package com.google.crypto.tink.signature;

import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.KeyManager;
import com.google.crypto.tink.Parameters;
import com.google.crypto.tink.PrivateKeyManager;
import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.PublicKeyVerify;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.KeyManagerRegistry;
import com.google.crypto.tink.internal.LegacyKeyManagerImpl;
import com.google.crypto.tink.internal.MutableKeyCreationRegistry;
import com.google.crypto.tink.internal.MutableParametersRegistry;
import com.google.crypto.tink.internal.MutablePrimitiveRegistry;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.signature.RsaSsaPkcs1Parameters;
import com.google.crypto.tink.signature.internal.RsaSsaPkcs1ProtoSerialization;
import com.google.crypto.tink.subtle.EngineFactory;
import com.google.crypto.tink.subtle.RsaSsaPkcs1SignJce;
import com.google.crypto.tink.subtle.RsaSsaPkcs1VerifyJce;
import com.google.crypto.tink.util.SecretBigInteger;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes4.dex */
public final class RsaSsaPkcs1SignKeyManager {

    /* renamed from: a, reason: collision with root package name */
    private static final PrimitiveConstructor f68998a = PrimitiveConstructor.b(new PrimitiveConstructor.PrimitiveConstructionFunction() { // from class: com.google.crypto.tink.signature.x
        @Override // com.google.crypto.tink.internal.PrimitiveConstructor.PrimitiveConstructionFunction
        public final Object a(Key key) {
            return RsaSsaPkcs1SignJce.b((RsaSsaPkcs1PrivateKey) key);
        }
    }, RsaSsaPkcs1PrivateKey.class, PublicKeySign.class);

    /* renamed from: b, reason: collision with root package name */
    private static final PrimitiveConstructor f68999b = PrimitiveConstructor.b(new PrimitiveConstructor.PrimitiveConstructionFunction() { // from class: com.google.crypto.tink.signature.y
        @Override // com.google.crypto.tink.internal.PrimitiveConstructor.PrimitiveConstructionFunction
        public final Object a(Key key) {
            return RsaSsaPkcs1VerifyJce.b((RsaSsaPkcs1PublicKey) key);
        }
    }, RsaSsaPkcs1PublicKey.class, PublicKeyVerify.class);

    /* renamed from: c, reason: collision with root package name */
    private static final PrivateKeyManager f69000c = LegacyKeyManagerImpl.f(c(), PublicKeySign.class, com.google.crypto.tink.proto.RsaSsaPkcs1PrivateKey.r0());

    /* renamed from: d, reason: collision with root package name */
    private static final KeyManager f69001d = LegacyKeyManagerImpl.e(RsaSsaPkcs1VerifyKeyManager.a(), PublicKeyVerify.class, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey.k0());

    /* renamed from: e, reason: collision with root package name */
    private static final MutableKeyCreationRegistry.KeyCreator f69002e = new MutableKeyCreationRegistry.KeyCreator() { // from class: com.google.crypto.tink.signature.z
        @Override // com.google.crypto.tink.internal.MutableKeyCreationRegistry.KeyCreator
        public final Key a(Parameters parameters, Integer num) {
            RsaSsaPkcs1PrivateKey b2;
            b2 = RsaSsaPkcs1SignKeyManager.b((RsaSsaPkcs1Parameters) parameters, num);
            return b2;
        }
    };

    /* renamed from: f, reason: collision with root package name */
    private static final TinkFipsUtil.AlgorithmFipsCompatibility f69003f = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;

    /* JADX INFO: Access modifiers changed from: private */
    public static RsaSsaPkcs1PrivateKey b(RsaSsaPkcs1Parameters rsaSsaPkcs1Parameters, Integer num) {
        KeyPairGenerator keyPairGenerator = (KeyPairGenerator) EngineFactory.f69405g.a("RSA");
        keyPairGenerator.initialize(new RSAKeyGenParameterSpec(rsaSsaPkcs1Parameters.d(), new BigInteger(1, rsaSsaPkcs1Parameters.e().toByteArray())));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) generateKeyPair.getPrivate();
        return RsaSsaPkcs1PrivateKey.d().f(RsaSsaPkcs1PublicKey.c().e(rsaSsaPkcs1Parameters).d(rSAPublicKey.getModulus()).c(num).a()).d(SecretBigInteger.a(rSAPrivateCrtKey.getPrimeP(), InsecureSecretKeyAccess.a()), SecretBigInteger.a(rSAPrivateCrtKey.getPrimeQ(), InsecureSecretKeyAccess.a())).e(SecretBigInteger.a(rSAPrivateCrtKey.getPrivateExponent(), InsecureSecretKeyAccess.a())).c(SecretBigInteger.a(rSAPrivateCrtKey.getPrimeExponentP(), InsecureSecretKeyAccess.a()), SecretBigInteger.a(rSAPrivateCrtKey.getPrimeExponentQ(), InsecureSecretKeyAccess.a())).b(SecretBigInteger.a(rSAPrivateCrtKey.getCrtCoefficient(), InsecureSecretKeyAccess.a())).a();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String c() {
        return "type.googleapis.com/google.crypto.tink.RsaSsaPkcs1PrivateKey";
    }

    private static Map d() {
        HashMap hashMap = new HashMap();
        hashMap.put("RSA_SSA_PKCS1_3072_SHA256_F4", PredefinedSignatureParameters.f68944j);
        RsaSsaPkcs1Parameters.Builder c2 = RsaSsaPkcs1Parameters.b().b(RsaSsaPkcs1Parameters.HashType.f68968b).c(3072);
        BigInteger bigInteger = RsaSsaPkcs1Parameters.f68957e;
        RsaSsaPkcs1Parameters.Builder d2 = c2.d(bigInteger);
        RsaSsaPkcs1Parameters.Variant variant = RsaSsaPkcs1Parameters.Variant.f68975e;
        hashMap.put("RSA_SSA_PKCS1_3072_SHA256_F4_RAW", d2.e(variant).a());
        hashMap.put("RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX", PredefinedSignatureParameters.f68945k);
        hashMap.put("RSA_SSA_PKCS1_4096_SHA512_F4", PredefinedSignatureParameters.f68946l);
        hashMap.put("RSA_SSA_PKCS1_4096_SHA512_F4_RAW", RsaSsaPkcs1Parameters.b().b(RsaSsaPkcs1Parameters.HashType.f68970d).c(4096).d(bigInteger).e(variant).a());
        return hashMap;
    }

    public static void e(boolean z2) {
        TinkFipsUtil.AlgorithmFipsCompatibility algorithmFipsCompatibility = f69003f;
        if (!algorithmFipsCompatibility.a()) {
            throw new GeneralSecurityException("Can not use RSA SSA PKCS1 in FIPS-mode, as BoringCrypto module is not available.");
        }
        RsaSsaPkcs1ProtoSerialization.p();
        MutableParametersRegistry.b().d(d());
        MutablePrimitiveRegistry.c().d(f68998a);
        MutablePrimitiveRegistry.c().d(f68999b);
        MutableKeyCreationRegistry.f().b(f69002e, RsaSsaPkcs1Parameters.class);
        KeyManagerRegistry.d().h(f69000c, algorithmFipsCompatibility, z2);
        KeyManagerRegistry.d().h(f69001d, algorithmFipsCompatibility, false);
    }
}
