package com.google.crypto.tink.jwt;

import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.Registry;
import com.google.crypto.tink.internal.KeyTypeManager;
import com.google.crypto.tink.internal.PrimitiveFactory;
import com.google.crypto.tink.jwt.d;
import com.google.crypto.tink.proto.JwtHmacAlgorithm;
import com.google.crypto.tink.proto.JwtHmacKey;
import com.google.crypto.tink.proto.JwtHmacKeyFormat;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.subtle.PrfHmacJce;
import com.google.crypto.tink.subtle.PrfMac;
import com.google.crypto.tink.subtle.Random;
import com.google.crypto.tink.subtle.Validators;
import com.google.errorprone.annotations.Immutable;
import com.google.gson.JsonObject;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes3.dex */
public final class JwtHmacKeyManager extends KeyTypeManager<JwtHmacKey> {

    /* loaded from: classes3.dex */
    public class a extends PrimitiveFactory<x7.b, JwtHmacKey> {
        public a() {
            super(x7.b.class);
        }

        @Override // com.google.crypto.tink.internal.PrimitiveFactory
        public final x7.b getPrimitive(JwtHmacKey jwtHmacKey) throws GeneralSecurityException {
            String str;
            String str2;
            JwtHmacKey jwtHmacKey2 = jwtHmacKey;
            JwtHmacAlgorithm algorithm = jwtHmacKey2.getAlgorithm();
            SecretKeySpec secretKeySpec = new SecretKeySpec(jwtHmacKey2.getKeyValue().toByteArray(), "HMAC");
            int[] iArr = c.f33042a;
            int i3 = iArr[algorithm.ordinal()];
            if (i3 == 1) {
                str = "HMACSHA256";
            } else if (i3 == 2) {
                str = "HMACSHA384";
            } else {
                if (i3 != 3) {
                    throw new GeneralSecurityException("unknown algorithm");
                }
                str = "HMACSHA512";
            }
            PrfHmacJce prfHmacJce = new PrfHmacJce(str, secretKeySpec);
            PrfMac prfMac = new PrfMac(prfHmacJce, prfHmacJce.getMaxOutputLength());
            Optional of2 = jwtHmacKey2.hasCustomKid() ? Optional.of(jwtHmacKey2.getCustomKid().getValue()) : Optional.empty();
            int i10 = iArr[algorithm.ordinal()];
            if (i10 == 1) {
                str2 = "HS256";
            } else if (i10 == 2) {
                str2 = "HS384";
            } else {
                if (i10 != 3) {
                    throw new GeneralSecurityException("unknown algorithm");
                }
                str2 = "HS512";
            }
            return new d(str2, of2, prfMac);
        }
    }

    /* loaded from: classes3.dex */
    public class b extends KeyTypeManager.KeyFactory<JwtHmacKeyFormat, JwtHmacKey> {
        public b() {
            super(JwtHmacKeyFormat.class);
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public final JwtHmacKey createKey(JwtHmacKeyFormat jwtHmacKeyFormat) throws GeneralSecurityException {
            JwtHmacKeyFormat jwtHmacKeyFormat2 = jwtHmacKeyFormat;
            return JwtHmacKey.newBuilder().setVersion(JwtHmacKeyManager.this.getVersion()).setAlgorithm(jwtHmacKeyFormat2.getAlgorithm()).setKeyValue(ByteString.copyFrom(Random.randBytes(jwtHmacKeyFormat2.getKeySize()))).build();
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public final JwtHmacKey deriveKey(JwtHmacKeyFormat jwtHmacKeyFormat, InputStream inputStream) throws GeneralSecurityException {
            throw new UnsupportedOperationException();
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public final Map<String, KeyTypeManager.KeyFactory.KeyFormat<JwtHmacKeyFormat>> keyFormats() {
            HashMap hashMap = new HashMap();
            JwtHmacAlgorithm jwtHmacAlgorithm = JwtHmacAlgorithm.HS256;
            KeyTemplate.OutputPrefixType outputPrefixType = KeyTemplate.OutputPrefixType.RAW;
            hashMap.put("JWT_HS256_RAW", JwtHmacKeyManager.a(jwtHmacAlgorithm, 32, outputPrefixType));
            KeyTemplate.OutputPrefixType outputPrefixType2 = KeyTemplate.OutputPrefixType.TINK;
            hashMap.put("JWT_HS256", JwtHmacKeyManager.a(jwtHmacAlgorithm, 32, outputPrefixType2));
            JwtHmacAlgorithm jwtHmacAlgorithm2 = JwtHmacAlgorithm.HS384;
            hashMap.put("JWT_HS384_RAW", JwtHmacKeyManager.a(jwtHmacAlgorithm2, 48, outputPrefixType));
            hashMap.put("JWT_HS384", JwtHmacKeyManager.a(jwtHmacAlgorithm2, 48, outputPrefixType2));
            JwtHmacAlgorithm jwtHmacAlgorithm3 = JwtHmacAlgorithm.HS512;
            hashMap.put("JWT_HS512_RAW", JwtHmacKeyManager.a(jwtHmacAlgorithm3, 64, outputPrefixType));
            hashMap.put("JWT_HS512", JwtHmacKeyManager.a(jwtHmacAlgorithm3, 64, outputPrefixType2));
            return Collections.unmodifiableMap(hashMap);
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public final JwtHmacKeyFormat parseKeyFormat(ByteString byteString) throws InvalidProtocolBufferException {
            return JwtHmacKeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
        }

