package com.theminesec.minehadescore.KMS;

import ch.qos.logback.core.joran.action.Action;
import com.theminesec.MineHades.Crypto.CryptoAlg;
import com.theminesec.MineHades.Crypto.KeyUsage;
import com.theminesec.MineHades.Crypto.MineSecKey;
import com.theminesec.MineHades.Exceptions.MhdRuntimeException;
import com.theminesec.MineHades.MhdErrorCode;
import com.theminesec.minehadescore.Crypto.AesDukpt.AesDukptUtils;
import com.theminesec.minehadescore.Crypto.RSA.RSAGeneralUtils;
import com.theminesec.minehadescore.Crypto.TdesDukpt.TdesDukptUtils;
import com.theminesec.minehadescore.Crypto.Tr31.OptionBlock;
import com.theminesec.minehadescore.Crypto.Tr31.TR31UnwrappedPacket;
import com.theminesec.minehadescore.Crypto.Tr31.Tr31KeyParser;
import com.theminesec.minehadescore.Security.Storage.AlgorithmEnum;
import com.theminesec.minehadescore.Security.Storage.DataKey;
import com.theminesec.minehadescore.Security.Storage.DataStorage;
import com.theminesec.minehadescore.Security.Storage.KeyEncodedEnum;
import com.theminesec.minehadescore.Security.Storage.KeyTypeEnum;
import com.theminesec.minehadescore.Security.Storage.KeyUsageEnum;
import java.security.PrivateKey;
import java.util.Base64;
import java.util.Iterator;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import org.json.JSONObject;
import ulid.BaseEncodingBase64Encoding;
import ulid.getChecksum;

@Metadata(d1 = {"\u0000R\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\b\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bJ0\u0010\u0006\u001a\u00020\u00072\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\b\b\u0002\u0010\u0012\u001a\u00020\u000bJ.\u0010\u0013\u001a\u00020\u00142\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\u000e\u001a\u00020\u00152\u0006\u0010\u0010\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u000bJ\u0016\u0010\u0018\u001a\u00020\u00192\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bJ\u0016\u0010\u001a\u001a\u00020\r2\u0006\u0010\u001b\u001a\u00020\r2\u0006\u0010\u001c\u001a\u00020\u000bJ\u0016\u0010\u001d\u001a\u00020\r2\u0006\u0010\u001b\u001a\u00020\r2\u0006\u0010\u001c\u001a\u00020\u000bJ\u0016\u0010\u001e\u001a\u00020\t2\u0006\u0010\u001f\u001a\u00020\u000b2\u0006\u0010 \u001a\u00020\u000bR\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006!"}, d2 = {"Lcom/theminesec/minehadescore/KMS/MineSecKeyUtils;", "", "()V", "logger", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "createBlockKeyOrDukptIpek", "Lcom/theminesec/minehadescore/Security/Storage/DataKey;", "tR31UnwrappedPacket", "Lcom/theminesec/minehadescore/Crypto/Tr31/TR31UnwrappedPacket;", "keyName", "", Action.KEY_ATTRIBUTE, "", "keyUsage", "Lcom/theminesec/MineHades/Crypto/KeyUsage;", "algorithm", "Lcom/theminesec/MineHades/Crypto/CryptoAlg;", "keyId", "createDukptIpek", "Lcom/theminesec/minehadescore/Security/Storage/DataKey$KeyDataIpekV4;", "Lcom/theminesec/minehadescore/Security/Storage/KeyUsageEnum;", "Lcom/theminesec/minehadescore/Security/Storage/AlgorithmEnum;", "initialKeyId", "createMineSecKeyWithoutExpendingIPEK", "Lcom/theminesec/MineHades/Crypto/MineSecKey;", "unwrapRsaOAEPKeyBlock", "pkcs", "kekName", "unwrapRsaPKCSv1KeyBlock", "unwrapTR31KeyBlock", "keyBlock", "kbpkName", "minehades-1.10.105.12.22_liveRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class MineSecKeyUtils {
    public static final MineSecKeyUtils INSTANCE;
    private static final BaseEncodingBase64Encoding logger;

