package ge;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import androidx.lifecycle.e1;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreProvider;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.exception.CryptoException;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import de.a;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import nc.k;

/* loaded from: classes2.dex */
public final class a extends d {
    @Override // ge.d
    @SuppressLint({"WrongConstant"})
    public final void b(c cVar) throws KfsException {
        KeyStoreProvider keyStoreProvider = this.f37754b;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", keyStoreProvider.getProviderName());
            keyGenerator.init(new KeyGenParameterSpec.Builder(cVar.f37750a, cVar.f37752c.getValue()).setKeySize(cVar.f37751b).setAttestationChallenge(keyStoreProvider.getName().getBytes(StandardCharsets.UTF_8)).setRandomizedEncryptionRequired(false).setBlockModes("GCM", "CBC").setEncryptionPaddings("NoPadding", "PKCS7Padding").build());
            if (keyGenerator.generateKey() != null) {
            } else {
                throw new KfsException("generate aes key failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e12) {
            StringBuilder b12 = k.b("generate aes key failed, ");
            b12.append(e12.getMessage());
            throw new KfsException(b12.toString());
        }
    }

    @Override // ge.d
    public final void h(c cVar) throws KfsException {
        AlgorithmParameterSpec gCMParameterSpec;
        CipherAlg cipherAlg = CipherAlg.AES_GCM;
        int ivLen = cipherAlg.getIvLen();
        e1.b("EncryptUtil", "setBouncycastleFlag: true");
        vd.b.f50603a = true;
        byte[] a12 = vd.b.a(ivLen);
        KeyStoreProvider keyStoreProvider = this.f37754b;
        CipherAlg.getPreferredAlg("AES");
        String str = cVar.f37750a;
        try {
            KeyStore keyStore = KeyStore.getInstance(keyStoreProvider.getName());
            keyStore.load(null);
            Key key = keyStore.getKey(str, null);
            int i12 = a.C0193a.f29706a[cipherAlg.ordinal()];
            if (i12 == 1) {
                gCMParameterSpec = new GCMParameterSpec(128, androidx.core.util.b.f(a12));
            } else {
                if (i12 != 2 && i12 != 3) {
                    throw new CryptoException("unsupported cipher alg");
                }
                gCMParameterSpec = new IvParameterSpec(androidx.core.util.b.f(a12));
            }
            if (key == null) {
                throw new CryptoException("key | parameterSpec cannot be null");
            }
            d.g(new de.a(keyStoreProvider, cipherAlg, key, gCMParameterSpec));
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e12) {
            throw new KfsException(androidx.datastore.a.i(e12, k.b("keystore get key with alias failed, ")));
        }
    }

    @Override // ge.d
    public final void i(c cVar) throws KfsValidationException {
        int i12 = cVar.f37751b;
        if ((i12 == 128 || i12 == 192 || i12 == 256) ? false : true) {
            throw new KfsValidationException("bad aes key len");
        }
        if (cVar.f37752c != KfsKeyPurpose.PURPOSE_CRYPTO) {
            throw new KfsValidationException("bad purpose for aes key, only crypto is supported");
        }
    }
}
