package com.huawei.wisesecurity.kfs.crypto.key;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import com.alipay.sdk.m.n.d;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.rsa.RSACipher;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.rsa.RSASigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.ucs_credential.f;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;

/* compiled from: TbsSdkJava */
/* loaded from: classes4.dex */
public class RSAKeyStoreKeyManager extends KeyStoreKeyManager {
    public RSAKeyStoreKeyManager() {
    }

    public RSAKeyStoreKeyManager(KeyStoreProvider keyStoreProvider) {
        super(keyStoreProvider);
    }

    private boolean isValidRsaKeyLen(int i10) {
        return (i10 == 2048 || i10 == 3072 || i10 == 4096) ? false : true;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    @RequiresApi(api = 24)
    @SuppressLint({"WrongConstant"})
    public void generateKey(KeyGenerateParam keyGenerateParam) throws KfsException {
        KeyGenParameterSpec.Builder attestationChallenge;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec build;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(d.f4030a, getProvider().getProviderName());
            attestationChallenge = new KeyGenParameterSpec.Builder(keyGenerateParam.getAlias(), keyGenerateParam.getPurpose().getValue()).setAttestationChallenge(getProvider().getName().getBytes(StandardCharsets.UTF_8));
            signaturePaddings = attestationChallenge.setSignaturePaddings("PKCS1", "PSS");
            encryptionPaddings = signaturePaddings.setEncryptionPaddings("PKCS1Padding", "OAEPPadding");
            digests = encryptionPaddings.setDigests("SHA-256", "SHA-384", "SHA-512");
            keySize = digests.setKeySize(keyGenerateParam.getKeyLen());
            build = keySize.build();
            keyPairGenerator.initialize(build);
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new KfsException("generate rsa key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
            StringBuilder a10 = f.a("generate rsa key pair failed, ");
            a10.append(e10.getMessage());
            throw new KfsException(a10.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateKey(KeyGenerateParam keyGenerateParam) throws KfsException {
        if (KfsKeyPurpose.containsPurpose(keyGenerateParam.getPurpose(), KfsKeyPurpose.PURPOSE_CRYPTO)) {
            validateCrypto(new RSACipher.Builder(getProvider()).withAlg(CipherAlg.RSA_OAEP).withKeyStoreAlias(keyGenerateParam.getAlias()).build());
        }
        if (KfsKeyPurpose.containsPurpose(keyGenerateParam.getPurpose(), KfsKeyPurpose.PURPOSE_SIGN)) {
            validateSign((KfsSigner) new RSASigner.Builder(getProvider()).withAlg(SignAlg.RSA_SHA256).withKeyStoreAlias(keyGenerateParam.getAlias()).build());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateParam(KeyGenerateParam keyGenerateParam) throws KfsValidationException {
        if (isValidRsaKeyLen(keyGenerateParam.getKeyLen())) {
            throw new KfsValidationException("bad rsa key len");
        }
    }
}
