package com.huawei.smarthome.content.speaker.utils.security.codec;

import com.huawei.smarthome.content.speaker.core.exception.CipherServiceException;
import com.huawei.smarthome.content.speaker.core.exception.ServiceException;
import com.huawei.smarthome.content.speaker.utils.ByteUtils;
import com.huawei.smarthome.content.speaker.utils.ObjectUtils;
import com.huawei.smarthome.content.speaker.utils.security.SecureRandomUtil;
import com.huawei.smarthome.content.speaker.utils.security.codec.bean.AlgorithmWorkModeEnum;
import com.huawei.smarthome.content.speaker.utils.security.codec.bean.CipherData;
import com.huawei.smarthome.content.speaker.utils.security.codec.utils.CipherDataUtils;
import com.huawei.smarthome.content.speaker.utils.security.codec.utils.CipherModeUtils;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes4.dex */
public final class StaticLayerThreeCodec extends BaseStaticMultiLayerCodec {
    private static final String AES = "AES";
    private static final int SYMMETRIC_CIPHER_SERVICE_CONTAINER_SIZE = 1;
    private ConfigurationManager mConfigurationManager;
    private String mDefaultCipherModeId;
    private String mDefaultWorkKeySuitId;
    private KeysManager mKeysManager;
    private RootKeyManager mRootKeyManager;
    private Map<String, SymmetricCipherService> mSymmetricCipherServices;

    /* loaded from: classes4.dex */
    public static final class Builder {
        private ConfigurationManager mConfigurationManager;
        private String mDefaultCipherModeId;
        private String mDefaultWorkKeySuitId;
        private KeysManager mKeysManager;
        private RootKeyManager mRootKeyManager;

        public final StaticLayerThreeCodec build() throws CipherServiceException {
            if (ObjectUtils.isEmpty(this.mRootKeyManager) || ObjectUtils.isEmpty(this.mKeysManager)) {
                throw new CipherServiceException("can't build the codec, key manager is invalid");
            }
            if (ObjectUtils.isEmpty(this.mConfigurationManager)) {
                throw new CipherServiceException("can't build the codec, config manager is invalid");
            }
            if (ObjectUtils.isEmpty(this.mDefaultCipherModeId) || ObjectUtils.isEmpty(this.mDefaultWorkKeySuitId)) {
                throw new CipherServiceException("can't build the codec, default config is Invalid");
            }
            return new StaticLayerThreeCodec(this);
        }

        public final Builder configurationManager(ConfigurationManager configurationManager) {
            this.mConfigurationManager = configurationManager;
            return this;
        }

        public final Builder defaultCipherModeId(String str) {
            this.mDefaultCipherModeId = str;
            return this;
        }

        public final Builder defaultWorkKeySuitId(String str) {
            this.mDefaultWorkKeySuitId = str;
            return this;
        }

        public final Builder keysManager(KeysManager keysManager) {
            this.mKeysManager = keysManager;
            return this;
        }

        public final Builder rootKeyManager(RootKeyManager rootKeyManager) {
            this.mRootKeyManager = rootKeyManager;
            return this;
        }
    }

    private StaticLayerThreeCodec(Builder builder) {
        HashMap hashMap = new HashMap(1);
        this.mSymmetricCipherServices = hashMap;
        hashMap.put(AES, new AesCipherService());
        this.mConfigurationManager = builder.mConfigurationManager;
        this.mRootKeyManager = builder.mRootKeyManager;
        this.mKeysManager = builder.mKeysManager;
        this.mDefaultCipherModeId = builder.mDefaultCipherModeId;
        this.mDefaultWorkKeySuitId = builder.mDefaultWorkKeySuitId;
    }

    private byte[] decryptKey(byte[] bArr, CipherData cipherData) throws CipherServiceException {
        if (ObjectUtils.isEmpty(bArr)) {
            throw new CipherServiceException("aesCipherManager decryptWorkKey failed, rootKey is empty");
        }
        String cipherModeStr = getCipherModeStr(cipherData.getCipherModeId());
        return getSymmetricCipherService(CipherModeUtils.getAlgorithm(cipherModeStr)).decrypt(cipherData.getCipherData(), bArr, cipherModeStr, cipherData.getIvBytes());
    }

