package com.huawei.wisesecurity.kfs.crypto.key;

import android.util.Log;
import com.huawei.wisesecurity.kfs.constant.KfsConstant;
import com.huawei.wisesecurity.kfs.crypto.cipher.KfsCipher;
import com.huawei.wisesecurity.kfs.crypto.signer.KfsSigner;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsKeyStoreException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import com.huawei.wisesecurity.kfs.util.RandomUtil;
import com.huawei.wisesecurity.kfs.validation.KfsValidator;
import com.huawei.wisesecurity.ucs_credential.d;
import com.huawei.wisesecurity.ucs_credential.e;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;

/* loaded from: classes5.dex */
public abstract class KeyStoreKeyManager implements KfsKeyManager {
    private static final String TAG = "KeyStoreKeyManager";
    private static KeyStore mKeyStore;
    public KeyGenerateParam param;

    private void clearKey(String str) throws KfsException {
        if (hasAlias(str)) {
            try {
                mKeyStore.deleteEntry(str);
                Log.i(TAG, "keyEntry: " + str + " removed");
            } catch (KeyStoreException e2) {
                StringBuilder a = e.a("delete key entry failed, ");
                a.append(e2.getMessage());
                throw new KfsException(a.toString());
            }
        }
    }

    private static void initKeyStore() throws KfsException {
        if (mKeyStore != null) {
            return;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KfsConstant.PROVIDER_ANDROID_KEYSTORE);
            mKeyStore = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new KfsException(d.a(e2, e.a("init keystore failed, ")));
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public void generate(KeyGenerateParam keyGenerateParam) throws KfsException {
        this.param = keyGenerateParam;
        KfsValidator.validate(keyGenerateParam);
        validateParam(keyGenerateParam);
        generateKey();
        try {
            validateKey();
        } catch (KfsException e2) {
            StringBuilder a = e.a("validate key failed, try to remove the key entry for alias:");
            a.append(keyGenerateParam.getAlias());
            Log.i(TAG, a.toString());
            clearKey(keyGenerateParam.getAlias());
            throw e2;
        }
    }

    public abstract void generateKey() throws KfsException;

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public Key getKey(String str) throws KfsException {
        initKeyStore();
        try {
            return mKeyStore.getKey(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e2) {
            StringBuilder a = e.a("keystore get key failed, ");
            a.append(e2.getMessage());
            throw new KfsException(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public PrivateKey getPrivateKey(String str) throws KfsException {
        initKeyStore();
        try {
            return (PrivateKey) mKeyStore.getKey(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e2) {
            StringBuilder a = e.a("keystore get private key failed, ");
            a.append(e2.getMessage());
            throw new KfsException(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public PublicKey getPublicKey(String str) throws KfsException {
        initKeyStore();
        try {
            return mKeyStore.getCertificate(str).getPublicKey();
        } catch (KeyStoreException e2) {
            StringBuilder a = e.a("keystore get public key failed, ");
            a.append(e2.getMessage());
            throw new KfsException(a.toString());
        }
    }

    @Override // com.huawei.wisesecurity.kfs.crypto.key.KfsKeyManager
    public boolean hasAlias(String str) throws KfsException {
        initKeyStore();
        try {
            return mKeyStore.containsAlias(str);
        } catch (KeyStoreException e2) {
            StringBuilder a = e.a("keystore check alias failed, ");
            a.append(e2.getMessage());
            throw new KfsException(a.toString());
        }
    }

    public void validateCrypto(KfsCipher kfsCipher) throws KfsException {
        byte[] generateRandomBytes = RandomUtil.generateRandomBytes(32);
        if (!Arrays.equals(generateRandomBytes, kfsCipher.getDecryptHandler().from(kfsCipher.getEncryptHandler().from(generateRandomBytes).to()).to())) {
            throw new KfsKeyStoreException("validate crypto key get bad result");
        }
    }

    public abstract void validateKey() throws KfsException;

    public abstract void validateParam(KeyGenerateParam keyGenerateParam) throws KfsValidationException;

    public void validateSign(KfsSigner kfsSigner) throws KfsException {
        byte[] generateRandomBytes = RandomUtil.generateRandomBytes(32);
        if (!kfsSigner.getVerifyHandler().fromData(generateRandomBytes).verify(kfsSigner.getSignHandler().from(generateRandomBytes).sign())) {
            throw new KfsKeyStoreException("validate sign key get bad result");
        }
    }
}
