package com.google.crypto.tink.signature;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.SecretKeyAccess;
import com.google.crypto.tink.internal.BigIntegerEncoding;
import com.google.crypto.tink.internal.EnumTypeProtoConverter;
import com.google.crypto.tink.internal.KeyParser;
import com.google.crypto.tink.internal.KeySerializer;
import com.google.crypto.tink.internal.MutableSerializationRegistry;
import com.google.crypto.tink.internal.ParametersParser;
import com.google.crypto.tink.internal.ParametersSerializer;
import com.google.crypto.tink.internal.ProtoKeySerialization;
import com.google.crypto.tink.internal.ProtoParametersSerialization;
import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.proto.HashType;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyTemplate;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.proto.RsaSsaPssKeyFormat;
import com.google.crypto.tink.proto.RsaSsaPssParams;
import com.google.crypto.tink.signature.RsaSsaPssParameters;
import com.google.crypto.tink.util.Bytes;
import com.google.crypto.tink.util.SecretBigInteger;
import com.google.protobuf.ByteString;
import com.google.protobuf.ExtensionRegistryLite;
import com.google.protobuf.InvalidProtocolBufferException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import javax.annotation.Nullable;

@AccessesPartialKey
/* loaded from: input_file:WEB-INF/lib/tink-1.10.0.jar:com/google/crypto/tink/signature/RsaSsaPssProtoSerialization.class */
final class RsaSsaPssProtoSerialization {
    private static final String PRIVATE_TYPE_URL = "type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey";
    private static final Bytes PRIVATE_TYPE_URL_BYTES = Util.toBytesFromPrintableAscii(PRIVATE_TYPE_URL);
    private static final String PUBLIC_TYPE_URL = "type.googleapis.com/google.crypto.tink.RsaSsaPssPublicKey";
    private static final Bytes PUBLIC_TYPE_URL_BYTES = Util.toBytesFromPrintableAscii(PUBLIC_TYPE_URL);
    private static final ParametersSerializer<RsaSsaPssParameters, ProtoParametersSerialization> PARAMETERS_SERIALIZER = ParametersSerializer.create(RsaSsaPssProtoSerialization::serializeParameters, RsaSsaPssParameters.class, ProtoParametersSerialization.class);
    private static final ParametersParser<ProtoParametersSerialization> PARAMETERS_PARSER = ParametersParser.create(RsaSsaPssProtoSerialization::parseParameters, PRIVATE_TYPE_URL_BYTES, ProtoParametersSerialization.class);
    private static final KeySerializer<RsaSsaPssPublicKey, ProtoKeySerialization> PUBLIC_KEY_SERIALIZER = KeySerializer.create(RsaSsaPssProtoSerialization::serializePublicKey, RsaSsaPssPublicKey.class, ProtoKeySerialization.class);
    private static final KeyParser<ProtoKeySerialization> PUBLIC_KEY_PARSER = KeyParser.create(RsaSsaPssProtoSerialization::parsePublicKey, PUBLIC_TYPE_URL_BYTES, ProtoKeySerialization.class);
    private static final KeySerializer<RsaSsaPssPrivateKey, ProtoKeySerialization> PRIVATE_KEY_SERIALIZER = KeySerializer.create(RsaSsaPssProtoSerialization::serializePrivateKey, RsaSsaPssPrivateKey.class, ProtoKeySerialization.class);
    private static final KeyParser<ProtoKeySerialization> PRIVATE_KEY_PARSER = KeyParser.create(RsaSsaPssProtoSerialization::parsePrivateKey, PRIVATE_TYPE_URL_BYTES, ProtoKeySerialization.class);
    private static final EnumTypeProtoConverter<OutputPrefixType, RsaSsaPssParameters.Variant> VARIANT_CONVERTER = EnumTypeProtoConverter.builder().add(OutputPrefixType.RAW, RsaSsaPssParameters.Variant.NO_PREFIX).add(OutputPrefixType.TINK, RsaSsaPssParameters.Variant.TINK).add(OutputPrefixType.CRUNCHY, RsaSsaPssParameters.Variant.CRUNCHY).add(OutputPrefixType.LEGACY, RsaSsaPssParameters.Variant.LEGACY).build();
    private static final EnumTypeProtoConverter<HashType, RsaSsaPssParameters.HashType> HASH_TYPE_CONVERTER = EnumTypeProtoConverter.builder().add(HashType.SHA256, RsaSsaPssParameters.HashType.SHA256).add(HashType.SHA384, RsaSsaPssParameters.HashType.SHA384).add(HashType.SHA512, RsaSsaPssParameters.HashType.SHA512).build();