    private byte[] decryptWorkKey(CipherData cipherData) throws CipherServiceException {
        CipherData key = this.mKeysManager.getKey(cipherData.getKeySuitId(), cipherData.getKeySuitVersion());
        byte[] rootKey = this.mRootKeyManager.getRootKey();
        byte[] decryptKey = decryptKey(rootKey, key);
        ByteUtils.reset(rootKey);
        byte[] decryptKey2 = decryptKey(decryptKey, cipherData);
        ByteUtils.reset(decryptKey);
        return decryptKey2;
    }

    private byte[] generateIvByCipherWorkMode(String str) throws CipherServiceException {
        AlgorithmWorkModeEnum valueOf = AlgorithmWorkModeEnum.valueOf(str);
        if (!ObjectUtils.isEmpty(valueOf)) {
            return SecureRandomUtil.genSecureRandomByte(valueOf.getIvLength());
        }
        StringBuilder sb = new StringBuilder();
        sb.append("generateIvByCipherWorkMode failed, can't support the mode:");
        sb.append(str);
        throw new CipherServiceException(sb.toString());
    }

    private String getCipherModeStr(String str) throws CipherServiceException {
        try {
            return this.mConfigurationManager.getConfigValue(str);
        } catch (ServiceException unused) {
            StringBuilder sb = new StringBuilder();
            sb.append("aesCipherManager getCipherModeStr failed, can't get the alg: ");
            sb.append(str);
            throw new CipherServiceException(sb.toString());
        }
    }

    private SymmetricCipherService getSymmetricCipherService(String str) throws CipherServiceException {
        SymmetricCipherService symmetricCipherService = this.mSymmetricCipherServices.get(str);
        if (!ObjectUtils.isEmpty(symmetricCipherService)) {
            return symmetricCipherService;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("can't get the SymmetricCipherService for the algorithm:");
        sb.append(str);
        throw new CipherServiceException(sb.toString());
    }

    @Override // com.huawei.smarthome.content.speaker.utils.security.codec.MultiLayerCodec
    public final byte[] decrypt(String str) throws CipherServiceException {
        CipherData stringToCipherData = CipherDataUtils.stringToCipherData(str);
        byte[] decryptWorkKey = decryptWorkKey(this.mKeysManager.getKey(stringToCipherData.getKeySuitId(), stringToCipherData.getKeySuitVersion()));
        String cipherModeStr = getCipherModeStr(stringToCipherData.getCipherModeId());
        byte[] decrypt = getSymmetricCipherService(CipherModeUtils.getAlgorithm(cipherModeStr)).decrypt(stringToCipherData.getCipherData(), decryptWorkKey, cipherModeStr, stringToCipherData.getIvBytes());
        ByteUtils.reset(decryptWorkKey);
        return decrypt;
    }

    @Override // com.huawei.smarthome.content.speaker.utils.security.codec.StaticCipherCodec
    public final String encrypt(byte[] bArr, String str, String str2) throws CipherServiceException {
        if (ObjectUtils.isEmpty(bArr) || ObjectUtils.isEmpty(str) || ObjectUtils.isEmpty(str2)) {
            throw new CipherServiceException("aesCipherManager encrypt failed, invalid params");
        }
        CipherData latestKey = this.mKeysManager.getLatestKey(str);
        int latestKeyVersion = this.mKeysManager.getLatestKeyVersion(str);
        byte[] decryptWorkKey = decryptWorkKey(latestKey);
        String cipherModeStr = getCipherModeStr(str2);
        String algorithm = CipherModeUtils.getAlgorithm(cipherModeStr);
        byte[] generateIvByCipherWorkMode = generateIvByCipherWorkMode(CipherModeUtils.getWorkMode(cipherModeStr));
        byte[] encrypt = getSymmetricCipherService(algorithm).encrypt(bArr, decryptWorkKey, cipherModeStr, generateIvByCipherWorkMode);
        ByteUtils.reset(decryptWorkKey);
        return CipherDataUtils.cipherDataToString(new CipherData(str, latestKeyVersion, str2, generateIvByCipherWorkMode, encrypt));
    }

    @Override // com.huawei.smarthome.content.speaker.utils.security.codec.BaseStaticMultiLayerCodec
    protected final String getDefaultCipherModeId() {
        return this.mDefaultCipherModeId;
    }

    @Override // com.huawei.smarthome.content.speaker.utils.security.codec.BaseStaticMultiLayerCodec
    protected final String getDefaultWorkKeySuitId() {
        return this.mDefaultWorkKeySuitId;
    }
}
