package com.google.crypto.tink;

import com.google.crypto.tink.PrimitiveSet;
import com.google.crypto.tink.annotations.Alpha;
import com.google.crypto.tink.internal.LegacyProtoKey;
import com.google.crypto.tink.internal.LegacyProtoParameters;
import com.google.crypto.tink.internal.MutableSerializationRegistry;
import com.google.crypto.tink.internal.ProtoKeySerialization;
import com.google.crypto.tink.internal.ProtoParametersSerialization;
import com.google.crypto.tink.internal.TinkBugException;
import com.google.crypto.tink.monitoring.MonitoringAnnotations;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.KeysetInfo;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.tinkkey.KeyAccess;
import com.google.crypto.tink.tinkkey.KeyHandle;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import com.google.errorprone.annotations.Immutable;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nullable;

/* loaded from: classes6.dex */
public final class KeysetHandle {

    /* renamed from: a, reason: collision with root package name */
    public final Keyset f67445a;

    /* renamed from: b, reason: collision with root package name */
    public final List<Entry> f67446b;

    /* renamed from: c, reason: collision with root package name */
    public final MonitoringAnnotations f67447c;

    /* renamed from: com.google.crypto.tink.KeysetHandle$1, reason: invalid class name */
    /* loaded from: classes6.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$google$crypto$tink$proto$KeyStatusType;

        static {
            int[] iArr = new int[KeyStatusType.values().length];
            $SwitchMap$com$google$crypto$tink$proto$KeyStatusType = iArr;
            try {
                iArr[KeyStatusType.ENABLED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$google$crypto$tink$proto$KeyStatusType[KeyStatusType.DISABLED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$google$crypto$tink$proto$KeyStatusType[KeyStatusType.DESTROYED.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes6.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        public final List<Entry> f67448a = new ArrayList();

        /* loaded from: classes6.dex */
        public static final class Entry {

            /* renamed from: a, reason: collision with root package name */
            public boolean f67449a;

            /* renamed from: b, reason: collision with root package name */
            public KeyStatus f67450b;

            /* renamed from: c, reason: collision with root package name */
            @Nullable
            public final Key f67451c;

            /* renamed from: d, reason: collision with root package name */
            @Nullable
            public final Parameters f67452d;

            /* renamed from: e, reason: collision with root package name */
            public KeyIdStrategy f67453e;

            /* renamed from: f, reason: collision with root package name */
            @Nullable
            public Builder f67454f;

            public Entry(Key key) {
                this.f67450b = KeyStatus.ENABLED;
                this.f67453e = null;
                this.f67454f = null;
                this.f67451c = key;
                this.f67452d = null;
            }

            public /* synthetic */ Entry(Key key, AnonymousClass1 anonymousClass1) {
                this(key);
            }

            public Entry(Parameters parameters) {
                this.f67450b = KeyStatus.ENABLED;
                this.f67453e = null;
                this.f67454f = null;
                this.f67451c = null;
                this.f67452d = parameters;
            }

            public /* synthetic */ Entry(Parameters parameters, AnonymousClass1 anonymousClass1) {
                this(parameters);
            }

            public KeyStatus a() {
                return this.f67450b;
            }

            @CanIgnoreReturnValue
            public Entry b() {
                Builder builder = this.f67454f;
                if (builder != null) {
                    builder.c();
                }
                this.f67449a = true;
                return this;
            }

            @CanIgnoreReturnValue
            public Entry c(KeyStatus keyStatus) {
                this.f67450b = keyStatus;
                return this;
            }

            @CanIgnoreReturnValue
            public Entry d(int i2) {
                this.f67453e = KeyIdStrategy.fixedId(i2);
                return this;
            }

            @CanIgnoreReturnValue
            public Entry e() {
                this.f67453e = KeyIdStrategy.access$200();
                return this;
            }
        }

        /* loaded from: classes6.dex */
        public static class KeyIdStrategy {
            private static final KeyIdStrategy RANDOM_ID = new KeyIdStrategy();

            /* renamed from: a, reason: collision with root package name */
            public final int f67455a;

            public KeyIdStrategy() {
                this.f67455a = 0;
            }

            public KeyIdStrategy(int i2) {
                this.f67455a = i2;
            }

            public static /* synthetic */ KeyIdStrategy access$200() {
                return randomId();
            }

