package com.theminesec.minehadescore.KMS;

import ch.qos.logback.core.joran.action.Action;
import com.theminesec.MineHades.Crypto.CryptoAlg;
import com.theminesec.MineHades.Crypto.KeyUsage;
import com.theminesec.MineHades.Crypto.MineSecKey;
import com.theminesec.MineHades.Exceptions.MhdRuntimeException;
import com.theminesec.MineHades.KMS.MsKeyProperties;
import com.theminesec.MineHades.MhdErrorCode;
import com.theminesec.minehadescore.Crypto.AesDukpt.AesDukptContext;
import com.theminesec.minehadescore.Crypto.AesDukpt.AesDukptUtils;
import com.theminesec.minehadescore.Crypto.TdesDukpt.TdesDukptContext;
import com.theminesec.minehadescore.Crypto.TdesDukpt.TdesDukptUtils;
import com.theminesec.minehadescore.Security.Storage.AlgorithmEnum;
import com.theminesec.minehadescore.Security.Storage.DataKey;
import com.theminesec.minehadescore.Security.Storage.DataStorage;
import com.theminesec.minehadescore.Security.Storage.KeyTypeEnum;
import com.theminesec.minehadescore.Security.Storage.KeyUsageEnum;
import java.util.Locale;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.HexExtensionsKt;
import kotlin.text.HexFormat;
import kotlin.text.StringsKt;
import org.json.JSONObject;

@Metadata(d1 = {"\u0000\\\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J.\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\u00062\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rJ\u001e\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00062\u0006\u0010\u0011\u001a\u00020\u00062\u0006\u0010\u0012\u001a\u00020\u0006J>\u0010\u0013\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00062\u0006\u0010\u0017\u001a\u00020\u00062\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\u001a\u001a\u00020\u001bJ\u000e\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u0007\u001a\u00020\u0006J\u000e\u0010\u001e\u001a\u00020\u001f2\u0006\u0010\u0005\u001a\u00020\u0006J>\u0010 \u001a\u00020\u001d2\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00062\u0006\u0010!\u001a\u00020\u00062\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\u001a\u001a\u00020\u001bJ\u000e\u0010\"\u001a\u00020\u001f2\u0006\u0010#\u001a\u00020$J\u000e\u0010\"\u001a\u00020\u001f2\u0006\u0010#\u001a\u00020\u0004¨\u0006%"}, d2 = {"Lcom/theminesec/minehadescore/KMS/CPoCKeyLoaderV2;", "", "()V", "DeriveWorkingKeys", "Lcom/theminesec/minehadescore/Security/Storage/DataKey$KeyDataV3;", "keyAlias", "", "iKeyAlias", "keyUsage", "Lcom/theminesec/minehadescore/Security/Storage/KeyUsageEnum;", "workingKeyType", "Lcom/theminesec/minehadescore/Security/Storage/KeyTypeEnum;", "update", "", "LoadKeyBlockByTR31", "Lcom/theminesec/minehadescore/Security/Storage/DataKey;", "tr31Packet", "kekName", "keyName", "LoadSecretKeyWithRSA", "encoded", "", "wrappingKeyAlias", "keyId", "algorithmEnum", "Lcom/theminesec/minehadescore/Security/Storage/AlgorithmEnum;", "wrapMode", "", "UpdateInitalKeyCounter", "Lcom/theminesec/minehadescore/Security/Storage/DataKey$KeyDataIpekV4;", "deleteKey", "", "loadDukptIpekWithRSA", "initialKeyId", "saveKeyBlock", Action.KEY_ATTRIBUTE, "Lcom/theminesec/MineHades/Crypto/MineSecKey;", "minehades-1.10.105.12.22_liveRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class CPoCKeyLoaderV2 {
    public static final CPoCKeyLoaderV2 INSTANCE = new CPoCKeyLoaderV2();

