package com.google.crypto.tink.jwt;

import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.internal.KeyTypeManager;
import com.google.crypto.tink.internal.PrimitiveFactory;
import com.google.crypto.tink.internal.PrivateKeyTypeManager;
import com.google.crypto.tink.proto.JwtEcdsaAlgorithm;
import com.google.crypto.tink.proto.JwtEcdsaKeyFormat;
import com.google.crypto.tink.proto.JwtEcdsaPrivateKey;
import com.google.crypto.tink.proto.JwtEcdsaPublicKey;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.EcdsaSignJce;
import com.google.crypto.tink.subtle.EllipticCurves;
import com.google.crypto.tink.subtle.SelfKeyTestValidators;
import com.google.crypto.tink.subtle.Validators;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;

/* loaded from: classes3.dex */
public final class JwtEcdsaSignKeyManager extends PrivateKeyTypeManager<JwtEcdsaPrivateKey, JwtEcdsaPublicKey> {

    /* loaded from: classes3.dex */
    class a extends KeyTypeManager.KeyFactory {
        a(Class cls) {
            super(cls);
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public JwtEcdsaPrivateKey createKey(JwtEcdsaKeyFormat jwtEcdsaKeyFormat) {
            JwtEcdsaAlgorithm algorithm = jwtEcdsaKeyFormat.getAlgorithm();
            KeyPair generateKeyPair = EllipticCurves.generateKeyPair(com.google.crypto.tink.jwt.b.a(jwtEcdsaKeyFormat.getAlgorithm()));
            ECPublicKey eCPublicKey = (ECPublicKey) generateKeyPair.getPublic();
            ECPrivateKey eCPrivateKey = (ECPrivateKey) generateKeyPair.getPrivate();
            ECPoint w2 = eCPublicKey.getW();
            return JwtEcdsaPrivateKey.newBuilder().setVersion(JwtEcdsaSignKeyManager.this.getVersion()).setPublicKey(JwtEcdsaPublicKey.newBuilder().setVersion(JwtEcdsaSignKeyManager.this.getVersion()).setAlgorithm(algorithm).setX(ByteString.copyFrom(w2.getAffineX().toByteArray())).setY(ByteString.copyFrom(w2.getAffineY().toByteArray())).build()).setKeyValue(ByteString.copyFrom(eCPrivateKey.getS().toByteArray())).build();
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public JwtEcdsaPrivateKey deriveKey(JwtEcdsaKeyFormat jwtEcdsaKeyFormat, InputStream inputStream) {
            throw new UnsupportedOperationException();
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        /* renamed from: c, reason: merged with bridge method [inline-methods] */
        public JwtEcdsaKeyFormat parseKeyFormat(ByteString byteString) {
            return JwtEcdsaKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        /* renamed from: d, reason: merged with bridge method [inline-methods] */
        public void validateKeyFormat(JwtEcdsaKeyFormat jwtEcdsaKeyFormat) {
            com.google.crypto.tink.jwt.b.d(jwtEcdsaKeyFormat.getAlgorithm());
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public Map keyFormats() {
            HashMap hashMap = new HashMap();
            JwtEcdsaAlgorithm jwtEcdsaAlgorithm = JwtEcdsaAlgorithm.ES256;
            KeyTemplate.OutputPrefixType outputPrefixType = KeyTemplate.OutputPrefixType.RAW;
            hashMap.put("JWT_ES256_RAW", JwtEcdsaSignKeyManager.b(jwtEcdsaAlgorithm, outputPrefixType));
            KeyTemplate.OutputPrefixType outputPrefixType2 = KeyTemplate.OutputPrefixType.TINK;
            hashMap.put("JWT_ES256", JwtEcdsaSignKeyManager.b(jwtEcdsaAlgorithm, outputPrefixType2));
            JwtEcdsaAlgorithm jwtEcdsaAlgorithm2 = JwtEcdsaAlgorithm.ES384;
            hashMap.put("JWT_ES384_RAW", JwtEcdsaSignKeyManager.b(jwtEcdsaAlgorithm2, outputPrefixType));
            hashMap.put("JWT_ES384", JwtEcdsaSignKeyManager.b(jwtEcdsaAlgorithm2, outputPrefixType2));
            JwtEcdsaAlgorithm jwtEcdsaAlgorithm3 = JwtEcdsaAlgorithm.ES512;
            hashMap.put("JWT_ES512_RAW", JwtEcdsaSignKeyManager.b(jwtEcdsaAlgorithm3, outputPrefixType));
            hashMap.put("JWT_ES512", JwtEcdsaSignKeyManager.b(jwtEcdsaAlgorithm3, outputPrefixType2));
            return Collections.unmodifiableMap(hashMap);
        }
    }

    /* loaded from: classes3.dex */
    private static class b extends PrimitiveFactory {

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes3.dex */
        public class a implements JwtPublicKeySignInternal {

            /* renamed from: a, reason: collision with root package name */
            final /* synthetic */ Optional f19426a;