    static {
        MineSecKeyUtils mineSecKeyUtils = new MineSecKeyUtils();
        INSTANCE = mineSecKeyUtils;
        logger = getChecksum.getAnimationAndSound(mineSecKeyUtils.getClass());
    }

    private MineSecKeyUtils() {
    }

    public static /* synthetic */ DataKey createBlockKeyOrDukptIpek$default(MineSecKeyUtils mineSecKeyUtils, byte[] bArr, String str, KeyUsage keyUsage, CryptoAlg cryptoAlg, String str2, int i, Object obj) {
        if ((i & 16) != 0) {
            str2 = "";
        }
        return mineSecKeyUtils.createBlockKeyOrDukptIpek(bArr, str, keyUsage, cryptoAlg, str2);
    }

    public final DataKey createBlockKeyOrDukptIpek(TR31UnwrappedPacket tR31UnwrappedPacket, String keyName) {
        Object obj;
        String str;
        DataKey.KeyDataV3 createBlockKey;
        Intrinsics.checkNotNullParameter(tR31UnwrappedPacket, "tR31UnwrappedPacket");
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        KeyUsageEnum Tr31KeyUsageToKeyUsageEnum = KeyUsageEnum.INSTANCE.Tr31KeyUsageToKeyUsageEnum(tR31UnwrappedPacket.getHeader().getKeyUsage());
        AlgorithmEnum Tr31AlgorithmToAlgorithmEnum = AlgorithmEnum.INSTANCE.Tr31AlgorithmToAlgorithmEnum(tR31UnwrappedPacket.getHeader().getAlgorithm());
        Iterator<T> it = tR31UnwrappedPacket.getHeader().getOptionBlocks().iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            OptionBlock optionBlock = (OptionBlock) obj;
            if (Intrinsics.areEqual(optionBlock.getOptionId(), "IK") | Intrinsics.areEqual(optionBlock.getOptionId(), "KS")) {
                break;
            }
        }
        OptionBlock optionBlock2 = (OptionBlock) obj;
        if (optionBlock2 == null || (str = optionBlock2.getValue()) == null) {
            str = "";
        }
        String str2 = str;
        if (Tr31KeyUsageToKeyUsageEnum != KeyUsageEnum.KU_DUKPT_IPEK_KEY) {
            createBlockKey = MineSecBlockKeyUtils.INSTANCE.createBlockKey(tR31UnwrappedPacket.getKey(), Tr31AlgorithmToAlgorithmEnum, Tr31KeyUsageToKeyUsageEnum, keyName, (r16 & 16) != 0 ? "" : str2, (r16 & 32) != 0 ? "" : null);
            return createBlockKey;
        }
        if (str2.length() != 0) {
            return Tr31AlgorithmToAlgorithmEnum == AlgorithmEnum.ALG_AES ? MineSecDukptKeyUtils.INSTANCE.createAesDukptKeyBlock(AesDukptUtils.INSTANCE.loadInitialKey(tR31UnwrappedPacket.getKey(), str2), keyName) : MineSecDukptKeyUtils.INSTANCE.createTdesDukptKeyBlock(TdesDukptUtils.INSTANCE.loadInitialKey(tR31UnwrappedPacket.getKey(), str2), keyName);
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_NOTSUPPORTED_TR31.getCode(), "missing IK or KS option header in Initial DUKPT key block");
    }

