package com.baidubce.services.iothisk.device.seplatform;

import com.baidubce.services.iothisk.device.crypto.AesEncrypt;
import com.baidubce.services.iothisk.device.crypto.HashCrypto;
import com.baidubce.services.iothisk.device.model.ActiveMessage;
import com.baidubce.services.iothisk.device.model.CipherMessage;
import com.baidubce.services.iothisk.device.model.Device;
import com.baidubce.services.iothisk.device.model.DeviceKey;
import com.baidubce.services.iothisk.device.model.DeviceSdkType;
import com.baidubce.services.iothisk.device.model.PlainMessage;
import com.baidubce.services.iothisk.device.utils.ByteUtils;
import com.baidubce.services.iothisk.device.utils.Message;
import java.util.Arrays;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/baidubce/services/iothisk/device/seplatform/MbedAkeySe.class */
public class MbedAkeySe implements SecureElement {
    private final Device device;
    private final DeviceKey deviceKey;
    private final byte[] seKey;
    private final byte[] seIv;
    private static final int DEVICE_ID_BYTES_LENGTH = 64;
    private static final int CIPHER_MESSAGE_SIGNATURE_BYTE_LENGTH = 32;
    private static final int KEY_ITERATION_COUNT = 50;
    private static final int IV_ITERATION_COUNT = 25;
    private static final int TIMESTAMP_BYTE_LENGTH = 4;
    private static final int SDK_TYPE_BYTES_LENGTH = 1;

    public MbedAkeySe(Device device, DeviceKey deviceKey) {
        this.device = device;
        this.deviceKey = deviceKey;
        byte[] bytesFromHex = ByteUtils.toBytesFromHex(device.getMasterKey());
        this.seKey = HashCrypto.pbkdf2WithHmacSha256(bytesFromHex, deviceKey.getSeId().getBytes(), 50);
        this.seIv = HashCrypto.pbkdf2WithHmacSha256(bytesFromHex, deviceKey.getSeId().getBytes(), IV_ITERATION_COUNT);
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public String generateId() {
        try {
            return ByteUtils.toHexStringFromBytes(HashCrypto.hmacSha256((this.device.getDeviceCompany() + this.device.getDeviceType() + this.deviceKey.getSeId()).getBytes(), ByteUtils.toBytesFromHex(this.device.getMasterKey())));
        } catch (Exception e) {
            throw new IllegalStateException(Message.FAIL_GENERATE_ID);
        }
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public CipherMessage encryptThenSign(PlainMessage plainMessage) {
        return encryptThenSign(plainMessage, this.seKey);
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public CipherMessage encryptThenSign(PlainMessage plainMessage, byte[] bArr) {
        byte[] encryptByCTRNoPadding = AesEncrypt.encryptByCTRNoPadding(plainMessage.getBytes(), this.seKey, this.seIv);
        try {
            return new CipherMessage(encryptByCTRNoPadding, HashCrypto.hmacSha256(encryptByCTRNoPadding, bArr));
        } catch (Exception e) {
            throw new IllegalStateException(Message.FAIL_SIGN, e);
        }
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public byte[] decrypt(byte[] bArr) {
        return AesEncrypt.decryptByCTRNoPadding(bArr, this.seKey, this.seIv);
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public void verifySignature(byte[] bArr, byte[] bArr2) {
        try {
            if (!Arrays.equals(HashCrypto.hmacSha256(bArr, this.seKey), bArr2)) {
                throw new IllegalArgumentException(Message.INVALID_SIGNATURE);
            }
        } catch (Exception e) {
            throw new IllegalStateException(Message.FAIL_SIGN, e);
        }
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public PlainMessage verifyThenDecrypt(CipherMessage cipherMessage) {
        verifySignature(cipherMessage.getEncryption(), cipherMessage.getSignature());
        return parsePlainMessage(decrypt(cipherMessage.getEncryption()));
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public CipherMessage parseCipherMessage(byte[] bArr) {
        if (ArrayUtils.getLength(bArr) <= 36) {
            throw new IllegalArgumentException(Message.INVALID_CIPHER_DATA);
        }
        CipherMessage cipherMessage = new CipherMessage();
        cipherMessage.setEncryption(Arrays.copyOfRange(bArr, 0, bArr.length - 32));
        cipherMessage.setSignature(Arrays.copyOfRange(bArr, bArr.length - 32, bArr.length));
        return cipherMessage;
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public PlainMessage parsePlainMessage(byte[] bArr) {
        PlainMessage plainMessage = new PlainMessage();
        plainMessage.setMessage(getMessage(bArr));
        plainMessage.setCounter(getTimestamp(bArr));
        return plainMessage;
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public ActiveMessage parseActiveMessage(byte[] bArr) {
        ActiveMessage activeMessage = new ActiveMessage();
        activeMessage.setDeviceId(getDeviceId(bArr));
        activeMessage.setSeId(getSeId(bArr));
        activeMessage.setSdkType(getSdkType(bArr));
        return activeMessage;
    }

    @Override // com.baidubce.services.iothisk.device.seplatform.SecureElement
    public void checkActiveMessage(ActiveMessage activeMessage) {
        checkDeviceId(activeMessage.getDeviceId());
        checkSeId(activeMessage.getSeId());
    }

    private void checkDeviceId(String str) {
        if (!StringUtils.equals(generateId(), str)) {
            throw new IllegalArgumentException(Message.INVALID_DEVICE_ID);
        }
    }

    private void checkSeId(String str) {
        if (!StringUtils.isEmpty(this.deviceKey.getSeId()) && !StringUtils.isEmpty(str) && !StringUtils.equals(this.deviceKey.getSeId(), str)) {
            throw new IllegalArgumentException(Message.DEVICE_SE_ID_CONFLICT);
        }
    }

    private String getSeId(byte[] bArr) {
        return new String(getSeIdBytes(bArr));
    }

    private byte[] getSeIdBytes(byte[] bArr) {
        return bArr.length <= 65 ? ArrayUtils.EMPTY_BYTE_ARRAY : Arrays.copyOfRange(bArr, 64, bArr.length - 1);
    }

    private DeviceSdkType getSdkType(byte[] bArr) {
        return bArr.length <= 64 ? DeviceSdkType.NONE_RTC : DeviceSdkType.parse(ByteUtils.toHexStringFromBytes(Arrays.copyOfRange(bArr, bArr.length - 1, bArr.length)));
    }

    private String getDeviceId(byte[] bArr) {
        return new String(bArr, 0, Math.min(64, bArr.length));
    }

    private static byte[] getMessage(byte[] bArr) {
        return Arrays.copyOfRange(bArr, 4, bArr.length);
    }

    private static long getTimestamp(byte[] bArr) {
        return ByteUtils.toLongFromBytes(Arrays.copyOfRange(bArr, 0, 4));
    }
}