    private static RsaSsaPssParams getProtoParams(RsaSsaPssParameters rsaSsaPssParameters) throws GeneralSecurityException {
        return RsaSsaPssParams.newBuilder().setSigHash(HASH_TYPE_CONVERTER.toProtoEnum(rsaSsaPssParameters.getSigHashType())).setMgf1Hash(HASH_TYPE_CONVERTER.toProtoEnum(rsaSsaPssParameters.getMgf1HashType())).setSaltLength(rsaSsaPssParameters.getSaltLengthBytes()).m4480build();
    }

    private static ByteString encodeBigInteger(BigInteger bigInteger) {
        return ByteString.copyFrom(BigIntegerEncoding.toBigEndianBytes(bigInteger));
    }

    private static com.google.crypto.tink.proto.RsaSsaPssPublicKey getProtoPublicKey(RsaSsaPssPublicKey rsaSsaPssPublicKey) throws GeneralSecurityException {
        return com.google.crypto.tink.proto.RsaSsaPssPublicKey.newBuilder().setParams(getProtoParams(rsaSsaPssPublicKey.getParameters())).setN(encodeBigInteger(rsaSsaPssPublicKey.getModulus())).setE(encodeBigInteger(rsaSsaPssPublicKey.getParameters().getPublicExponent())).setVersion(0).m4574build();
    }

    private static ProtoParametersSerialization serializeParameters(RsaSsaPssParameters rsaSsaPssParameters) throws GeneralSecurityException {
        return ProtoParametersSerialization.create(KeyTemplate.newBuilder().setTypeUrl(PRIVATE_TYPE_URL).setValue(RsaSsaPssKeyFormat.newBuilder().setParams(getProtoParams(rsaSsaPssParameters)).setModulusSizeInBits(rsaSsaPssParameters.getModulusSizeBits()).setPublicExponent(encodeBigInteger(rsaSsaPssParameters.getPublicExponent())).m4433build().toByteString()).setOutputPrefixType(VARIANT_CONVERTER.toProtoEnum(rsaSsaPssParameters.getVariant())).m3526build());
    }

    private static ProtoKeySerialization serializePublicKey(RsaSsaPssPublicKey rsaSsaPssPublicKey, @Nullable SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        return ProtoKeySerialization.create(PUBLIC_TYPE_URL, getProtoPublicKey(rsaSsaPssPublicKey).toByteString(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, VARIANT_CONVERTER.toProtoEnum(rsaSsaPssPublicKey.getParameters().getVariant()), rsaSsaPssPublicKey.getIdRequirementOrNull());
    }

    private static ByteString encodeSecretBigInteger(SecretBigInteger secretBigInteger, SecretKeyAccess secretKeyAccess) {
        return encodeBigInteger(secretBigInteger.getBigInteger(secretKeyAccess));
    }

    private static ProtoKeySerialization serializePrivateKey(RsaSsaPssPrivateKey rsaSsaPssPrivateKey, @Nullable SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        SecretKeyAccess requireAccess = SecretKeyAccess.requireAccess(secretKeyAccess);
        return ProtoKeySerialization.create(PRIVATE_TYPE_URL, com.google.crypto.tink.proto.RsaSsaPssPrivateKey.newBuilder().setVersion(0).setPublicKey(getProtoPublicKey(rsaSsaPssPrivateKey.getPublicKey())).setD(encodeSecretBigInteger(rsaSsaPssPrivateKey.getPrivateExponent(), requireAccess)).setP(encodeSecretBigInteger(rsaSsaPssPrivateKey.getPrimeP(), requireAccess)).setQ(encodeSecretBigInteger(rsaSsaPssPrivateKey.getPrimeQ(), requireAccess)).setDp(encodeSecretBigInteger(rsaSsaPssPrivateKey.getPrimeExponentP(), requireAccess)).setDq(encodeSecretBigInteger(rsaSsaPssPrivateKey.getPrimeExponentQ(), requireAccess)).setCrt(encodeSecretBigInteger(rsaSsaPssPrivateKey.getCrtCoefficient(), requireAccess)).m4527build().toByteString(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE, VARIANT_CONVERTER.toProtoEnum(rsaSsaPssPrivateKey.getParameters().getVariant()), rsaSsaPssPrivateKey.getIdRequirementOrNull());
    }

