package com.google.crypto.tink.signature;

import com.google.android.material.R$style;
import com.google.crypto.tink.KeyTypeManager;
import com.google.crypto.tink.PrivateKeyTypeManager;
import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.RsaSsaPssKeyFormat;
import com.google.crypto.tink.proto.RsaSsaPssParams;
import com.google.crypto.tink.proto.RsaSsaPssPrivateKey;
import com.google.crypto.tink.proto.RsaSsaPssPublicKey;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.MessageLite;
import com.google.crypto.tink.subtle.EngineFactory;
import com.google.crypto.tink.subtle.RsaSsaPssSignJce;
import com.google.crypto.tink.subtle.RsaSsaPssVerifyJce;
import com.google.crypto.tink.subtle.Validators;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Objects;

/* loaded from: classes2.dex */
public final class RsaSsaPssSignKeyManager extends PrivateKeyTypeManager<RsaSsaPssPrivateKey, RsaSsaPssPublicKey> {
    public static final byte[] TEST_MESSAGE = "Tink and Wycheproof.".getBytes(Charset.forName("UTF-8"));

    public RsaSsaPssSignKeyManager() {
        super(RsaSsaPssPrivateKey.class, RsaSsaPssPublicKey.class, new KeyTypeManager.PrimitiveFactory<PublicKeySign, RsaSsaPssPrivateKey>(PublicKeySign.class) { // from class: com.google.crypto.tink.signature.RsaSsaPssSignKeyManager.1
            @Override // com.google.crypto.tink.KeyTypeManager.PrimitiveFactory
            public PublicKeySign getPrimitive(RsaSsaPssPrivateKey rsaSsaPssPrivateKey) {
                RsaSsaPssPrivateKey rsaSsaPssPrivateKey2 = rsaSsaPssPrivateKey;
                KeyFactory engineFactory = EngineFactory.KEY_FACTORY.getInstance("RSA");
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) engineFactory.generatePrivate(new RSAPrivateCrtKeySpec(new BigInteger(1, rsaSsaPssPrivateKey2.getPublicKey().getN().toByteArray()), new BigInteger(1, rsaSsaPssPrivateKey2.getPublicKey().getE().toByteArray()), new BigInteger(1, rsaSsaPssPrivateKey2.getD().toByteArray()), new BigInteger(1, rsaSsaPssPrivateKey2.getP().toByteArray()), new BigInteger(1, rsaSsaPssPrivateKey2.getQ().toByteArray()), new BigInteger(1, rsaSsaPssPrivateKey2.getDp().toByteArray()), new BigInteger(1, rsaSsaPssPrivateKey2.getDq().toByteArray()), new BigInteger(1, rsaSsaPssPrivateKey2.getCrt().toByteArray())));
                RsaSsaPssParams params = rsaSsaPssPrivateKey2.getPublicKey().getParams();
                RsaSsaPssSignJce rsaSsaPssSignJce = new RsaSsaPssSignJce(rSAPrivateCrtKey, R$style.toHashType(params.getSigHash()), R$style.toHashType(params.getMgf1Hash()), params.getSaltLength());
                RsaSsaPssVerifyJce rsaSsaPssVerifyJce = new RsaSsaPssVerifyJce((RSAPublicKey) engineFactory.generatePublic(new RSAPublicKeySpec(new BigInteger(1, rsaSsaPssPrivateKey2.getPublicKey().getN().toByteArray()), new BigInteger(1, rsaSsaPssPrivateKey2.getPublicKey().getE().toByteArray()))), R$style.toHashType(params.getSigHash()), R$style.toHashType(params.getMgf1Hash()), params.getSaltLength());
                try {
                    byte[] bArr = RsaSsaPssSignKeyManager.TEST_MESSAGE;
                    rsaSsaPssVerifyJce.verify(rsaSsaPssSignJce.sign(bArr), bArr);
                    return rsaSsaPssSignJce;
                } catch (GeneralSecurityException e) {
                    throw new RuntimeException("Security bug: signing with private key followed by verifying with public key failed" + e);
                }
            }
        });
    }

    @Override // com.google.crypto.tink.KeyTypeManager
    public String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey";
    }

