package com.huawei.wisesecurity.kfs.crypto.key;

import android.security.keystore.KeyGenParameterSpec;
import com.huawei.wisesecurity.kfs.constant.KfsConstant;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.cipher.aes.AESCipher;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.kfs.util.RandomUtil;
import com.huawei.wisesecurity.kfs.validation.KfsValidator;
import com.huawei.wisesecurity.kfs.validation.constrains.KfsIn;
import com.huawei.wisesecurity.ucs_credential.e;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.KeyGenerator;

/* loaded from: classes5.dex */
public class AESKeyStoreKeyManager extends KeyStoreKeyManager {

    /* loaded from: classes5.dex */
    public static class AESKeyGenerateParam {

        @KfsIn(intArr = {128, KfsConstant.KFS_AES_KEY_LEN_192, 256})
        private final int keyLen;

        @KfsIn(intArr = {3}, message = "bad purpose")
        private final int purpose;

        public AESKeyGenerateParam(KeyGenerateParam keyGenerateParam) {
            this.keyLen = keyGenerateParam.getKeyLen();
            this.purpose = keyGenerateParam.getPurpose().getValue();
        }

        public int getKeyLen() {
            return this.keyLen;
        }

        public int getPurpose() {
            return this.purpose;
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void generateKey() throws KfsException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", KfsConstant.PROVIDER_ANDROID_KEYSTORE);
            keyGenerator.init(new KeyGenParameterSpec.Builder(this.param.getAlias(), 3).setKeySize(this.param.getKeyLen()).setRandomizedEncryptionRequired(false).setBlockModes("GCM", "CBC").setEncryptionPaddings("NoPadding", "PKCS7Padding").build());
            if (keyGenerator.generateKey() != null) {
            } else {
                throw new KfsException("generate aes key failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            StringBuilder a = e.a("generate aes key failed, ");
            a.append(e2.getMessage());
            throw new KfsException(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateKey() throws KfsException {
        CipherAlg cipherAlg = CipherAlg.AES_GCM;
        validateCrypto(new AESCipher.Builder().withAlg(cipherAlg).withKeyStoreAlias(this.param.getAlias()).withIv(RandomUtil.generateRandomBytes(cipherAlg.getIvLen())).build());
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateParam(KeyGenerateParam keyGenerateParam) throws KfsValidationException {
        KfsValidator.validate(new AESKeyGenerateParam(keyGenerateParam));
    }
}
