package com.huawei.wisesecurity.kfs.crypto.key;

import android.util.Log;
import com.huawei.wisesecurity.kfs.crypto.cipher.KfsCipher;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import defpackage.ck2;
import defpackage.fk6;
import defpackage.ik2;
import defpackage.oj6;
import defpackage.qj2;
import defpackage.r74;
import defpackage.rl2;
import defpackage.sl2;
import defpackage.x12;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;

/* loaded from: classes5.dex */
public abstract class KeyStoreKeyManager implements KfsKeyManager {
    private static final String TAG = "KeyStoreKeyManager";
    private KeyStore mKeyStore;
    private final KeyStoreProvider provider;

    public KeyStoreKeyManager() {
        this(KeyStoreProvider.ANDROID_KEYSTORE);
    }

    public KeyStoreKeyManager(KeyStoreProvider keyStoreProvider) {
        this.provider = keyStoreProvider;
    }

    private void clearKey(String str) throws ck2 {
        if (hasAlias(str)) {
            try {
                this.mKeyStore.deleteEntry(str);
                Log.i(TAG, "keyEntry: " + str + " removed");
            } catch (KeyStoreException e) {
                StringBuilder a = fk6.a("delete key entry failed, ");
                a.append(e.getMessage());
                throw new ck2(a.toString());
            }
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public void generate(qj2 qj2Var) throws ck2 {
        sl2.b(qj2Var);
        validateParam(qj2Var);
        generateKey(qj2Var);
        try {
            validateKey(qj2Var);
        } catch (ck2 e) {
            StringBuilder a = fk6.a("validate key failed, try to remove the key entry for alias:");
            a.append(qj2Var.a());
            Log.i(TAG, a.toString());
            clearKey(qj2Var.a());
            throw e;
        }
    }

    public abstract void generateKey(qj2 qj2Var) throws ck2;

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public Certificate[] getCertificateChain(String str) throws ck2 {
        initKeyStore();
        try {
            return this.mKeyStore.getCertificateChain(str);
        } catch (KeyStoreException e) {
            StringBuilder a = fk6.a("keystore get certificate chain failed, ");
            a.append(e.getMessage());
            throw new ck2(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public Key getKey(String str) throws ck2 {
        initKeyStore();
        try {
            return this.mKeyStore.getKey(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            StringBuilder a = fk6.a("keystore get key failed, ");
            a.append(e.getMessage());
            throw new ck2(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public PrivateKey getPrivateKey(String str) throws ck2 {
        initKeyStore();
        try {
            return (PrivateKey) this.mKeyStore.getKey(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            StringBuilder a = fk6.a("keystore get private key failed, ");
            a.append(e.getMessage());
            throw new ck2(a.toString());
        }
    }

    public KeyStoreProvider getProvider() {
        return this.provider;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public PublicKey getPublicKey(String str) throws ck2 {
        initKeyStore();
        try {
            return this.mKeyStore.getCertificate(str).getPublicKey();
        } catch (KeyStoreException e) {
            StringBuilder a = fk6.a("keystore get public key failed, ");
            a.append(e.getMessage());
            throw new ck2(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public boolean hasAlias(String str) throws ck2 {
        initKeyStore();
        try {
            return this.mKeyStore.containsAlias(str);
        } catch (KeyStoreException e) {
            StringBuilder a = fk6.a("keystore check alias failed, ");
            a.append(e.getMessage());
            throw new ck2(a.toString());
        }
    }

    public void initKeyStore() throws ck2 {
        if (this.mKeyStore != null) {
            return;
        }
        if (getProvider() == KeyStoreProvider.HUAWEI_KEYSTORE) {
            x12.a();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.provider.getName());
            this.mKeyStore = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new ck2(oj6.a(e, fk6.a("init keystore failed, ")));
        }
    }

    public void validateCrypto(KfsCipher kfsCipher) throws ck2 {
        byte[] b = r74.b(32);
        if (!Arrays.equals(b, kfsCipher.getDecryptHandler().from(kfsCipher.getEncryptHandler().from(b).to()).to())) {
            throw new ik2("validate crypto key get bad result");
        }
    }

    public abstract void validateKey(qj2 qj2Var) throws ck2;

    public abstract void validateParam(qj2 qj2Var) throws rl2;

    public void validateSign(KfsSigner kfsSigner) throws ck2 {
        byte[] b = r74.b(32);
        if (!kfsSigner.getVerifyHandler().fromData(b).verify(kfsSigner.getSignHandler().from(b).sign())) {
            throw new ik2("validate sign key get bad result");
        }
    }
}
