package com.google.crypto.tink.jwt;

import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.internal.KeyTypeManager;
import com.google.crypto.tink.internal.PrimitiveFactory;
import com.google.crypto.tink.internal.PrivateKeyTypeManager;
import com.google.crypto.tink.proto.JwtRsaSsaPssAlgorithm;
import com.google.crypto.tink.proto.JwtRsaSsaPssKeyFormat;
import com.google.crypto.tink.proto.JwtRsaSsaPssPrivateKey;
import com.google.crypto.tink.proto.JwtRsaSsaPssPublicKey;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.EngineFactory;
import com.google.crypto.tink.subtle.Enums;
import com.google.crypto.tink.subtle.RsaSsaPssSignJce;
import com.google.crypto.tink.subtle.SelfKeyTestValidators;
import com.google.crypto.tink.subtle.Validators;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;

/* loaded from: classes8.dex */
public final class JwtRsaSsaPssSignKeyManager extends PrivateKeyTypeManager<JwtRsaSsaPssPrivateKey, JwtRsaSsaPssPublicKey> {

    /* loaded from: classes8.dex */
    private static class JwtPublicKeySignFactory extends PrimitiveFactory<JwtPublicKeySignInternal, JwtRsaSsaPssPrivateKey> {
        public JwtPublicKeySignFactory() {
            super(JwtPublicKeySignInternal.class);
        }

        @Override // com.google.crypto.tink.internal.PrimitiveFactory
        /* renamed from: c, reason: merged with bridge method [inline-methods] */
        public JwtPublicKeySignInternal a(JwtRsaSsaPssPrivateKey jwtRsaSsaPssPrivateKey) throws GeneralSecurityException {
            RSAPrivateCrtKey r = JwtRsaSsaPssSignKeyManager.r(jwtRsaSsaPssPrivateKey);
            JwtRsaSsaPssSignKeyManager.v(r, jwtRsaSsaPssPrivateKey);
            JwtRsaSsaPssAlgorithm algorithm = jwtRsaSsaPssPrivateKey.e().getAlgorithm();
            Enums.HashType n = JwtRsaSsaPssVerifyKeyManager.n(algorithm);
            final RsaSsaPssSignJce rsaSsaPssSignJce = new RsaSsaPssSignJce(r, n, n, JwtRsaSsaPssVerifyKeyManager.p(algorithm));
            final String name = algorithm.name();
            final Optional of = jwtRsaSsaPssPrivateKey.e().w() ? Optional.of(jwtRsaSsaPssPrivateKey.e().r().getValue()) : Optional.empty();
            return new JwtPublicKeySignInternal() { // from class: com.google.crypto.tink.jwt.JwtRsaSsaPssSignKeyManager.JwtPublicKeySignFactory.1
                @Override // com.google.crypto.tink.jwt.JwtPublicKeySignInternal
                public String a(RawJwt rawJwt, Optional<String> optional) throws GeneralSecurityException {
                    if (of.isPresent()) {
                        if (optional.isPresent()) {
                            throw new JwtInvalidException("custom_kid can only be set for RAW keys.");
                        }
                        optional = of;
                    }
                    String c = JwtFormat.c(name, optional, rawJwt);
                    return JwtFormat.b(c, rsaSsaPssSignJce.a(c.getBytes(StandardCharsets.US_ASCII)));
                }
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtRsaSsaPssSignKeyManager() {
        super(JwtRsaSsaPssPrivateKey.class, JwtRsaSsaPssPublicKey.class, new JwtPublicKeySignFactory());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyTypeManager.KeyFactory.KeyFormat<JwtRsaSsaPssKeyFormat> q(JwtRsaSsaPssAlgorithm jwtRsaSsaPssAlgorithm, int i, BigInteger bigInteger, KeyTemplate.OutputPrefixType outputPrefixType) {
        return new KeyTypeManager.KeyFactory.KeyFormat<>(JwtRsaSsaPssKeyFormat.C4().L4(jwtRsaSsaPssAlgorithm).N4(i).O4(ByteString.copyFrom(bigInteger.toByteArray())).build(), outputPrefixType);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final RSAPrivateCrtKey r(JwtRsaSsaPssPrivateKey jwtRsaSsaPssPrivateKey) throws GeneralSecurityException {
        return (RSAPrivateCrtKey) EngineFactory.h.a("RSA").generatePrivate(new RSAPrivateCrtKeySpec(new BigInteger(1, jwtRsaSsaPssPrivateKey.e().B().toByteArray()), new BigInteger(1, jwtRsaSsaPssPrivateKey.e().p().toByteArray()), new BigInteger(1, jwtRsaSsaPssPrivateKey.s().toByteArray()), new BigInteger(1, jwtRsaSsaPssPrivateKey.C().toByteArray()), new BigInteger(1, jwtRsaSsaPssPrivateKey.D().toByteArray()), new BigInteger(1, jwtRsaSsaPssPrivateKey.y().toByteArray()), new BigInteger(1, jwtRsaSsaPssPrivateKey.A().toByteArray()), new BigInteger(1, jwtRsaSsaPssPrivateKey.x().toByteArray())));
    }

