package defpackage;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import com.huawei.phoneservice.feedbackcommon.network.FeedbackWebConstants;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import defpackage.qd7;
import defpackage.vd7;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;

/* loaded from: classes15.dex */
public class sd7 extends KeyStoreKeyManager {
    public final boolean a(int i) {
        return (i == 2048 || i == 3072 || i == 4096) ? false : true;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    @RequiresApi(api = 24)
    @SuppressLint({"WrongConstant"})
    public void generateKey(v94 v94Var) throws ha4 {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", getProvider().getProviderName());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(v94Var.a(), v94Var.c().getValue()).setAttestationChallenge(getProvider().getName().getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PKCS1", "PSS").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setDigests(FeedbackWebConstants.SHA_256, "SHA-384", "SHA-512").setKeySize(v94Var.b()).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new ha4("generate rsa key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            StringBuilder a = h5c.a("generate rsa key pair failed, ");
            a.append(e.getMessage());
            throw new ha4(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateKey(v94 v94Var) throws ha4 {
        if (KfsKeyPurpose.containsPurpose(v94Var.c(), KfsKeyPurpose.PURPOSE_CRYPTO)) {
            validateCrypto(new qd7.b(getProvider()).b(CipherAlg.RSA_OAEP).withKeyStoreAlias(v94Var.a()).build());
        }
        if (KfsKeyPurpose.containsPurpose(v94Var.c(), KfsKeyPurpose.PURPOSE_SIGN)) {
            validateSign((KfsSigner) new vd7.b(getProvider()).withAlg(SignAlg.RSA_SHA256).withKeyStoreAlias(v94Var.a()).build());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateParam(v94 v94Var) throws wb4 {
        if (a(v94Var.b())) {
            throw new wb4("bad rsa key len");
        }
    }
}
