package com.huawei.iotplatform.security.e2esecurity.openapi.keyagreement.entity;

import android.text.TextUtils;
import android.util.Base64;
import com.huawei.iotplatform.security.common.crypto.Cipher;
import com.huawei.iotplatform.security.common.crypto.exception.CipherException;
import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.e2esecurity.hichain.adapter.utils.KeyVersion;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.IotKeyStoreException;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.KeyStoreManager;
import com.huawei.iotplatform.security.e2esecurity.openapi.keyagreement.SessionManager;
import com.huawei.iotplatform.security.e2esecurity.openapi.keyagreement.exception.SessionException;
import d.b.g0;
import e.b.a.a.a;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class SecurityCipher {
    public static final String DATA = "data";
    public static final String HMAC = "hmac";
    public static final String PHONE_UUID = "puuid";
    public static final String SEQUENCE_NUM = "seqNum";
    public static final String TAG = "SecurityCipher";
    public static final String TIMESTAMP = "timestamp";
    public byte[] mHmacKeyEncrypted;
    public byte[] mSessionKeyEncrypted;

    public SecurityCipher(@g0 byte[] bArr) {
        byte[] bArr2;
        IotKeyStoreException iotKeyStoreException;
        CipherException cipherException;
        if (CommonUtil.isEmpty(bArr)) {
            LogUtil.error("SecurityCipher", "the encrypted session key is empty");
            return;
        }
        byte[] bArr3 = null;
        try {
            try {
                byte[] decrypt = KeyStoreManager.getInstance().decrypt(bArr);
                try {
                    if (CommonUtil.isEmpty(decrypt)) {
                        LogUtil.error("SecurityCipher", "the decrypted session key is empty");
                        CommonUtil.clearBytes(null);
                        CommonUtil.clearBytes(null);
                        CommonUtil.clearBytes(decrypt);
                        return;
                    }
                    if (decrypt.length < KeyVersion.VERSION_DEFAULT.getDerivedKeyLen()) {
                        LogUtil.error("SecurityCipher", "the decrypted session key length is invalid");
                        CommonUtil.clearBytes(null);
                        CommonUtil.clearBytes(null);
                        CommonUtil.clearBytes(decrypt);
                        return;
                    }
                    KeyVersion keyVersion = KeyVersion.VERSION_DEFAULT;
                    int i2 = 1;
                    if (decrypt.length > KeyVersion.VERSION_DEFAULT.getDerivedKeyLen()) {
                        keyVersion = KeyVersion.getKeyVersion(decrypt[0]);
                        if (keyVersion == KeyVersion.UNKNOWN) {
                            LogUtil.error("SecurityCipher", "the key version is unknown");
                            CommonUtil.clearBytes(null);
                            CommonUtil.clearBytes(null);
                            CommonUtil.clearBytes(decrypt);
                            return;
                        }
                        if (decrypt.length < keyVersion.getDerivedKeyLen() + 1) {
                            LogUtil.error("SecurityCipher", "the session key length is invalid");
                            CommonUtil.clearBytes(null);
                            CommonUtil.clearBytes(null);
                            CommonUtil.clearBytes(decrypt);
                            return;
                        }
                    } else {
                        i2 = 0;
                    }
                    byte[] readBytes = readBytes(decrypt, i2, keyVersion.getEncryptionKeyLen());
                    try {
                        bArr3 = readBytes(decrypt, i2 + keyVersion.getEncryptionKeyLen(), keyVersion.getHmacKeyLen());
                        this.mSessionKeyEncrypted = KeyStoreManager.getInstance().encrypt(readBytes);
                        this.mHmacKeyEncrypted = KeyStoreManager.getInstance().encrypt(bArr3);
                        CommonUtil.clearBytes(readBytes);
                        CommonUtil.clearBytes(bArr3);
                        CommonUtil.clearBytes(decrypt);
                    } catch (CipherException e2) {
                        bArr2 = decrypt;
                        bArr = bArr3;
                        bArr3 = readBytes;
                        cipherException = e2;
                        LogUtil.error("SecurityCipher", "build SecurityCipher CipherException, " + cipherException.getMessage());
                        CommonUtil.clearBytes(bArr3);
                        CommonUtil.clearBytes(bArr);
                        CommonUtil.clearBytes(bArr2);
                    } catch (IotKeyStoreException e3) {
                        bArr2 = decrypt;
                        bArr = bArr3;
                        bArr3 = readBytes;
                        iotKeyStoreException = e3;
                        LogUtil.error("SecurityCipher", "build SecurityCipher IotKeyStoreException, " + iotKeyStoreException.getMessage());
                        CommonUtil.clearBytes(bArr3);
                        CommonUtil.clearBytes(bArr);
                        CommonUtil.clearBytes(bArr2);
                    } catch (Throwable th) {
                        th = th;
                        bArr2 = decrypt;
                        bArr = bArr3;
                        bArr3 = readBytes;
                        CommonUtil.clearBytes(bArr3);
                        CommonUtil.clearBytes(bArr);
                        CommonUtil.clearBytes(bArr2);
                        throw th;
                    }
                } catch (CipherException e4) {
                    cipherException = e4;
                    bArr2 = decrypt;
                    bArr = null;
                } catch (IotKeyStoreException e5) {
                    iotKeyStoreException = e5;
                    bArr2 = decrypt;
                    bArr = null;
                } catch (Throwable th2) {
                    th = th2;
                    bArr2 = decrypt;
                    bArr = null;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (CipherException e6) {
            bArr = null;
            cipherException = e6;
            bArr2 = null;
        } catch (IotKeyStoreException e7) {
            bArr = null;
            iotKeyStoreException = e7;
            bArr2 = null;
        } catch (Throwable th4) {
            th = th4;
            bArr = null;
            bArr2 = null;
        }
    }

