package com.huawei.wisesecurity.kfs.crypto.key;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import com.huawei.phoneservice.feedbackcommon.network.FeedbackWebConstants;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.rsa.RSACipher;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.rsa.RSASigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;

/* loaded from: classes7.dex */
public class RSAKeyStoreKeyManager extends KeyStoreKeyManager {
    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    @RequiresApi(api = 24)
    @SuppressLint({"WrongConstant"})
    public void c(KeyGenerateParam keyGenerateParam) throws KfsException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", f().getProviderName());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(keyGenerateParam.a(), keyGenerateParam.c().getValue()).setAttestationChallenge(f().getName().getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PKCS1", "PSS").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setDigests(FeedbackWebConstants.SHA_256, "SHA-384", "SHA-512").setKeySize(keyGenerateParam.b()).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new KfsException("generate rsa key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KfsException("generate rsa key pair failed, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void j(KeyGenerateParam keyGenerateParam) throws KfsException {
        if (KfsKeyPurpose.containsPurpose(keyGenerateParam.c(), KfsKeyPurpose.PURPOSE_CRYPTO)) {
            i(new RSACipher.Builder(f()).f(CipherAlg.RSA_OAEP).c(keyGenerateParam.a()).a());
        }
        if (KfsKeyPurpose.containsPurpose(keyGenerateParam.c(), KfsKeyPurpose.PURPOSE_SIGN)) {
            l((KfsSigner) new RSASigner.Builder(f()).e(SignAlg.RSA_SHA256).c(keyGenerateParam.a()).a());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void k(KeyGenerateParam keyGenerateParam) throws KfsValidationException {
        if (m(keyGenerateParam.b())) {
            throw new KfsValidationException("bad rsa key len");
        }
    }

    public final boolean m(int i) {
        return (i == 2048 || i == 3072 || i == 4096) ? false : true;
    }
}
