package com.huawei.iotplatform.security.e2esecurity.openapi.keyagreement.entity;

import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import com.huawei.iotplatform.security.common.crypto.Cipher;
import com.huawei.iotplatform.security.common.crypto.exception.CipherException;
import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.e2esecurity.hichain.adapter.utils.KeyVersion;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.IotKeyStoreException;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.KeyStoreManager;
import com.huawei.iotplatform.security.e2esecurity.openapi.keyagreement.SessionManager;
import com.huawei.iotplatform.security.e2esecurity.openapi.keyagreement.exception.SessionException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class SecurityCipher {
    private static final String DATA = "data";
    private static final String HMAC = "hmac";
    private static final String PHONE_UUID = "puuid";
    private static final String SEQUENCE_NUM = "seqNum";
    private static final String TAG = "SecurityCipher";
    private static final String TIMESTAMP = "timestamp";
    private byte[] mHmacKeyEncrypted;
    private byte[] mSessionKeyEncrypted;

    public SecurityCipher(@NonNull byte[] bArr) {
        byte[] bArr2;
        byte[] bArr3;
        IotKeyStoreException iotKeyStoreException;
        byte[] bArr4;
        byte[] bArr5;
        CipherException cipherException;
        byte[] bArr6;
        if (CommonUtil.isEmpty(bArr)) {
            LogUtil.error(TAG, "the encrypted session key is empty");
            return;
        }
        byte[] bArr7 = null;
        try {
            try {
                byte[] decrypt = KeyStoreManager.getInstance().decrypt(bArr);
                try {
                    if (CommonUtil.isEmpty(decrypt)) {
                        LogUtil.error(TAG, "the decrypted session key is empty");
                        CommonUtil.clearBytes(null);
                        CommonUtil.clearBytes(null);
                        CommonUtil.clearBytes(decrypt);
                        return;
                    }
                    if (decrypt.length < KeyVersion.VERSION_DEFAULT.getDerivedKeyLen()) {
                        LogUtil.error(TAG, "the decrypted session key length is invalid");
                        CommonUtil.clearBytes(null);
                        CommonUtil.clearBytes(null);
                        CommonUtil.clearBytes(decrypt);
                        return;
                    }
                    KeyVersion keyVersion = KeyVersion.VERSION_DEFAULT;
                    int i = 1;
                    if (decrypt.length > KeyVersion.VERSION_DEFAULT.getDerivedKeyLen()) {
                        keyVersion = KeyVersion.getKeyVersion(decrypt[0]);
                        if (keyVersion == KeyVersion.UNKNOWN) {
                            LogUtil.error(TAG, "the key version is unknown");
                            CommonUtil.clearBytes(null);
                            CommonUtil.clearBytes(null);
                            CommonUtil.clearBytes(decrypt);
                            return;
                        }
                        if (decrypt.length < keyVersion.getDerivedKeyLen() + 1) {
                            LogUtil.error(TAG, "the session key length is invalid");
                            CommonUtil.clearBytes(null);
                            CommonUtil.clearBytes(null);
                            CommonUtil.clearBytes(decrypt);
                            return;
                        }
                    } else {
                        i = 0;
                    }
                    byte[] readBytes = readBytes(decrypt, i, keyVersion.getEncryptionKeyLen());
                    try {
                        bArr7 = readBytes(decrypt, i + keyVersion.getEncryptionKeyLen(), keyVersion.getHmacKeyLen());
                        this.mSessionKeyEncrypted = KeyStoreManager.getInstance().encrypt(readBytes);
                        this.mHmacKeyEncrypted = KeyStoreManager.getInstance().encrypt(bArr7);
                        CommonUtil.clearBytes(readBytes);
                        CommonUtil.clearBytes(bArr7);
                        CommonUtil.clearBytes(decrypt);
                    } catch (CipherException e) {
                        bArr6 = decrypt;
                        bArr5 = bArr7;
                        bArr7 = readBytes;
                        cipherException = e;
                        StringBuilder sb = new StringBuilder("build SecurityCipher CipherException, ");
                        sb.append(cipherException.getMessage());
                        LogUtil.error(TAG, sb.toString());
                        CommonUtil.clearBytes(bArr7);
                        CommonUtil.clearBytes(bArr5);
                        CommonUtil.clearBytes(bArr6);
                    } catch (IotKeyStoreException e2) {
                        bArr4 = decrypt;
                        bArr3 = bArr7;
                        bArr7 = readBytes;
                        iotKeyStoreException = e2;
                        StringBuilder sb2 = new StringBuilder("build SecurityCipher IotKeyStoreException, ");
                        sb2.append(iotKeyStoreException.getMessage());
                        LogUtil.error(TAG, sb2.toString());
                        CommonUtil.clearBytes(bArr7);
                        CommonUtil.clearBytes(bArr3);
                        CommonUtil.clearBytes(bArr4);
                    } catch (Throwable th) {
                        th = th;
                        bArr2 = decrypt;
                        bArr = bArr7;
                        bArr7 = readBytes;
                        CommonUtil.clearBytes(bArr7);
                        CommonUtil.clearBytes(bArr);
                        CommonUtil.clearBytes(bArr2);
                        throw th;
                    }
                } catch (CipherException e3) {
                    cipherException = e3;
                    bArr6 = decrypt;
                    bArr5 = null;
                } catch (IotKeyStoreException e4) {
                    iotKeyStoreException = e4;
                    bArr4 = decrypt;
                    bArr3 = null;
                } catch (Throwable th2) {
                    th = th2;
                    bArr2 = decrypt;
                    bArr = null;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (CipherException e5) {
            bArr5 = null;
            cipherException = e5;
            bArr6 = null;
        } catch (IotKeyStoreException e6) {
            bArr3 = null;
            iotKeyStoreException = e6;
            bArr4 = null;
        } catch (Throwable th4) {
            th = th4;
            bArr = null;
            bArr2 = null;
        }
    }

