package com.huawei.wisesecurity.kfs.crypto.key;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import com.huawei.appmarket.b0;
import com.huawei.appmarket.ui;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.ec.ECSigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes4.dex */
public class ECKeyStoreKeyManager extends KeyStoreKeyManager {

    /* renamed from: c, reason: collision with root package name */
    private static final AlgorithmParameterSpec f37807c = new ECGenParameterSpec("secp256r1");

    public ECKeyStoreKeyManager(KeyStoreProvider keyStoreProvider) {
        super(keyStoreProvider);
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    @SuppressLint({"WrongConstant"})
    public void b(KeyGenerateParam keyGenerateParam) throws KfsException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", e().b());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(keyGenerateParam.a(), keyGenerateParam.c().b()).setAttestationChallenge(keyGenerateParam.d() ? e().a().getBytes(StandardCharsets.UTF_8) : null).setDigests("SHA-256", McElieceCCA2KeyGenParameterSpec.SHA384, "SHA-512").setAlgorithmParameterSpec(f37807c).setKeySize(keyGenerateParam.b()).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new KfsException("generate ec key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | ProviderException e2) {
            throw new KfsException(ui.a(e2, b0.a("generate ec key pair failed, ")));
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    void i(KeyGenerateParam keyGenerateParam) throws KfsException {
        ECSigner.Builder builder = new ECSigner.Builder(e());
        builder.b(SignAlg.ECDSA);
        builder.a(keyGenerateParam.a());
        k(builder.c());
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    void j(KeyGenerateParam keyGenerateParam) throws KfsValidationException {
        if (keyGenerateParam.b() != 256) {
            throw new KfsValidationException("bad ec key len, only ec prime 256 is supported");
        }
        if (keyGenerateParam.c() != KfsKeyPurpose.PURPOSE_SIGN) {
            throw new KfsValidationException("bad purpose for ec key, only sign is supported");
        }
    }
}
