package com.huawei.gamebox;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import com.huawei.wisesecurity.kfs.crypto.cipher.CipherAlg;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreProvider;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import io.netty.handler.ssl.OpenSslKeyMaterialManager;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.MGF1ParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

/* compiled from: RSAKeyStoreKeyManager.java */
/* loaded from: classes16.dex */
public class gp9 extends fp9 {
    @Override // com.huawei.gamebox.fp9
    @SuppressLint({"WrongConstant"})
    public void b(ep9 ep9Var) throws KfsException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(OpenSslKeyMaterialManager.KEY_TYPE_RSA, this.b.c());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(ep9Var.a, ep9Var.c.b()).setAttestationChallenge(this.b.b().getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PKCS1", "PSS").setEncryptionPaddings("PKCS1Padding", "OAEPPadding").setDigests("SHA-256", "SHA-384", "SHA-512").setKeySize(ep9Var.b).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new KfsException("generate rsa key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KfsException(eq.h(e, eq.o("generate rsa key pair failed, ")));
        }
    }

    @Override // com.huawei.gamebox.fp9
    public void h(ep9 ep9Var) throws KfsException {
        if (KfsKeyPurpose.a(ep9Var.c, KfsKeyPurpose.PURPOSE_CRYPTO)) {
            KeyStoreProvider keyStoreProvider = this.b;
            CipherAlg.c(OpenSslKeyMaterialManager.KEY_TYPE_RSA);
            OAEPParameterSpec oAEPParameterSpec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);
            CipherAlg cipherAlg = CipherAlg.RSA_OAEP;
            String str = ep9Var.a;
            try {
                KeyStore keyStore = KeyStore.getInstance(keyStoreProvider.b());
                keyStore.load(null);
                Key key = keyStore.getKey(str, null);
                if (!(key instanceof PrivateKey)) {
                    throw new KfsException("bad private key type");
                }
                g(new zo9(keyStoreProvider, cipherAlg, (PrivateKey) key, keyStore.getCertificate(str).getPublicKey(), oAEPParameterSpec, null));
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                throw new KfsException(eq.Z2(e, eq.o("keystore get key with alias failed, ")));
            }
        }
        if (KfsKeyPurpose.a(ep9Var.c, KfsKeyPurpose.PURPOSE_SIGN)) {
            KeyStoreProvider keyStoreProvider2 = this.b;
            SignAlg.a(OpenSslKeyMaterialManager.KEY_TYPE_RSA);
            SignAlg signAlg = SignAlg.RSA_SHA256;
            String str2 = ep9Var.a;
            try {
                KeyStore keyStore2 = KeyStore.getInstance(keyStoreProvider2.b());
                keyStore2.load(null);
                Key key2 = keyStore2.getKey(str2, null);
                if (!(key2 instanceof PrivateKey)) {
                    throw new KfsException("bad private key type");
                }
                j(new pp9(keyStoreProvider2, signAlg, (PrivateKey) key2, keyStore2.getCertificate(str2).getPublicKey(), null, null));
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
                throw new KfsException(eq.Z2(e2, eq.o("keystore get key with alias failed, ")));
            }
        }
    }

    @Override // com.huawei.gamebox.fp9
    public void i(ep9 ep9Var) throws KfsValidationException {
        int i = ep9Var.b;
        if ((i == 2048 || i == 3072 || i == 4096) ? false : true) {
            throw new KfsValidationException("bad rsa key len");
        }
    }
}