            /* JADX INFO: Access modifiers changed from: private */
            public static KeyIdStrategy fixedId(int i2) {
                return new KeyIdStrategy(i2);
            }

            private static KeyIdStrategy randomId() {
                return RANDOM_ID;
            }

            public final int a() {
                return this.f67455a;
            }
        }

        private static void checkIdAssignments(List<Entry> list) {
            for (int i2 = 0; i2 < list.size() - 1; i2++) {
                if (list.get(i2).f67453e == KeyIdStrategy.RANDOM_ID && list.get(i2 + 1).f67453e != KeyIdStrategy.RANDOM_ID) {
                    throw new GeneralSecurityException("Entries with 'withRandomId()' may only be followed by other entries with 'withRandomId()'.");
                }
            }
        }

        private static Keyset.Key createKeyFromParameters(Parameters parameters, int i2, KeyStatusType keyStatusType) {
            ProtoParametersSerialization a2 = parameters instanceof LegacyProtoParameters ? ((LegacyProtoParameters) parameters).a() : (ProtoParametersSerialization) MutableSerializationRegistry.globalInstance().k(parameters, ProtoParametersSerialization.class);
            return Keyset.Key.newBuilder().B(i2).D(keyStatusType).A(Registry.newKeyData(a2.b())).C(a2.b().N()).S();
        }

        private static Keyset.Key createKeysetKeyFromBuilderEntry(Entry entry, int i2) {
            if (entry.f67451c == null) {
                return createKeyFromParameters(entry.f67452d, i2, KeysetHandle.serializeStatus(entry.a()));
            }
            ProtoKeySerialization b2 = entry.f67451c instanceof LegacyProtoKey ? ((LegacyProtoKey) entry.f67451c).b(InsecureSecretKeyAccess.get()) : (ProtoKeySerialization) MutableSerializationRegistry.globalInstance().j(entry.f67451c, ProtoKeySerialization.class, InsecureSecretKeyAccess.get());
            Integer b3 = b2.b();
            if (b3 == null || b3.intValue() == i2) {
                return KeysetHandle.toKeysetKey(i2, KeysetHandle.serializeStatus(entry.a()), b2);
            }
            throw new GeneralSecurityException("Wrong ID set for key with ID requirement");
        }

        private static int getNextIdFromBuilderEntry(Entry entry, Set<Integer> set) {
            if (entry.f67453e != null) {
                return entry.f67453e == KeyIdStrategy.RANDOM_ID ? randomIdNotInSet(set) : entry.f67453e.a();
            }
            throw new GeneralSecurityException("No ID was set (with withFixedId or withRandomId)");
        }

        private static int randomIdNotInSet(Set<Integer> set) {
            int i2 = 0;
            while (true) {
                if (i2 != 0 && !set.contains(Integer.valueOf(i2))) {
                    return i2;
                }
                i2 = com.google.crypto.tink.internal.Util.randKeyId();
            }
        }

        @CanIgnoreReturnValue
        public Builder a(Entry entry) {
            if (entry.f67454f != null) {
                throw new IllegalStateException("Entry has already been added to a KeysetHandle.Builder");
            }
            if (entry.f67449a) {
                c();
            }
            entry.f67454f = this;
            this.f67448a.add(entry);
            return this;
        }

        public KeysetHandle b() {
            Keyset.Builder newBuilder = Keyset.newBuilder();
            checkIdAssignments(this.f67448a);
            HashSet hashSet = new HashSet();
            Integer num = null;
            for (Entry entry : this.f67448a) {
                if (entry.f67450b == null) {
                    throw new GeneralSecurityException("Key Status not set.");
                }
                int nextIdFromBuilderEntry = getNextIdFromBuilderEntry(entry, hashSet);
                if (hashSet.contains(Integer.valueOf(nextIdFromBuilderEntry))) {
                    throw new GeneralSecurityException("Id " + nextIdFromBuilderEntry + " is used twice in the keyset");
                }
                hashSet.add(Integer.valueOf(nextIdFromBuilderEntry));
                newBuilder.z(createKeysetKeyFromBuilderEntry(entry, nextIdFromBuilderEntry));
                if (entry.f67449a) {
                    if (num != null) {
                        throw new GeneralSecurityException("Two primaries were set");
                    }
                    num = Integer.valueOf(nextIdFromBuilderEntry);
                }
            }
            if (num == null) {
                throw new GeneralSecurityException("No primary was set");
            }
            newBuilder.D(num.intValue());
            return KeysetHandle.fromKeyset(newBuilder.S());
        }

        public final void c() {
            Iterator<Entry> it = this.f67448a.iterator();
            while (it.hasNext()) {
                it.next().f67449a = false;
            }
        }

        public Entry d(int i2) {
            return this.f67448a.get(i2);
        }

        public int e() {
            return this.f67448a.size();
        }
    }

    @Immutable
    @Alpha
    /* loaded from: classes6.dex */
    public static final class Entry {

