package com.google.crypto.tink.signature;

import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.KeyManager;
import com.google.crypto.tink.Parameters;
import com.google.crypto.tink.PrivateKeyManager;
import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.PublicKeyVerify;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.KeyManagerRegistry;
import com.google.crypto.tink.internal.LegacyKeyManagerImpl;
import com.google.crypto.tink.internal.MutableKeyCreationRegistry;
import com.google.crypto.tink.internal.MutableParametersRegistry;
import com.google.crypto.tink.internal.MutablePrimitiveRegistry;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.signature.RsaSsaPssParameters;
import com.google.crypto.tink.signature.internal.RsaSsaPssProtoSerialization;
import com.google.crypto.tink.subtle.EngineFactory;
import com.google.crypto.tink.subtle.RsaSsaPssSignJce;
import com.google.crypto.tink.subtle.RsaSsaPssVerifyJce;
import com.google.crypto.tink.util.SecretBigInteger;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes4.dex */
public final class RsaSsaPssSignKeyManager {

    /* renamed from: a, reason: collision with root package name */
    private static final PrimitiveConstructor f69049a = PrimitiveConstructor.b(new PrimitiveConstructor.PrimitiveConstructionFunction() { // from class: com.google.crypto.tink.signature.A
        @Override // com.google.crypto.tink.internal.PrimitiveConstructor.PrimitiveConstructionFunction
        public final Object a(Key key) {
            return RsaSsaPssSignJce.b((RsaSsaPssPrivateKey) key);
        }
    }, RsaSsaPssPrivateKey.class, PublicKeySign.class);

    /* renamed from: b, reason: collision with root package name */
    private static final PrimitiveConstructor f69050b = PrimitiveConstructor.b(new PrimitiveConstructor.PrimitiveConstructionFunction() { // from class: com.google.crypto.tink.signature.B
        @Override // com.google.crypto.tink.internal.PrimitiveConstructor.PrimitiveConstructionFunction
        public final Object a(Key key) {
            return RsaSsaPssVerifyJce.b((RsaSsaPssPublicKey) key);
        }
    }, RsaSsaPssPublicKey.class, PublicKeyVerify.class);

    /* renamed from: c, reason: collision with root package name */
    private static final PrivateKeyManager f69051c = LegacyKeyManagerImpl.f(c(), PublicKeySign.class, com.google.crypto.tink.proto.RsaSsaPssPrivateKey.r0());

    /* renamed from: d, reason: collision with root package name */
    private static final KeyManager f69052d = LegacyKeyManagerImpl.e(RsaSsaPssVerifyKeyManager.a(), PublicKeyVerify.class, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, com.google.crypto.tink.proto.RsaSsaPssPublicKey.k0());

    /* renamed from: e, reason: collision with root package name */
    private static final MutableKeyCreationRegistry.KeyCreator f69053e = new MutableKeyCreationRegistry.KeyCreator() { // from class: com.google.crypto.tink.signature.C
        @Override // com.google.crypto.tink.internal.MutableKeyCreationRegistry.KeyCreator
        public final Key a(Parameters parameters, Integer num) {
            RsaSsaPssPrivateKey b2;
            b2 = RsaSsaPssSignKeyManager.b((RsaSsaPssParameters) parameters, num);
            return b2;
        }
    };

    /* renamed from: f, reason: collision with root package name */
    private static final TinkFipsUtil.AlgorithmFipsCompatibility f69054f = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;