        @Override // com.google.crypto.tink.internal.KeyTypeManager.KeyFactory
        public final void validateKeyFormat(JwtHmacKeyFormat jwtHmacKeyFormat) throws GeneralSecurityException {
            JwtHmacKeyFormat jwtHmacKeyFormat2 = jwtHmacKeyFormat;
            if (jwtHmacKeyFormat2.getKeySize() < JwtHmacKeyManager.c(jwtHmacKeyFormat2.getAlgorithm())) {
                throw new GeneralSecurityException("key too short");
            }
        }
    }

    /* loaded from: classes3.dex */
    public static /* synthetic */ class c {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f33042a;

        static {
            int[] iArr = new int[JwtHmacAlgorithm.values().length];
            f33042a = iArr;
            try {
                iArr[JwtHmacAlgorithm.HS256.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f33042a[JwtHmacAlgorithm.HS384.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f33042a[JwtHmacAlgorithm.HS512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    @Immutable
    /* loaded from: classes3.dex */
    public static final class d implements x7.b {

        /* renamed from: a, reason: collision with root package name */
        public final PrfMac f33043a;

        /* renamed from: b, reason: collision with root package name */
        public final String f33044b;

        /* renamed from: c, reason: collision with root package name */
        public final Optional<String> f33045c;

        public d(String str, Optional<String> optional, PrfMac prfMac) {
            this.f33044b = str;
            this.f33045c = optional;
            this.f33043a = prfMac;
        }

        @Override // x7.b
        public final VerifiedJwt a(String str, JwtValidator jwtValidator, Optional<String> optional) throws GeneralSecurityException {
            d.a f10 = com.google.crypto.tink.jwt.d.f(str);
            this.f33043a.verifyMac(f10.f33081b, f10.f33080a.getBytes(StandardCharsets.US_ASCII));
            JsonObject b10 = x7.a.b(f10.f33082c);
            com.google.crypto.tink.jwt.d.i(this.f33044b, optional, this.f33045c, b10);
            return jwtValidator.a(new RawJwt(com.google.crypto.tink.jwt.d.e(b10), f10.d));
        }

        @Override // x7.b
        public final String b(RawJwt rawJwt, Optional<String> optional) throws GeneralSecurityException {
            Optional<String> optional2 = this.f33045c;
            if (optional2.isPresent()) {
                if (optional.isPresent()) {
                    throw new JwtInvalidException("custom_kid can only be set for RAW keys.");
                }
                optional = optional2;
            }
            String b10 = com.google.crypto.tink.jwt.d.b(this.f33044b, optional, rawJwt);
            return com.google.crypto.tink.jwt.d.a(b10, this.f33043a.computeMac(b10.getBytes(StandardCharsets.US_ASCII)));
        }
    }

    public JwtHmacKeyManager() {
        super(JwtHmacKey.class, new a());
    }

    public static KeyTypeManager.KeyFactory.KeyFormat a(JwtHmacAlgorithm jwtHmacAlgorithm, int i3, KeyTemplate.OutputPrefixType outputPrefixType) {
        return new KeyTypeManager.KeyFactory.KeyFormat(JwtHmacKeyFormat.newBuilder().setAlgorithm(jwtHmacAlgorithm).setKeySize(i3).build(), outputPrefixType);
    }

    public static KeyTemplate b(JwtHmacAlgorithm jwtHmacAlgorithm, int i3) {
        return KeyTemplate.create(new JwtHmacKeyManager().getKeyType(), JwtHmacKeyFormat.newBuilder().setAlgorithm(jwtHmacAlgorithm).setKeySize(i3).build().toByteArray(), KeyTemplate.OutputPrefixType.RAW);
    }

    public static final int c(JwtHmacAlgorithm jwtHmacAlgorithm) throws GeneralSecurityException {
        int i3 = c.f33042a[jwtHmacAlgorithm.ordinal()];
        if (i3 == 1) {
            return 32;
        }
        if (i3 == 2) {
            return 48;
        }
        if (i3 == 3) {
            return 64;
        }
        throw new GeneralSecurityException("unknown algorithm");
    }

    public static final KeyTemplate hs256Template() {
        return b(JwtHmacAlgorithm.HS256, 32);
    }

    public static final KeyTemplate hs384Template() {
        return b(JwtHmacAlgorithm.HS384, 48);
    }

    public static final KeyTemplate hs512Template() {
        return b(JwtHmacAlgorithm.HS512, 64);
    }

    public static void register(boolean z10) throws GeneralSecurityException {
        Registry.registerKeyManager(new JwtHmacKeyManager(), z10);
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.JwtHmacKey";
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public int getVersion() {
        return 0;
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public KeyTypeManager.KeyFactory<?, JwtHmacKey> keyFactory() {
        return new b();
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public KeyData.KeyMaterialType keyMaterialType() {
        return KeyData.KeyMaterialType.SYMMETRIC;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public JwtHmacKey parseKey(ByteString byteString) throws InvalidProtocolBufferException {
        return JwtHmacKey.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
    }

    @Override // com.google.crypto.tink.internal.KeyTypeManager
    public void validateKey(JwtHmacKey jwtHmacKey) throws GeneralSecurityException {
        Validators.validateVersion(jwtHmacKey.getVersion(), getVersion());
        if (jwtHmacKey.getKeyValue().size() < c(jwtHmacKey.getAlgorithm())) {
            throw new GeneralSecurityException("key too short");
        }
    }
}
