package com.huawei.wisesecurity.kfs.crypto.key;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import com.huawei.hms.network.networkkit.api.cy0;
import com.huawei.hms.network.networkkit.api.lx0;
import com.huawei.hms.network.networkkit.api.sz0;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.rsa.a;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.crypto.signer.rsa.a;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* compiled from: RSAKeyStoreKeyManager.java */
/* loaded from: classes2.dex */
public class f extends d {
    public f() {
    }

    public f(KeyStoreProvider keyStoreProvider) {
        super(keyStoreProvider);
    }

    private boolean o(int i) {
        return (i == 2048 || i == 3072 || i == 4096) ? false : true;
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.d
    @RequiresApi(api = 24)
    @SuppressLint({"WrongConstant"})
    public void h(lx0 lx0Var) throws cy0 {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(com.alipay.sdk.m.n.d.a, i().getProviderName());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(lx0Var.a(), lx0Var.c().getValue()).setAttestationChallenge(i().getName().getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PKCS1", "PSS").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setDigests("SHA-256", McElieceCCA2KeyGenParameterSpec.SHA384, "SHA-512").setKeySize(lx0Var.b()).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new cy0("generate rsa key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new cy0("generate rsa key pair failed, " + e.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.d
    void l(lx0 lx0Var) throws cy0 {
        if (KfsKeyPurpose.containsPurpose(lx0Var.c(), KfsKeyPurpose.PURPOSE_CRYPTO)) {
            k(new a.b(i()).h(CipherAlg.RSA_OAEP).c(lx0Var.a()).a());
        }
        if (KfsKeyPurpose.containsPurpose(lx0Var.c(), KfsKeyPurpose.PURPOSE_SIGN)) {
            n((com.huawei.wisesecurity.kfs.crypto.signer.d) new a.b(i()).g(SignAlg.RSA_SHA256).c(lx0Var.a()).a());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.d
    void m(lx0 lx0Var) throws sz0 {
        if (o(lx0Var.b())) {
            throw new sz0("bad rsa key len");
        }
    }
}
