher.getInstance(KeyStoreConstants.AES_GCM_ALGORITHM);
                                byte[] randomBytes = CommonUtil.getRandomBytes(12);
                                cipher.init(1, secretKeySpec, new GCMParameterSpec(128, randomBytes));
                                return CommonUtil.concatenateAll(cipher.doFinal(bArr), randomBytes);
                            } catch (IllegalBlockSizeException unused) {
                                throw new IotKeyStoreException("IllegalBlockSizeException occurs when symmetric decryption.");
                            }
                        } catch (InvalidAlgorithmParameterException unused2) {
                            throw new IotKeyStoreException("InvalidAlgorithmParameterException occurs when symmetric decryption with key store.");
                        }
                    } catch (NoSuchPaddingException unused3) {
                        throw new IotKeyStoreException("NoSuchPaddingException occurs when symmetric decryption with key store.");
                    }
                } catch (InvalidKeyException unused4) {
                    throw new IotKeyStoreException("InvalidKeyException occurs when symmetric decryption with key store.");
                } catch (BadPaddingException unused5) {
                    throw new IotKeyStoreException("BadPaddingException occurs when symmetric decryption with key store.");
                }
            } catch (NumberFormatException unused6) {
                throw new IotKeyStoreException("NumberFormatException occurs when symmetric decryption.");
            } catch (NoSuchAlgorithmException unused7) {
                throw new IotKeyStoreException("NoSuchAlgorithmException occurs when symmetric decryption with key store.");
            }
        } finally {
            CommonUtil.clearBytes(bArr2);
        }
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.local.keystore.KeyStoreService
    public byte[] decrypt(@NonNull KeyType keyType, byte[] bArr) throws IotKeyStoreException {
        if (CommonUtil.isEmpty(bArr) || bArr.length <= 12) {
            throw new IotKeyStoreException("Decrypt cipher data is invalid.");
        }
        if (keyType == KeyType.SYMMETRIC_KEY_128_BITS) {
            return symmetricDecrypt(bArr);
        }
        if (keyType != KeyType.SYMMETRIC_KEY_256_BITS && keyType != KeyType.BUSINESS_SYMMETRIC_KEY_256_BITS) {
            throw new IotKeyStoreException("Decrypt unsupported key type.");
        }
        byte[] bArr2 = new byte[12];
        int length = bArr.length - 12;
        byte[] bArr3 = new byte[length];
        CommonUtil.copyByteArray(bArr, 0, bArr3, 0, length);
        CommonUtil.copyByteArray(bArr, length, bArr2, 0, 12);
        byte[] aesGcmDecrypt = AesGcmUtil.aesGcmDecrypt(bArr3, null, getSymmetricKey(keyType), bArr2);
        if (CommonUtil.isEmpty(aesGcmDecrypt)) {
            throw new IotKeyStoreException("Call AesGcmUtil decrypt failed.");
        }
        return aesGcmDecrypt;
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.local.keystore.KeyStoreService
    public byte[] encrypt(@NonNull KeyType keyType, byte[] bArr) throws IotKeyStoreException {
        if (CommonUtil.isEmpty(bArr)) {
            throw new IotKeyStoreException("Encrypt plain data must be not null or empty.");
        }
        if (keyType == KeyType.SYMMETRIC_KEY_128_BITS) {
            return symmetricEncrypt(bArr);
        }
        if (keyType != KeyType.SYMMETRIC_KEY_256_BITS && keyType != KeyType.BUSINESS_SYMMETRIC_KEY_256_BITS) {
            throw new IotKeyStoreException("Encrypt unsupported key type.");
        }
        byte[] randomBytes = CommonUtil.getRandomBytes(12);
        byte[] aesGcmEncrypt = AesGcmUtil.aesGcmEncrypt(bArr, null, getSymmetricKey(keyType), randomBytes);
        if (CommonUtil.isEmpty(aesGcmEncrypt)) {
            throw new IotKeyStoreException("Call AesGcmUtil encrypt failed.");
        }
        return CommonUtil.concatenateAll(aesGcmEncrypt, randomBytes);
    }
}
