package com.huawei.wisesecurity.ucs_credential;

import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.DefaultDecryptHandler;
import com.huawei.wisesecurity.kfs.crypto.cipher.DefaultEncryptHandler;
import com.huawei.wisesecurity.kfs.crypto.cipher.aes.AESCipher;
import com.huawei.wisesecurity.kfs.crypto.key.AESKeyStoreKeyManager;
import com.huawei.wisesecurity.kfs.crypto.key.KeyGenerateParam;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.util.ByteUtil;
import com.huawei.wisesecurity.ucs.common.exception.UcsKeyStoreException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import org.conscrypt.PSKKeyManager;

/* loaded from: classes2.dex */
public class m0 implements o0 {

    /* renamed from: b, reason: collision with root package name */
    public static final m0 f6759b = new Object();
    public static final Object c = new Object();
    public static AESKeyStoreKeyManager d;
    public byte[] a;

    public final void a() {
        try {
            if (d.e("ucs_aes_alias_rootKey")) {
                LogUcs.e("KeyStoreManager", "the alias exists", new Object[0]);
                return;
            }
            try {
                d.a(new KeyGenerateParam("ucs_aes_alias_rootKey", PSKKeyManager.MAX_KEY_LENGTH_BYTES, KfsKeyPurpose.PURPOSE_CRYPTO));
            } catch (KfsException e) {
                StringBuilder a = f.a("generateKeyPair failed, ");
                a.append(e.getMessage());
                LogUcs.b("KeyStoreManager", a.toString(), new Object[0]);
                StringBuilder a2 = f.a("generateKeyPair failed , exception ");
                a2.append(e.getMessage());
                throw new UcsKeyStoreException(a2.toString());
            }
        } catch (KfsException e2) {
            StringBuilder a3 = f.a("containsAlias failed, ");
            a3.append(e2.getMessage());
            LogUcs.b("KeyStoreManager", a3.toString(), new Object[0]);
            StringBuilder a4 = f.a("containsAlias failed , exception ");
            a4.append(e2.getMessage());
            throw new UcsKeyStoreException(a4.toString());
        }
    }

    public final byte[] b(byte[] bArr) {
        byte[] bArr2;
        synchronized (c) {
            try {
                byte[] bArr3 = this.a;
                if (bArr3 == null || bArr3.length <= 0) {
                    throw new UcsKeyStoreException("iv must be set before AES decrypt");
                }
                try {
                    AESCipher.Builder builder = new AESCipher.Builder(d.f6712b);
                    builder.a = CipherAlg.AES_GCM;
                    builder.f6707b = d.d();
                    builder.b(this.a);
                    DefaultDecryptHandler defaultDecryptHandler = (DefaultDecryptHandler) builder.a().getDecryptHandler();
                    defaultDecryptHandler.c.f6703b = ByteUtil.a(bArr);
                    bArr2 = defaultDecryptHandler.to();
                } catch (KfsException e) {
                    LogUcs.b("KeyStoreManager", "AES doDecrypt failed, " + e.getMessage(), new Object[0]);
                    throw new UcsKeyStoreException("AES doDecrypt failed , exception " + e.getMessage());
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        return bArr2;
    }

    public final byte[] c(byte[] bArr) {
        byte[] bArr2;
        synchronized (c) {
            try {
                byte[] bArr3 = this.a;
                if (bArr3 == null || bArr3.length <= 0) {
                    throw new UcsKeyStoreException("iv must be set before AES encrypt");
                }
                try {
                    AESCipher.Builder builder = new AESCipher.Builder(d.f6712b);
                    builder.a = CipherAlg.AES_GCM;
                    builder.f6707b = d.d();
                    builder.b(this.a);
                    DefaultEncryptHandler defaultEncryptHandler = (DefaultEncryptHandler) builder.a().getEncryptHandler();
                    defaultEncryptHandler.from(bArr);
                    bArr2 = defaultEncryptHandler.to();
                } catch (KfsException e) {
                    LogUcs.b("KeyStoreManager", "AES doEncrypt failed, " + e.getMessage(), new Object[0]);
                    throw new UcsKeyStoreException("AES doEncrypt failed , exception " + e.getMessage());
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        return bArr2;
    }
}