    private byte[] readBytes(@NonNull byte[] bArr, int i, int i2) throws CipherException {
        int i3 = i2 + i;
        if (bArr.length >= i3) {
            return Arrays.copyOfRange(bArr, i, i3);
        }
        throw new CipherException("readBytes invalid parameters");
    }

    public byte[] decrypt(@NonNull byte[] bArr) throws CipherException {
        byte[] bArr2 = null;
        try {
            try {
                bArr2 = KeyStoreManager.getInstance().decrypt(this.mSessionKeyEncrypted);
                return Cipher.aesDecrypt(bArr, bArr2);
            } catch (IotKeyStoreException unused) {
                LogUtil.error(TAG, "keystore decrypt session key error");
                throw new CipherException("keystore decrypt session key error");
            }
        } finally {
            CommonUtil.clearBytes(bArr2);
        }
    }

    public void destroy() {
        CommonUtil.clearBytes(this.mSessionKeyEncrypted);
        CommonUtil.clearBytes(this.mHmacKeyEncrypted);
    }

    public byte[] encrypt(@NonNull byte[] bArr) throws CipherException {
        byte[] bArr2 = null;
        try {
            try {
                bArr2 = KeyStoreManager.getInstance().decrypt(this.mSessionKeyEncrypted);
                return Cipher.aesEncrypt(bArr, bArr2);
            } catch (IotKeyStoreException unused) {
                LogUtil.error(TAG, "keystore encrypt session key error");
                throw new CipherException("keystore encrypt session key error");
            }
        } finally {
            CommonUtil.clearBytes(bArr2);
        }
    }

