package E2;

import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.kfs.exception.KfsKeyStoreException;
import com.huawei.wisesecurity.kfs.exception.KfsValidationException;
import d3.C0635j;
import d3.C0637l;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;

/* loaded from: classes2.dex */
public abstract class d {

    /* renamed from: a, reason: collision with root package name */
    private KeyStore f545a;

    /* renamed from: b, reason: collision with root package name */
    private final e f546b;

    public d() {
        this(e.ANDROID_KEYSTORE);
    }

    public d(e eVar) {
        this.f546b = eVar;
    }

    private void a(String str) throws KfsException {
        if (g(str)) {
            try {
                this.f545a.deleteEntry(str);
                StringBuilder sb = new StringBuilder();
                sb.append("keyEntry: ");
                sb.append(str);
                sb.append(" removed");
            } catch (KeyStoreException e9) {
                StringBuilder a9 = C0637l.a("delete key entry failed, ");
                a9.append(e9.getMessage());
                throw new KfsException(a9.toString());
            }
        }
    }

    public void b(c cVar) throws KfsException {
        N2.a.b(cVar);
        k(cVar);
        c(cVar);
        try {
            j(cVar);
        } catch (KfsException e9) {
            C0637l.a("validate key failed, try to remove the key entry for alias:").append(cVar.a());
            a(cVar.a());
            throw e9;
        }
    }

    public abstract void c(c cVar) throws KfsException;

    public Certificate[] d(String str) throws KfsException {
        h();
        try {
            return this.f545a.getCertificateChain(str);
        } catch (KeyStoreException e9) {
            StringBuilder a9 = C0637l.a("keystore get certificate chain failed, ");
            a9.append(e9.getMessage());
            throw new KfsException(a9.toString());
        }
    }

    public Key e(String str) throws KfsException {
        h();
        try {
            return this.f545a.getKey(str, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e9) {
            StringBuilder a9 = C0637l.a("keystore get key failed, ");
            a9.append(e9.getMessage());
            throw new KfsException(a9.toString());
        }
    }

    public e f() {
        return this.f546b;
    }

    public boolean g(String str) throws KfsException {
        h();
        try {
            return this.f545a.containsAlias(str);
        } catch (KeyStoreException e9) {
            StringBuilder a9 = C0637l.a("keystore check alias failed, ");
            a9.append(e9.getMessage());
            throw new KfsException(a9.toString());
        }
    }

    public void h() throws KfsException {
        if (this.f545a != null) {
            return;
        }
        if (f() == e.HUAWEI_KEYSTORE) {
            M2.c.a();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.f546b.a());
            this.f545a = keyStore;
            keyStore.load(null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e9) {
            throw new KfsException(C0635j.a(e9, C0637l.a("init keystore failed, ")));
        }
    }

    public void i(A2.g gVar) throws KfsException {
        byte[] a9 = M2.e.a(32);
        if (!Arrays.equals(a9, gVar.getDecryptHandler().from(gVar.getEncryptHandler().from(a9).to()).to())) {
            throw new KfsKeyStoreException("validate crypto key get bad result");
        }
    }

    public abstract void j(c cVar) throws KfsException;

    public abstract void k(c cVar) throws KfsValidationException;

    public void l(F2.d dVar) throws KfsException {
        byte[] a9 = M2.e.a(32);
        if (!dVar.getVerifyHandler().fromData(a9).verify(dVar.getSignHandler().from(a9).sign())) {
            throw new KfsKeyStoreException("validate sign key get bad result");
        }
    }
}