    private byte[] readBytes(@g0 byte[] bArr, int i2, int i3) {
        int i4 = i3 + i2;
        if (bArr.length >= i4) {
            return Arrays.copyOfRange(bArr, i2, i4);
        }
        throw new CipherException("readBytes invalid parameters");
    }

    public byte[] decrypt(@g0 byte[] bArr) {
        byte[] bArr2 = null;
        try {
            try {
                bArr2 = KeyStoreManager.getInstance().decrypt(this.mSessionKeyEncrypted);
                return Cipher.aesDecrypt(bArr, bArr2);
            } catch (IotKeyStoreException unused) {
                LogUtil.error("SecurityCipher", "keystore decrypt session key error");
                throw new CipherException("keystore decrypt session key error");
            }
        } finally {
            CommonUtil.clearBytes(bArr2);
        }
    }

    public void destroy() {
        CommonUtil.clearBytes(this.mSessionKeyEncrypted);
        CommonUtil.clearBytes(this.mHmacKeyEncrypted);
    }

    public byte[] encrypt(@g0 byte[] bArr) {
        byte[] bArr2 = null;
        try {
            try {
                bArr2 = KeyStoreManager.getInstance().decrypt(this.mSessionKeyEncrypted);
                return Cipher.aesEncrypt(bArr, bArr2);
            } catch (IotKeyStoreException unused) {
                LogUtil.error("SecurityCipher", "keystore encrypt session key error");
                throw new CipherException("keystore encrypt session key error");
            }
        } finally {
            CommonUtil.clearBytes(bArr2);
        }
    }

