package com.allawn.cryptography.groupkey;

import com.allawn.cryptography.EncryptException;
import com.allawn.cryptography.algorithm.HashUtil;
import com.allawn.cryptography.algorithm.HmacUtil;
import com.allawn.cryptography.entity.CryptoParameters;
import com.allawn.cryptography.exception.InvalidAlgorithmException;
import com.allawn.cryptography.groupkey.entity.GukConfig;
import com.allawn.cryptography.groupkey.entity.GukSignatureData;
import com.allawn.cryptography.teesdk.CryptoEngCmd;
import com.allawn.cryptography.teesdk.TAInterfaceException;
import com.allawn.cryptography.teesdk.type.HmacAlg;
import com.allawn.cryptography.util.Base64Utils;
import java.security.NoSuchAlgorithmException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class GukManager {
    public final CryptoParameters.AlgorithmEnum mCipherMode = CryptoParameters.AlgorithmEnum.AES_CTR_NoPadding;
    public GukConfig mConfig;
    public String mKeyLabel;
    public String mKeyVersion;

    public GukManager() {
        GukConfig gukConfig = new GukConfig();
        this.mConfig = gukConfig;
        this.mKeyLabel = gukConfig.getKeyLabel();
        this.mKeyVersion = null;
    }

    public static String hkdfGuk(String str, GukConfig gukConfig) throws JSONException, TAInterfaceException, InvalidAlgorithmException {
        try {
            return CryptoEngCmd.pkiHkdf0(str, gukConfig.getSalt(), gukConfig.getInfo(), gukConfig.getKeyLen(), HmacAlg.get(gukConfig.getHash()));
        } catch (TAInterfaceException unused) {
            throw new TAInterfaceException("The current phone version does not support 'group key' function.");
        }
    }

    public void setConfig(GukConfig gukConfig) {
        if (gukConfig != null) {
            this.mConfig = gukConfig;
            this.mKeyLabel = gukConfig.getKeyLabel();
            this.mKeyVersion = null;
        }
    }

    public GukSignatureData sign(byte[] bArr) throws EncryptException {
        try {
            JSONObject jSONObject = new JSONObject(hkdfGuk(this.mKeyLabel, this.mConfig));
            String string = jSONObject.getString("okm");
            this.mKeyVersion = jSONObject.getString("version");
            byte[] sha256 = HashUtil.sha256(bArr);
            byte[] hmacSha256 = HmacUtil.hmacSha256(sha256, Base64Utils.decodeFromString(string));
            GukSignatureData gukSignatureData = new GukSignatureData();
            gukSignatureData.setSignature(hmacSha256);
            gukSignatureData.setDigest(sha256);
            gukSignatureData.setKeyLabel(this.mKeyLabel);
            gukSignatureData.setKeyVersion(this.mKeyVersion);
            gukSignatureData.setInfo(this.mConfig.getInfo());
            gukSignatureData.setSalt(this.mConfig.getSalt());
            gukSignatureData.setKeyLen(this.mConfig.getKeyLen());
            gukSignatureData.setHash(this.mConfig.getHash());
            return gukSignatureData;
        } catch (InvalidAlgorithmException | TAInterfaceException | NoSuchAlgorithmException | JSONException e) {
            throw new EncryptException(e);
        }
    }
}
