package com.huawei.iotplatform.security.e2esecurity.local.keystore.impl;

import android.annotation.TargetApi;
import android.security.keystore.KeyGenParameterSpec;
import com.huawei.iotplatform.security.common.util.CommonUtil;
import com.huawei.iotplatform.security.common.util.LogUtil;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.IotKeyStoreException;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.KeyStoreService;
import com.huawei.iotplatform.security.e2esecurity.local.keystore.util.KeyType;
import d.b.g0;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: classes2.dex */
public class AesKeyStoreServiceImpl implements KeyStoreService {
    public static final int AES_IV_LENGTH = 12;
    public static final int KEY_SIZE = 128;
    public static final String TAG = "AesKeyStoreServiceImpl";
    public static final int TAG_SIZE = 128;
    public KeyStore mKeyStore;

    public AesKeyStoreServiceImpl() {
        initAesKeyStore(KeyType.PRIMARY_KEY);
        initAesKeyStore(KeyType.BUSINESS_PRIMARY_KEY);
    }

    private byte[] aesDecrypt(@g0 KeyType keyType, @g0 byte[] bArr) {
        try {
            SecretKey secretKey = getSecretKey(keyType);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            byte[] bArr2 = new byte[12];
            int length = bArr.length - 12;
            byte[] bArr3 = new byte[length];
            CommonUtil.copyByteArray(bArr, 0, bArr3, 0, length);
            CommonUtil.copyByteArray(bArr, length, bArr2, 0, 12);
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr3);
        } catch (NumberFormatException unused) {
            throw new IotKeyStoreException("NumberFormatException occurs when decryption with key store.");
        } catch (InvalidAlgorithmParameterException unused2) {
            throw new IotKeyStoreException("InvalidAlgorithmParameterException occurs when decryption with key store.");
        } catch (InvalidKeyException unused3) {
            throw new IotKeyStoreException("InvalidKeyException occurs when decryption with key store.");
        } catch (NoSuchAlgorithmException unused4) {
            throw new IotKeyStoreException("NoSuchAlgorithmException occurs when decryption with key store.");
        } catch (ProviderException unused5) {
            throw new IotKeyStoreException("ProviderException occurs when decryption with key store.");
        } catch (BadPaddingException unused6) {
            throw new IotKeyStoreException("BadPaddingException occurs when decryption with key store.");
        } catch (IllegalBlockSizeException unused7) {
            throw new IotKeyStoreException("IllegalBlockSizeException occurs when decryption with key store.");
        } catch (NoSuchPaddingException unused8) {
            throw new IotKeyStoreException("NoSuchPaddingException occurs when decryption with key store.");
        }
    }

    private byte[] aesEncrypt(@g0 KeyType keyType, @g0 byte[] bArr) {
        try {
            SecretKey secretKey = getSecretKey(keyType);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            byte[] randomBytes = CommonUtil.getRandomBytes(12);
            cipher.init(1, secretKey, new GCMParameterSpec(128, randomBytes));
            return CommonUtil.concatenateAll(cipher.doFinal(bArr), randomBytes);
        } catch (InvalidAlgorithmParameterException unused) {
            throw new IotKeyStoreException("InvalidAlgorithmParameterException occurs when encryption with key store.");
        } catch (InvalidKeyException unused2) {
            throw new IotKeyStoreException("InvalidKeyException occurs when encryption with key store.");
        } catch (NoSuchAlgorithmException unused3) {
            throw new IotKeyStoreException("NoSuchAlgorithmException occurs when encryption with key store.");
        } catch (ProviderException unused4) {
            throw new IotKeyStoreException("ProviderException occurs when encryption with key store.");
        } catch (BadPaddingException unused5) {
            throw new IotKeyStoreException("BadPaddingException occurs when encryption with key store.");
        } catch (IllegalBlockSizeException unused6) {
            throw new IotKeyStoreException("IllegalBlockSizeException occurs when encryption with key store.");
        } catch (NoSuchPaddingException unused7) {
            throw new IotKeyStoreException("NoSuchPaddingException occurs when encryption with key store.");
        }
    }

    private SecretKey getSecretKey(@g0 KeyType keyType) {
        try {
            KeyStore.Entry entry = this.mKeyStore.getEntry(keyType.getKeyAlias(), null);
            if (entry == null) {
                LogUtil.error(TAG, "The key entry for primary key is null . Exception occurs,check whether the primary key has been initialized.");
                throw new IotKeyStoreException("The key entry for primary key is null.");
            }
            if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                throw new IotKeyStoreException("Error occurs when cast entry to SecretKeyEntry");
            }
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) entry;
            if (secretKeyEntry.getSecretKey() != null) {
                return secretKeyEntry.getSecretKey();
            }
            throw new IotKeyStoreException("The SecretKey entry for primary key is null.");
        } catch (KeyStoreException | NoSuchAlgorithmException | ProviderException | UnrecoverableEntryException unused) {
            throw new IotKeyStoreException("Exception occurs when get primary key from keystore.");
        }
    }

    @TargetApi(23)
    private void initAesKeyStore(@g0 KeyType keyType) {
        if (keyType != KeyType.PRIMARY_KEY && keyType != KeyType.BUSINESS_PRIMARY_KEY) {
            throw new IotKeyStoreException("Unsupported key type");
        }
        try {
            String keyAlias = keyType.getKeyAlias();
            if (this.mKeyStore == null) {
                KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
                this.mKeyStore = keyStore;
                keyStore.load(null);
            }
            if (this.mKeyStore.containsAlias(keyAlias)) {
                LogUtil.info(TAG, "AES key has been initialized, skip the initialization.");
                return;
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(new KeyGenParameterSpec.Builder(keyAlias, 3).setDigests("SHA-256", "SHA-512").setBlockModes("GCM").setKeySize(128).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(false).build());
            keyGenerator.generateKey();
        } catch (IOException unused) {
            throw new IotKeyStoreException("IOException occurs when initialize key store.");
        } catch (InvalidAlgorithmParameterException unused2) {
            throw new IotKeyStoreException("InvalidAlgorithmParameterException occurs when initialize key store.");
        } catch (KeyStoreException unused3) {
            throw new IotKeyStoreException("KeyStoreException occurs when initialize key store.");
        } catch (NoSuchAlgorithmException unused4) {
            throw new IotKeyStoreException("NoSuchAlgorithmException occurs when initialize key store.");
        } catch (NoSuchProviderException unused5) {
            throw new IotKeyStoreException("NoSuchProviderException occurs when initialize key store.");
        } catch (ProviderException unused6) {
            throw new IotKeyStoreException("ProviderException occurs when initialize key store.");
        } catch (CertificateException unused7) {
            throw new IotKeyStoreException("CertificateException occurs when initialize key store.");
        }
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.local.keystore.KeyStoreService
    public byte[] decrypt(@g0 KeyType keyType, byte[] bArr) {
        if (CommonUtil.isEmpty(bArr) || bArr.length <= 12) {
            throw new IotKeyStoreException("Decrypt cipher data is invalid.");
        }
        return aesDecrypt(keyType, bArr);
    }

    @Override // com.huawei.iotplatform.security.e2esecurity.local.keystore.KeyStoreService
    public byte[] encrypt(@g0 KeyType keyType, byte[] bArr) {
        if (CommonUtil.isEmpty(bArr)) {
            throw new IotKeyStoreException("Encrypt plain data must be not null or empty.");
        }
        return aesEncrypt(keyType, bArr);
    }
}
