package defpackage;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import androidx.annotation.RequiresApi;
import com.huawei.phoneservice.feedbackcommon.network.FeedbackWebConstants;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager;
import com.huawei.wisesecurity.kfs.crypto.key.KeyStoreProvider;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.crypto.signer.SignAlg;
import defpackage.rk2;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;

/* loaded from: classes14.dex */
public class lk2 extends KeyStoreKeyManager {
    public static final AlgorithmParameterSpec a = new ECGenParameterSpec("secp256r1");

    public lk2() {
    }

    public lk2(KeyStoreProvider keyStoreProvider) {
        super(keyStoreProvider);
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    @RequiresApi(api = 24)
    @SuppressLint({"WrongConstant"})
    public void generateKey(xa4 xa4Var) throws kb4 {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", getProvider().getProviderName());
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(xa4Var.a(), xa4Var.c().getValue()).setAttestationChallenge(xa4Var.d() ? getProvider().getName().getBytes(StandardCharsets.UTF_8) : null).setDigests(FeedbackWebConstants.SHA_256, "SHA-384", "SHA-512").setAlgorithmParameterSpec(a).setKeySize(xa4Var.b()).build());
            if (keyPairGenerator.generateKeyPair() != null) {
            } else {
                throw new kb4("generate ec key pair failed with bad key");
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | ProviderException e) {
            throw new kb4(bnc.a(e, noc.a("generate ec key pair failed, ")));
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateKey(xa4 xa4Var) throws kb4 {
        validateSign((KfsSigner) new rk2.b(getProvider()).withAlg(SignAlg.ECDSA).withKeyStoreAlias(xa4Var.a()).build());
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KeyStoreKeyManager
    public void validateParam(xa4 xa4Var) throws zc4 {
        if (xa4Var.b() != 256) {
            throw new zc4("bad ec key len, only ec prime 256 is supported");
        }
        if (xa4Var.c() != KfsKeyPurpose.PURPOSE_SIGN) {
            throw new zc4("bad purpose for ec key, only sign is supported");
        }
    }
}
