package com.theminesec.minehadescore.KMS;

import com.theminesec.InternalAPI.IMhdKMS;
import com.theminesec.MineHades.Exceptions.MhdRuntimeException;
import com.theminesec.MineHades.KMS.DukptRequest;
import com.theminesec.MineHades.KMS.MsKeyProperties;
import com.theminesec.MineHades.MhdCrypto;
import com.theminesec.MineHades.MhdErrorCode;
import com.theminesec.minehadescore.Crypto.AesDukpt.AesDukptContext;
import com.theminesec.minehadescore.Crypto.AesDukpt.AesDukptKeyType;
import com.theminesec.minehadescore.Crypto.AesDukpt.AesDukptKeyUsage;
import com.theminesec.minehadescore.Crypto.AesDukpt.AesDukptUtils;
import com.theminesec.minehadescore.Crypto.MineSecBlockCipher;
import com.theminesec.minehadescore.Crypto.MineSecRSACipher;
import com.theminesec.minehadescore.Crypto.RSA.RSAGeneralUtils;
import com.theminesec.minehadescore.Crypto.TdesDukpt.TdesDukptContext;
import com.theminesec.minehadescore.Crypto.TdesDukpt.TdesDukptUtils;
import com.theminesec.minehadescore.Security.Storage.AlgorithmEnum;
import com.theminesec.minehadescore.Security.Storage.DataKey;
import com.theminesec.minehadescore.Security.Storage.DataStorage;
import com.theminesec.minehadescore.Security.Storage.KeyUsageEnum;
import com.theminesec.minehadescore.Utils.AesCmac;
import com.theminesec.minehadescore.Utils.BytesUtils;
import com.theminesec.minehadescore.Utils.TdesCmac;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import ulid.BaseEncodingBase64Encoding;
import ulid.getChecksum;

/* loaded from: classes3.dex */
public class MineHadesKMS implements IMhdKMS {
    private static final BaseEncodingBase64Encoding log = getChecksum.getAnimationAndSound(MineHadesKMS.class);
    private long CNT;
    private long KSN;

    private native int cDukpt_DelteKeyEntry(String str);

    private native int cDukpt_LoadInitialKey(String str, long j, byte[] bArr, byte[] bArr2, byte[] bArr3, String str2);

    private native int cDukpt_LoadInitialKeywithRSA(String str, long j, byte[] bArr);

    private native int cDukpt_RequestOperation(DukptRequest dukptRequest);

    private native int cMhdCrypto_AES_Cipher(String str, MhdCrypto mhdCrypto, int i);

    private native int cMhdCrypto_AES_SaveKey(String str, MhdCrypto mhdCrypto);

    private native int cMhdCrypto_AccountDataEncryption(MhdCrypto mhdCrypto);

    private native int cMhdCrypto_Delete(String str);

    private native byte[] cMhdCrypto_GetRandomNumber(int i);

    private native int cMhdCrypto_LoadMK(MhdCrypto mhdCrypto);

    private native int cMhdCrypto_RSA_Cipher(String str, MhdCrypto mhdCrypto, int i);

    private native int cMhdCrypto_Read_RSAKey(String str, MhdCrypto mhdCrypto, int i);

    private native int cMhdCrypto_Save_RSAKey(String str, MhdCrypto mhdCrypto, int i);

    private native int cMhdCrypto_exportRsaPKey(MhdCrypto mhdCrypto);

