package com.google.crypto.tink.streamingaead;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.Parameters;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.SecretKeyAccess;
import com.google.crypto.tink.StreamingAead;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.KeyTypeManager;
import com.google.crypto.tink.internal.MutableKeyDerivationRegistry;
import com.google.crypto.tink.internal.MutableParametersRegistry;
import com.google.crypto.tink.internal.MutablePrimitiveRegistry;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.internal.PrimitiveFactory;
import com.google.crypto.tink.internal.TinkBugException;
import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat;
import com.google.crypto.tink.proto.AesGcmHkdfStreamingParams;
import com.google.crypto.tink.proto.HashType;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.streamingaead.AesGcmHkdfStreamingParameters;
import com.google.crypto.tink.streamingaead.internal.AesGcmHkdfStreamingProtoSerialization;
import com.google.crypto.tink.subtle.AesGcmHkdfStreaming;
import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.Validators;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nullable;

/* loaded from: classes.dex */
public final class AesGcmHkdfStreamingKeyManager extends KeyTypeManager<com.google.crypto.tink.proto.AesGcmHkdfStreamingKey> {
    private static final PrimitiveConstructor<AesGcmHkdfStreamingKey, StreamingAead> AES_GCM_HKDF_STREAMING_AEAD_PRIMITIVE_CONSTRUCTOR = PrimitiveConstructor.create(new a(9), AesGcmHkdfStreamingKey.class, StreamingAead.class);
    private static final MutableKeyDerivationRegistry.InsecureKeyCreator<AesGcmHkdfStreamingParameters> KEY_DERIVER = new Object();
    private static final int NONCE_PREFIX_IN_BYTES = 7;
    private static final int TAG_SIZE_IN_BYTES = 16;

    /* renamed from: com.google.crypto.tink.streamingaead.AesGcmHkdfStreamingKeyManager$1 */
    /* loaded from: classes.dex */
    public class AnonymousClass1 extends PrimitiveFactory<StreamingAead, com.google.crypto.tink.proto.AesGcmHkdfStreamingKey> {
        public AnonymousClass1(Class cls) {
            super(cls);
        }

        @Override // com.google.crypto.tink.internal.PrimitiveFactory
        public StreamingAead getPrimitive(com.google.crypto.tink.proto.AesGcmHkdfStreamingKey aesGcmHkdfStreamingKey) {
            return new AesGcmHkdfStreaming(aesGcmHkdfStreamingKey.getKeyValue().toByteArray(), StreamingAeadUtil.toHmacAlgo(aesGcmHkdfStreamingKey.getParams().getHkdfHashType()), aesGcmHkdfStreamingKey.getParams().getDerivedKeySize(), aesGcmHkdfStreamingKey.getParams().getCiphertextSegmentSize(), 0);
        }
    }

    /* renamed from: com.google.crypto.tink.streamingaead.AesGcmHkdfStreamingKeyManager$2 */
    /* loaded from: classes.dex */
    public class AnonymousClass2 extends KeyTypeManager.KeyFactory<AesGcmHkdfStreamingKeyFormat, com.google.crypto.tink.proto.AesGcmHkdfStreamingKey> {
        public AnonymousClass2(Class cls) {
            super(cls);
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public com.google.crypto.tink.proto.AesGcmHkdfStreamingKey createKey(AesGcmHkdfStreamingKeyFormat aesGcmHkdfStreamingKeyFormat) {
            return com.google.crypto.tink.proto.AesGcmHkdfStreamingKey.newBuilder().setKeyValue(ByteString.copyFrom(Random.randBytes(aesGcmHkdfStreamingKeyFormat.getKeySize()))).setParams(aesGcmHkdfStreamingKeyFormat.getParams()).setVersion(AesGcmHkdfStreamingKeyManager.this.getVersion()).build();
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public AesGcmHkdfStreamingKeyFormat parseKeyFormat(ByteString byteString) {
            return AesGcmHkdfStreamingKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public void validateKeyFormat(AesGcmHkdfStreamingKeyFormat aesGcmHkdfStreamingKeyFormat) {
            if (aesGcmHkdfStreamingKeyFormat.getKeySize() < 16) {
                throw new GeneralSecurityException("key_size must be at least 16 bytes");
            }
            AesGcmHkdfStreamingKeyManager.validateParams(aesGcmHkdfStreamingKeyFormat.getParams());
        }
    }

    public AesGcmHkdfStreamingKeyManager() {
        super(com.google.crypto.tink.proto.AesGcmHkdfStreamingKey.class, new PrimitiveFactory<StreamingAead, com.google.crypto.tink.proto.AesGcmHkdfStreamingKey>(StreamingAead.class) { // from class: com.google.crypto.tink.streamingaead.AesGcmHkdfStreamingKeyManager.1
            public AnonymousClass1(Class cls) {
                super(cls);
            }