    public String generateSensitiveCommand(@NonNull SensitiveCommand sensitiveCommand) throws CipherException {
        if (sensitiveCommand == null) {
            LogUtil.error(TAG, "generateSensitiveCommand param command is null");
            throw new CipherException("param command is null");
        }
        if (TextUtils.isEmpty(sensitiveCommand.getPhoneUuid()) || TextUtils.isEmpty(sensitiveCommand.getTimestamp())) {
            LogUtil.error(TAG, "generateSensitiveCommand param command is invalid");
            throw new CipherException("param command is invalid");
        }
        try {
            byte[] encrypt = encrypt(sensitiveCommand.getCommandData().getBytes(StandardCharsets.UTF_8));
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(PHONE_UUID, sensitiveCommand.getPhoneUuid());
            jSONObject.put("timestamp", sensitiveCommand.getTimestamp());
            String encodeToString = Base64.encodeToString(encrypt, 2);
            jSONObject.put("data", encodeToString);
            jSONObject.put(HMAC, Base64.encodeToString(hmac(CommonUtil.concatenateAll(sensitiveCommand.getTimestamp().getBytes(StandardCharsets.UTF_8), encodeToString.getBytes(StandardCharsets.UTF_8))), 2));
            return jSONObject.toString();
        } catch (JSONException unused) {
            LogUtil.error(TAG, "generateSensitiveCommand generate sensitive json command error");
            throw new CipherException("generateSensitiveCommand generate sensitive json command error");
        }
    }

    public byte[] hmac(byte[] bArr) throws CipherException {
        if (CommonUtil.isEmpty(bArr)) {
            LogUtil.error(TAG, "input message is empty");
            throw new CipherException("input message is empty");
        }
        byte[] bArr2 = null;
        try {
            try {
                try {
                    try {
                        Mac mac = Mac.getInstance("hmacSHA256");
                        bArr2 = KeyStoreManager.getInstance().decrypt(this.mHmacKeyEncrypted);
                        mac.init(new SecretKeySpec(bArr2, "hmacSHA256"));
                        mac.update(bArr);
                        return mac.doFinal();
                    } catch (NoSuchAlgorithmException unused) {
                        LogUtil.error(TAG, "wrong algorithm");
                        throw new CipherException("wrong algorithm");
                    }
                } catch (InvalidKeyException unused2) {
                    LogUtil.error(TAG, "wrong hmac key");
                    throw new CipherException("wrong hmac key");
                }
            } catch (IotKeyStoreException unused3) {
                LogUtil.error(TAG, "keystore decrypt hmac key error");
                throw new CipherException("keystore decrypt hmac key error");
            }
        } finally {
            CommonUtil.clearBytes(bArr2);
        }
    }

    public String parseSensitiveCommandRsp(@NonNull String str) throws CipherException {
        if (str == null) {
            LogUtil.error(TAG, "parseSensitiveCommandRsp response is null");
            throw new CipherException("parseSensitiveCommandRsp response is null");
        }
        try {
            JSONObject jSONObject = new JSONObject(str);
            String string = jSONObject.getString("timestamp");
            String string2 = jSONObject.getString(HMAC);
            String string3 = jSONObject.getString("data");
            if (TextUtils.isEmpty(string) || TextUtils.isEmpty(string2) || TextUtils.isEmpty(string3)) {
                LogUtil.error(TAG, "parseSensitiveCommandRsp invalid response");
                throw new CipherException("parseSensitiveCommandRsp invalid response");
            }
            if (Arrays.equals(hmac(CommonUtil.concatenateAll(string.getBytes(StandardCharsets.UTF_8), string3.getBytes(StandardCharsets.UTF_8))), Base64.decode(string2, 0))) {
                return new String(decrypt(Base64.decode(string3, 0)), StandardCharsets.UTF_8);
            }
            LogUtil.error(TAG, "parseSensitiveCommandRsp check hmac failed");
            throw new CipherException("parseSensitiveCommandRsp check hmac failed");
        } catch (JSONException unused) {
            LogUtil.error(TAG, "parseSensitiveCommandRsp parse response json error");
            throw new CipherException("parseSensitiveCommandRsp parse response json error");
        }
    }