    private CPoCKeyLoaderV2() {
    }

    public final DataKey.KeyDataV3 DeriveWorkingKeys(String keyAlias, String iKeyAlias, KeyUsageEnum keyUsage, KeyTypeEnum workingKeyType, boolean update) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(iKeyAlias, "iKeyAlias");
        Intrinsics.checkNotNullParameter(keyUsage, "keyUsage");
        Intrinsics.checkNotNullParameter(workingKeyType, "workingKeyType");
        DataKey.KeyDataIpekV4 readDukptIPEK = DataStorage.INSTANCE.readDukptIPEK(iKeyAlias);
        if (readDukptIPEK == null) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_STORAGE_ERR_KEY_NOTFOUND.getCode(), iKeyAlias + " IPEK is not found");
        }
        if (readDukptIPEK.getAlgorithm() == AlgorithmEnum.ALG_AES) {
            AesDukptContext createAesDukptContext = MineSecDukptKeyUtils.INSTANCE.createAesDukptContext(readDukptIPEK);
            byte[] generateWorkingKey = AesDukptUtils.INSTANCE.generateWorkingKey(createAesDukptContext, KeyUsageEnum.INSTANCE.KeyUsageEnumToAesDukptKeyUsage(keyUsage), KeyTypeEnum.INSTANCE.toAesDukptKeyType(workingKeyType));
            String str = createAesDukptContext.getInitialKeyId() + StringsKt.padStart(HexExtensionsKt.toHexString$default(createAesDukptContext.getEncryptionCounter(), (HexFormat) null, 1, (Object) null), 8, '0');
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("IK", createAesDukptContext.getInitialKeyId());
            jSONObject.put("KSN", str);
            MineSecBlockKeyUtils mineSecBlockKeyUtils = MineSecBlockKeyUtils.INSTANCE;
            AlgorithmEnum algorithmEnum = AlgorithmEnum.ALG_AES;
            String jSONObject2 = jSONObject.toString();
            Intrinsics.checkNotNullExpressionValue(jSONObject2, "toString(...)");
            DataKey.KeyDataV3 createBlockKey = mineSecBlockKeyUtils.createBlockKey(generateWorkingKey, algorithmEnum, keyUsage, keyAlias, str, jSONObject2);
            DataStorage.INSTANCE.writeKey(keyAlias, createBlockKey);
            if (update) {
                AesDukptUtils.INSTANCE.updateStateForNextTransaction(createAesDukptContext);
                DataStorage.INSTANCE.writeKey(iKeyAlias, MineSecDukptKeyUtils.INSTANCE.createAesDukptKeyBlock(createAesDukptContext, iKeyAlias));
            }
            return createBlockKey;
        }
        if (readDukptIPEK.getAlgorithm() != AlgorithmEnum.ALG_TDES) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), "key deprivation only supports AES/TDES. unsupported algorithm " + readDukptIPEK.getAlgorithm());
        }
        TdesDukptContext createTdesDukptContext = MineSecDukptKeyUtils.INSTANCE.createTdesDukptContext(readDukptIPEK);
        TdesDukptUtils.INSTANCE.workingKeyGeneration(createTdesDukptContext);
        JSONObject jSONObject3 = new JSONObject();
        jSONObject3.put("IK", createTdesDukptContext.getInitialKeySerialNumber());
        jSONObject3.put("KSN", createTdesDukptContext.getCurrentKeySerialNumber());
        String currentKeySerialNumber = createTdesDukptContext.getCurrentKeySerialNumber();
        byte[] bArr = keyUsage == KeyUsageEnum.KU_PIN_ENCRYPTION ? (byte[]) createTdesDukptContext.getPinKeyRegister().clone() : (byte[]) createTdesDukptContext.getDataEncryptionKeyRegister().clone();
        MineSecBlockKeyUtils mineSecBlockKeyUtils2 = MineSecBlockKeyUtils.INSTANCE;
        AlgorithmEnum algorithmEnum2 = AlgorithmEnum.ALG_TDES;
        String jSONObject4 = jSONObject3.toString();
        Intrinsics.checkNotNullExpressionValue(jSONObject4, "toString(...)");
        DataKey.KeyDataV3 createBlockKey2 = mineSecBlockKeyUtils2.createBlockKey(bArr, algorithmEnum2, keyUsage, keyAlias, currentKeySerialNumber, jSONObject4);
        DataStorage.INSTANCE.writeKey(keyAlias, createBlockKey2);
        if (update) {
            TdesDukptUtils.INSTANCE.updateFutureKeys(createTdesDukptContext);
            DataStorage.INSTANCE.writeKey(iKeyAlias, MineSecDukptKeyUtils.INSTANCE.createTdesDukptKeyBlock(createTdesDukptContext, iKeyAlias));
        }
        return createBlockKey2;
    }