    public String generateSensitiveCommand(@g0 SensitiveCommand sensitiveCommand) {
        if (sensitiveCommand == null) {
            LogUtil.error("SecurityCipher", "generateSensitiveCommand param command is null");
            throw new CipherException("param command is null");
        }
        if (TextUtils.isEmpty(sensitiveCommand.getPhoneUuid()) || TextUtils.isEmpty(sensitiveCommand.getTimestamp())) {
            LogUtil.error("SecurityCipher", "generateSensitiveCommand param command is invalid");
            throw new CipherException("param command is invalid");
        }
        try {
            byte[] encrypt = encrypt(sensitiveCommand.getCommandData().getBytes(StandardCharsets.UTF_8));
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("puuid", sensitiveCommand.getPhoneUuid());
            jSONObject.put("timestamp", sensitiveCommand.getTimestamp());
            String encodeToString = Base64.encodeToString(encrypt, 2);
            jSONObject.put("data", encodeToString);
            jSONObject.put(HMAC, Base64.encodeToString(hmac(CommonUtil.concatenateAll(sensitiveCommand.getTimestamp().getBytes(StandardCharsets.UTF_8), encodeToString.getBytes(StandardCharsets.UTF_8))), 2));
            return jSONObject.toString();
        } catch (JSONException unused) {
            LogUtil.error("SecurityCipher", "generateSensitiveCommand generate sensitive json command error");
            throw new CipherException("generateSensitiveCommand generate sensitive json command error");
        }
    }

    public byte[] hmac(byte[] bArr) {
        if (CommonUtil.isEmpty(bArr)) {
            LogUtil.error("SecurityCipher", "input message is empty");
            throw new CipherException("input message is empty");
        }
        byte[] bArr2 = null;
        try {
            try {
                try {
                    try {
                        Mac mac = Mac.getInstance("hmacSHA256");
                        bArr2 = KeyStoreManager.getInstance().decrypt(this.mHmacKeyEncrypted);
                        mac.init(new SecretKeySpec(bArr2, "hmacSHA256"));
                        mac.update(bArr);
                        return mac.doFinal();
                    } catch (NoSuchAlgorithmException unused) {
                        LogUtil.error("SecurityCipher", "wrong algorithm");
                        throw new CipherException("wrong algorithm");
                    }
                } catch (InvalidKeyException unused2) {
                    LogUtil.error("SecurityCipher", "wrong hmac key");
                    throw new CipherException("wrong hmac key");
                }
            } catch (IotKeyStoreException unused3) {
                LogUtil.error("SecurityCipher", "keystore decrypt hmac key error");
                throw new CipherException("keystore decrypt hmac key error");
            }
        } finally {
            CommonUtil.clearBytes(bArr2);
        }
    }

    public String parseSensitiveCommandRsp(@g0 String str) {
        if (str == null) {
            LogUtil.error("SecurityCipher", "parseSensitiveCommandRsp response is null");
            throw new CipherException("parseSensitiveCommandRsp response is null");
        }
        try {
            JSONObject jSONObject = new JSONObject(str);
            String string = jSONObject.getString("timestamp");
            String string2 = jSONObject.getString(HMAC);
            String string3 = jSONObject.getString("data");
            if (TextUtils.isEmpty(string) || TextUtils.isEmpty(string2) || TextUtils.isEmpty(string3)) {
                LogUtil.error("SecurityCipher", "parseSensitiveCommandRsp invalid response");
                throw new CipherException("parseSensitiveCommandRsp invalid response");
            }
            if (Arrays.equals(hmac(CommonUtil.concatenateAll(string.getBytes(StandardCharsets.UTF_8), string3.getBytes(StandardCharsets.UTF_8))), Base64.decode(string2, 0))) {
                return new String(decrypt(Base64.decode(string3, 0)), StandardCharsets.UTF_8);
            }
            LogUtil.error("SecurityCipher", "parseSensitiveCommandRsp check hmac failed");
            throw new CipherException("parseSensitiveCommandRsp check hmac failed");
        } catch (JSONException unused) {
            LogUtil.error("SecurityCipher", "parseSensitiveCommandRsp parse response json error");
            throw new CipherException("parseSensitiveCommandRsp parse response json error");
        }
    }

