package com.huawei.wisesecurity.ucs.credential;

import android.content.Context;
import com.huawei.wisesecurity.kfs.crypto.codec.Decoder;
import com.huawei.wisesecurity.kfs.exception.CodecException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.kfs.validation.KfsValidator;
import com.huawei.wisesecurity.kfs.validation.constrains.KfsLongRange;
import com.huawei.wisesecurity.kfs.validation.constrains.KfsStringNotEmpty;
import com.huawei.wisesecurity.ucs.common.exception.UcsErrorCode;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsParamException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import com.huawei.wisesecurity.ucs.credential.entity.AccessKey;
import com.huawei.wisesecurity.ucs.credential.entity.KeyEncryptKey;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs_credential.d;
import com.huawei.wisesecurity.ucs_credential.e;
import com.huawei.wisesecurity.ucs_credential.g;
import com.huawei.wisesecurity.ucs_credential.h;
import com.huawei.wisesecurity.ucs_credential.k;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class Credential {
    private static final String AK = "accessKey";
    private static final String DK = "dataKey";
    private static final byte[] EMPTY_BYTES = new byte[0];
    private static final String EXPIRE_TIME = "expireTime";
    private static final String KEK = "kek";
    private static final String SK = "secretKey";
    private static final String TAG = "Credential";

    @KfsStringNotEmpty
    private String accessKey;
    private AccessKey ak;

    @KfsStringNotEmpty
    private String dataKey;

    @KfsLongRange(max = Long.MAX_VALUE, min = 1)
    private long expireTime;
    private KeyEncryptKey kek;

    @KfsStringNotEmpty
    private String rawKek;

    @KfsStringNotEmpty
    private String secretKey;

    private Credential() {
    }

    private byte[] base64DecodeForNative(String str) {
        try {
            return Decoder.BASE64.decode(str);
        } catch (CodecException unused) {
            return EMPTY_BYTES;
        }
    }

    public static Credential fromString(Context context, String str, h hVar) throws UcsException {
        try {
            Credential credential = new Credential();
            JSONObject jSONObject = new JSONObject(str);
            credential.secretKey = jSONObject.optString(SK);
            credential.dataKey = jSONObject.optString(DK);
            credential.accessKey = jSONObject.optString(AK);
            credential.rawKek = jSONObject.optString(KEK);
            credential.expireTime = jSONObject.optLong(EXPIRE_TIME);
            credential.kek = KeyEncryptKey.fromString(context, credential.rawKek);
            credential.checkParam();
            credential.ak = AccessKey.fromString(credential.accessKey);
            hVar.linkedHashMap.put("credentialAppName", credential.getAppPkgName());
            hVar.linkedHashMap.put("akSkVersion", String.valueOf(credential.getAkskVersion()));
            hVar.linkedHashMap.put("cty", credential.getKekVersion() == 3 ? "AndroidKS" : "Kid");
            if (credential.ak.hasAkskVersion()) {
                UcsLib.checkNativeLibrary();
                if (!UcsLib.checkPkgNameCertFP(context, credential.ak.getAppPkgName(), credential.ak.getAppCertFP())) {
                    LogUcs.e(TAG, "check  AppPkgName appCertFP fail", new Object[0]);
                    throw new UcsException(1023L, "check  AppPkgName appCertFP fail");
                }
            }
            k.b(credential).b(credential, context);
            return credential;
        } catch (UcsException e) {
            LogUcs.e(TAG, "parse credentialStr get UCS exception : errorCode : {0} errorMsg : {1}", Long.valueOf(e.getErrorCode()), e.getMessage());
            throw e;
        } catch (JSONException e2) {
            LogUcs.e(TAG, "parse credentialStr get json exception : {0}", e2.getMessage());
            StringBuilder a = e.a("parse credentialStr get json exception : ");
            a.append(e2.getMessage());
            throw new UcsException(UcsErrorCode.JSON_ERROR, a.toString());
        } catch (Exception e3) {
            String a2 = d.a(e3, e.a("parse credentialStr get exception : "));
            throw g.a(TAG, a2, new Object[0], 2001L, a2);
        }
    }

    public void checkParam() throws UcsException {
        try {
            KfsValidator.validate(this);
        } catch (KfsValidationException e) {
            StringBuilder a = e.a("credential get param exception : ");
            a.append(e.getMessage());
            throw new UcsParamException(a.toString());
        }
    }

    public String getAccessKey() {
        return this.accessKey;
    }

    public int getAkskVersion() {
        return this.ak.getAkskVersion();
    }

    public int getAlg() {
        return this.kek.getAlg();
    }

    public String getAppCertFP() {
        return this.ak.getAppCertFP();
    }

    public String getAppPkgName() {
        return this.ak.getAppPkgName();
    }

    public String getDataKey() {
        return this.dataKey;
    }

    public byte[] getDataKeyBytes() {
        return base64DecodeForNative(this.dataKey);
    }

    public long getExpireTime() {
        return this.expireTime;
    }

    public int getKekAlg() {
        return this.kek.getKekAlg();
    }

    public byte[] getKekBytes() {
        return base64DecodeForNative(this.kek.getKey());
    }

    public String getKekString() {
        return this.kek.getKey();
    }

    public int getKekVersion() {
        return this.kek.getVersion();
    }

    public String getRawKek() {
        return this.rawKek;
    }

    public String getSecretKey() {
        return this.secretKey;
    }

    public byte[] getSecretKeyBytes() {
        return base64DecodeForNative(this.secretKey);
    }

    public String toString() {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put(SK, this.secretKey);
            jSONObject.put(AK, this.accessKey);
            jSONObject.put(DK, this.dataKey);
            jSONObject.put(KEK, this.rawKek);
            jSONObject.put(EXPIRE_TIME, this.expireTime);
            return jSONObject.toString();
        } catch (JSONException e) {
            LogUcs.e(TAG, "Credential toString exception : {0}", e.getMessage());
            return "";
        }
    }
}
