package com.google.crypto.tink.prf;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.KeyManager;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.Parameters;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.KeyManagerRegistry;
import com.google.crypto.tink.internal.LegacyKeyManagerImpl;
import com.google.crypto.tink.internal.MutableKeyCreationRegistry;
import com.google.crypto.tink.internal.MutableParametersRegistry;
import com.google.crypto.tink.internal.MutablePrimitiveRegistry;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.internal.TinkBugException;
import com.google.crypto.tink.prf.HkdfPrfParameters;
import com.google.crypto.tink.prf.internal.HkdfPrfProtoSerialization;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.subtle.prf.HkdfStreamingPrf;
import com.google.crypto.tink.subtle.prf.PrfImpl;
import com.google.crypto.tink.subtle.prf.StreamingPrf;
import com.google.crypto.tink.util.SecretBytes;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes5.dex */
public class HkdfPrfKeyManager {
    private static final int MIN_KEY_SIZE = 32;
    private static final PrimitiveConstructor<HkdfPrfKey, StreamingPrf> STREAMING_HKDF_PRF_CONSTRUCTOR = PrimitiveConstructor.create(new c(5), HkdfPrfKey.class, StreamingPrf.class);
    private static final PrimitiveConstructor<HkdfPrfKey, Prf> HKDF_PRF_CONSTRUCTOR = PrimitiveConstructor.create(new c(6), HkdfPrfKey.class, Prf.class);
    private static final KeyManager<Prf> legacyKeyManager = LegacyKeyManagerImpl.create(getKeyType(), Prf.class, KeyData.KeyMaterialType.SYMMETRIC, com.google.crypto.tink.proto.HkdfPrfKey.parser());
    static final MutableKeyCreationRegistry.KeyCreator<HkdfPrfParameters> KEY_CREATOR = new a(1);

    private HkdfPrfKeyManager() {
    }

    public static Prf createPrf(HkdfPrfKey hkdfPrfKey) throws GeneralSecurityException {
        return PrfImpl.wrap(createStreamingPrf(hkdfPrfKey));
    }

    public static StreamingPrf createStreamingPrf(HkdfPrfKey hkdfPrfKey) throws GeneralSecurityException {
        validate(hkdfPrfKey.getParameters());
        return HkdfStreamingPrf.create(hkdfPrfKey);
    }

    public static String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.HkdfPrfKey";
    }

    public static final KeyTemplate hkdfSha256Template() {
        return (KeyTemplate) TinkBugException.exceptionIsBug(new c(4));
    }

    public static /* synthetic */ KeyTemplate lambda$hkdfSha256Template$0() throws Exception {
        return KeyTemplate.createFrom(HkdfPrfParameters.builder().setKeySizeBytes(32).setHashType(HkdfPrfParameters.HashType.SHA256).build());
    }

    private static Map<String, Parameters> namedParameters() throws GeneralSecurityException {
        HashMap hashMap = new HashMap();
        hashMap.put("HKDF_SHA256", PredefinedPrfParameters.HKDF_SHA256);
        return Collections.unmodifiableMap(hashMap);
    }

    @AccessesPartialKey
    public static HkdfPrfKey newKey(HkdfPrfParameters hkdfPrfParameters, Integer num) throws GeneralSecurityException {
        if (num != null) {
            throw new GeneralSecurityException("Id Requirement is not supported for HKDF PRF keys");
        }
        validate(hkdfPrfParameters);
        return HkdfPrfKey.builder().setParameters(hkdfPrfParameters).setKeyBytes(SecretBytes.randomBytes(hkdfPrfParameters.getKeySizeBytes())).build();
    }

    public static void register(boolean z2) throws GeneralSecurityException {
        if (!TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_NOT_FIPS.isCompatible()) {
            throw new GeneralSecurityException("Registering HKDF PRF is not supported in FIPS mode");
        }
        HkdfPrfProtoSerialization.register();
        MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(HKDF_PRF_CONSTRUCTOR);
        MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(STREAMING_HKDF_PRF_CONSTRUCTOR);
        MutableKeyCreationRegistry.globalInstance().add(KEY_CREATOR, HkdfPrfParameters.class);
        MutableParametersRegistry.globalInstance().putAll(namedParameters());
        KeyManagerRegistry.globalInstance().registerKeyManager(legacyKeyManager, z2);
    }

    public static String staticKeyType() {
        return getKeyType();
    }

    private static void validate(HkdfPrfParameters hkdfPrfParameters) throws GeneralSecurityException {
        if (hkdfPrfParameters.getKeySizeBytes() < 32) {
            throw new GeneralSecurityException("Key size must be at least 32");
        }
        if (hkdfPrfParameters.getHashType() != HkdfPrfParameters.HashType.SHA256 && hkdfPrfParameters.getHashType() != HkdfPrfParameters.HashType.SHA512) {
            throw new GeneralSecurityException("Hash type must be SHA256 or SHA512");
        }
    }
}