        /* renamed from: a, reason: collision with root package name */
        public final Key f67456a;

        /* renamed from: b, reason: collision with root package name */
        public final KeyStatus f67457b;

        /* renamed from: c, reason: collision with root package name */
        public final int f67458c;

        /* renamed from: d, reason: collision with root package name */
        public final boolean f67459d;

        public Entry(Key key, KeyStatus keyStatus, int i2, boolean z) {
            this.f67456a = key;
            this.f67457b = keyStatus;
            this.f67458c = i2;
            this.f67459d = z;
        }

        public /* synthetic */ Entry(Key key, KeyStatus keyStatus, int i2, boolean z, AnonymousClass1 anonymousClass1) {
            this(key, keyStatus, i2, z);
        }

        public int a() {
            return this.f67458c;
        }

        public Key b() {
            return this.f67456a;
        }

        public KeyStatus c() {
            return this.f67457b;
        }

        public boolean d() {
            return this.f67459d;
        }
    }

    public KeysetHandle(Keyset keyset, List<Entry> list) {
        this.f67445a = keyset;
        this.f67446b = list;
        this.f67447c = MonitoringAnnotations.EMPTY;
    }

    public KeysetHandle(Keyset keyset, List<Entry> list, MonitoringAnnotations monitoringAnnotations) {
        this.f67445a = keyset;
        this.f67446b = list;
        this.f67447c = monitoringAnnotations;
    }

    private static void assertEnoughEncryptedKeyMaterial(EncryptedKeyset encryptedKeyset) {
        if (encryptedKeyset == null || encryptedKeyset.M().size() == 0) {
            throw new GeneralSecurityException("empty keyset");
        }
    }

    private static void assertEnoughKeyMaterial(Keyset keyset) {
        if (keyset == null || keyset.R() <= 0) {
            throw new GeneralSecurityException("empty keyset");
        }
    }

    private static void assertNoSecretKeyMaterial(Keyset keyset) {
        for (Keyset.Key key : keyset.T()) {
            if (key.O().N() == KeyData.KeyMaterialType.UNKNOWN_KEYMATERIAL || key.O().N() == KeyData.KeyMaterialType.SYMMETRIC || key.O().N() == KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE) {
                throw new GeneralSecurityException(String.format("keyset contains key material of type %s for type url %s", key.O().N().name(), key.O().O()));
            }
        }
    }

    @Deprecated
    public static final KeysetHandle createFromKey(KeyHandle keyHandle, KeyAccess keyAccess) {
        KeysetManager b2 = KeysetManager.withEmptyKeyset().b(keyHandle);
        b2.i(b2.e().e().Q(0).O());
        return b2.e();
    }

    private static KeyData createPublicKeyData(KeyData keyData) {
        if (keyData.N() != KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE) {
            throw new GeneralSecurityException("The keyset contains a non-private key");
        }
        KeyData publicKeyData = Registry.getPublicKeyData(keyData.O(), keyData.P());
        validate(publicKeyData);
        return publicKeyData;
    }

    private static Keyset decrypt(EncryptedKeyset encryptedKeyset, Aead aead, byte[] bArr) {
        try {
            Keyset parseFrom = Keyset.parseFrom(aead.b(encryptedKeyset.M().v(), bArr), ExtensionRegistryLite.getEmptyRegistry());
            assertEnoughKeyMaterial(parseFrom);
            return parseFrom;
        } catch (InvalidProtocolBufferException unused) {
            throw new GeneralSecurityException("invalid keyset, corrupted key material");
        }
    }

    private static EncryptedKeyset encrypt(Keyset keyset, Aead aead, byte[] bArr) {
        byte[] a2 = aead.a(keyset.h(), bArr);
        try {
            if (Keyset.parseFrom(aead.b(a2, bArr), ExtensionRegistryLite.getEmptyRegistry()).equals(keyset)) {
                return EncryptedKeyset.newBuilder().z(ByteString.copyFrom(a2)).A(Util.getKeysetInfo(keyset)).S();
            }
            throw new GeneralSecurityException("cannot encrypt keyset");
        } catch (InvalidProtocolBufferException unused) {
            throw new GeneralSecurityException("invalid keyset, corrupted key material");
        }
    }

