package com.google.crypto.tink.hybrid.internal;

import com.google.crypto.tink.HybridDecrypt;
import com.google.crypto.tink.HybridEncrypt;
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.KeyManager;
import com.google.crypto.tink.Parameters;
import com.google.crypto.tink.PrivateKeyManager;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.hybrid.HpkeParameters;
import com.google.crypto.tink.hybrid.HpkePrivateKey;
import com.google.crypto.tink.hybrid.HpkeProtoSerialization;
import com.google.crypto.tink.hybrid.HpkePublicKey;
import com.google.crypto.tink.internal.BigIntegerEncoding;
import com.google.crypto.tink.internal.KeyManagerRegistry;
import com.google.crypto.tink.internal.LegacyKeyManagerImpl;
import com.google.crypto.tink.internal.MutableKeyCreationRegistry;
import com.google.crypto.tink.internal.MutableParametersRegistry;
import com.google.crypto.tink.internal.MutablePrimitiveRegistry;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.subtle.EllipticCurves;
import com.google.crypto.tink.subtle.X25519;
import com.google.crypto.tink.util.Bytes;
import com.google.crypto.tink.util.SecretBytes;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes4.dex */
public final class HpkePrivateKeyManager {

    /* renamed from: a, reason: collision with root package name */
    private static final PrimitiveConstructor f67403a = PrimitiveConstructor.b(new PrimitiveConstructor.PrimitiveConstructionFunction() { // from class: com.google.crypto.tink.hybrid.internal.g
        @Override // com.google.crypto.tink.internal.PrimitiveConstructor.PrimitiveConstructionFunction
        public final Object a(Key key) {
            return HpkeDecrypt.a((HpkePrivateKey) key);
        }
    }, HpkePrivateKey.class, HybridDecrypt.class);

    /* renamed from: b, reason: collision with root package name */
    private static final PrimitiveConstructor f67404b = PrimitiveConstructor.b(new PrimitiveConstructor.PrimitiveConstructionFunction() { // from class: com.google.crypto.tink.hybrid.internal.h
        @Override // com.google.crypto.tink.internal.PrimitiveConstructor.PrimitiveConstructionFunction
        public final Object a(Key key) {
            return HpkeEncrypt.a((HpkePublicKey) key);
        }
    }, HpkePublicKey.class, HybridEncrypt.class);

    /* renamed from: c, reason: collision with root package name */
    private static final PrivateKeyManager f67405c = LegacyKeyManagerImpl.f(c(), HybridDecrypt.class, com.google.crypto.tink.proto.HpkePrivateKey.h0());

    /* renamed from: d, reason: collision with root package name */
    private static final KeyManager f67406d = LegacyKeyManagerImpl.e(HpkePublicKeyManager.a(), HybridEncrypt.class, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, com.google.crypto.tink.proto.HpkePublicKey.i0());

    /* renamed from: e, reason: collision with root package name */
    private static final MutableKeyCreationRegistry.KeyCreator f67407e = new MutableKeyCreationRegistry.KeyCreator() { // from class: com.google.crypto.tink.hybrid.internal.i
        @Override // com.google.crypto.tink.internal.MutableKeyCreationRegistry.KeyCreator
        public final Key a(Parameters parameters, Integer num) {
            HpkePrivateKey b2;
            b2 = HpkePrivateKeyManager.b((HpkeParameters) parameters, num);
            return b2;
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    public static HpkePrivateKey b(HpkeParameters hpkeParameters, Integer num) {
        Bytes a2;
        SecretBytes a3;
        if (hpkeParameters.e().equals(HpkeParameters.KemId.f67325f)) {
            byte[] b2 = X25519.b();
            a3 = SecretBytes.a(b2, InsecureSecretKeyAccess.a());
            a2 = Bytes.a(X25519.c(b2));
        } else {
            if (!hpkeParameters.e().equals(HpkeParameters.KemId.f67322c) && !hpkeParameters.e().equals(HpkeParameters.KemId.f67323d) && !hpkeParameters.e().equals(HpkeParameters.KemId.f67324e)) {
                throw new GeneralSecurityException("Unknown KEM ID");
            }
            EllipticCurves.CurveType d2 = HpkeUtil.d(hpkeParameters.e());
            KeyPair f2 = EllipticCurves.f(d2);
            a2 = Bytes.a(EllipticCurves.w(d2, EllipticCurves.PointFormatType.UNCOMPRESSED, ((ECPublicKey) f2.getPublic()).getW()));
            a3 = SecretBytes.a(BigIntegerEncoding.c(((ECPrivateKey) f2.getPrivate()).getS(), HpkeUtil.a(hpkeParameters.e())), InsecureSecretKeyAccess.a());
        }
        return HpkePrivateKey.d(HpkePublicKey.c(hpkeParameters, a2, num), a3);
    }

    static String c() {
        return "type.googleapis.com/google.crypto.tink.HpkePrivateKey";
    }