    private void setCNT(long j) {
        this.CNT = j;
    }

    private void setKSN(long j) {
        this.KSN = j;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int Dukpt_DelteKeyEntry(String str) {
        DataStorage.INSTANCE.deleteKey(str);
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int Dukpt_LoadInitialKey(String str, String str2, String str3) {
        DataStorage.INSTANCE.writeKey(str, CPoCKeyLoaderV2.INSTANCE.LoadKeyBlockByTR31(str3, str2, str));
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int Dukpt_LoadInitialKeywithRSA(String str, byte[] bArr, long j) {
        DataStorage.INSTANCE.writeKey(str, CPoCKeyLoaderV2.INSTANCE.loadDukptIpekWithRSA(str, bArr, "minesecsk", Long.toHexString(j), AlgorithmEnum.ALG_AES, KeyUsageEnum.KU_DUKPT_IPEK_KEY, 1));
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int Dukpt_RequestOperation(DukptRequest dukptRequest) {
        String keyAlias = dukptRequest.getKeyAlias();
        DataKey.KeyDataIpekV4 readDukptIPEK = DataStorage.INSTANCE.readDukptIPEK(keyAlias);
        if (readDukptIPEK == null) {
            return MhdErrorCode.MHD_KMS_KEY_READ_ERROR.getCode();
        }
        if (AlgorithmEnum.INSTANCE.fromKeyType(readDukptIPEK.getKey_type()) == AlgorithmEnum.ALG_AES) {
            AesDukptContext createAesDukptContext = MineSecDukptKeyUtils.INSTANCE.createAesDukptContext(readDukptIPEK);
            AesDukptKeyType aesDukptKeyType = AesDukptKeyType._AES128;
            if (readDukptIPEK.getKey_sizebits() == 128) {
                aesDukptKeyType = AesDukptKeyType._AES128;
            }
            if (readDukptIPEK.getKey_sizebits() == 192) {
                aesDukptKeyType = AesDukptKeyType._AES192;
            }
            if (readDukptIPEK.getKey_sizebits() == 256) {
                aesDukptKeyType = AesDukptKeyType._AES256;
            }
            byte[] generateWorkingKey = AesDukptUtils.INSTANCE.generateWorkingKey(createAesDukptContext, AesDukptKeyUsage._DataEncryptionBothWays, aesDukptKeyType);
            String initialKeyId = createAesDukptContext.getInitialKeyId();
            long encryptionCounter = createAesDukptContext.getEncryptionCounter();
            setKSN(Long.valueOf(initialKeyId, 16).longValue());
            dukptRequest.setKSN(Long.valueOf(initialKeyId, 16).longValue());
            setCNT(encryptionCounter);
            dukptRequest.setTransactionCount(encryptionCounter);
            Dukpt_RequestOperation(dukptRequest, new SecretKeySpec(generateWorkingKey, MsKeyProperties.ALGORITHM_AES));
            AesDukptUtils.INSTANCE.updateStateForNextTransaction(createAesDukptContext);
            DataStorage.INSTANCE.writeKey(keyAlias, MineSecDukptKeyUtils.INSTANCE.createAesDukptKeyBlock(createAesDukptContext, keyAlias));
            return 0;
        }
        if (AlgorithmEnum.INSTANCE.fromKeyType(readDukptIPEK.getKey_type()) != AlgorithmEnum.ALG_TDES) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), "DUKPT Key algorithm not supported. provided algorithm= " + AlgorithmEnum.INSTANCE.fromKeyType(readDukptIPEK.getKey_type()).name());
        }
        TdesDukptContext createTdesDukptContext = MineSecDukptKeyUtils.INSTANCE.createTdesDukptContext(readDukptIPEK);
        TdesDukptUtils.INSTANCE.workingKeyGeneration(createTdesDukptContext);
        byte[] dataEncryptionKeyRegister = createTdesDukptContext.getDataEncryptionKeyRegister();
        String initialKeySerialNumber = createTdesDukptContext.getInitialKeySerialNumber();
        long encryptionCounter2 = createTdesDukptContext.getEncryptionCounter();
        setKSN(Long.valueOf(initialKeySerialNumber, 16).longValue());
        dukptRequest.setKSN(Long.valueOf(initialKeySerialNumber, 16).longValue());
        setCNT(encryptionCounter2);
        dukptRequest.setTransactionCount(encryptionCounter2);
        Dukpt_RequestOperation(dukptRequest, new SecretKeySpec(dataEncryptionKeyRegister, "DESede"));
        TdesDukptUtils.INSTANCE.updateFutureKeys(createTdesDukptContext);
        DataStorage.INSTANCE.writeKey(keyAlias, MineSecDukptKeyUtils.INSTANCE.createTdesDukptKeyBlock(createTdesDukptContext, keyAlias));
        return 0;
    }

