package com.huawei.wisesecurity.kfs.crypto.key;

import android.util.Log;
import com.huawei.appmarket.b0;
import com.huawei.appmarket.d0;
import com.huawei.appmarket.ui;
import com.huawei.wisesecurity.kfs.crypto.cipher.KfsCipher;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsKeyStoreException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.kfs.util.HuksUtil;
import com.huawei.wisesecurity.kfs.util.RandomUtil;
import com.huawei.wisesecurity.kfs.validation.KfsValidator;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;

/* loaded from: classes4.dex */
public abstract class KeyStoreKeyManager {

    /* renamed from: a, reason: collision with root package name */
    private KeyStore f37816a;

    /* renamed from: b, reason: collision with root package name */
    private final KeyStoreProvider f37817b;

    public KeyStoreKeyManager() {
        this.f37817b = KeyStoreProvider.ANDROID_KEYSTORE;
    }

    public KeyStoreKeyManager(KeyStoreProvider keyStoreProvider) {
        this.f37817b = keyStoreProvider;
    }

    public void a(KeyGenerateParam keyGenerateParam) throws KfsException {
        KfsValidator.a(keyGenerateParam);
        j(keyGenerateParam);
        b(keyGenerateParam);
        try {
            i(keyGenerateParam);
        } catch (KfsException e2) {
            StringBuilder a2 = b0.a("validate key failed, try to remove the key entry for alias:");
            a2.append(keyGenerateParam.a());
            Log.i("KeyStoreKeyManager", a2.toString());
            String a3 = keyGenerateParam.a();
            if (f(a3)) {
                try {
                    this.f37816a.deleteEntry(a3);
                    Log.i("KeyStoreKeyManager", "keyEntry: " + a3 + " removed");
                } catch (KeyStoreException e3) {
                    StringBuilder a4 = b0.a("delete key entry failed, ");
                    a4.append(e3.getMessage());
                    throw new KfsException(a4.toString());
                }
            }
            throw e2;
        }
    }

    abstract void b(KeyGenerateParam keyGenerateParam) throws KfsException;

    public Certificate[] c(String str) throws KfsException {
        g();
        try {
            return this.f37816a.getCertificateChain(str);
        } catch (KeyStoreException e2) {
            StringBuilder a2 = b0.a("keystore get certificate chain failed, ");
            a2.append(e2.getMessage());
            throw new KfsException(a2.toString());
        }
    }

    public Key d(String str) throws KfsException {
        g();
        try {
            return this.f37816a.getKey(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e2) {
            throw new KfsException(d0.a(e2, b0.a("keystore get key failed, ")));
        }
    }

    public KeyStoreProvider e() {
        return this.f37817b;
    }

    public boolean f(String str) throws KfsException {
        g();
        try {
            return this.f37816a.containsAlias(str);
        } catch (KeyStoreException e2) {
            StringBuilder a2 = b0.a("keystore check alias failed, ");
            a2.append(e2.getMessage());
            throw new KfsException(a2.toString());
        }
    }

    protected void g() throws KfsException {
        if (this.f37816a != null) {
            return;
        }
        if (this.f37817b == KeyStoreProvider.HUAWEI_KEYSTORE) {
            HuksUtil.a();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.f37817b.a());
            this.f37816a = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new KfsException(ui.a(e2, b0.a("init keystore failed, ")));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void h(KfsCipher kfsCipher) throws KfsException {
        byte[] a2 = RandomUtil.a(32);
        if (!Arrays.equals(a2, kfsCipher.getDecryptHandler().from(kfsCipher.getEncryptHandler().from(a2).to()).to())) {
            throw new KfsKeyStoreException("validate crypto key get bad result");
        }
    }

    abstract void i(KeyGenerateParam keyGenerateParam) throws KfsException;

    abstract void j(KeyGenerateParam keyGenerateParam) throws KfsValidationException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void k(KfsSigner kfsSigner) throws KfsException {
        byte[] a2 = RandomUtil.a(32);
        if (!kfsSigner.getVerifyHandler().fromData(a2).verify(kfsSigner.getSignHandler().from(a2).sign())) {
            throw new KfsKeyStoreException("validate sign key get bad result");
        }
    }
}