    public static final KeysetHandle fromKeyset(Keyset keyset) {
        assertEnoughKeyMaterial(keyset);
        return new KeysetHandle(keyset, getEntriesFromKeyset(keyset));
    }

    public static final KeysetHandle fromKeysetAndAnnotations(Keyset keyset, MonitoringAnnotations monitoringAnnotations) {
        assertEnoughKeyMaterial(keyset);
        return new KeysetHandle(keyset, getEntriesFromKeyset(keyset), monitoringAnnotations);
    }

    public static Builder.Entry generateEntryFromParameters(Parameters parameters) {
        return new Builder.Entry(parameters, (AnonymousClass1) null);
    }

    public static Builder.Entry generateEntryFromParametersName(String str) {
        if (Registry.keyTemplateMap().containsKey(str)) {
            return new Builder.Entry(MutableSerializationRegistry.globalInstance().e(ProtoParametersSerialization.create(Registry.keyTemplateMap().get(str).b())), (AnonymousClass1) null);
        }
        throw new GeneralSecurityException("cannot find key template: " + str);
    }

    public static final KeysetHandle generateNew(KeyTemplate keyTemplate) {
        return newBuilder().a(generateEntryFromParameters(new LegacyProtoParameters(ProtoParametersSerialization.create(keyTemplate.b()))).b().e()).b();
    }

    @Deprecated
    public static final KeysetHandle generateNew(com.google.crypto.tink.proto.KeyTemplate keyTemplate) {
        return newBuilder().a(generateEntryFromParameters(new LegacyProtoParameters(ProtoParametersSerialization.create(keyTemplate))).b().e()).b();
    }

    private static List<Entry> getEntriesFromKeyset(Keyset keyset) {
        ArrayList arrayList = new ArrayList(keyset.R());
        for (Keyset.Key key : keyset.T()) {
            int P = key.P();
            try {
                arrayList.add(new Entry(MutableSerializationRegistry.globalInstance().c(toProtoKeySerialization(key), InsecureSecretKeyAccess.get()), parseStatus(key.R()), P, P == keyset.U(), null));
            } catch (GeneralSecurityException unused) {
                arrayList.add(null);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Nullable
    private static <B> B getLegacyPrimitiveOrNull(Keyset.Key key, Class<B> cls) {
        try {
            return (B) Registry.getPrimitive(key.O(), cls);
        } catch (GeneralSecurityException e2) {
            if (e2.getMessage().contains("No key manager found for key type ") || e2.getMessage().contains(" not supported by key manager of type ")) {
                return null;
            }
            throw e2;
        }
    }

    public static Builder.Entry importKey(Key key) {
        Builder.Entry entry = new Builder.Entry(key, (AnonymousClass1) null);
        Integer a2 = key.a();
        if (a2 != null) {
            entry.d(a2.intValue());
        }
        return entry;
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    public static Builder newBuilder(KeysetHandle keysetHandle) {
        Builder builder = new Builder();
        for (int i2 = 0; i2 < keysetHandle.h(); i2++) {
            Entry a2 = keysetHandle.a(i2);
            Builder.Entry d2 = importKey(a2.b()).d(a2.a());
            d2.c(a2.c());
            if (a2.d()) {
                d2.b();
            }
            builder.a(d2);
        }
        return builder;
    }

    private static KeyStatus parseStatus(KeyStatusType keyStatusType) {
        int i2 = AnonymousClass1.$SwitchMap$com$google$crypto$tink$proto$KeyStatusType[keyStatusType.ordinal()];
        if (i2 == 1) {
            return KeyStatus.ENABLED;
        }
        if (i2 == 2) {
            return KeyStatus.DISABLED;
        }
        if (i2 == 3) {
            return KeyStatus.DESTROYED;
        }
        throw new GeneralSecurityException("Unknown key status");
    }

    public static final KeysetHandle read(KeysetReader keysetReader, Aead aead) {
        return readWithAssociatedData(keysetReader, aead, new byte[0]);
    }

    public static final KeysetHandle readNoSecret(KeysetReader keysetReader) {
        try {
            Keyset read = keysetReader.read();
            assertNoSecretKeyMaterial(read);
            return fromKeyset(read);
        } catch (InvalidProtocolBufferException unused) {
            throw new GeneralSecurityException("invalid keyset");
        }
    }