    public String signCommand(@g0 String str, String str2, @g0 SensitiveCommand sensitiveCommand) {
        LogUtil.info("SecurityCipher", "signCommand");
        if (sensitiveCommand == null) {
            LogUtil.error("SecurityCipher", "signCommand param command is null");
            throw new CipherException("signCommand param command is null");
        }
        if (TextUtils.isEmpty(sensitiveCommand.getCommandData()) || TextUtils.isEmpty(sensitiveCommand.getPhoneUuid())) {
            LogUtil.error("SecurityCipher", "signCommand param command is invalid");
            throw new CipherException("signCommand param command is invalid");
        }
        try {
            byte[] encrypt = encrypt(sensitiveCommand.getCommandData().getBytes(StandardCharsets.UTF_8));
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("puuid", sensitiveCommand.getPhoneUuid());
            jSONObject.put(SEQUENCE_NUM, SessionManager.getInstance().getSendSequenceNumber(str, str2) + "");
            jSONObject.put("data", Base64.encodeToString(encrypt, 2));
            jSONObject.put(HMAC, Base64.encodeToString(hmac(jSONObject.toString().replaceAll("\\\\", "").getBytes(StandardCharsets.UTF_8)), 2));
            return jSONObject.toString();
        } catch (SessionException e2) {
            StringBuilder a2 = a.a("get sequence number error : ");
            a2.append(e2.getMessage());
            LogUtil.error("SecurityCipher", a2.toString());
            StringBuilder a3 = a.a("get sequence number error : ");
            a3.append(e2.getMessage());
            throw new CipherException(a3.toString());
        } catch (JSONException unused) {
            LogUtil.error("SecurityCipher", "generate sensitive json command error");
            throw new CipherException("generate sensitive json command error");
        }
    }

    public String verifyCommand(@g0 String str, String str2, @g0 String str3) {
        LogUtil.info("SecurityCipher", "verifyCommand");
        if (str3 == null) {
            LogUtil.error("SecurityCipher", "verifyCommand response is null");
            throw new CipherException("verifyCommand response is null");
        }
        try {
            JSONObject jSONObject = new JSONObject(str3);
            String string = jSONObject.getString(SEQUENCE_NUM);
            String string2 = jSONObject.getString("puuid");
            String string3 = jSONObject.getString(HMAC);
            String string4 = jSONObject.getString("data");
            if (TextUtils.isEmpty(string) || TextUtils.isEmpty(string3) || TextUtils.isEmpty(string4)) {
                LogUtil.error("SecurityCipher", "verifyCommand invalid response");
                throw new CipherException("verifyCommand invalid response");
            }
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("puuid", string2);
            jSONObject2.put(SEQUENCE_NUM, string);
            jSONObject2.put("data", string4);
            if (!Arrays.equals(hmac(jSONObject2.toString().replaceAll("\\\\", "").getBytes(StandardCharsets.UTF_8)), Base64.decode(string3, 0))) {
                LogUtil.error("SecurityCipher", "check hmac failed");
                throw new CipherException("check hmac failed");
            }
            SessionManager.getInstance().setReceiveSequenceNumber(str, str2, Long.parseLong(string));
            return new String(decrypt(Base64.decode(string4, 0)), StandardCharsets.UTF_8);
        } catch (SessionException e2) {
            StringBuilder a2 = a.a("session exception : ");
            a2.append(e2.getMessage());
            LogUtil.error("SecurityCipher", a2.toString());
            StringBuilder a3 = a.a("session exception : ");
            a3.append(e2.getMessage());
            throw new CipherException(a3.toString());
        } catch (NumberFormatException unused) {
            LogUtil.error("SecurityCipher", "parse sequenceNumber string to long error");
            throw new CipherException("parse sequenceNumber string to long error");
        } catch (JSONException unused2) {
            LogUtil.error("SecurityCipher", "parse response json error");
            throw new CipherException("parse response json error");
        }
    }
}
