package com.google.crypto.tink.streamingaead;

import com.google.crypto.tink.KeyManager;
import com.google.crypto.tink.proto.AesGcmHkdfStreamingKey;
import com.google.crypto.tink.proto.AesGcmHkdfStreamingKeyFormat;
import com.google.crypto.tink.proto.AesGcmHkdfStreamingParams;
import com.google.crypto.tink.proto.HashType;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.subtle.AesGcmHkdfStreaming;
import com.google.crypto.tink.subtle.NonceBasedStreamingAead;
import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.Validators;
import com.google.protobuf.ByteString;
import com.google.protobuf.GeneratedMessageLite;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.MessageLite;
import java.security.GeneralSecurityException;

/* loaded from: classes2.dex */
public final class AesGcmHkdfStreamingKeyManager implements KeyManager<NonceBasedStreamingAead> {
    public static void validate(AesGcmHkdfStreamingParams aesGcmHkdfStreamingParams) throws GeneralSecurityException {
        Validators.validateAesKeySize(aesGcmHkdfStreamingParams.derivedKeySize_);
        HashType forNumber = HashType.forNumber(aesGcmHkdfStreamingParams.hkdfHashType_);
        if (forNumber == null) {
            forNumber = HashType.UNRECOGNIZED;
        }
        if (forNumber == HashType.UNKNOWN_HASH) {
            throw new GeneralSecurityException("unknown HKDF hash type");
        }
        if (aesGcmHkdfStreamingParams.ciphertextSegmentSize_ < aesGcmHkdfStreamingParams.derivedKeySize_ + 8) {
            throw new GeneralSecurityException("ciphertext_segment_size must be at least (derived_key_size + 8)");
        }
    }

    @Override // com.google.crypto.tink.KeyManager
    public final String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey";
    }

    @Override // com.google.crypto.tink.KeyManager
    /* renamed from: getPrimitive */
    public final NonceBasedStreamingAead mo851getPrimitive(GeneratedMessageLite generatedMessageLite) throws GeneralSecurityException {
        if (!(generatedMessageLite instanceof AesGcmHkdfStreamingKey)) {
            throw new GeneralSecurityException("expected AesGcmHkdfStreamingKey proto");
        }
        AesGcmHkdfStreamingKey aesGcmHkdfStreamingKey = (AesGcmHkdfStreamingKey) generatedMessageLite;
        Validators.validateVersion(aesGcmHkdfStreamingKey.version_);
        validate(aesGcmHkdfStreamingKey.getParams());
        byte[] byteArray = aesGcmHkdfStreamingKey.keyValue_.toByteArray();
        HashType forNumber = HashType.forNumber(aesGcmHkdfStreamingKey.getParams().hkdfHashType_);
        if (forNumber == null) {
            forNumber = HashType.UNRECOGNIZED;
        }
        StreamingAeadUtil.toHmacAlgo(forNumber);
        return new AesGcmHkdfStreaming(byteArray, aesGcmHkdfStreamingKey.getParams().derivedKeySize_, aesGcmHkdfStreamingKey.getParams().ciphertextSegmentSize_);
    }

    @Override // com.google.crypto.tink.KeyManager
    public final NonceBasedStreamingAead getPrimitive(ByteString byteString) throws GeneralSecurityException {
        try {
            return mo851getPrimitive(GeneratedMessageLite.parseFrom(AesGcmHkdfStreamingKey.DEFAULT_INSTANCE, byteString));
        } catch (InvalidProtocolBufferException unused) {
            throw new GeneralSecurityException("expected AesGcmHkdfStreamingKey proto");
        }
    }

    @Override // com.google.crypto.tink.KeyManager
    public final MessageLite newKey(ByteString byteString) throws GeneralSecurityException {
        try {
            return newKey((AesGcmHkdfStreamingKeyFormat) GeneratedMessageLite.parseFrom(AesGcmHkdfStreamingKeyFormat.DEFAULT_INSTANCE, byteString));
        } catch (InvalidProtocolBufferException e) {
            throw new GeneralSecurityException("expected serialized AesGcmHkdfStreamingKeyFormat proto", e);
        }
    }

    @Override // com.google.crypto.tink.KeyManager
    public final MessageLite newKey(GeneratedMessageLite generatedMessageLite) throws GeneralSecurityException {
        if (!(generatedMessageLite instanceof AesGcmHkdfStreamingKeyFormat)) {
            throw new GeneralSecurityException("expected AesGcmHkdfStreamingKeyFormat proto");
        }
        AesGcmHkdfStreamingKeyFormat aesGcmHkdfStreamingKeyFormat = (AesGcmHkdfStreamingKeyFormat) generatedMessageLite;
        if (aesGcmHkdfStreamingKeyFormat.keySize_ < 16) {
            throw new GeneralSecurityException("key_size must be at least 16 bytes");
        }
        AesGcmHkdfStreamingParams aesGcmHkdfStreamingParams = aesGcmHkdfStreamingKeyFormat.params_;
        if (aesGcmHkdfStreamingParams == null) {
            aesGcmHkdfStreamingParams = AesGcmHkdfStreamingParams.DEFAULT_INSTANCE;
        }
        validate(aesGcmHkdfStreamingParams);
        AesGcmHkdfStreamingKey.Builder builder = AesGcmHkdfStreamingKey.DEFAULT_INSTANCE.toBuilder();
        byte[] randBytes = Random.randBytes(aesGcmHkdfStreamingKeyFormat.keySize_);
        ByteString.LiteralByteString copyFrom = ByteString.copyFrom(0, randBytes.length, randBytes);
        builder.copyOnWrite();
        AesGcmHkdfStreamingKey aesGcmHkdfStreamingKey = (AesGcmHkdfStreamingKey) builder.instance;
        aesGcmHkdfStreamingKey.getClass();
        aesGcmHkdfStreamingKey.keyValue_ = copyFrom;
        AesGcmHkdfStreamingParams aesGcmHkdfStreamingParams2 = aesGcmHkdfStreamingKeyFormat.params_;
        if (aesGcmHkdfStreamingParams2 == null) {
            aesGcmHkdfStreamingParams2 = AesGcmHkdfStreamingParams.DEFAULT_INSTANCE;
        }
        builder.copyOnWrite();
        AesGcmHkdfStreamingKey aesGcmHkdfStreamingKey2 = (AesGcmHkdfStreamingKey) builder.instance;
        aesGcmHkdfStreamingKey2.getClass();
        aesGcmHkdfStreamingParams2.getClass();
        aesGcmHkdfStreamingKey2.params_ = aesGcmHkdfStreamingParams2;
        builder.copyOnWrite();
        ((AesGcmHkdfStreamingKey) builder.instance).version_ = 0;
        return builder.build();
    }

    @Override // com.google.crypto.tink.KeyManager
    public final KeyData newKeyData(ByteString byteString) throws GeneralSecurityException {
        AesGcmHkdfStreamingKey aesGcmHkdfStreamingKey = (AesGcmHkdfStreamingKey) newKey(byteString);
        KeyData.Builder newBuilder = KeyData.newBuilder();
        newBuilder.setTypeUrl("type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey");
        newBuilder.setValue(aesGcmHkdfStreamingKey.toByteString());
        newBuilder.setKeyMaterialType(KeyData.KeyMaterialType.SYMMETRIC);
        return newBuilder.build();
    }
}