    private static Map d() {
        HashMap hashMap = new HashMap();
        HpkeParameters.Builder b2 = HpkeParameters.b();
        HpkeParameters.Variant variant = HpkeParameters.Variant.f67326b;
        HpkeParameters.Builder e2 = b2.e(variant);
        HpkeParameters.KemId kemId = HpkeParameters.KemId.f67325f;
        HpkeParameters.Builder d2 = e2.d(kemId);
        HpkeParameters.KdfId kdfId = HpkeParameters.KdfId.f67319c;
        HpkeParameters.Builder c2 = d2.c(kdfId);
        HpkeParameters.AeadId aeadId = HpkeParameters.AeadId.f67310c;
        hashMap.put("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM", c2.b(aeadId).a());
        HpkeParameters.Builder b3 = HpkeParameters.b();
        HpkeParameters.Variant variant2 = HpkeParameters.Variant.f67328d;
        hashMap.put("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW", b3.e(variant2).d(kemId).c(kdfId).b(aeadId).a());
        HpkeParameters.Builder c3 = HpkeParameters.b().e(variant).d(kemId).c(kdfId);
        HpkeParameters.AeadId aeadId2 = HpkeParameters.AeadId.f67311d;
        hashMap.put("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM", c3.b(aeadId2).a());
        hashMap.put("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW", HpkeParameters.b().e(variant2).d(kemId).c(kdfId).b(aeadId2).a());
        HpkeParameters.Builder c4 = HpkeParameters.b().e(variant).d(kemId).c(kdfId);
        HpkeParameters.AeadId aeadId3 = HpkeParameters.AeadId.f67312e;
        hashMap.put("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305", c4.b(aeadId3).a());
        hashMap.put("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW", HpkeParameters.b().e(variant2).d(kemId).c(kdfId).b(aeadId3).a());
        HpkeParameters.Builder e3 = HpkeParameters.b().e(variant);
        HpkeParameters.KemId kemId2 = HpkeParameters.KemId.f67322c;
        hashMap.put("DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_128_GCM", e3.d(kemId2).c(kdfId).b(aeadId).a());
        hashMap.put("DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW", HpkeParameters.b().e(variant2).d(kemId2).c(kdfId).b(aeadId).a());
        hashMap.put("DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_256_GCM", HpkeParameters.b().e(variant).d(kemId2).c(kdfId).b(aeadId2).a());
        hashMap.put("DHKEM_P256_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW", HpkeParameters.b().e(variant2).d(kemId2).c(kdfId).b(aeadId2).a());
        HpkeParameters.Builder e4 = HpkeParameters.b().e(variant);
        HpkeParameters.KemId kemId3 = HpkeParameters.KemId.f67323d;
        HpkeParameters.Builder d3 = e4.d(kemId3);
        HpkeParameters.KdfId kdfId2 = HpkeParameters.KdfId.f67320d;
        hashMap.put("DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_128_GCM", d3.c(kdfId2).b(aeadId).a());
        hashMap.put("DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_128_GCM_RAW", HpkeParameters.b().e(variant2).d(kemId3).c(kdfId2).b(aeadId).a());
        hashMap.put("DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_256_GCM", HpkeParameters.b().e(variant).d(kemId3).c(kdfId2).b(aeadId2).a());
        hashMap.put("DHKEM_P384_HKDF_SHA384_HKDF_SHA384_AES_256_GCM_RAW", HpkeParameters.b().e(variant2).d(kemId3).c(kdfId2).b(aeadId2).a());
        HpkeParameters.Builder e5 = HpkeParameters.b().e(variant);
        HpkeParameters.KemId kemId4 = HpkeParameters.KemId.f67324e;
        HpkeParameters.Builder d4 = e5.d(kemId4);
        HpkeParameters.KdfId kdfId3 = HpkeParameters.KdfId.f67321e;
        hashMap.put("DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_128_GCM", d4.c(kdfId3).b(aeadId).a());
        hashMap.put("DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_128_GCM_RAW", HpkeParameters.b().e(variant2).d(kemId4).c(kdfId3).b(aeadId).a());
        hashMap.put("DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_256_GCM", HpkeParameters.b().e(variant).d(kemId4).c(kdfId3).b(aeadId2).a());
        hashMap.put("DHKEM_P521_HKDF_SHA512_HKDF_SHA512_AES_256_GCM_RAW", HpkeParameters.b().e(variant2).d(kemId4).c(kdfId3).b(aeadId2).a());
        return Collections.unmodifiableMap(hashMap);
    }

    public static void e(boolean z2) {
        if (!TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_NOT_FIPS.a()) {
            throw new GeneralSecurityException("Registering HPKE Hybrid Encryption is not supported in FIPS mode");
        }
        HpkeProtoSerialization.m();
        MutableParametersRegistry.b().d(d());
        MutablePrimitiveRegistry.c().d(f67403a);
        MutablePrimitiveRegistry.c().d(f67404b);
        MutableKeyCreationRegistry.f().b(f67407e, HpkeParameters.class);
        KeyManagerRegistry.d().g(f67405c, z2);
        KeyManagerRegistry.d().g(f67406d, false);
    }
}