            @Override // com.google.crypto.tink.internal.PrimitiveFactory
            public StreamingAead getPrimitive(com.google.crypto.tink.proto.AesGcmHkdfStreamingKey aesGcmHkdfStreamingKey) {
                return new AesGcmHkdfStreaming(aesGcmHkdfStreamingKey.getKeyValue().toByteArray(), StreamingAeadUtil.toHmacAlgo(aesGcmHkdfStreamingKey.getParams().getHkdfHashType()), aesGcmHkdfStreamingKey.getParams().getDerivedKeySize(), aesGcmHkdfStreamingKey.getParams().getCiphertextSegmentSize(), 0);
            }
        });
    }

    public static /* synthetic */ KeyTemplate a() {
        return lambda$aes256GcmHkdf1MBTemplate$3();
    }

    public static final KeyTemplate aes128GcmHkdf1MBTemplate() {
        return (KeyTemplate) TinkBugException.exceptionIsBug(new a(10));
    }

    public static final KeyTemplate aes128GcmHkdf4KBTemplate() {
        return (KeyTemplate) TinkBugException.exceptionIsBug(new a(13));
    }

    public static final KeyTemplate aes256GcmHkdf1MBTemplate() {
        return (KeyTemplate) TinkBugException.exceptionIsBug(new a(11));
    }

    public static final KeyTemplate aes256GcmHkdf4KBTemplate() {
        return (KeyTemplate) TinkBugException.exceptionIsBug(new a(12));
    }

    public static /* synthetic */ KeyTemplate b() {
        return lambda$aes256GcmHkdf4KBTemplate$2();
    }

    public static /* synthetic */ KeyTemplate c() {
        return lambda$aes128GcmHkdf4KBTemplate$0();
    }

    @AccessesPartialKey
    public static AesGcmHkdfStreamingKey createAesGcmHkdfStreamingKeyFromRandomness(AesGcmHkdfStreamingParameters aesGcmHkdfStreamingParameters, InputStream inputStream, @Nullable Integer num, SecretKeyAccess secretKeyAccess) {
        return AesGcmHkdfStreamingKey.create(aesGcmHkdfStreamingParameters, Util.readIntoSecretBytes(inputStream, aesGcmHkdfStreamingParameters.getKeySizeBytes(), secretKeyAccess));
    }

    public static /* synthetic */ KeyTemplate d() {
        return lambda$aes128GcmHkdf1MBTemplate$1();
    }

    public static /* synthetic */ KeyTemplate lambda$aes128GcmHkdf1MBTemplate$1() {
        return KeyTemplate.createFrom(AesGcmHkdfStreamingParameters.builder().setKeySizeBytes(16).setDerivedAesGcmKeySizeBytes(16).setCiphertextSegmentSizeBytes(1048576).setHkdfHashType(AesGcmHkdfStreamingParameters.HashType.SHA256).build());
    }

    public static /* synthetic */ KeyTemplate lambda$aes128GcmHkdf4KBTemplate$0() {
        return KeyTemplate.createFrom(AesGcmHkdfStreamingParameters.builder().setKeySizeBytes(16).setDerivedAesGcmKeySizeBytes(16).setCiphertextSegmentSizeBytes(4096).setHkdfHashType(AesGcmHkdfStreamingParameters.HashType.SHA256).build());
    }

    public static /* synthetic */ KeyTemplate lambda$aes256GcmHkdf1MBTemplate$3() {
        return KeyTemplate.createFrom(AesGcmHkdfStreamingParameters.builder().setKeySizeBytes(32).setDerivedAesGcmKeySizeBytes(32).setCiphertextSegmentSizeBytes(1048576).setHkdfHashType(AesGcmHkdfStreamingParameters.HashType.SHA256).build());
    }

    public static /* synthetic */ KeyTemplate lambda$aes256GcmHkdf4KBTemplate$2() {
        return KeyTemplate.createFrom(AesGcmHkdfStreamingParameters.builder().setKeySizeBytes(32).setDerivedAesGcmKeySizeBytes(32).setCiphertextSegmentSizeBytes(4096).setHkdfHashType(AesGcmHkdfStreamingParameters.HashType.SHA256).build());
    }