    public final DataKey createBlockKeyOrDukptIpek(byte[] key, String keyName, KeyUsage keyUsage, CryptoAlg algorithm, String keyId) {
        DataKey.KeyDataV3 createBlockKey;
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        Intrinsics.checkNotNullParameter(keyUsage, "keyUsage");
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        KeyUsageEnum MineHadesKeyUsageToKeyUsageEnum = KeyUsageEnum.INSTANCE.MineHadesKeyUsageToKeyUsageEnum(keyUsage);
        AlgorithmEnum CryptoAlgToAlgorithmEnum = AlgorithmEnum.INSTANCE.CryptoAlgToAlgorithmEnum(algorithm);
        if (MineHadesKeyUsageToKeyUsageEnum == KeyUsageEnum.KU_DUKPT_IPEK_KEY && CryptoAlgToAlgorithmEnum == AlgorithmEnum.ALG_AES) {
            return MineSecDukptKeyUtils.INSTANCE.createAesDukptKeyBlock(AesDukptUtils.INSTANCE.loadInitialKey(key, keyId), keyName);
        }
        if (MineHadesKeyUsageToKeyUsageEnum == KeyUsageEnum.KU_DUKPT_IPEK_KEY && CryptoAlgToAlgorithmEnum == AlgorithmEnum.ALG_TDES) {
            return MineSecDukptKeyUtils.INSTANCE.createTdesDukptKeyBlock(TdesDukptUtils.INSTANCE.loadInitialKey(key, keyId), keyName);
        }
        if (MineHadesKeyUsageToKeyUsageEnum != KeyUsageEnum.KU_DUKPT_IPEK_KEY && CollectionsKt.listOf((Object[]) new AlgorithmEnum[]{AlgorithmEnum.ALG_AES, AlgorithmEnum.ALG_TDES, AlgorithmEnum.ALG_HMAC, AlgorithmEnum.ALG_CMAC}).contains(CryptoAlgToAlgorithmEnum)) {
            createBlockKey = MineSecBlockKeyUtils.INSTANCE.createBlockKey(key, CryptoAlgToAlgorithmEnum, MineHadesKeyUsageToKeyUsageEnum, keyName, (r16 & 16) != 0 ? "" : keyId, (r16 & 32) != 0 ? "" : null);
            return createBlockKey;
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), "the key is not accepted key usage " + MineHadesKeyUsageToKeyUsageEnum + ", algorithm " + CryptoAlgToAlgorithmEnum);
    }

    public final DataKey.KeyDataIpekV4 createDukptIpek(byte[] key, String keyName, KeyUsageEnum keyUsage, AlgorithmEnum algorithm, String initialKeyId) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        Intrinsics.checkNotNullParameter(keyUsage, "keyUsage");
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(initialKeyId, "initialKeyId");
        if (keyUsage == KeyUsageEnum.KU_DUKPT_IPEK_KEY && algorithm == AlgorithmEnum.ALG_AES) {
            return MineSecDukptKeyUtils.INSTANCE.createAesDukptKeyBlock(AesDukptUtils.INSTANCE.loadInitialKey(key, initialKeyId), keyName);
        }
        if (keyUsage == KeyUsageEnum.KU_DUKPT_IPEK_KEY && algorithm == AlgorithmEnum.ALG_TDES) {
            return MineSecDukptKeyUtils.INSTANCE.createTdesDukptKeyBlock(TdesDukptUtils.INSTANCE.loadInitialKey(key, initialKeyId), keyName);
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), "the key is not accepted key usage " + keyUsage + ", algorithm " + algorithm);
    }

    public final MineSecKey createMineSecKeyWithoutExpendingIPEK(TR31UnwrappedPacket tR31UnwrappedPacket, String keyName) {
        Object obj;
        String str;
        Intrinsics.checkNotNullParameter(tR31UnwrappedPacket, "tR31UnwrappedPacket");
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        KeyUsageEnum Tr31KeyUsageToKeyUsageEnum = KeyUsageEnum.INSTANCE.Tr31KeyUsageToKeyUsageEnum(tR31UnwrappedPacket.getHeader().getKeyUsage());
        AlgorithmEnum Tr31AlgorithmToAlgorithmEnum = AlgorithmEnum.INSTANCE.Tr31AlgorithmToAlgorithmEnum(tR31UnwrappedPacket.getHeader().getAlgorithm());
        Iterator<T> it = tR31UnwrappedPacket.getHeader().getOptionBlocks().iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            OptionBlock optionBlock = (OptionBlock) obj;
            if (Intrinsics.areEqual(optionBlock.getOptionId(), "IK") | Intrinsics.areEqual(optionBlock.getOptionId(), "KS")) {
                break;
            }
        }
        OptionBlock optionBlock2 = (OptionBlock) obj;
        String str2 = "";
        if (optionBlock2 == null || (str = optionBlock2.getValue()) == null) {
            str = "";
        }
        if (str.length() > 0) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("IK", str);
            str2 = jSONObject.toString();
        }
        String str3 = str2;
        Intrinsics.checkNotNull(str3);
        int length = tR31UnwrappedPacket.getKey().length * 8;
        KeyTypeEnum fromKeySizeAndAlgorithm$default = KeyTypeEnum.Companion.fromKeySizeAndAlgorithm$default(KeyTypeEnum.INSTANCE, length, Tr31AlgorithmToAlgorithmEnum, false, 4, null);
        KeyEncodedEnum keyEncodedEnum = KeyEncodedEnum.KEY_ENCODE_B64;
        String kcv = MineSecBlockKeyUtils.INSTANCE.kcv(tR31UnwrappedPacket.getKey(), fromKeySizeAndAlgorithm$default);
        String encodeToString = Base64.getEncoder().encodeToString(tR31UnwrappedPacket.getKey());
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(...)");
        return new DataKey.KeyDataV3(fromKeySizeAndAlgorithm$default, 3, Tr31KeyUsageToKeyUsageEnum, keyEncodedEnum, length, keyName, str, kcv, encodeToString, str3).toMineSecKey();
    }

