package com.huawei.wisesecurity.kfs.crypto.key;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import com.huawei.appmarket.b0;
import com.huawei.appmarket.d0;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.aes.AESCipher;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.kfs.util.RandomUtil;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.KeyGenerator;

/* loaded from: classes4.dex */
public class AESKeyStoreKeyManager extends KeyStoreKeyManager {
    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    @SuppressLint({"WrongConstant"})
    public void b(KeyGenerateParam keyGenerateParam) throws KfsException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", e().b());
            keyGenerator.init(new KeyGenParameterSpec.Builder(keyGenerateParam.a(), keyGenerateParam.c().b()).setKeySize(keyGenerateParam.b()).setAttestationChallenge(e().a().getBytes(StandardCharsets.UTF_8)).setRandomizedEncryptionRequired(false).setBlockModes("GCM", "CBC").setEncryptionPaddings("NoPadding", "PKCS7Padding").build());
            if (keyGenerator.generateKey() != null) {
            } else {
                throw new KfsException("generate aes key failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new KfsException(d0.a(e2, b0.a("generate aes key failed, ")));
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    void i(KeyGenerateParam keyGenerateParam) throws KfsException {
        CipherAlg cipherAlg = CipherAlg.AES_GCM;
        byte[] a2 = RandomUtil.a(cipherAlg.a());
        AESCipher.Builder builder = new AESCipher.Builder(e());
        builder.b(cipherAlg);
        builder.e(keyGenerateParam.a());
        builder.c(a2);
        h(builder.a());
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    void j(KeyGenerateParam keyGenerateParam) throws KfsValidationException {
        int b2 = keyGenerateParam.b();
        if ((b2 == 128 || b2 == 192 || b2 == 256) ? false : true) {
            throw new KfsValidationException("bad aes key len");
        }
        if (keyGenerateParam.c() != KfsKeyPurpose.PURPOSE_CRYPTO) {
            throw new KfsValidationException("bad purpose for aes key, only crypto is supported");
        }
    }
}