    public static void u(boolean z) throws GeneralSecurityException {
        Registry.A(new JwtRsaSsaPssSignKeyManager(), new JwtRsaSsaPssVerifyKeyManager(), z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final void v(RSAPrivateCrtKey rSAPrivateCrtKey, JwtRsaSsaPssPrivateKey jwtRsaSsaPssPrivateKey) throws GeneralSecurityException {
        RSAPublicKey rSAPublicKey = (RSAPublicKey) EngineFactory.h.a("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, jwtRsaSsaPssPrivateKey.e().B().toByteArray()), new BigInteger(1, jwtRsaSsaPssPrivateKey.e().p().toByteArray())));
        JwtRsaSsaPssAlgorithm algorithm = jwtRsaSsaPssPrivateKey.e().getAlgorithm();
        Enums.HashType n = JwtRsaSsaPssVerifyKeyManager.n(algorithm);
        SelfKeyTestValidators.c(rSAPrivateCrtKey, rSAPublicKey, n, n, JwtRsaSsaPssVerifyKeyManager.p(algorithm));
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public String d() {
        return "type.googleapis.com/google.crypto.tink.JwtRsaSsaPssPrivateKey";
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public int f() {
        return 0;
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public KeyTypeManager.KeyFactory<JwtRsaSsaPssKeyFormat, JwtRsaSsaPssPrivateKey> g() {
        return new KeyTypeManager.KeyFactory<JwtRsaSsaPssKeyFormat, JwtRsaSsaPssPrivateKey>(JwtRsaSsaPssKeyFormat.class) { // from class: com.google.crypto.tink.jwt.JwtRsaSsaPssSignKeyManager.1
            @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
            public Map<String, KeyTypeManager.KeyFactory.KeyFormat<JwtRsaSsaPssKeyFormat>> d() {
                HashMap hashMap = new HashMap();
                JwtRsaSsaPssAlgorithm jwtRsaSsaPssAlgorithm = JwtRsaSsaPssAlgorithm.PS256;
                BigInteger bigInteger = RSAKeyGenParameterSpec.F4;
                KeyTemplate.OutputPrefixType outputPrefixType = KeyTemplate.OutputPrefixType.RAW;
                hashMap.put("JWT_PS256_2048_F4_RAW", JwtRsaSsaPssSignKeyManager.q(jwtRsaSsaPssAlgorithm, 2048, bigInteger, outputPrefixType));
                BigInteger bigInteger2 = RSAKeyGenParameterSpec.F4;
                KeyTemplate.OutputPrefixType outputPrefixType2 = KeyTemplate.OutputPrefixType.TINK;
                hashMap.put("JWT_PS256_2048_F4", JwtRsaSsaPssSignKeyManager.q(jwtRsaSsaPssAlgorithm, 2048, bigInteger2, outputPrefixType2));
                hashMap.put("JWT_PS256_3072_F4_RAW", JwtRsaSsaPssSignKeyManager.q(jwtRsaSsaPssAlgorithm, 3072, RSAKeyGenParameterSpec.F4, outputPrefixType));
                hashMap.put("JWT_PS256_3072_F4", JwtRsaSsaPssSignKeyManager.q(jwtRsaSsaPssAlgorithm, 3072, RSAKeyGenParameterSpec.F4, outputPrefixType2));
                JwtRsaSsaPssAlgorithm jwtRsaSsaPssAlgorithm2 = JwtRsaSsaPssAlgorithm.PS384;
                hashMap.put("JWT_PS384_3072_F4_RAW", JwtRsaSsaPssSignKeyManager.q(jwtRsaSsaPssAlgorithm2, 3072, RSAKeyGenParameterSpec.F4, outputPrefixType));
                hashMap.put("JWT_PS384_3072_F4", JwtRsaSsaPssSignKeyManager.q(jwtRsaSsaPssAlgorithm2, 3072, RSAKeyGenParameterSpec.F4, outputPrefixType2));
                JwtRsaSsaPssAlgorithm jwtRsaSsaPssAlgorithm3 = JwtRsaSsaPssAlgorithm.PS512;
                hashMap.put("JWT_PS512_4096_F4_RAW", JwtRsaSsaPssSignKeyManager.q(jwtRsaSsaPssAlgorithm3, 4096, RSAKeyGenParameterSpec.F4, outputPrefixType));
                hashMap.put("JWT_PS512_4096_F4", JwtRsaSsaPssSignKeyManager.q(jwtRsaSsaPssAlgorithm3, 4096, RSAKeyGenParameterSpec.F4, outputPrefixType2));
                return Collections.unmodifiableMap(hashMap);
            }