    private static BigInteger decodeBigInteger(ByteString byteString) {
        return BigIntegerEncoding.fromUnsignedBigEndianBytes(byteString.toByteArray());
    }

    private static RsaSsaPssParameters parseParameters(ProtoParametersSerialization protoParametersSerialization) throws GeneralSecurityException {
        if (!protoParametersSerialization.getKeyTemplate().getTypeUrl().equals(PRIVATE_TYPE_URL)) {
            throw new IllegalArgumentException("Wrong type URL in call to RsaSsaPssProtoSerialization.parseParameters: " + protoParametersSerialization.getKeyTemplate().getTypeUrl());
        }
        try {
            RsaSsaPssKeyFormat parseFrom = RsaSsaPssKeyFormat.parseFrom(protoParametersSerialization.getKeyTemplate().getValue(), ExtensionRegistryLite.getEmptyRegistry());
            return RsaSsaPssParameters.builder().setSigHashType(HASH_TYPE_CONVERTER.fromProtoEnum(parseFrom.getParams().getSigHash())).setMgf1HashType(HASH_TYPE_CONVERTER.fromProtoEnum(parseFrom.getParams().getMgf1Hash())).setPublicExponent(decodeBigInteger(parseFrom.getPublicExponent())).setModulusSizeBits(parseFrom.getModulusSizeInBits()).setSaltLengthBytes(parseFrom.getParams().getSaltLength()).setVariant(VARIANT_CONVERTER.fromProtoEnum(protoParametersSerialization.getKeyTemplate().getOutputPrefixType())).build();
        } catch (InvalidProtocolBufferException e) {
            throw new GeneralSecurityException("Parsing RsaSsaPssParameters failed: ", e);
        }
    }

    private static RsaSsaPssPublicKey parsePublicKey(ProtoKeySerialization protoKeySerialization, @Nullable SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        if (!protoKeySerialization.getTypeUrl().equals(PUBLIC_TYPE_URL)) {
            throw new IllegalArgumentException("Wrong type URL in call to RsaSsaPssProtoSerialization.parsePublicKey: " + protoKeySerialization.getTypeUrl());
        }
        try {
            com.google.crypto.tink.proto.RsaSsaPssPublicKey parseFrom = com.google.crypto.tink.proto.RsaSsaPssPublicKey.parseFrom(protoKeySerialization.getValue(), ExtensionRegistryLite.getEmptyRegistry());
            if (parseFrom.getVersion() != 0) {
                throw new GeneralSecurityException("Only version 0 keys are accepted");
            }
            BigInteger decodeBigInteger = decodeBigInteger(parseFrom.getN());
            return RsaSsaPssPublicKey.builder().setParameters(RsaSsaPssParameters.builder().setSigHashType(HASH_TYPE_CONVERTER.fromProtoEnum(parseFrom.getParams().getSigHash())).setMgf1HashType(HASH_TYPE_CONVERTER.fromProtoEnum(parseFrom.getParams().getMgf1Hash())).setPublicExponent(decodeBigInteger(parseFrom.getE())).setModulusSizeBits(decodeBigInteger.bitLength()).setSaltLengthBytes(parseFrom.getParams().getSaltLength()).setVariant(VARIANT_CONVERTER.fromProtoEnum(protoKeySerialization.getOutputPrefixType())).build()).setModulus(decodeBigInteger).setIdRequirement(protoKeySerialization.getIdRequirementOrNull()).build();
        } catch (InvalidProtocolBufferException | IllegalArgumentException e) {
            throw new GeneralSecurityException("Parsing RsaSsaPssPublicKey failed");
        }
    }