    public int Dukpt_RequestOperation(DukptRequest dukptRequest, SecretKey secretKey) {
        byte[] iv = dukptRequest.getIV();
        if (iv == null) {
            iv = new byte[16];
            MsSecureRandom.INSTANCE.getRandomNumbers(iv);
            dukptRequest.setIV(iv);
        }
        byte[] plaintextData = dukptRequest.getPlaintextData();
        if (secretKey.getAlgorithm().equalsIgnoreCase(MsKeyProperties.ALGORITHM_AES)) {
            byte[] aesCbcCipher = MineSecBlockKeyUtils.INSTANCE.aesCbcCipher(secretKey.getEncoded(), iv, plaintextData, 1);
            try {
                AesCmac aesCmac = new AesCmac();
                aesCmac.init(secretKey);
                dukptRequest.setCMAC(aesCmac.doFinal(plaintextData));
                dukptRequest.setCiphertextData(aesCbcCipher);
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException e) {
                throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_INCORRECT_ENCRYPT.getCode(), "CMAC operation fails " + e.getMessage());
            }
        }
        if (!secretKey.getAlgorithm().equalsIgnoreCase("DESede")) {
            return 0;
        }
        byte[] aesCbcCipher2 = MineSecBlockKeyUtils.INSTANCE.aesCbcCipher(secretKey.getEncoded(), iv, plaintextData, 1);
        dukptRequest.setCMAC(TdesCmac.INSTANCE.cmac(plaintextData, secretKey.getEncoded()));
        dukptRequest.setCiphertextData(aesCbcCipher2);
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_AES_Cipher(String str, MhdCrypto mhdCrypto, int i) {
        DataKey.KeyDataV3 readBlockKey = DataStorage.INSTANCE.readBlockKey(str);
        if (readBlockKey == null) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_STORAGE_ERR_KEY_NOTFOUND.getCode(), str + " key is not found. Please inject it first.");
        }
        if (readBlockKey.getAlgorithm() != AlgorithmEnum.ALG_AES) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), str + " key is not an AES key. it is for " + readBlockKey.getAlgorithm().name());
        }
        byte[] decode = Base64.getDecoder().decode(readBlockKey.getKey_value());
        byte[] iv = mhdCrypto.getIv();
        byte[] input = mhdCrypto.getInput();
        if (i != 1) {
            if (iv == null) {
                throw new MhdRuntimeException(MhdErrorCode.MHD_SDK_INVALID_PARAMETER.getCode(), "IV is required for AES CBC Decryption");
            }
            mhdCrypto.setOutput(MineSecBlockKeyUtils.INSTANCE.aesCbcCipher(decode, iv, input, 2));
            return 0;
        }
        if (iv == null) {
            iv = new byte[16];
            new SecureRandom().nextBytes(iv);
            mhdCrypto.setIv(iv);
        }
        mhdCrypto.setOutput(MineSecBlockKeyUtils.INSTANCE.aesCbcCipher(decode, iv, input, 1));
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_AES_SaveKey(String str, MhdCrypto mhdCrypto) {
        byte[] aESKey = mhdCrypto.getAESKey();
        if (aESKey == null) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_STORAGE_ERR_KEY_NOTFOUND.getCode(), "request.getAESKey() empty");
        }
        DataStorage.INSTANCE.writeKey(str, MineSecBlockKeyUtils.INSTANCE.createBlockKey(aESKey, AlgorithmEnum.ALG_AES, KeyUsageEnum.KU_KEY_GENERAL, str, "", ""));
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_AccountDataEncryption(MhdCrypto mhdCrypto) {
        DataKey readKey = DataStorage.INSTANCE.readKey("minesecmk");
        if (readKey == null) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_STORAGE_ERR_KEY_NOTFOUND.getCode(), "SDK MK key does not exist. please load MK first");
        }
        DataKey.KeyDataV3 transferBlockKey = MineSecBlockKeyUtils.INSTANCE.transferBlockKey(readKey);
        mhdCrypto.setOutput(MineSecBlockKeyUtils.INSTANCE.MineSecAesAccountDataEncryption(Base64.getDecoder().decode(transferBlockKey.getKey_value()), mhdCrypto.getInput()));
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_Delete(String str) {
        DataStorage.INSTANCE.deleteKey(str);
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public byte[] MhdCrypto_GetRandomNumber(int i) {
        return MsSecureRandom.INSTANCE.getRandomNumbers(i);
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_LoadMK(MhdCrypto mhdCrypto) {
        log.info("MhdCrypto_LoadMK invoke with " + BytesUtils.bytesToString(mhdCrypto.getInput()));
        CPoCKeyLoaderV2.INSTANCE.saveKeyBlock(CPoCKeyLoaderV2.INSTANCE.LoadSecretKeyWithRSA("minesecmk", mhdCrypto.getInput(), "minesecsk", "", AlgorithmEnum.ALG_AES, KeyUsageEnum.KU_KEY_ENCRYPTION_KEY, 1));
        return 0;
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_RSA_Cipher(String str, MhdCrypto mhdCrypto, int i) {