    private static Map<String, Parameters> namedParameters() {
        HashMap hashMap = new HashMap();
        hashMap.put("AES128_GCM_HKDF_4KB", PredefinedStreamingAeadParameters.AES128_GCM_HKDF_4KB);
        hashMap.put("AES128_GCM_HKDF_1MB", PredefinedStreamingAeadParameters.AES128_GCM_HKDF_1MB);
        hashMap.put("AES256_GCM_HKDF_4KB", PredefinedStreamingAeadParameters.AES256_GCM_HKDF_4KB);
        hashMap.put("AES256_GCM_HKDF_1MB", PredefinedStreamingAeadParameters.AES256_GCM_HKDF_1MB);
        return Collections.unmodifiableMap(hashMap);
    }

    public static void register(boolean z3) {
        Registry.registerKeyManager(new AesGcmHkdfStreamingKeyManager(), z3);
        AesGcmHkdfStreamingProtoSerialization.register();
        MutableParametersRegistry.globalInstance().putAll(namedParameters());
        MutableKeyDerivationRegistry.globalInstance().add(KEY_DERIVER, AesGcmHkdfStreamingParameters.class);
        MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(AES_GCM_HKDF_STREAMING_AEAD_PRIMITIVE_CONSTRUCTOR);
    }

    public static void validateParams(AesGcmHkdfStreamingParams aesGcmHkdfStreamingParams) {
        Validators.validateAesKeySize(aesGcmHkdfStreamingParams.getDerivedKeySize());
        if (aesGcmHkdfStreamingParams.getHkdfHashType() != HashType.SHA1 && aesGcmHkdfStreamingParams.getHkdfHashType() != HashType.SHA256 && aesGcmHkdfStreamingParams.getHkdfHashType() != HashType.SHA512) {
            throw new GeneralSecurityException("Invalid HKDF hash type");
        }
        if (aesGcmHkdfStreamingParams.getCiphertextSegmentSize() < aesGcmHkdfStreamingParams.getDerivedKeySize() + 25) {
            throw new GeneralSecurityException("ciphertext_segment_size must be at least (derived_key_size + NONCE_PREFIX_IN_BYTES + TAG_SIZE_IN_BYTES + 2)");
        }
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public TinkFipsUtil.AlgorithmFipsCompatibility fipsStatus() {
        return TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_NOT_FIPS;
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey";
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public int getVersion() {
        return 0;
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public KeyTypeManager.KeyFactory<?, com.google.crypto.tink.proto.AesGcmHkdfStreamingKey> keyFactory() {
        return new KeyTypeManager.KeyFactory<AesGcmHkdfStreamingKeyFormat, com.google.crypto.tink.proto.AesGcmHkdfStreamingKey>(AesGcmHkdfStreamingKeyFormat.class) { // from class: com.google.crypto.tink.streamingaead.AesGcmHkdfStreamingKeyManager.2
            public AnonymousClass2(Class cls) {
                super(cls);
            }

            @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
            public com.google.crypto.tink.proto.AesGcmHkdfStreamingKey createKey(AesGcmHkdfStreamingKeyFormat aesGcmHkdfStreamingKeyFormat) {
                return com.google.crypto.tink.proto.AesGcmHkdfStreamingKey.newBuilder().setKeyValue(ByteString.copyFrom(Random.randBytes(aesGcmHkdfStreamingKeyFormat.getKeySize()))).setParams(aesGcmHkdfStreamingKeyFormat.getParams()).setVersion(AesGcmHkdfStreamingKeyManager.this.getVersion()).build();
            }

            @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
            public AesGcmHkdfStreamingKeyFormat parseKeyFormat(ByteString byteString) {
                return AesGcmHkdfStreamingKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
            }

            @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
            public void validateKeyFormat(AesGcmHkdfStreamingKeyFormat aesGcmHkdfStreamingKeyFormat) {
                if (aesGcmHkdfStreamingKeyFormat.getKeySize() < 16) {
                    throw new GeneralSecurityException("key_size must be at least 16 bytes");
                }
                AesGcmHkdfStreamingKeyManager.validateParams(aesGcmHkdfStreamingKeyFormat.getParams());
            }
        };
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public KeyData.KeyMaterialType keyMaterialType() {
        return KeyData.KeyMaterialType.SYMMETRIC;
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public com.google.crypto.tink.proto.AesGcmHkdfStreamingKey parseKey(ByteString byteString) {
        return com.google.crypto.tink.proto.AesGcmHkdfStreamingKey.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public void validateKey(com.google.crypto.tink.proto.AesGcmHkdfStreamingKey aesGcmHkdfStreamingKey) {
        Validators.validateVersion(aesGcmHkdfStreamingKey.getVersion(), getVersion());
        validateParams(aesGcmHkdfStreamingKey.getParams());
    }
}