    private static SecretBigInteger decodeSecretBigInteger(ByteString byteString, SecretKeyAccess secretKeyAccess) {
        return SecretBigInteger.fromBigInteger(BigIntegerEncoding.fromUnsignedBigEndianBytes(byteString.toByteArray()), secretKeyAccess);
    }

    private static RsaSsaPssPrivateKey parsePrivateKey(ProtoKeySerialization protoKeySerialization, @Nullable SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        if (!protoKeySerialization.getTypeUrl().equals(PRIVATE_TYPE_URL)) {
            throw new IllegalArgumentException("Wrong type URL in call to RsaSsaPssProtoSerialization.parsePrivateKey: " + protoKeySerialization.getTypeUrl());
        }
        try {
            com.google.crypto.tink.proto.RsaSsaPssPrivateKey parseFrom = com.google.crypto.tink.proto.RsaSsaPssPrivateKey.parseFrom(protoKeySerialization.getValue(), ExtensionRegistryLite.getEmptyRegistry());
            if (parseFrom.getVersion() != 0) {
                throw new GeneralSecurityException("Only version 0 keys are accepted");
            }
            com.google.crypto.tink.proto.RsaSsaPssPublicKey publicKey = parseFrom.getPublicKey();
            BigInteger decodeBigInteger = decodeBigInteger(publicKey.getN());
            RsaSsaPssPublicKey build = RsaSsaPssPublicKey.builder().setParameters(RsaSsaPssParameters.builder().setSigHashType(HASH_TYPE_CONVERTER.fromProtoEnum(publicKey.getParams().getSigHash())).setMgf1HashType(HASH_TYPE_CONVERTER.fromProtoEnum(publicKey.getParams().getMgf1Hash())).setPublicExponent(decodeBigInteger(publicKey.getE())).setModulusSizeBits(decodeBigInteger.bitLength()).setSaltLengthBytes(publicKey.getParams().getSaltLength()).setVariant(VARIANT_CONVERTER.fromProtoEnum(protoKeySerialization.getOutputPrefixType())).build()).setModulus(decodeBigInteger).setIdRequirement(protoKeySerialization.getIdRequirementOrNull()).build();
            SecretKeyAccess requireAccess = SecretKeyAccess.requireAccess(secretKeyAccess);
            return RsaSsaPssPrivateKey.builder().setPublicKey(build).setPrimes(decodeSecretBigInteger(parseFrom.getP(), requireAccess), decodeSecretBigInteger(parseFrom.getQ(), requireAccess)).setPrivateExponent(decodeSecretBigInteger(parseFrom.getD(), requireAccess)).setPrimeExponents(decodeSecretBigInteger(parseFrom.getDp(), requireAccess), decodeSecretBigInteger(parseFrom.getDq(), requireAccess)).setCrtCoefficient(decodeSecretBigInteger(parseFrom.getCrt(), requireAccess)).build();
        } catch (InvalidProtocolBufferException | IllegalArgumentException e) {
            throw new GeneralSecurityException("Parsing RsaSsaPssPrivateKey failed");
        }
    }

    public static void register() throws GeneralSecurityException {
        register(MutableSerializationRegistry.globalInstance());
    }

    public static void register(MutableSerializationRegistry mutableSerializationRegistry) throws GeneralSecurityException {
        mutableSerializationRegistry.registerParametersSerializer(PARAMETERS_SERIALIZER);
        mutableSerializationRegistry.registerParametersParser(PARAMETERS_PARSER);
        mutableSerializationRegistry.registerKeySerializer(PUBLIC_KEY_SERIALIZER);
        mutableSerializationRegistry.registerKeyParser(PUBLIC_KEY_PARSER);
        mutableSerializationRegistry.registerKeySerializer(PRIVATE_KEY_SERIALIZER);
        mutableSerializationRegistry.registerKeyParser(PRIVATE_KEY_PARSER);
    }

    private RsaSsaPssProtoSerialization() {
    }
}
