package com.huawei.wisesecurity.kfs.crypto.key;

import android.security.keystore.KeyGenParameterSpec;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.KfsCipher;
import com.huawei.wisesecurity.kfs.crypto.cipher.rsa.RSACipher;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.rsa.RSASigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.ucs_credential.f;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;

/* loaded from: classes2.dex */
public class RSAKeyStoreKeyManager extends KeyStoreKeyManager {
    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void b(KeyGenerateParam keyGenerateParam) {
        KeyStoreProvider keyStoreProvider = this.f6712b;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", keyStoreProvider.b());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(keyGenerateParam.a, keyGenerateParam.c.b()).setAttestationChallenge(keyStoreProvider.a().getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PKCS1", "PSS").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setDigests("SHA-256", "SHA-384", "SHA-512").setKeySize(keyGenerateParam.f6711b).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new KfsException("generate rsa key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            StringBuilder a = f.a("generate rsa key pair failed, ");
            a.append(e.getMessage());
            throw new KfsException(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void h(KeyGenerateParam keyGenerateParam) {
        boolean a = KfsKeyPurpose.a(keyGenerateParam.c, KfsKeyPurpose.PURPOSE_CRYPTO);
        String str = keyGenerateParam.a;
        KeyStoreProvider keyStoreProvider = this.f6712b;
        if (a) {
            RSACipher.Builder builder = new RSACipher.Builder(keyStoreProvider);
            builder.d = CipherAlg.RSA_OAEP;
            builder.a(str);
            KeyStoreKeyManager.g((KfsCipher) builder.b());
        }
        if (KfsKeyPurpose.a(keyGenerateParam.c, KfsKeyPurpose.PURPOSE_SIGN)) {
            RSASigner.Builder builder2 = new RSASigner.Builder(keyStoreProvider);
            builder2.d = SignAlg.RSA_SHA256;
            builder2.a(str);
            KeyStoreKeyManager.j((KfsSigner) builder2.b());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void i(KeyGenerateParam keyGenerateParam) {
        int i = keyGenerateParam.f6711b;
        if (i != 2048 && i != 3072 && i != 4096) {
            throw new KfsException("bad rsa key len");
        }
    }
}
