package com.huawei.wisesecurity.kfs.crypto.key;

import android.security.keystore.KeyGenParameterSpec;
import androidx.datastore.preferences.protobuf.a;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.ec.ECSigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.ucs_credential.f;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.spec.ECGenParameterSpec;

/* loaded from: classes2.dex */
public class ECKeyStoreKeyManager extends KeyStoreKeyManager {
    public static final ECGenParameterSpec c = new ECGenParameterSpec("secp256r1");

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void b(KeyGenerateParam keyGenerateParam) {
        KeyStoreProvider keyStoreProvider = this.f6712b;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", keyStoreProvider.b());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(keyGenerateParam.a, keyGenerateParam.c.b()).setAttestationChallenge(keyGenerateParam.d ? keyStoreProvider.a().getBytes(StandardCharsets.UTF_8) : null).setDigests("SHA-256", "SHA-384", "SHA-512").setAlgorithmParameterSpec(c).setKeySize(keyGenerateParam.f6711b).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new KfsException("generate ec key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | ProviderException e) {
            throw new KfsException(a.h(e, f.a("generate ec key pair failed, ")));
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void h(KeyGenerateParam keyGenerateParam) {
        ECSigner.Builder builder = new ECSigner.Builder(this.f6712b);
        builder.d = SignAlg.ECDSA;
        builder.a(keyGenerateParam.a);
        KeyStoreKeyManager.j((KfsSigner) builder.b());
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public final void i(KeyGenerateParam keyGenerateParam) {
        if (keyGenerateParam.f6711b != 256) {
            throw new KfsException("bad ec key len, only ec prime 256 is supported");
        }
        if (keyGenerateParam.c != KfsKeyPurpose.PURPOSE_SIGN) {
            throw new KfsException("bad purpose for ec key, only sign is supported");
        }
    }
}
