package com.huawei.wisesecurity.kfs.crypto.key;

import android.security.keystore.KeyGenParameterSpec;
import com.huawei.wisesecurity.kfs.constant.KfsConstant;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.rsa.RSACipher;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.rsa.RSASigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.kfs.validation.KfsValidator;
import com.huawei.wisesecurity.kfs.validation.constrains.KfsIn;
import com.huawei.wisesecurity.ucs_credential.e;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes4.dex */
public class RSAKeyStoreKeyManager extends KeyStoreKeyManager {

    /* loaded from: classes4.dex */
    public static class RSAGenerateKeyParam {

        @KfsIn(intArr = {2048, KfsConstant.KFS_RSA_KEY_LEN_3072, 4096})
        private final int keyLen;

        public RSAGenerateKeyParam(KeyGenerateParam keyGenerateParam) {
            this.keyLen = keyGenerateParam.getKeyLen();
        }

        public int getKeyLen() {
            return this.keyLen;
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void generateKey() throws KfsException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KfsConstant.PROVIDER_ANDROID_KEYSTORE);
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.param.getAlias(), this.param.getPurpose().getValue()).setSignaturePaddings("PKCS1", "PSS").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setDigests(MessageDigestAlgorithms.SHA_256, MessageDigestAlgorithms.SHA_384, MessageDigestAlgorithms.SHA_512).setKeySize(this.param.getKeyLen()).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new KfsException("generate rsa key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KfsException(e.a("generate rsa key pair failed, ").append(e.getMessage()).toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateKey() throws KfsException {
        if (KfsKeyPurpose.containsPurpose(this.param.getPurpose(), KfsKeyPurpose.PURPOSE_CRYPTO)) {
            validateCrypto(new RSACipher.Builder().withAlg(CipherAlg.RSA_OAEP).withKeyStoreAlias(this.param.getAlias()).build());
        }
        if (KfsKeyPurpose.containsPurpose(this.param.getPurpose(), KfsKeyPurpose.PURPOSE_SIGN)) {
            validateSign((KfsSigner) new RSASigner.Builder().withAlg(SignAlg.RSA_SHA256).withKeyStoreAlias(this.param.getAlias()).build());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateParam(KeyGenerateParam keyGenerateParam) throws KfsValidationException {
        KfsValidator.validate(new RSAGenerateKeyParam(keyGenerateParam));
    }
}
