package com.google.crypto.tink.jwt;

import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.KeyManager;
import com.google.crypto.tink.Parameters;
import com.google.crypto.tink.PrivateKeyManager;
import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.KeyManagerRegistry;
import com.google.crypto.tink.internal.LegacyKeyManagerImpl;
import com.google.crypto.tink.internal.MutableKeyCreationRegistry;
import com.google.crypto.tink.internal.MutableParametersRegistry;
import com.google.crypto.tink.internal.MutablePrimitiveRegistry;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.jwt.JwtEcdsaParameters;
import com.google.crypto.tink.jwt.JwtEcdsaPublicKey;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.signature.EcdsaPrivateKey;
import com.google.crypto.tink.subtle.EcdsaSignJce;
import com.google.crypto.tink.subtle.EllipticCurves;
import com.google.crypto.tink.util.SecretBigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes.dex */
public final class JwtEcdsaSignKeyManager {
    private static final PrivateKeyManager legacyPrivateKeyManager = LegacyKeyManagerImpl.createPrivateKeyManager(getKeyType(), Void.class, com.google.crypto.tink.proto.JwtEcdsaPrivateKey.parser());
    private static final KeyManager legacyPublicKeyManager = LegacyKeyManagerImpl.create(JwtEcdsaVerifyKeyManager.getKeyType(), Void.class, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, com.google.crypto.tink.proto.JwtEcdsaPublicKey.parser());
    private static final PrimitiveConstructor PRIMITIVE_CONSTRUCTOR = PrimitiveConstructor.create(new PrimitiveConstructor.PrimitiveConstructionFunction() { // from class: com.google.crypto.tink.jwt.JwtEcdsaSignKeyManager$$ExternalSyntheticLambda0
        @Override // com.google.crypto.tink.internal.PrimitiveConstructor.PrimitiveConstructionFunction
        public final Object constructPrimitive(Key key) {
            return JwtEcdsaSignKeyManager.createFullPrimitive((JwtEcdsaPrivateKey) key);
        }
    }, JwtEcdsaPrivateKey.class, JwtPublicKeySign.class);
    private static final MutableKeyCreationRegistry.KeyCreator KEY_CREATOR = new MutableKeyCreationRegistry.KeyCreator() { // from class: com.google.crypto.tink.jwt.JwtEcdsaSignKeyManager$$ExternalSyntheticLambda1
        @Override // com.google.crypto.tink.internal.MutableKeyCreationRegistry.KeyCreator
        public final Key createKey(Parameters parameters, Integer num) {
            JwtEcdsaPrivateKey createKey;
            createKey = JwtEcdsaSignKeyManager.createKey((JwtEcdsaParameters) parameters, num);
            return createKey;
        }
    };
    private static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;

    private JwtEcdsaSignKeyManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwtPublicKeySign createFullPrimitive(final JwtEcdsaPrivateKey jwtEcdsaPrivateKey) {
        final PublicKeySign create = EcdsaSignJce.create(toEcdsaPrivateKey(jwtEcdsaPrivateKey));
        final String standardName = jwtEcdsaPrivateKey.getParameters().getAlgorithm().getStandardName();
        return new JwtPublicKeySign() { // from class: com.google.crypto.tink.jwt.JwtEcdsaSignKeyManager.1
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static JwtEcdsaPrivateKey createKey(JwtEcdsaParameters jwtEcdsaParameters, Integer num) {
        KeyPair generateKeyPair = EllipticCurves.generateKeyPair(jwtEcdsaParameters.getAlgorithm().getECParameterSpec());
        ECPublicKey eCPublicKey = (ECPublicKey) generateKeyPair.getPublic();
        ECPrivateKey eCPrivateKey = (ECPrivateKey) generateKeyPair.getPrivate();
        JwtEcdsaPublicKey.Builder publicPoint = JwtEcdsaPublicKey.builder().setParameters(jwtEcdsaParameters).setPublicPoint(eCPublicKey.getW());
        if (num != null) {
            publicPoint.setIdRequirement(num);
        }
        return JwtEcdsaPrivateKey.create(publicPoint.build(), SecretBigInteger.fromBigInteger(eCPrivateKey.getS(), InsecureSecretKeyAccess.get()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.JwtEcdsaPrivateKey";
    }

