package com.huawei.wisesecurity.ucs.credential.crypto.cipher;

import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherText;
import com.huawei.wisesecurity.kfs.crypto.cipher.DecryptHandler;
import com.huawei.wisesecurity.kfs.crypto.cipher.DefaultDecryptHandler;
import com.huawei.wisesecurity.kfs.crypto.cipher.aes.AESCipher;
import com.huawei.wisesecurity.kfs.crypto.codec.Decoder;
import com.huawei.wisesecurity.kfs.crypto.codec.Encoder;
import com.huawei.wisesecurity.kfs.exception.CodecException;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import com.huawei.wisesecurity.kfs.util.ByteUtil;
import com.huawei.wisesecurity.ucs.common.exception.UcsCryptoException;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsParamException;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.SkDkEntity;
import com.huawei.wisesecurity.ucs_credential.a;
import com.huawei.wisesecurity.ucs_credential.u;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes3.dex */
public class CredentialDecryptHandler implements DecryptHandler {
    public CredentialCipherText cipherText;
    public Credential credential;
    public CredentialClient credentialClient;

    public CredentialDecryptHandler(Credential credential, CredentialCipherText credentialCipherText, CredentialClient credentialClient) {
        this.credential = credential;
        this.cipherText = credentialCipherText;
        this.credentialClient = credentialClient;
    }

    private void doDecrypt() throws UcsCryptoException {
        u uVar = new u();
        uVar.f32222a.put("apiName", "appAuth.decrypt");
        uVar.b();
        try {
            try {
                this.cipherText.checkParam(false);
                byte[] decryptSkDk = SkDkEntity.from(this.credential.getDataKeyBytes()).decryptSkDk(a.a(this.credential.getKekString()));
                AESCipher.Builder builder = new AESCipher.Builder();
                builder.f32206b = new SecretKeySpec(decryptSkDk, "AES");
                builder.f32205a = CipherAlg.AES_GCM;
                builder.b(this.cipherText.getIv());
                AESCipher a4 = builder.a();
                CipherText cipherText = new CipherText();
                cipherText.c = a4.f32202a;
                DefaultDecryptHandler defaultDecryptHandler = new DefaultDecryptHandler(a4.f32203b, cipherText, a4.c);
                cipherText.f32197b = ByteUtil.a(this.cipherText.getCipherBytes());
                this.cipherText.setPlainBytes(defaultDecryptHandler.a());
                uVar.e(0);
            } catch (CryptoException e3) {
                e = e3;
                String str = "Fail to decrypt, errorMessage : " + e.getMessage();
                uVar.e(1003);
                uVar.c(str);
                throw new UcsCryptoException(1003L, str);
            } catch (UcsParamException e4) {
                String str2 = "Fail to decrypt, errorMessage : " + e4.getMessage();
                uVar.e(1001);
                uVar.c(str2);
                throw new UcsCryptoException(1001L, str2);
            } catch (UcsException e5) {
                e = e5;
                String str3 = "Fail to decrypt, errorMessage : " + e.getMessage();
                uVar.e(1003);
                uVar.c(str3);
                throw new UcsCryptoException(1003L, str3);
            }
        } finally {
            this.credentialClient.reportLogs(uVar);
        }
    }

    private CredentialDecryptHandler from(String str, Decoder decoder) throws UcsCryptoException {
        try {
            from(decoder.b(str));
            return this;
        } catch (CodecException e3) {
            throw new UcsCryptoException(1003L, "Fail to decode cipher text: " + e3.getMessage());
        }
    }

    private String to(Encoder encoder) throws UcsCryptoException {
        try {
            return encoder.a(to());
        } catch (CodecException e3) {
            throw new UcsCryptoException(1003L, "Fail to encode plain text: " + e3.getMessage());
        }
    }

    public CredentialDecryptHandler from(byte[] bArr) throws UcsCryptoException {
        if (bArr == null) {
            throw new UcsCryptoException(1001L, "cipherBytes cannot null..");
        }
        this.cipherText.setCipherBytes(bArr);
        return this;
    }

    public CredentialDecryptHandler fromBase64(String str) throws UcsCryptoException {
        return from(str, Decoder.f32207a);
    }

    public CredentialDecryptHandler fromBase64Url(String str) throws UcsCryptoException {
        return from(str, Decoder.f32208b);
    }

    public CredentialDecryptHandler fromHex(String str) throws UcsCryptoException {
        return from(str, Decoder.c);
    }

    public byte[] to() throws UcsCryptoException {
        doDecrypt();
        return this.cipherText.getPlainBytes();
    }

    public String toBase64() throws UcsCryptoException {
        return to(Encoder.f32209a);
    }

    public String toHex() throws UcsCryptoException {
        return to(Encoder.c);
    }

    public String toRawString() throws UcsCryptoException {
        return to(Encoder.d);
    }
}
