package com.huawei.wisesecurity.kfs.crypto.key;

import android.security.keystore.KeyGenParameterSpec;
import com.google.android.gms.stats.CodePackage;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.aes.AESCipher;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.kfs.util.RandomUtil;
import com.huawei.wisesecurity.ucs_credential.f;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.KeyGenerator;

/* loaded from: classes3.dex */
public class AESKeyStoreKeyManager extends KeyStoreKeyManager {
    private boolean m(int i2) {
        return (i2 == 128 || i2 == 192 || i2 == 256) ? false : true;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void c(KeyGenerateParam keyGenerateParam) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", f().b());
            keyGenerator.init(new KeyGenParameterSpec.Builder(keyGenerateParam.a(), keyGenerateParam.c().b()).setKeySize(keyGenerateParam.b()).setAttestationChallenge(f().a().getBytes(StandardCharsets.UTF_8)).setRandomizedEncryptionRequired(false).setBlockModes(CodePackage.GCM, "CBC").setEncryptionPaddings("NoPadding", "PKCS7Padding").build());
            if (keyGenerator.generateKey() != null) {
            } else {
                throw new KfsException("generate aes key failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            StringBuilder a2 = f.a("generate aes key failed, ");
            a2.append(e2.getMessage());
            throw new KfsException(a2.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void j(KeyGenerateParam keyGenerateParam) {
        CipherAlg cipherAlg = CipherAlg.AES_GCM;
        i(new AESCipher.Builder(f()).b(cipherAlg).e(keyGenerateParam.a()).c(RandomUtil.a(cipherAlg.a())).a());
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void k(KeyGenerateParam keyGenerateParam) {
        if (m(keyGenerateParam.b())) {
            throw new KfsValidationException("bad aes key len");
        }
        if (keyGenerateParam.c() != KfsKeyPurpose.PURPOSE_CRYPTO) {
            throw new KfsValidationException("bad purpose for aes key, only crypto is supported");
        }
    }
}