            /* renamed from: b, reason: collision with root package name */
            final /* synthetic */ String f19427b;

            /* renamed from: c, reason: collision with root package name */
            final /* synthetic */ EcdsaSignJce f19428c;

            a(Optional optional, String str, EcdsaSignJce ecdsaSignJce) {
                this.f19426a = optional;
                this.f19427b = str;
                this.f19428c = ecdsaSignJce;
            }

            @Override // com.google.crypto.tink.jwt.JwtPublicKeySignInternal
            public String signAndEncodeWithKid(RawJwt rawJwt, Optional optional) {
                if (this.f19426a.isPresent()) {
                    if (optional.isPresent()) {
                        throw new JwtInvalidException("custom_kid can only be set for RAW keys.");
                    }
                    optional = this.f19426a;
                }
                String c2 = c.c(this.f19427b, optional, rawJwt);
                return c.b(c2, this.f19428c.sign(c2.getBytes(StandardCharsets.US_ASCII)));
            }
        }

        public b() {
            super(JwtPublicKeySignInternal.class);
        }

        private static final void c(ECPrivateKey eCPrivateKey, JwtEcdsaPrivateKey jwtEcdsaPrivateKey) {
            SelfKeyTestValidators.validateEcdsa(eCPrivateKey, EllipticCurves.getEcPublicKey(com.google.crypto.tink.jwt.b.a(jwtEcdsaPrivateKey.getPublicKey().getAlgorithm()), jwtEcdsaPrivateKey.getPublicKey().getX().toByteArray(), jwtEcdsaPrivateKey.getPublicKey().getY().toByteArray()), com.google.crypto.tink.jwt.b.b(jwtEcdsaPrivateKey.getPublicKey().getAlgorithm()), EllipticCurves.EcdsaEncoding.IEEE_P1363);
        }

        @Override // com.google.crypto.tink.internal.PrimitiveFactory
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public JwtPublicKeySignInternal getPrimitive(JwtEcdsaPrivateKey jwtEcdsaPrivateKey) {
            ECPrivateKey ecPrivateKey = EllipticCurves.getEcPrivateKey(com.google.crypto.tink.jwt.b.a(jwtEcdsaPrivateKey.getPublicKey().getAlgorithm()), jwtEcdsaPrivateKey.getKeyValue().toByteArray());
            c(ecPrivateKey, jwtEcdsaPrivateKey);
            JwtEcdsaAlgorithm algorithm = jwtEcdsaPrivateKey.getPublicKey().getAlgorithm();
            EcdsaSignJce ecdsaSignJce = new EcdsaSignJce(ecPrivateKey, com.google.crypto.tink.jwt.b.b(algorithm), EllipticCurves.EcdsaEncoding.IEEE_P1363);
            return new a(jwtEcdsaPrivateKey.getPublicKey().hasCustomKid() ? Optional.of(jwtEcdsaPrivateKey.getPublicKey().getCustomKid().getValue()) : Optional.empty(), algorithm.name(), ecdsaSignJce);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtEcdsaSignKeyManager() {
        super(JwtEcdsaPrivateKey.class, JwtEcdsaPublicKey.class, new b());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyTypeManager.KeyFactory.KeyFormat b(JwtEcdsaAlgorithm jwtEcdsaAlgorithm, KeyTemplate.OutputPrefixType outputPrefixType) {
        return new KeyTypeManager.KeyFactory.KeyFormat(JwtEcdsaKeyFormat.newBuilder().setAlgorithm(jwtEcdsaAlgorithm).build(), outputPrefixType);
    }

    public static void registerPair(boolean z2) throws GeneralSecurityException {
        Registry.registerAsymmetricKeyManagers(new JwtEcdsaSignKeyManager(), new com.google.crypto.tink.jwt.b(), z2);
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.JwtEcdsaPrivateKey";
    }

    @Override // com.google.crypto.tink.internal.PrivateKeyTypeManager
    public JwtEcdsaPublicKey getPublicKey(JwtEcdsaPrivateKey jwtEcdsaPrivateKey) {
        return jwtEcdsaPrivateKey.getPublicKey();
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public int getVersion() {
        return 0;
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public KeyTypeManager.KeyFactory<JwtEcdsaKeyFormat, JwtEcdsaPrivateKey> keyFactory() {
        return new a(JwtEcdsaKeyFormat.class);
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public KeyData.KeyMaterialType keyMaterialType() {
        return KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE;
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public JwtEcdsaPrivateKey parseKey(ByteString byteString) throws InvalidProtocolBufferException {
        return JwtEcdsaPrivateKey.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public void validateKey(JwtEcdsaPrivateKey jwtEcdsaPrivateKey) throws GeneralSecurityException {
        Validators.validateVersion(jwtEcdsaPrivateKey.getVersion(), getVersion());
        com.google.crypto.tink.jwt.b.d(jwtEcdsaPrivateKey.getPublicKey().getAlgorithm());
    }
}
