package com.huawei.wisesecurity.kfs.crypto.key;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import c2.e;
import c2.f;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.aes.AESCipher;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.kfs.util.RandomUtil;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.KeyGenerator;
import org.apache.commons.compress.archivers.sevenz.a;

/* compiled from: TbsSdkJava */
/* loaded from: classes3.dex */
public class AESKeyStoreKeyManager extends KeyStoreKeyManager {
    public AESKeyStoreKeyManager() {
    }

    public AESKeyStoreKeyManager(KeyStoreProvider keyStoreProvider) {
        super(keyStoreProvider);
    }

    private boolean isValidAesKeyLen(int i10) {
        return (i10 == 128 || i10 == 192 || i10 == 256) ? false : true;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    @RequiresApi(api = 24)
    @SuppressLint({"WrongConstant"})
    public void generateKey(KeyGenerateParam keyGenerateParam) throws KfsException {
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder attestationChallenge;
        KeyGenParameterSpec.Builder randomizedEncryptionRequired;
        KeyGenParameterSpec.Builder blockModes;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(a.f72248f, getProvider().getProviderName());
            f.a();
            keySize = e.a(keyGenerateParam.getAlias(), keyGenerateParam.getPurpose().getValue()).setKeySize(keyGenerateParam.getKeyLen());
            attestationChallenge = keySize.setAttestationChallenge(getProvider().getName().getBytes(StandardCharsets.UTF_8));
            randomizedEncryptionRequired = attestationChallenge.setRandomizedEncryptionRequired(false);
            blockModes = randomizedEncryptionRequired.setBlockModes("GCM", "CBC");
            encryptionPaddings = blockModes.setEncryptionPaddings("NoPadding", "PKCS7Padding");
            build = encryptionPaddings.build();
            keyGenerator.init(build);
            if (keyGenerator.generateKey() != null) {
            } else {
                throw new KfsException("generate aes key failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
            StringBuilder a10 = com.huawei.wisesecurity.ucs_credential.f.a("generate aes key failed, ");
            a10.append(e10.getMessage());
            throw new KfsException(a10.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateKey(KeyGenerateParam keyGenerateParam) throws KfsException {
        CipherAlg cipherAlg = CipherAlg.AES_GCM;
        validateCrypto(new AESCipher.Builder(getProvider()).withAlg(cipherAlg).withKeyStoreAlias(keyGenerateParam.getAlias()).withIv(RandomUtil.generateRandomBytes(cipherAlg.getIvLen())).build());
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateParam(KeyGenerateParam keyGenerateParam) throws KfsValidationException {
        if (isValidAesKeyLen(keyGenerateParam.getKeyLen())) {
            throw new KfsValidationException("bad aes key len");
        }
        if (keyGenerateParam.getPurpose() != KfsKeyPurpose.PURPOSE_CRYPTO) {
            throw new KfsValidationException("bad purpose for aes key, only crypto is supported");
        }
    }
}
