package com.huawei.wisesecurity.kfs.crypto.key;

import androidx.datastore.preferences.protobuf.a;
import com.huawei.secure.android.common.encrypt.utils.EncryptUtil;
import com.huawei.secure.android.common.encrypt.utils.b;
import com.huawei.wisesecurity.kfs.crypto.cipher.KfsCipher;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.util.HuksUtil;
import com.huawei.wisesecurity.kfs.validation.KfsValidator;
import com.huawei.wisesecurity.ucs_credential.f;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;

/* loaded from: classes2.dex */
public abstract class KeyStoreKeyManager implements KfsKeyManager {
    public KeyStore a;

    /* renamed from: b, reason: collision with root package name */
    public final KeyStoreProvider f6712b;

    public KeyStoreKeyManager() {
        this(KeyStoreProvider.ANDROID_KEYSTORE);
    }

    public KeyStoreKeyManager(KeyStoreProvider keyStoreProvider) {
        this.f6712b = keyStoreProvider;
    }

    public static void g(KfsCipher kfsCipher) {
        b.a("EncryptUtil");
        byte[] a = EncryptUtil.a(32);
        if (!Arrays.equals(a, kfsCipher.getDecryptHandler().from(kfsCipher.getEncryptHandler().from(a).to()).to())) {
            throw new KfsException("validate crypto key get bad result");
        }
    }

    public static void j(KfsSigner kfsSigner) {
        b.a("EncryptUtil");
        byte[] a = EncryptUtil.a(32);
        if (!kfsSigner.getVerifyHandler().fromData(a).verify(kfsSigner.getSignHandler().from(a).sign())) {
            throw new KfsException("validate sign key get bad result");
        }
    }

    public final void a(KeyGenerateParam keyGenerateParam) {
        KfsValidator.a(keyGenerateParam);
        i(keyGenerateParam);
        b(keyGenerateParam);
        try {
            h(keyGenerateParam);
        } catch (KfsException e) {
            StringBuilder a = f.a("validate key failed, try to remove the key entry for alias:");
            String str = keyGenerateParam.a;
            a.append(str);
            if (e(str)) {
                try {
                    this.a.deleteEntry(str);
                } catch (KeyStoreException e2) {
                    StringBuilder a2 = f.a("delete key entry failed, ");
                    a2.append(e2.getMessage());
                    throw new KfsException(a2.toString());
                }
            }
            throw e;
        }
    }

    public abstract void b(KeyGenerateParam keyGenerateParam);

    public final Certificate[] c(String str) {
        f();
        try {
            return this.a.getCertificateChain(str);
        } catch (KeyStoreException e) {
            StringBuilder a = f.a("keystore get certificate chain failed, ");
            a.append(e.getMessage());
            throw new KfsException(a.toString());
        }
    }

    public final Key d() {
        f();
        try {
            return this.a.getKey("ucs_aes_alias_rootKey", null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            StringBuilder a = f.a("keystore get key failed, ");
            a.append(e.getMessage());
            throw new KfsException(a.toString());
        }
    }

    public final boolean e(String str) {
        f();
        try {
            return this.a.containsAlias(str);
        } catch (KeyStoreException e) {
            StringBuilder a = f.a("keystore check alias failed, ");
            a.append(e.getMessage());
            throw new KfsException(a.toString());
        }
    }

    public final void f() {
        if (this.a != null) {
            return;
        }
        if (this.f6712b == KeyStoreProvider.HUAWEI_KEYSTORE && HuksUtil.a == null) {
            synchronized (HuksUtil.class) {
                try {
                    if (HuksUtil.a == null) {
                        HuksUtil.a = new HuksUtil();
                    }
                } finally {
                }
            }
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.f6712b.a());
            this.a = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KfsException(a.h(e, f.a("init keystore failed, ")));
        }
    }

    public abstract void h(KeyGenerateParam keyGenerateParam);

    public abstract void i(KeyGenerateParam keyGenerateParam);
}