    public final DataKey LoadKeyBlockByTR31(String tr31Packet, String kekName, String keyName) {
        Intrinsics.checkNotNullParameter(tr31Packet, "tr31Packet");
        Intrinsics.checkNotNullParameter(kekName, "kekName");
        Intrinsics.checkNotNullParameter(keyName, "keyName");
        return MineSecKeyUtils.INSTANCE.createBlockKeyOrDukptIpek(MineSecKeyUtils.INSTANCE.unwrapTR31KeyBlock(tr31Packet, kekName), keyName);
    }

    public final DataKey.KeyDataV3 LoadSecretKeyWithRSA(String keyAlias, byte[] encoded, String wrappingKeyAlias, String keyId, AlgorithmEnum algorithmEnum, KeyUsageEnum keyUsage, int wrapMode) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(encoded, "encoded");
        Intrinsics.checkNotNullParameter(wrappingKeyAlias, "wrappingKeyAlias");
        Intrinsics.checkNotNullParameter(keyId, "keyId");
        Intrinsics.checkNotNullParameter(algorithmEnum, "algorithmEnum");
        Intrinsics.checkNotNullParameter(keyUsage, "keyUsage");
        return MineSecBlockKeyUtils.createBlockKey$default(MineSecBlockKeyUtils.INSTANCE, wrapMode == 1 ? MineSecKeyUtils.INSTANCE.unwrapRsaPKCSv1KeyBlock(encoded, wrappingKeyAlias) : MineSecKeyUtils.INSTANCE.unwrapRsaOAEPKeyBlock(encoded, wrappingKeyAlias), algorithmEnum, keyUsage, keyAlias, keyId, null, 32, null);
    }

    public final DataKey.KeyDataIpekV4 UpdateInitalKeyCounter(String iKeyAlias) {
        Intrinsics.checkNotNullParameter(iKeyAlias, "iKeyAlias");
        DataKey.KeyDataIpekV4 readDukptIPEK = DataStorage.INSTANCE.readDukptIPEK(iKeyAlias);
        if (readDukptIPEK == null) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_STORAGE_ERR_KEY_NOTFOUND.getCode(), iKeyAlias + " IPEK is not found");
        }
        if (readDukptIPEK.getAlgorithm() == AlgorithmEnum.ALG_AES) {
            AesDukptContext createAesDukptContext = MineSecDukptKeyUtils.INSTANCE.createAesDukptContext(readDukptIPEK);
            AesDukptUtils.INSTANCE.updateStateForNextTransaction(createAesDukptContext);
            DataKey.KeyDataIpekV4 createAesDukptKeyBlock = MineSecDukptKeyUtils.INSTANCE.createAesDukptKeyBlock(createAesDukptContext, iKeyAlias);
            DataStorage.INSTANCE.writeKey(iKeyAlias, createAesDukptKeyBlock);
            return createAesDukptKeyBlock;
        }
        if (readDukptIPEK.getAlgorithm() != AlgorithmEnum.ALG_TDES) {
            throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), "key deprivation only supports AES/TDES. unsupported algorithm " + readDukptIPEK.getAlgorithm());
        }
        TdesDukptContext createTdesDukptContext = MineSecDukptKeyUtils.INSTANCE.createTdesDukptContext(readDukptIPEK);
        TdesDukptUtils.INSTANCE.updateFutureKeys(createTdesDukptContext);
        TdesDukptUtils.INSTANCE.workingKeyGeneration(createTdesDukptContext);
        DataKey.KeyDataIpekV4 createTdesDukptKeyBlock = MineSecDukptKeyUtils.INSTANCE.createTdesDukptKeyBlock(createTdesDukptContext, iKeyAlias);
        DataStorage.INSTANCE.writeKey(iKeyAlias, createTdesDukptKeyBlock);
        return createTdesDukptKeyBlock;
    }

    public final void deleteKey(String keyAlias) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        DataStorage.INSTANCE.deleteKey(keyAlias);
    }