    public String signCommand(@NonNull String str, String str2, @NonNull SensitiveCommand sensitiveCommand) throws CipherException {
        LogUtil.info(TAG, "signCommand");
        if (sensitiveCommand == null) {
            LogUtil.error(TAG, "signCommand param command is null");
            throw new CipherException("signCommand param command is null");
        }
        if (TextUtils.isEmpty(sensitiveCommand.getCommandData()) || TextUtils.isEmpty(sensitiveCommand.getPhoneUuid())) {
            LogUtil.error(TAG, "signCommand param command is invalid");
            throw new CipherException("signCommand param command is invalid");
        }
        try {
            byte[] encrypt = encrypt(sensitiveCommand.getCommandData().getBytes(StandardCharsets.UTF_8));
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(PHONE_UUID, sensitiveCommand.getPhoneUuid());
            StringBuilder sb = new StringBuilder();
            sb.append(SessionManager.getInstance().getSendSequenceNumber(str, str2));
            jSONObject.put(SEQUENCE_NUM, sb.toString());
            jSONObject.put("data", Base64.encodeToString(encrypt, 2));
            jSONObject.put(HMAC, Base64.encodeToString(hmac(jSONObject.toString().replaceAll("\\\\", "").getBytes(StandardCharsets.UTF_8)), 2));
            return jSONObject.toString();
        } catch (SessionException e) {
            StringBuilder sb2 = new StringBuilder("get sequence number error : ");
            sb2.append(e.getMessage());
            LogUtil.error(TAG, sb2.toString());
            StringBuilder sb3 = new StringBuilder("get sequence number error : ");
            sb3.append(e.getMessage());
            throw new CipherException(sb3.toString());
        } catch (JSONException unused) {
            LogUtil.error(TAG, "generate sensitive json command error");
            throw new CipherException("generate sensitive json command error");
        }
    }

    public String verifyCommand(@NonNull String str, String str2, @NonNull String str3) throws CipherException {
        LogUtil.info(TAG, "verifyCommand");
        if (str3 == null) {
            LogUtil.error(TAG, "verifyCommand response is null");
            throw new CipherException("verifyCommand response is null");
        }
        try {
            JSONObject jSONObject = new JSONObject(str3);
            String string = jSONObject.getString(SEQUENCE_NUM);
            String string2 = jSONObject.getString(PHONE_UUID);
            String string3 = jSONObject.getString(HMAC);
            String string4 = jSONObject.getString("data");
            if (TextUtils.isEmpty(string) || TextUtils.isEmpty(string3) || TextUtils.isEmpty(string4)) {
                LogUtil.error(TAG, "verifyCommand invalid response");
                throw new CipherException("verifyCommand invalid response");
            }
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put(PHONE_UUID, string2);
            jSONObject2.put(SEQUENCE_NUM, string);
            jSONObject2.put("data", string4);
            if (!Arrays.equals(hmac(jSONObject2.toString().replaceAll("\\\\", "").getBytes(StandardCharsets.UTF_8)), Base64.decode(string3, 0))) {
                LogUtil.error(TAG, "check hmac failed");
                throw new CipherException("check hmac failed");
            }
            SessionManager.getInstance().setReceiveSequenceNumber(str, str2, Long.parseLong(string));
            return new String(decrypt(Base64.decode(string4, 0)), StandardCharsets.UTF_8);
        } catch (SessionException e) {
            StringBuilder sb = new StringBuilder("session exception : ");
            sb.append(e.getMessage());
            LogUtil.error(TAG, sb.toString());
            StringBuilder sb2 = new StringBuilder("session exception : ");
            sb2.append(e.getMessage());
            throw new CipherException(sb2.toString());
        } catch (NumberFormatException unused) {
            LogUtil.error(TAG, "parse sequenceNumber string to long error");
            throw new CipherException("parse sequenceNumber string to long error");
        } catch (JSONException unused2) {
            LogUtil.error(TAG, "parse response json error");
            throw new CipherException("parse response json error");
        }
    }
}
