package com.huawei.wisesecurity.kfs.crypto.key;

import android.security.keystore.KeyGenParameterSpec;
import androidx.datastore.preferences.protobuf.a;
import com.huawei.secure.android.common.encrypt.utils.EncryptUtil;
import com.huawei.secure.android.common.encrypt.utils.b;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.aes.AESCipher;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.ucs_credential.f;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.KeyGenerator;

/* loaded from: classes2.dex */
public class AESKeyStoreKeyManager extends KeyStoreKeyManager {
    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void b(KeyGenerateParam keyGenerateParam) {
        KeyStoreProvider keyStoreProvider = this.f6712b;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", keyStoreProvider.b());
            keyGenerator.init(new KeyGenParameterSpec.Builder(keyGenerateParam.a, keyGenerateParam.c.b()).setKeySize(keyGenerateParam.f6711b).setAttestationChallenge(keyStoreProvider.a().getBytes(StandardCharsets.UTF_8)).setRandomizedEncryptionRequired(false).setBlockModes("GCM", "CBC").setEncryptionPaddings("NoPadding", "PKCS7Padding").build());
            if (keyGenerator.generateKey() != null) {
            } else {
                throw new KfsException("generate aes key failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            StringBuilder a = f.a("generate aes key failed, ");
            a.append(e.getMessage());
            throw new KfsException(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void h(KeyGenerateParam keyGenerateParam) {
        CipherAlg cipherAlg = CipherAlg.AES_GCM;
        int a = cipherAlg.a();
        b.a("EncryptUtil");
        byte[] a2 = EncryptUtil.a(a);
        AESCipher.Builder builder = new AESCipher.Builder(this.f6712b);
        builder.a = cipherAlg;
        String str = keyGenerateParam.a;
        try {
            KeyStore keyStore = KeyStore.getInstance(builder.d.a());
            keyStore.load(null);
            builder.f6707b = keyStore.getKey(str, null);
            builder.b(a2);
            KeyStoreKeyManager.g(builder.a());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new KfsException(a.h(e, f.a("keystore get key with alias failed, ")));
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void i(KeyGenerateParam keyGenerateParam) {
        int i = keyGenerateParam.f6711b;
        if (i != 128 && i != 192 && i != 256) {
            throw new KfsException("bad aes key len");
        }
        if (keyGenerateParam.c != KfsKeyPurpose.PURPOSE_CRYPTO) {
            throw new KfsException("bad purpose for aes key, only crypto is supported");
        }
    }
}
