package com.huawei.wisesecurity.ucs.credential.crypto.cipher;

import androidx.appcompat.h;
import com.google.firebase.crashlytics.internal.metadata.UserMetadata;
import com.huawei.wisesecurity.kfs.crypto.cipher.a;
import com.huawei.wisesecurity.kfs.crypto.cipher.c;
import com.huawei.wisesecurity.kfs.exception.CodecException;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import com.huawei.wisesecurity.ucs.common.exception.UcsCryptoException;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsParamException;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.SkDkEntity;
import com.huawei.wisesecurity.ucs_credential.b;
import com.huawei.wisesecurity.ucs_credential.u;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes3.dex */
public class CredentialDecryptHandler implements c {
    public CredentialCipherText cipherText;
    public Credential credential;
    public CredentialClient credentialClient;

    public CredentialDecryptHandler(Credential credential, CredentialCipherText credentialCipherText, CredentialClient credentialClient) {
        this.credential = credential;
        this.cipherText = credentialCipherText;
        this.credentialClient = credentialClient;
    }

    private void doDecrypt() throws UcsCryptoException {
        AlgorithmParameterSpec ivParameterSpec;
        u uVar = new u();
        uVar.f38226a.put("apiName", "appAuth.decrypt");
        uVar.b();
        try {
            try {
                this.cipherText.checkParam(false);
                byte[] decryptSkDk = SkDkEntity.from(this.credential.getDataKeyBytes()).decryptSkDk(b.a(this.credential.getKekString()));
                a.getPreferredAlg("AES");
                SecretKeySpec secretKeySpec = new SecretKeySpec(decryptSkDk, "AES");
                a aVar = a.AES_GCM;
                byte[] iv = this.cipherText.getIv();
                int ordinal = aVar.ordinal();
                if (ordinal == 1) {
                    ivParameterSpec = new IvParameterSpec(h.b(iv));
                } else {
                    if (ordinal != 2) {
                        throw new CryptoException("unsupported cipher alg");
                    }
                    ivParameterSpec = new GCMParameterSpec(UserMetadata.MAX_ROLLOUT_ASSIGNMENTS, h.b(iv));
                }
                a aVar2 = a.UNKNOWN;
                byte[] b2 = h.b(this.cipherText.getCipherBytes());
                try {
                    Cipher cipher = Cipher.getInstance(aVar.getTransformation());
                    cipher.init(2, secretKeySpec, ivParameterSpec);
                    this.cipherText.setPlainBytes(cipher.doFinal(h.b(b2)));
                    uVar.e(0);
                } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
                    throw new CryptoException("Fail to decrypt: " + e2.getMessage());
                }
            } catch (CryptoException e3) {
                e = e3;
                String str = "Fail to decrypt, errorMessage : " + e.getMessage();
                uVar.e(1003);
                uVar.c(str);
                throw new UcsCryptoException(1003L, str);
            } catch (UcsParamException e4) {
                String str2 = "Fail to decrypt, errorMessage : " + e4.getMessage();
                uVar.e(1001);
                uVar.c(str2);
                throw new UcsCryptoException(1001L, str2);
            } catch (UcsException e5) {
                e = e5;
                String str3 = "Fail to decrypt, errorMessage : " + e.getMessage();
                uVar.e(1003);
                uVar.c(str3);
                throw new UcsCryptoException(1003L, str3);
            }
        } finally {
            this.credentialClient.reportLogs(uVar);
        }
    }

    private CredentialDecryptHandler from(String str, com.huawei.wisesecurity.kfs.crypto.codec.a aVar) throws UcsCryptoException {
        try {
            from(aVar.a(str));
            return this;
        } catch (CodecException e2) {
            throw new UcsCryptoException(1003L, "Fail to decode cipher text: " + e2.getMessage());
        }
    }

    private String to(com.huawei.wisesecurity.kfs.crypto.codec.b bVar) throws UcsCryptoException {
        try {
            return bVar.a(to());
        } catch (CodecException e2) {
            throw new UcsCryptoException(1003L, "Fail to encode plain text: " + e2.getMessage());
        }
    }

    public CredentialDecryptHandler from(byte[] bArr) throws UcsCryptoException {
        if (bArr == null) {
            throw new UcsCryptoException(1001L, "cipherBytes cannot null..");
        }
        this.cipherText.setCipherBytes(bArr);
        return this;
    }

    public CredentialDecryptHandler fromBase64(String str) throws UcsCryptoException {
        return from(str, com.huawei.wisesecurity.kfs.crypto.codec.a.f38217a);
    }

    public CredentialDecryptHandler fromBase64Url(String str) throws UcsCryptoException {
        return from(str, com.huawei.wisesecurity.kfs.crypto.codec.a.f38218b);
    }

    public CredentialDecryptHandler fromHex(String str) throws UcsCryptoException {
        return from(str, com.huawei.wisesecurity.kfs.crypto.codec.a.f38219c);
    }

    public byte[] to() throws UcsCryptoException {
        doDecrypt();
        return this.cipherText.getPlainBytes();
    }

    public String toBase64() throws UcsCryptoException {
        return to(com.huawei.wisesecurity.kfs.crypto.codec.b.f38220a);
    }

    public String toHex() throws UcsCryptoException {
        return to(com.huawei.wisesecurity.kfs.crypto.codec.b.f38222c);
    }

    public String toRawString() throws UcsCryptoException {
        return to(com.huawei.wisesecurity.kfs.crypto.codec.b.f38223d);
    }
}