    /* JADX INFO: Access modifiers changed from: private */
    public static RsaSsaPssPrivateKey b(RsaSsaPssParameters rsaSsaPssParameters, Integer num) {
        KeyPairGenerator keyPairGenerator = (KeyPairGenerator) EngineFactory.f69405g.a("RSA");
        keyPairGenerator.initialize(new RSAKeyGenParameterSpec(rsaSsaPssParameters.d(), new BigInteger(1, rsaSsaPssParameters.e().toByteArray())));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) generateKeyPair.getPrivate();
        return RsaSsaPssPrivateKey.d().f(RsaSsaPssPublicKey.c().e(rsaSsaPssParameters).d(rSAPublicKey.getModulus()).c(num).a()).d(SecretBigInteger.a(rSAPrivateCrtKey.getPrimeP(), InsecureSecretKeyAccess.a()), SecretBigInteger.a(rSAPrivateCrtKey.getPrimeQ(), InsecureSecretKeyAccess.a())).e(SecretBigInteger.a(rSAPrivateCrtKey.getPrivateExponent(), InsecureSecretKeyAccess.a())).c(SecretBigInteger.a(rSAPrivateCrtKey.getPrimeExponentP(), InsecureSecretKeyAccess.a()), SecretBigInteger.a(rSAPrivateCrtKey.getPrimeExponentQ(), InsecureSecretKeyAccess.a())).b(SecretBigInteger.a(rSAPrivateCrtKey.getCrtCoefficient(), InsecureSecretKeyAccess.a())).a();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String c() {
        return "type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey";
    }

    private static Map d() {
        HashMap hashMap = new HashMap();
        RsaSsaPssParameters.Builder b2 = RsaSsaPssParameters.b();
        RsaSsaPssParameters.HashType hashType = RsaSsaPssParameters.HashType.f69019b;
        RsaSsaPssParameters.Builder c2 = b2.f(hashType).b(hashType).e(32).c(3072);
        BigInteger bigInteger = RsaSsaPssParameters.f69004g;
        RsaSsaPssParameters.Builder d2 = c2.d(bigInteger);
        RsaSsaPssParameters.Variant variant = RsaSsaPssParameters.Variant.f69023b;
        hashMap.put("RSA_SSA_PSS_3072_SHA256_F4", d2.g(variant).a());
        RsaSsaPssParameters.Builder d3 = RsaSsaPssParameters.b().f(hashType).b(hashType).e(32).c(3072).d(bigInteger);
        RsaSsaPssParameters.Variant variant2 = RsaSsaPssParameters.Variant.f69026e;
        hashMap.put("RSA_SSA_PSS_3072_SHA256_F4_RAW", d3.g(variant2).a());
        hashMap.put("RSA_SSA_PSS_3072_SHA256_SHA256_32_F4", PredefinedSignatureParameters.f68947m);
        RsaSsaPssParameters.Builder b3 = RsaSsaPssParameters.b();
        RsaSsaPssParameters.HashType hashType2 = RsaSsaPssParameters.HashType.f69021d;
        hashMap.put("RSA_SSA_PSS_4096_SHA512_F4", b3.f(hashType2).b(hashType2).e(64).c(4096).d(bigInteger).g(variant).a());
        hashMap.put("RSA_SSA_PSS_4096_SHA512_F4_RAW", RsaSsaPssParameters.b().f(hashType2).b(hashType2).e(64).c(4096).d(bigInteger).g(variant2).a());
        hashMap.put("RSA_SSA_PSS_4096_SHA512_SHA512_64_F4", PredefinedSignatureParameters.f68948n);
        return Collections.unmodifiableMap(hashMap);
    }

    public static void e(boolean z2) {
        TinkFipsUtil.AlgorithmFipsCompatibility algorithmFipsCompatibility = f69054f;
        if (!algorithmFipsCompatibility.a()) {
            throw new GeneralSecurityException("Can not use RSA SSA PSS in FIPS-mode, as BoringCrypto module is not available.");
        }
        RsaSsaPssProtoSerialization.p();
        MutableParametersRegistry.b().d(d());
        MutablePrimitiveRegistry.c().d(f69049a);
        MutablePrimitiveRegistry.c().d(f69050b);
        MutableKeyCreationRegistry.f().b(f69053e, RsaSsaPssParameters.class);
        KeyManagerRegistry.d().h(f69051c, algorithmFipsCompatibility, z2);
        KeyManagerRegistry.d().h(f69052d, algorithmFipsCompatibility, false);
    }
}
