package com.huawei.wisesecurity.ucs_kms;

import android.content.Context;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import com.huawei.wisesecurity.ucs.kms.request.CipherAlgorithm;
import com.huawei.wisesecurity.ucs.kms.request.DecryptRequest;
import com.huawei.wisesecurity.ucs.kms.request.EcdhRequest;
import com.huawei.wisesecurity.ucs.kms.request.EncryptRequest;
import com.huawei.wisesecurity.ucs.kms.request.GetKeyInfoRequest;
import com.huawei.wisesecurity.ucs.kms.request.HmacRequest;
import com.huawei.wisesecurity.ucs.kms.request.KeyInfo;
import com.huawei.wisesecurity.ucs.kms.request.SignAlgorithm;
import com.huawei.wisesecurity.ucs.kms.request.SignDataRequest;
import com.huawei.wisesecurity.ucs.kms.request.VerifyRequest;
import defpackage.o40;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes8.dex */
public class k implements m {
    private void a(EncryptRequest encryptRequest) throws UcsException {
        if (m.b.contains(encryptRequest.getKeyAlgorithm().getAlgName())) {
            return;
        }
        LogUcs.e("KmsKeyService", "cipher algorithm not support", new Object[0]);
        throw new UcsException(3001L, "cipher algorithm not support");
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public KeyInfo a(GetKeyInfoRequest getKeyInfoRequest, Context context, String str) throws UcsException {
        throw new UcsException(3001L, "Unsupported getKeyInfo.");
    }

    public boolean a(VerifyRequest verifyRequest) throws UcsException {
        LogUcs.i("KmsKeyService", "Start to verify.", new Object[0]);
        if (!m.f6888a.contains(verifyRequest.getKeyAlgorithm().getAlgName())) {
            LogUcs.e("KmsKeyService", "verify key algorithm ({0}) not support.", verifyRequest.getKeyAlgorithm().getAlgName());
            throw new UcsException(3008L, "verify key algorithm not support");
        }
        try {
            return com.huawei.wisesecurity.kfs.crypto.signer.c.a(SignAlgorithm.getSignAlgValue(verifyRequest.getSignAlgorithm().getAlgName()), com.huawei.wisesecurity.ucs.kms.util.a.a(verifyRequest.getPublicKey(), verifyRequest.getKeyAlgorithm().getAlgName()), null).getVerifyHandler().fromData(verifyRequest.getData()).verify(verifyRequest.getSign());
        } catch (o40 e) {
            LogUcs.e("KmsKeyService", "Failed to verify signature, error: {0}.", e.getMessage());
            throw new UcsException(3008L, "signature verify algorithm not support, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(DecryptRequest decryptRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsKeyService", "Start to decrypt.", new Object[0]);
        a(decryptRequest);
        CipherAlg cipherAlgValue = CipherAlgorithm.getCipherAlgValue(decryptRequest.getCipherAlgorithm().getAlgName());
        SecretKeySpec secretKeySpec = new SecretKeySpec(decryptRequest.getKey(), decryptRequest.getKeyAlgorithm().getAlgName());
        try {
            Cipher cipher = Cipher.getInstance(cipherAlgValue.getTransformation());
            cipher.init(2, secretKeySpec, new GCMParameterSpec(decryptRequest.getTagLen(), decryptRequest.getIv()));
            if (decryptRequest.getAad() != null) {
                cipher.updateAAD(decryptRequest.getAad());
            }
            return cipher.doFinal(decryptRequest.getData());
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LogUcs.e("KmsKeyService", "Failed to decrypt, error: {0}.", e.getMessage());
            throw new UcsException(3010L, "decrypt data error, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(EcdhRequest ecdhRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsKeyService", "Start to ecdh.", new Object[0]);
        throw new UcsException(3001L, "Unsupported ecdh.");
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(EncryptRequest encryptRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsKeyService", "Start to encrypt.", new Object[0]);
        a(encryptRequest);
        SecretKeySpec secretKeySpec = new SecretKeySpec(encryptRequest.getKey(), encryptRequest.getKeyAlgorithm().getAlgName());
        try {
            Cipher cipher = Cipher.getInstance(CipherAlgorithm.getCipherAlgValue(encryptRequest.getCipherAlgorithm().getAlgName()).getTransformation());
            cipher.init(1, secretKeySpec, new GCMParameterSpec(encryptRequest.getTagLen(), encryptRequest.getIv()));
            if (encryptRequest.getAad() != null) {
                cipher.updateAAD(encryptRequest.getAad());
            }
            return cipher.doFinal(encryptRequest.getData());
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            LogUcs.e("KmsKeyService", "Failed to encrypt, error: {0}.", e.getMessage());
            throw new UcsException(3009L, "encrypt data error, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(HmacRequest hmacRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsKeyService", "Start to hmac.", new Object[0]);
        if (!m.c.contains(hmacRequest.getSignAlgorithm().getAlgName())) {
            LogUcs.e("KmsKeyService", "hmac algorithm not support", new Object[0]);
            throw new UcsException(3008L, "hmac algorithm not support");
        }
        try {
            return com.huawei.wisesecurity.kfs.crypto.signer.c.a(SignAlgorithm.getSignAlgValue(hmacRequest.getSignAlgorithm().getAlgName()), new SecretKeySpec(hmacRequest.getKey(), hmacRequest.getSignAlgorithm().getAlgValue()), null).getSignHandler().from(hmacRequest.getData()).sign();
        } catch (o40 e) {
            LogUcs.e("KmsKeyService", "Failed to hmac error: {0}.", e.getMessage());
            throw new UcsException(3004L, "hmac error, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(SignDataRequest signDataRequest, Context context, String str) throws UcsException {
        LogUcs.i("KmsKeyService", "Start to sign.", new Object[0]);
        throw new UcsException(3001L, "Unsupported sign.");
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public byte[] a(String str, Context context, String str2) throws UcsException {
        LogUcs.i("KmsKeyService", "Start to getPublicKey.", new Object[0]);
        throw new UcsException(3001L, "Unsupported getPublicKey.");
    }

    @Override // com.huawei.wisesecurity.ucs_kms.m
    public void b(String str, Context context, String str2) throws UcsException {
        LogUcs.i("KmsKeyService", "Start to removeKey.", new Object[0]);
        throw new UcsException(3001L, "Unsupported removeKey.");
    }
}