        DataKey readKey = DataStorage.INSTANCE.readKey(str);
        if (readKey == null) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_STORAGE_ERR_KEY_NOTFOUND.getCode(), str + " does not exist. please inject this key first");
        }
        Key readRsaKey = MineSecRSAKeyUtils.INSTANCE.readRsaKey(MineSecRSAKeyUtils.INSTANCE.transferRsaKeyBlock(readKey));
        if (i == 1 || i == 2) {
            mhdCrypto.setOutput(MineSecRSAKeyUtils.INSTANCE.rsaCipher(mhdCrypto.getInput(), readRsaKey, i == 1 ? 1 : 2));
            return 0;
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_INCORRECT_ENCRYPT.getCode(), "RSA cipher type=1(ENCRYPT),2(DECRYPT). unsupported type= " + i + " is provided");
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public byte[] MhdCrypto_RSA_Sign(String str, byte[] bArr, String str2) {
        try {
            return MineSecRSACipher.rsa_genSign_data(BytesUtils.fromString(str2), bArr, str);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public boolean MhdCrypto_RSA_VerifySignature(String str, byte[] bArr, String str2, String str3) {
        try {
            return MineSecRSACipher.rsa_verifySign_data(BytesUtils.fromString(str2), BytesUtils.fromString(str3), bArr, str);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_Read_RSAKey(String str, MhdCrypto mhdCrypto, int i) {
        log.info("MhdCrypto_Read_RSAKey is invoked");
        RSAPublicKey rSAPublicKey = (RSAPublicKey) DataStorage.INSTANCE.readRsaPublicKey(str);
        if (rSAPublicKey != null) {
            String bigInteger = rSAPublicKey.getPublicExponent().toString(16);
            String bigInteger2 = rSAPublicKey.getModulus().toString(16);
            mhdCrypto.setRsaE(bigInteger);
            mhdCrypto.setRsaN(bigInteger2);
            return 0;
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_STORAGE_ERR_KEY_NOTFOUND.getCode(), str + " Public Key is not found. Please check if this public key is injected");
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_Save_RSAKey(String str, MhdCrypto mhdCrypto, int i) {
        log.info("MhdCrypto_Save_RSAKey is called");
        try {
            if (i == 1) {
                String rsaE = mhdCrypto.getRsaE();
                mhdCrypto.getRsaD();
                DataStorage.INSTANCE.writeKey(str, MineSecRSAKeyUtils.INSTANCE.createRsaKeyBlock(KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, BytesUtils.fromString(mhdCrypto.getRsaN())), new BigInteger(1, BytesUtils.fromString(rsaE)))), str, KeyUsageEnum.KU_KEY_GENERAL));
                return 0;
            }
            if (i != 2) {
                throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_RSA_PARSEERROR.getCode(), "type is incorrect . publickey(type=1) privte key(type=2)");
            }
            String rsaD = mhdCrypto.getRsaD();
            String rsaN = mhdCrypto.getRsaN();
            DataStorage.INSTANCE.writeKey(str, MineSecRSAKeyUtils.INSTANCE.createRsaKeyBlock(RSAGeneralUtils.INSTANCE.getPrivateKey(rsaD, mhdCrypto.getRsaE(), rsaN), str, KeyUsageEnum.KU_KEY_GENERAL));
            return 0;
        } catch (NoSuchAlgorithmException e) {
            e = e;
            log.error("save rsa key fails ", e);
            throw new RuntimeException(e);
        } catch (InvalidKeySpecException e2) {
            e = e2;
            log.error("save rsa key fails ", e);
            throw new RuntimeException(e);
        }
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public byte[] MhdCrypto_TDES_Cipher(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        return MineSecBlockCipher.tdes_cbc_operation(bArr2, bArr3, bArr, i);
    }

    @Override // com.theminesec.InternalAPI.IMhdKMS
    public int MhdCrypto_exportRsaPKey(MhdCrypto mhdCrypto) {
        log.info("MhdCrypto_exportRsaPKey is invoked");
        DataKey readKey = DataStorage.INSTANCE.readKey(DataStorage.SDK_KEK_PUB);
        if (readKey == null) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_STORAGE_ERR_KEY_NOTFOUND.getCode(), "SDK KEK key does not exist. please clean data and register SDK");
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) MineSecRSAKeyUtils.INSTANCE.readRsaPublicKey(MineSecRSAKeyUtils.INSTANCE.transferRsaKeyBlock(readKey));
        String bigInteger = rSAPublicKey.getPublicExponent().toString(16);
        String bigInteger2 = rSAPublicKey.getModulus().toString(16);
        mhdCrypto.setRsaE(bigInteger);
        mhdCrypto.setRsaN(bigInteger2);
        return 0;
    }

    public long getCNT() {
        return this.CNT;
    }

    public long getKSN() {
        return this.KSN;
    }
}