    public final DataKey.KeyDataIpekV4 loadDukptIpekWithRSA(String keyAlias, byte[] encoded, String wrappingKeyAlias, String initialKeyId, AlgorithmEnum algorithmEnum, KeyUsageEnum keyUsage, int wrapMode) {
        Intrinsics.checkNotNullParameter(keyAlias, "keyAlias");
        Intrinsics.checkNotNullParameter(encoded, "encoded");
        Intrinsics.checkNotNullParameter(wrappingKeyAlias, "wrappingKeyAlias");
        Intrinsics.checkNotNullParameter(initialKeyId, "initialKeyId");
        Intrinsics.checkNotNullParameter(algorithmEnum, "algorithmEnum");
        Intrinsics.checkNotNullParameter(keyUsage, "keyUsage");
        return MineSecKeyUtils.INSTANCE.createDukptIpek(wrapMode == 1 ? MineSecKeyUtils.INSTANCE.unwrapRsaPKCSv1KeyBlock(encoded, wrappingKeyAlias) : MineSecKeyUtils.INSTANCE.unwrapRsaOAEPKeyBlock(encoded, wrappingKeyAlias), keyAlias, keyUsage, algorithmEnum, StringsKt.padStart(initialKeyId, 16, '0'));
    }

    public final void saveKeyBlock(MineSecKey key) {
        CryptoAlg cryptoAlg;
        Intrinsics.checkNotNullParameter(key, "key");
        String str = key.getAttributes().keySet().contains("IK") ? key.getAttributes().get("IK") : key.getAttributes().keySet().contains("KS") ? key.getAttributes().get("KS") : "";
        String str2 = str == null ? "" : str;
        String algorithm = key.getAlgorithm();
        Intrinsics.checkNotNullExpressionValue(algorithm, "getAlgorithm(...)");
        String upperCase = algorithm.toUpperCase(Locale.ROOT);
        Intrinsics.checkNotNullExpressionValue(upperCase, "toUpperCase(...)");
        switch (upperCase.hashCode()) {
            case 64687:
                if (upperCase.equals(MsKeyProperties.ALGORITHM_AES)) {
                    cryptoAlg = CryptoAlg.AES;
                    MineSecKeyUtils mineSecKeyUtils = MineSecKeyUtils.INSTANCE;
                    byte[] wrappedKey = key.getWrappedKey();
                    Intrinsics.checkNotNullExpressionValue(wrappedKey, "getWrappedKey(...)");
                    String keyAlias = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias, "getKeyAlias(...)");
                    KeyUsage keyUsage = key.getKeyUsage();
                    Intrinsics.checkNotNullExpressionValue(keyUsage, "getKeyUsage(...)");
                    DataKey createBlockKeyOrDukptIpek = mineSecKeyUtils.createBlockKeyOrDukptIpek(wrappedKey, keyAlias, keyUsage, cryptoAlg, str2);
                    DataStorage dataStorage = DataStorage.INSTANCE;
                    String keyAlias2 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias2, "getKeyAlias(...)");
                    dataStorage.writeKey(keyAlias2, createBlockKeyOrDukptIpek);
                    return;
                }
                break;
            case 81440:
                if (upperCase.equals("RSA")) {
                    cryptoAlg = CryptoAlg.RSA;
                    MineSecKeyUtils mineSecKeyUtils2 = MineSecKeyUtils.INSTANCE;
                    byte[] wrappedKey2 = key.getWrappedKey();
                    Intrinsics.checkNotNullExpressionValue(wrappedKey2, "getWrappedKey(...)");
                    String keyAlias3 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias3, "getKeyAlias(...)");
                    KeyUsage keyUsage2 = key.getKeyUsage();
                    Intrinsics.checkNotNullExpressionValue(keyUsage2, "getKeyUsage(...)");
                    DataKey createBlockKeyOrDukptIpek2 = mineSecKeyUtils2.createBlockKeyOrDukptIpek(wrappedKey2, keyAlias3, keyUsage2, cryptoAlg, str2);
                    DataStorage dataStorage2 = DataStorage.INSTANCE;
                    String keyAlias22 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias22, "getKeyAlias(...)");
                    dataStorage2.writeKey(keyAlias22, createBlockKeyOrDukptIpek2);
                    return;
                }
                break;