    @Override // com.google.crypto.tink.KeyTypeManager
    public KeyTypeManager.KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey> keyFactory() {
        return new KeyTypeManager.KeyFactory<RsaSsaPssKeyFormat, RsaSsaPssPrivateKey>(RsaSsaPssKeyFormat.class) { // from class: com.google.crypto.tink.signature.RsaSsaPssSignKeyManager.2
            @Override // com.google.crypto.tink.KeyTypeManager.KeyFactory
            public RsaSsaPssPrivateKey createKey(RsaSsaPssKeyFormat rsaSsaPssKeyFormat) {
                RsaSsaPssKeyFormat rsaSsaPssKeyFormat2 = rsaSsaPssKeyFormat;
                RsaSsaPssParams params = rsaSsaPssKeyFormat2.getParams();
                Validators.validateRsaModulusSize(rsaSsaPssKeyFormat2.getModulusSizeInBits());
                Validators.validateSignatureHash(R$style.toHashType(params.getSigHash()));
                KeyPairGenerator engineFactory = EngineFactory.KEY_PAIR_GENERATOR.getInstance("RSA");
                engineFactory.initialize(new RSAKeyGenParameterSpec(rsaSsaPssKeyFormat2.getModulusSizeInBits(), new BigInteger(1, rsaSsaPssKeyFormat2.getPublicExponent().toByteArray())));
                KeyPair generateKeyPair = engineFactory.generateKeyPair();
                RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) generateKeyPair.getPrivate();
                RsaSsaPssPublicKey.Builder newBuilder = RsaSsaPssPublicKey.newBuilder();
                Objects.requireNonNull(RsaSsaPssSignKeyManager.this);
                newBuilder.copyOnWrite();
                ((RsaSsaPssPublicKey) newBuilder.instance).version_ = 0;
                newBuilder.copyOnWrite();
                RsaSsaPssPublicKey.access$300((RsaSsaPssPublicKey) newBuilder.instance, params);
                ByteString copyFrom = ByteString.copyFrom(rSAPublicKey.getPublicExponent().toByteArray());
                newBuilder.copyOnWrite();
                RsaSsaPssPublicKey.access$800((RsaSsaPssPublicKey) newBuilder.instance, copyFrom);
                ByteString copyFrom2 = ByteString.copyFrom(rSAPublicKey.getModulus().toByteArray());
                newBuilder.copyOnWrite();
                RsaSsaPssPublicKey.access$600((RsaSsaPssPublicKey) newBuilder.instance, copyFrom2);
                RsaSsaPssPublicKey build = newBuilder.build();
                RsaSsaPssPrivateKey.Builder newBuilder2 = RsaSsaPssPrivateKey.newBuilder();
                Objects.requireNonNull(RsaSsaPssSignKeyManager.this);
                newBuilder2.copyOnWrite();
                ((RsaSsaPssPrivateKey) newBuilder2.instance).version_ = 0;
                newBuilder2.copyOnWrite();
                RsaSsaPssPrivateKey.access$300((RsaSsaPssPrivateKey) newBuilder2.instance, build);
                ByteString copyFrom3 = ByteString.copyFrom(rSAPrivateCrtKey.getPrivateExponent().toByteArray());
                newBuilder2.copyOnWrite();
                RsaSsaPssPrivateKey.access$600((RsaSsaPssPrivateKey) newBuilder2.instance, copyFrom3);
                ByteString copyFrom4 = ByteString.copyFrom(rSAPrivateCrtKey.getPrimeP().toByteArray());
                newBuilder2.copyOnWrite();
                RsaSsaPssPrivateKey.access$800((RsaSsaPssPrivateKey) newBuilder2.instance, copyFrom4);
                ByteString copyFrom5 = ByteString.copyFrom(rSAPrivateCrtKey.getPrimeQ().toByteArray());
                newBuilder2.copyOnWrite();
                RsaSsaPssPrivateKey.access$1000((RsaSsaPssPrivateKey) newBuilder2.instance, copyFrom5);
                ByteString copyFrom6 = ByteString.copyFrom(rSAPrivateCrtKey.getPrimeExponentP().toByteArray());
                newBuilder2.copyOnWrite();
                RsaSsaPssPrivateKey.access$1200((RsaSsaPssPrivateKey) newBuilder2.instance, copyFrom6);
                ByteString copyFrom7 = ByteString.copyFrom(rSAPrivateCrtKey.getPrimeExponentQ().toByteArray());
                newBuilder2.copyOnWrite();
                RsaSsaPssPrivateKey.access$1400((RsaSsaPssPrivateKey) newBuilder2.instance, copyFrom7);
                ByteString copyFrom8 = ByteString.copyFrom(rSAPrivateCrtKey.getCrtCoefficient().toByteArray());
                newBuilder2.copyOnWrite();
                RsaSsaPssPrivateKey.access$1600((RsaSsaPssPrivateKey) newBuilder2.instance, copyFrom8);
                return newBuilder2.build();
            }

            @Override // com.google.crypto.tink.KeyTypeManager.KeyFactory
            public RsaSsaPssKeyFormat parseKeyFormat(ByteString byteString) {
                return RsaSsaPssKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
            }

            @Override // com.google.crypto.tink.KeyTypeManager.KeyFactory
            public void validateKeyFormat(RsaSsaPssKeyFormat rsaSsaPssKeyFormat) {
                RsaSsaPssKeyFormat rsaSsaPssKeyFormat2 = rsaSsaPssKeyFormat;
                R$style.validateRsaSsaPssParams(rsaSsaPssKeyFormat2.getParams());
                Validators.validateRsaModulusSize(rsaSsaPssKeyFormat2.getModulusSizeInBits());
            }
        };
    }

    @Override // com.google.crypto.tink.KeyTypeManager
    public KeyData.KeyMaterialType keyMaterialType() {
        return KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE;
    }

    @Override // com.google.crypto.tink.KeyTypeManager
    public MessageLite parseKey(ByteString byteString) {
        return RsaSsaPssPrivateKey.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
    }

    @Override // com.google.crypto.tink.KeyTypeManager
    public void validateKey(MessageLite messageLite) {
        RsaSsaPssPrivateKey rsaSsaPssPrivateKey = (RsaSsaPssPrivateKey) messageLite;
        Validators.validateVersion(rsaSsaPssPrivateKey.getVersion(), 0);
        Validators.validateRsaModulusSize(new BigInteger(1, rsaSsaPssPrivateKey.getPublicKey().getN().toByteArray()).bitLength());
        R$style.validateRsaSsaPssParams(rsaSsaPssPrivateKey.getPublicKey().getParams());
    }
}
