package com.andes.crypto.scheme;

import android.text.TextUtils;
import androidx.annotation.Keep;
import androidx.annotation.NonNull;
import b0.a;
import b0.b;
import b0.c;
import b0.f;
import b0.g;
import com.andes.crypto.api.AndesCryptoKit;
import com.andes.crypto.engine.EngineAesGCMCipher;
import com.andes.crypto.engine.EngineFileCipher;
import com.andes.crypto.engine.EngineTransCipher;
import com.andes.crypto.entity.ConfigureEntity;
import com.andes.crypto.exception.AuthException;
import com.andes.crypto.exception.SeException;
import com.andes.crypto.proto.AndesCryptoKitProto;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;

@Keep
/* loaded from: classes.dex */
public final class ServiceBasedTEE implements AndesCryptoKit {
    private static final int CIPHER_MATERIAL_LENGTH = 425;
    private static final String TAG = "ServiceBasedTEE";
    private final String mPublicKey;

    public ServiceBasedTEE(ConfigureEntity configureEntity) throws AuthException {
        if (configureEntity.getEnvironmentType() == null) {
            c.b(TAG, "init", "environmentType is null!");
            throw new AuthException("environmentType is null!");
        }
        if (TextUtils.isEmpty(configureEntity.getPublicKey())) {
            c.b(TAG, "init", "public key is null!");
            throw new AuthException("public key is null!");
        }
        this.mPublicKey = configureEntity.getPublicKey();
        g.c();
    }

    private AndesCryptoKitProto.CipherMaterial createCipherMaterial(byte[] bArr, boolean z10) {
        byte[] bArr2;
        byte[] c10 = a.c(this.mPublicKey, bArr);
        if (c10 == null) {
            c.b(TAG, "createCipherMaterial", "encrypt key by rsa failed!");
            return null;
        }
        byte[] e3 = a.e(bArr);
        if (e3 == null) {
            byte[] b10 = g.c().b(bArr);
            if (b10 == null) {
                c.b(TAG, "createCipherMaterial", "encrypt key by se and keystore failed!");
                return null;
            }
            e3 = new byte[64];
            bArr2 = b10;
        } else {
            bArr2 = new byte[60];
        }
        return AndesCryptoKitProto.CipherMaterial.newBuilder().setIV(ByteString.copyFrom(a.b(16))).setPublickKeyCipherDEK(ByteString.copyFrom(c10)).setSha256DEK(ByteString.copyFrom(b.a(bArr))).setHmac(z10 ? 2 : 1).setSECipherDEK(ByteString.copyFrom(e3)).setTEECipherDEK(ByteString.copyFrom(bArr2)).build();
    }

    private AndesCryptoKitProto.CipherMaterial createGCMCipherMaterial(byte[] bArr) {
        byte[] c10 = a.c(this.mPublicKey, bArr);
        if (c10 == null) {
            c.b(TAG, "createGCMCipherMaterial", "encrypt key by rsa failed!");
            return null;
        }
        byte[] b10 = g.c().b(bArr);
        if (b10 != null) {
            return AndesCryptoKitProto.CipherMaterial.newBuilder().setPublickKeyCipherDEK(ByteString.copyFrom(c10)).setTEECipherDEK(ByteString.copyFrom(b10)).build();
        }
        c.b(TAG, "createGCMCipherMaterial", "encrypt key by keystore failed!");
        return null;
    }

    private byte[] decryptKey(@NonNull AndesCryptoKitProto.CipherMaterial cipherMaterial) throws SeException {
        return Arrays.equals(cipherMaterial.getSECipherDEK().toByteArray(), new byte[64]) ? g.c().a(cipherMaterial.getTEECipherDEK().toByteArray()) : a.d(cipherMaterial.getSECipherDEK().toByteArray(), cipherMaterial.getSha256DEK().toByteArray());
    }