            @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
            /* renamed from: h, reason: merged with bridge method [inline-methods] */
            public JwtRsaSsaPssPrivateKey a(JwtRsaSsaPssKeyFormat jwtRsaSsaPssKeyFormat) throws GeneralSecurityException {
                JwtRsaSsaPssAlgorithm algorithm = jwtRsaSsaPssKeyFormat.getAlgorithm();
                KeyPairGenerator a = EngineFactory.g.a("RSA");
                a.initialize(new RSAKeyGenParameterSpec(jwtRsaSsaPssKeyFormat.u(), new BigInteger(1, jwtRsaSsaPssKeyFormat.getPublicExponent().toByteArray())));
                KeyPair generateKeyPair = a.generateKeyPair();
                RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) generateKeyPair.getPrivate();
                return JwtRsaSsaPssPrivateKey.P4().Y4(JwtRsaSsaPssSignKeyManager.this.f()).W4(JwtRsaSsaPssPublicKey.H4().T4(JwtRsaSsaPssSignKeyManager.this.f()).N4(algorithm).R4(ByteString.copyFrom(rSAPublicKey.getPublicExponent().toByteArray())).S4(ByteString.copyFrom(rSAPublicKey.getModulus().toByteArray())).build()).R4(ByteString.copyFrom(rSAPrivateCrtKey.getPrivateExponent().toByteArray())).U4(ByteString.copyFrom(rSAPrivateCrtKey.getPrimeP().toByteArray())).X4(ByteString.copyFrom(rSAPrivateCrtKey.getPrimeQ().toByteArray())).S4(ByteString.copyFrom(rSAPrivateCrtKey.getPrimeExponentP().toByteArray())).T4(ByteString.copyFrom(rSAPrivateCrtKey.getPrimeExponentQ().toByteArray())).Q4(ByteString.copyFrom(rSAPrivateCrtKey.getCrtCoefficient().toByteArray())).build();
            }

            @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
            /* renamed from: i, reason: merged with bridge method [inline-methods] */
            public JwtRsaSsaPssPrivateKey b(JwtRsaSsaPssKeyFormat jwtRsaSsaPssKeyFormat, InputStream inputStream) {
                throw new UnsupportedOperationException();
            }

            @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
            /* renamed from: j, reason: merged with bridge method [inline-methods] */
            public JwtRsaSsaPssKeyFormat e(ByteString byteString) throws InvalidProtocolBufferException {
                return JwtRsaSsaPssKeyFormat.H4(byteString, ExtensionRegistryLite.d());
            }

            @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
            /* renamed from: k, reason: merged with bridge method [inline-methods] */
            public void g(JwtRsaSsaPssKeyFormat jwtRsaSsaPssKeyFormat) throws GeneralSecurityException {
                Validators.f(jwtRsaSsaPssKeyFormat.u());
                Validators.g(new BigInteger(1, jwtRsaSsaPssKeyFormat.getPublicExponent().toByteArray()));
            }
        };
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public KeyData.KeyMaterialType h() {
        return KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE;
    }

    @Override // com.google.crypto.tink.internal.PrivateKeyTypeManager
    /* renamed from: s, reason: merged with bridge method [inline-methods] */
    public JwtRsaSsaPssPublicKey l(JwtRsaSsaPssPrivateKey jwtRsaSsaPssPrivateKey) {
        return jwtRsaSsaPssPrivateKey.e();
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    /* renamed from: t, reason: merged with bridge method [inline-methods] */
    public JwtRsaSsaPssPrivateKey i(ByteString byteString) throws InvalidProtocolBufferException {
        return JwtRsaSsaPssPrivateKey.U4(byteString, ExtensionRegistryLite.d());
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    /* renamed from: w, reason: merged with bridge method [inline-methods] */
    public void k(JwtRsaSsaPssPrivateKey jwtRsaSsaPssPrivateKey) throws GeneralSecurityException {
        Validators.j(jwtRsaSsaPssPrivateKey.getVersion(), f());
        Validators.f(new BigInteger(1, jwtRsaSsaPssPrivateKey.e().B().toByteArray()).bitLength());
        Validators.g(new BigInteger(1, jwtRsaSsaPssPrivateKey.e().p().toByteArray()));
    }
}