    private static Map namedParameters() {
        HashMap hashMap = new HashMap();
        JwtEcdsaParameters.Builder builder = JwtEcdsaParameters.builder();
        JwtEcdsaParameters.Algorithm algorithm = JwtEcdsaParameters.Algorithm.ES256;
        JwtEcdsaParameters.Builder algorithm2 = builder.setAlgorithm(algorithm);
        JwtEcdsaParameters.KidStrategy kidStrategy = JwtEcdsaParameters.KidStrategy.IGNORED;
        hashMap.put("JWT_ES256_RAW", algorithm2.setKidStrategy(kidStrategy).build());
        JwtEcdsaParameters.Builder algorithm3 = JwtEcdsaParameters.builder().setAlgorithm(algorithm);
        JwtEcdsaParameters.KidStrategy kidStrategy2 = JwtEcdsaParameters.KidStrategy.BASE64_ENCODED_KEY_ID;
        hashMap.put("JWT_ES256", algorithm3.setKidStrategy(kidStrategy2).build());
        JwtEcdsaParameters.Builder builder2 = JwtEcdsaParameters.builder();
        JwtEcdsaParameters.Algorithm algorithm4 = JwtEcdsaParameters.Algorithm.ES384;
        hashMap.put("JWT_ES384_RAW", builder2.setAlgorithm(algorithm4).setKidStrategy(kidStrategy).build());
        hashMap.put("JWT_ES384", JwtEcdsaParameters.builder().setAlgorithm(algorithm4).setKidStrategy(kidStrategy2).build());
        JwtEcdsaParameters.Builder builder3 = JwtEcdsaParameters.builder();
        JwtEcdsaParameters.Algorithm algorithm5 = JwtEcdsaParameters.Algorithm.ES512;
        hashMap.put("JWT_ES512_RAW", builder3.setAlgorithm(algorithm5).setKidStrategy(kidStrategy).build());
        hashMap.put("JWT_ES512", JwtEcdsaParameters.builder().setAlgorithm(algorithm5).setKidStrategy(kidStrategy2).build());
        return Collections.unmodifiableMap(hashMap);
    }

    public static void registerPair(boolean z) {
        TinkFipsUtil.AlgorithmFipsCompatibility algorithmFipsCompatibility = FIPS;
        if (!algorithmFipsCompatibility.isCompatible()) {
            throw new GeneralSecurityException("Can not use ECDSA in FIPS-mode, as BoringCrypto module is not available.");
        }
        KeyManagerRegistry.globalInstance().registerKeyManagerWithFipsCompatibility(legacyPrivateKeyManager, algorithmFipsCompatibility, z);
        KeyManagerRegistry.globalInstance().registerKeyManagerWithFipsCompatibility(legacyPublicKeyManager, algorithmFipsCompatibility, false);
        MutableKeyCreationRegistry.globalInstance().add(KEY_CREATOR, JwtEcdsaParameters.class);
        JwtEcdsaProtoSerialization.register();
        MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(JwtEcdsaVerifyKeyManager.PRIMITIVE_CONSTRUCTOR);
        MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(PRIMITIVE_CONSTRUCTOR);
        MutableParametersRegistry.globalInstance().putAll(namedParameters());
    }

    private static EcdsaPrivateKey toEcdsaPrivateKey(JwtEcdsaPrivateKey jwtEcdsaPrivateKey) {
        return EcdsaPrivateKey.builder().setPublicKey(JwtEcdsaVerifyKeyManager.toEcdsaPublicKey(jwtEcdsaPrivateKey.getPublicKey())).setPrivateValue(jwtEcdsaPrivateKey.getPrivateValue()).build();
    }
}
