package com.huawei.wisesecurity.kfs.crypto.key;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import com.huawei.appmarket.b0;
import com.huawei.appmarket.d0;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.KfsCipher;
import com.huawei.wisesecurity.kfs.crypto.cipher.rsa.RSACipher;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.rsa.RSASigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes4.dex */
public class RSAKeyStoreKeyManager extends KeyStoreKeyManager {
    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    @SuppressLint({"WrongConstant"})
    public void b(KeyGenerateParam keyGenerateParam) throws KfsException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", e().b());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(keyGenerateParam.a(), keyGenerateParam.c().b()).setAttestationChallenge(e().a().getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PKCS1", "PSS").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setDigests("SHA-256", McElieceCCA2KeyGenParameterSpec.SHA384, "SHA-512").setKeySize(keyGenerateParam.b()).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new KfsException("generate rsa key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new KfsException(d0.a(e2, b0.a("generate rsa key pair failed, ")));
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    void i(KeyGenerateParam keyGenerateParam) throws KfsException {
        if (KfsKeyPurpose.a(keyGenerateParam.c(), KfsKeyPurpose.PURPOSE_CRYPTO)) {
            RSACipher.Builder builder = new RSACipher.Builder(e());
            builder.c(CipherAlg.RSA_OAEP);
            builder.a(keyGenerateParam.a());
            h((KfsCipher) builder.b());
        }
        if (KfsKeyPurpose.a(keyGenerateParam.c(), KfsKeyPurpose.PURPOSE_SIGN)) {
            RSASigner.Builder builder2 = new RSASigner.Builder(e());
            builder2.b(SignAlg.RSA_SHA256);
            builder2.a(keyGenerateParam.a());
            k(builder2.c());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    void j(KeyGenerateParam keyGenerateParam) throws KfsValidationException {
        int b2 = keyGenerateParam.b();
        if ((b2 == 2048 || b2 == 3072 || b2 == 4096) ? false : true) {
            throw new KfsValidationException("bad rsa key len");
        }
    }
}