    public final byte[] unwrapRsaOAEPKeyBlock(byte[] pkcs, String kekName) {
        Intrinsics.checkNotNullParameter(pkcs, "pkcs");
        Intrinsics.checkNotNullParameter(kekName, "kekName");
        PrivateKey readRsaPrivateKey = DataStorage.INSTANCE.readRsaPrivateKey(kekName);
        if (readRsaPrivateKey != null) {
            return RSAGeneralUtils.INSTANCE.rsaOaepSha256Mgf1Sha256Crypt(pkcs, 2, readRsaPrivateKey);
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_READ_ERROR.getCode(), "read key " + kekName + " fails");
    }

    public final byte[] unwrapRsaPKCSv1KeyBlock(byte[] pkcs, String kekName) {
        Intrinsics.checkNotNullParameter(pkcs, "pkcs");
        Intrinsics.checkNotNullParameter(kekName, "kekName");
        PrivateKey readRsaPrivateKey = DataStorage.INSTANCE.readRsaPrivateKey(kekName);
        if (readRsaPrivateKey != null) {
            return RSAGeneralUtils.INSTANCE.rsaPkcs1Crypt(pkcs, 2, readRsaPrivateKey);
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_READ_ERROR.getCode(), "read key " + kekName + " fails");
    }

    public final TR31UnwrappedPacket unwrapTR31KeyBlock(String keyBlock, String kbpkName) {
        DataKey.KeyDataV3 transferBlockKey;
        Intrinsics.checkNotNullParameter(keyBlock, "keyBlock");
        Intrinsics.checkNotNullParameter(kbpkName, "kbpkName");
        DataKey readKey = DataStorage.INSTANCE.readKey(kbpkName);
        if (readKey == null || (transferBlockKey = MineSecBlockKeyUtils.INSTANCE.transferBlockKey(readKey)) == null) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_READ_ERROR.getCode(), "KBPK " + kbpkName + " read fails");
        }
        if (CollectionsKt.listOf((Object[]) new KeyTypeEnum[]{KeyTypeEnum.KEY_TYPE_RSA_SK, KeyTypeEnum.KEY_TYPE_RSA_PK}).contains(transferBlockKey.getKey_type())) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), kbpkName + " key type (" + transferBlockKey.getKey_type() + " can not be used for TR31");
        }
        if (transferBlockKey.getKey_usage() == KeyUsageEnum.KU_KEY_ENCRYPTION_KEY) {
            return Tr31KeyParser.INSTANCE.parseTr31(keyBlock, MineSecBlockKeyUtils.INSTANCE.getKeyByteArray(transferBlockKey.getKey_encoded().getIntValue(), transferBlockKey.getKey_value()));
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), kbpkName + " key usage (" + transferBlockKey.getKey_usage() + " error. it expects " + KeyUsageEnum.KU_KEY_ENCRYPTION_KEY);
    }
}