    @Deprecated
    public static final KeysetHandle readNoSecret(byte[] bArr) {
        try {
            Keyset parseFrom = Keyset.parseFrom(bArr, ExtensionRegistryLite.getEmptyRegistry());
            assertNoSecretKeyMaterial(parseFrom);
            return fromKeyset(parseFrom);
        } catch (InvalidProtocolBufferException unused) {
            throw new GeneralSecurityException("invalid keyset");
        }
    }

    public static final KeysetHandle readWithAssociatedData(KeysetReader keysetReader, Aead aead, byte[] bArr) {
        EncryptedKeyset a2 = keysetReader.a();
        assertEnoughEncryptedKeyMaterial(a2);
        return fromKeyset(decrypt(a2, aead, bArr));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KeyStatusType serializeStatus(KeyStatus keyStatus) {
        if (KeyStatus.ENABLED.equals(keyStatus)) {
            return KeyStatusType.ENABLED;
        }
        if (KeyStatus.DISABLED.equals(keyStatus)) {
            return KeyStatusType.DISABLED;
        }
        if (KeyStatus.DESTROYED.equals(keyStatus)) {
            return KeyStatusType.DESTROYED;
        }
        throw new IllegalStateException("Unknown key status");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Keyset.Key toKeysetKey(int i2, KeyStatusType keyStatusType, ProtoKeySerialization protoKeySerialization) {
        return Keyset.Key.newBuilder().z(KeyData.newBuilder().A(protoKeySerialization.e()).B(protoKeySerialization.f()).z(protoKeySerialization.c())).D(keyStatusType).B(i2).C(protoKeySerialization.d()).S();
    }

    private static ProtoKeySerialization toProtoKeySerialization(Keyset.Key key) {
        try {
            return ProtoKeySerialization.create(key.O().O(), key.O().P(), key.O().N(), key.Q(), key.Q() == OutputPrefixType.RAW ? null : Integer.valueOf(key.P()));
        } catch (GeneralSecurityException e2) {
            throw new TinkBugException("Creating a protokey serialization failed", e2);
        }
    }

    private static void validate(KeyData keyData) {
        Registry.getPrimitive(keyData);
    }

    public final Entry a(int i2) {
        if (this.f67446b.get(i2) != null) {
            return this.f67446b.get(i2);
        }
        throw new IllegalStateException("Keyset-Entry at position i has wrong status or key parsing failed");
    }

    public Entry b(int i2) {
        if (i2 >= 0 && i2 < h()) {
            return a(i2);
        }
        throw new IndexOutOfBoundsException("Invalid index " + i2 + " for keyset of size " + h());
    }

    @Nullable
    public final <B> B c(Key key, Class<B> cls) {
        try {
            return (B) Registry.getFullPrimitive(key, cls);
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public Keyset d() {
        return this.f67445a;
    }

    public KeysetInfo e() {
        return Util.getKeysetInfo(this.f67445a);
    }

    public <P> P f(Class<P> cls) {
        Class<?> inputPrimitive = Registry.getInputPrimitive(cls);
        if (inputPrimitive != null) {
            return (P) g(cls, inputPrimitive);
        }
        throw new GeneralSecurityException("No wrapper found for " + cls.getName());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final <B, P> P g(Class<P> cls, Class<B> cls2) {
        Util.validateKeyset(this.f67445a);
        PrimitiveSet.Builder newBuilder = PrimitiveSet.newBuilder(cls2);
        newBuilder.e(this.f67447c);
        for (int i2 = 0; i2 < h(); i2++) {
            Keyset.Key Q = this.f67445a.Q(i2);
            if (Q.R().equals(KeyStatusType.ENABLED)) {
                Object legacyPrimitiveOrNull = getLegacyPrimitiveOrNull(Q, cls2);
                Object c2 = this.f67446b.get(i2) != null ? c(this.f67446b.get(i2).b(), cls2) : null;
                if (Q.P() == this.f67445a.U()) {
                    newBuilder.b(c2, legacyPrimitiveOrNull, Q);
                } else {
                    newBuilder.a(c2, legacyPrimitiveOrNull, Q);
                }
            }
        }
        return (P) Registry.wrap(newBuilder.d(), cls);
    }

    public int h() {
        return this.f67445a.R();
    }

    public void i(KeysetWriter keysetWriter, Aead aead) {
        k(keysetWriter, aead, new byte[0]);
    }

    public void j(KeysetWriter keysetWriter) {
        assertNoSecretKeyMaterial(this.f67445a);
        keysetWriter.a(this.f67445a);
    }

    public void k(KeysetWriter keysetWriter, Aead aead, byte[] bArr) {
        keysetWriter.b(encrypt(this.f67445a, aead, bArr));
    }

    public String toString() {
        return e().toString();
    }
}
