package bh;

import android.annotation.SuppressLint;
import com.google.android.gms.internal.ads.ti1;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreProvider;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsKeyStoreException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import fg.a;
import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: classes3.dex */
public final class x {

    /* renamed from: b, reason: collision with root package name */
    public static final x f11275b = new Object();

    /* renamed from: c, reason: collision with root package name */
    public static final Object f11276c = new Object();

    /* renamed from: d, reason: collision with root package name */
    public static ig.a f11277d;

    /* renamed from: a, reason: collision with root package name */
    public byte[] f11278a;

    @SuppressLint({"NewApi"})
    public final void a() throws UcsKeyStoreException {
        try {
            if (f11277d.e("ucs_aes_alias_rootKey")) {
                LogUcs.i("KeyStoreManager", "the alias exists", new Object[0]);
                return;
            }
            try {
                f11277d.a(new ig.c("ucs_aes_alias_rootKey", 256, KfsKeyPurpose.PURPOSE_CRYPTO));
            } catch (KfsException e12) {
                StringBuilder a12 = l.a("generateKeyPair failed, ");
                a12.append(e12.getMessage());
                LogUcs.e("KeyStoreManager", a12.toString(), new Object[0]);
                StringBuilder a13 = l.a("generateKeyPair failed , exception ");
                a13.append(e12.getMessage());
                throw new UcsKeyStoreException(a13.toString());
            }
        } catch (KfsException e13) {
            StringBuilder a14 = l.a("containsAlias failed, ");
            a14.append(e13.getMessage());
            LogUcs.e("KeyStoreManager", a14.toString(), new Object[0]);
            StringBuilder a15 = l.a("containsAlias failed , exception ");
            a15.append(e13.getMessage());
            throw new UcsKeyStoreException(a15.toString());
        }
    }

    public final byte[] b(byte[] bArr) throws UcsKeyStoreException {
        AlgorithmParameterSpec gCMParameterSpec;
        byte[] bArr2;
        synchronized (f11276c) {
            byte[] bArr3 = this.f11278a;
            if (bArr3 == null || bArr3.length <= 0) {
                throw new UcsKeyStoreException("iv must be set before AES decrypt");
            }
            try {
                KeyStoreProvider keyStoreProvider = f11277d.f49502b;
                CipherAlg.getPreferredAlg("AES");
                CipherAlg cipherAlg = CipherAlg.AES_GCM;
                Key d12 = f11277d.d();
                byte[] bArr4 = this.f11278a;
                int i12 = a.C0272a.f39850a[cipherAlg.ordinal()];
                if (i12 != 1) {
                    if (i12 != 2 && i12 != 3) {
                        throw new CryptoException("unsupported cipher alg");
                    }
                    gCMParameterSpec = new IvParameterSpec(com.google.gson.internal.a.b(bArr4));
                } else {
                    gCMParameterSpec = new GCMParameterSpec(128, com.google.gson.internal.a.b(bArr4));
                }
                if (d12 == null) {
                    throw new CryptoException("key | parameterSpec cannot be null");
                }
                ti1 ti1Var = new ti1(2);
                ti1Var.f25707c = cipherAlg;
                eg.b bVar = new eg.b(keyStoreProvider, d12, ti1Var, gCMParameterSpec);
                bVar.f39119c.f25706b = com.google.gson.internal.a.b(bArr);
                bArr2 = bVar.to();
            } catch (KfsException e12) {
                LogUcs.e("KeyStoreManager", "AES doDecrypt failed, " + e12.getMessage(), new Object[0]);
                throw new UcsKeyStoreException("AES doDecrypt failed , exception " + e12.getMessage());
            }
        }
        return bArr2;
    }

    public final byte[] c(byte[] bArr) throws UcsKeyStoreException {
        AlgorithmParameterSpec gCMParameterSpec;
        byte[] bArr2;
        synchronized (f11276c) {
            byte[] bArr3 = this.f11278a;
            if (bArr3 == null || bArr3.length <= 0) {
                throw new UcsKeyStoreException("iv must be set before AES encrypt");
            }
            try {
                KeyStoreProvider keyStoreProvider = f11277d.f49502b;
                CipherAlg.getPreferredAlg("AES");
                CipherAlg cipherAlg = CipherAlg.AES_GCM;
                Key d12 = f11277d.d();
                byte[] bArr4 = this.f11278a;
                int i12 = a.C0272a.f39850a[cipherAlg.ordinal()];
                if (i12 != 1) {
                    if (i12 != 2 && i12 != 3) {
                        throw new CryptoException("unsupported cipher alg");
                    }
                    gCMParameterSpec = new IvParameterSpec(com.google.gson.internal.a.b(bArr4));
                } else {
                    gCMParameterSpec = new GCMParameterSpec(128, com.google.gson.internal.a.b(bArr4));
                }
                if (d12 == null) {
                    throw new CryptoException("key | parameterSpec cannot be null");
                }
                ti1 ti1Var = new ti1(2);
                ti1Var.f25707c = cipherAlg;
                eg.c cVar = new eg.c(keyStoreProvider, d12, ti1Var, gCMParameterSpec);
                cVar.from(bArr);
                bArr2 = cVar.to();
            } catch (KfsException e12) {
                LogUcs.e("KeyStoreManager", "AES doEncrypt failed, " + e12.getMessage(), new Object[0]);
                throw new UcsKeyStoreException("AES doEncrypt failed , exception " + e12.getMessage());
            }
        }
        return bArr2;
    }
}