    @Override // com.andes.crypto.api.AndesCryptoKit
    public EngineAesGCMCipher newEngineAesGCMCipher(byte[] bArr) throws InvalidProtocolBufferException {
        AndesCryptoKitProto.CipherMaterial parseFrom;
        if (bArr == null) {
            byte[] a10 = a.a();
            if (a10 == null) {
                c.b(TAG, "newEngineAesGCMCipher", "create key failed!");
                return null;
            }
            parseFrom = createGCMCipherMaterial(a10);
        } else {
            parseFrom = AndesCryptoKitProto.CipherMaterial.parseFrom(bArr);
        }
        if (parseFrom == null) {
            c.b(TAG, "newEngineAesGCMCipher", "cipher material is null!");
            return null;
        }
        byte[] a11 = g.c().a(parseFrom.getTEECipherDEK().toByteArray());
        if (a11 != null) {
            return new EngineAesGCMCipher(a11, parseFrom.toByteArray());
        }
        c.b(TAG, "newEngineAesGCMCipher", "decrypt key failed!");
        return null;
    }

    @Override // com.andes.crypto.api.AndesCryptoKit
    public EngineFileCipher newEngineFileCipher(int i10, byte[] bArr, InputStream inputStream, int i11) throws IOException, SeException {
        AndesCryptoKitProto.CipherMaterial parseFrom;
        if (i10 != 1) {
            if (bArr == null) {
                if (inputStream == null) {
                    c.b(TAG, "newEngineFileCipher", "inputStream and cipherMaterial are null!");
                    throw new IllegalArgumentException("at least one of the inputStream and cipherMaterial must not be null!");
                }
                byte[] bArr2 = new byte[425];
                f.a(inputStream, bArr2, 0, 425);
                bArr = bArr2;
            }
            parseFrom = AndesCryptoKitProto.CipherMaterial.parseFrom(bArr);
        } else if (bArr == null) {
            byte[] a10 = a.a();
            if (a10 == null) {
                c.b(TAG, "newEngineFileCipher", "create key failed!");
                return null;
            }
            parseFrom = createCipherMaterial(a10, false);
        } else {
            parseFrom = AndesCryptoKitProto.CipherMaterial.parseFrom(bArr).toBuilder().setIV(ByteString.copyFrom(a.b(16))).build();
        }
        if (parseFrom == null) {
            c.b(TAG, "newEngineFileCipher", "cipher material is null!");
            return null;
        }
        byte[] decryptKey = decryptKey(parseFrom);
        if (decryptKey != null) {
            return new EngineFileCipher(i10, parseFrom.toByteArray(), decryptKey, inputStream, i11);
        }
        c.b(TAG, "newEngineFileCipher", "decrypt key failed!");
        return null;
    }

    @Override // com.andes.crypto.api.AndesCryptoKit
    public EngineTransCipher newEngineTransCipher(int i10, byte[] bArr, InputStream inputStream, boolean z10) throws IOException, SeException {
        AndesCryptoKitProto.CipherMaterial parseFrom;
        if (i10 != 1) {
            if (bArr == null) {
                if (inputStream == null) {
                    c.b(TAG, "newEngineTransCipher", "inputStream and cipherMaterial are null!");
                    throw new IllegalArgumentException("at least one of the inputStream and cipherMaterial must not null!");
                }
                byte[] bArr2 = new byte[425];
                f.a(inputStream, bArr2, 0, 425);
                bArr = bArr2;
            }
            parseFrom = AndesCryptoKitProto.CipherMaterial.parseFrom(bArr);
        } else if (bArr == null) {
            byte[] a10 = a.a();
            if (a10 == null) {
                c.b(TAG, "newEngineTransCipher", "create key failed!");
                return null;
            }
            parseFrom = createCipherMaterial(a10, z10);
        } else {
            parseFrom = AndesCryptoKitProto.CipherMaterial.parseFrom(bArr).toBuilder().setIV(ByteString.copyFrom(a.b(16))).build();
        }
        if (parseFrom == null) {
            c.b(TAG, "newEngineTransCipher", "cipher material is null!");
            return null;
        }
        byte[] decryptKey = decryptKey(parseFrom);
        if (decryptKey == null) {
            c.b(TAG, "newEngineTransCipher", "decrypt key failed!");
            return null;
        }
        try {
            return new EngineTransCipher(i10, parseFrom.toByteArray(), decryptKey, parseFrom.getIV().toByteArray(), inputStream, z10);
        } catch (UnsupportedOperationException e3) {
            throw e3;
        } catch (Exception e10) {
            e10.printStackTrace();
            c.b(TAG, "newEngineTransCipher", "new Engine failed!");
            return null;
        }
    }
}