            case 2072076:
                if (upperCase.equals("CMAC")) {
                    cryptoAlg = CryptoAlg.CMAC;
                    MineSecKeyUtils mineSecKeyUtils22 = MineSecKeyUtils.INSTANCE;
                    byte[] wrappedKey22 = key.getWrappedKey();
                    Intrinsics.checkNotNullExpressionValue(wrappedKey22, "getWrappedKey(...)");
                    String keyAlias32 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias32, "getKeyAlias(...)");
                    KeyUsage keyUsage22 = key.getKeyUsage();
                    Intrinsics.checkNotNullExpressionValue(keyUsage22, "getKeyUsage(...)");
                    DataKey createBlockKeyOrDukptIpek22 = mineSecKeyUtils22.createBlockKeyOrDukptIpek(wrappedKey22, keyAlias32, keyUsage22, cryptoAlg, str2);
                    DataStorage dataStorage22 = DataStorage.INSTANCE;
                    String keyAlias222 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias222, "getKeyAlias(...)");
                    dataStorage22.writeKey(keyAlias222, createBlockKeyOrDukptIpek22);
                    return;
                }
                break;
            case 2221031:
                if (upperCase.equals("HMAC")) {
                    cryptoAlg = CryptoAlg.HMAC;
                    MineSecKeyUtils mineSecKeyUtils222 = MineSecKeyUtils.INSTANCE;
                    byte[] wrappedKey222 = key.getWrappedKey();
                    Intrinsics.checkNotNullExpressionValue(wrappedKey222, "getWrappedKey(...)");
                    String keyAlias322 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias322, "getKeyAlias(...)");
                    KeyUsage keyUsage222 = key.getKeyUsage();
                    Intrinsics.checkNotNullExpressionValue(keyUsage222, "getKeyUsage(...)");
                    DataKey createBlockKeyOrDukptIpek222 = mineSecKeyUtils222.createBlockKeyOrDukptIpek(wrappedKey222, keyAlias322, keyUsage222, cryptoAlg, str2);
                    DataStorage dataStorage222 = DataStorage.INSTANCE;
                    String keyAlias2222 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias2222, "getKeyAlias(...)");
                    dataStorage222.writeKey(keyAlias2222, createBlockKeyOrDukptIpek222);
                    return;
                }
                break;
            case 2570014:
                if (upperCase.equals(MsKeyProperties.ALGORITHM_TDES)) {
                    cryptoAlg = CryptoAlg.TDES;
                    MineSecKeyUtils mineSecKeyUtils2222 = MineSecKeyUtils.INSTANCE;
                    byte[] wrappedKey2222 = key.getWrappedKey();
                    Intrinsics.checkNotNullExpressionValue(wrappedKey2222, "getWrappedKey(...)");
                    String keyAlias3222 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias3222, "getKeyAlias(...)");
                    KeyUsage keyUsage2222 = key.getKeyUsage();
                    Intrinsics.checkNotNullExpressionValue(keyUsage2222, "getKeyUsage(...)");
                    DataKey createBlockKeyOrDukptIpek2222 = mineSecKeyUtils2222.createBlockKeyOrDukptIpek(wrappedKey2222, keyAlias3222, keyUsage2222, cryptoAlg, str2);
                    DataStorage dataStorage2222 = DataStorage.INSTANCE;
                    String keyAlias22222 = key.getKeyAlias();
                    Intrinsics.checkNotNullExpressionValue(keyAlias22222, "getKeyAlias(...)");
                    dataStorage2222.writeKey(keyAlias22222, createBlockKeyOrDukptIpek2222);
                    return;
                }
                break;
        }
        throw new MhdRuntimeException(MhdErrorCode.MHD_KMS_KEY_TYPE_ERROR.getCode(), "unsupported algorithm " + key.getAlgorithm());
    }

    public final void saveKeyBlock(DataKey.KeyDataV3 key) {
        Intrinsics.checkNotNullParameter(key, "key");
        DataStorage.INSTANCE.writeKey(key.getKey_alias(), key);
    }
}
