package com.google.crypto.tink.jwt;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.PublicKeyVerify;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.jwt.JwtEcdsaParameters;
import com.google.crypto.tink.jwt.JwtFormat;
import com.google.crypto.tink.proto.JwtEcdsaAlgorithm;
import com.google.crypto.tink.signature.EcdsaParameters;
import com.google.crypto.tink.signature.EcdsaPublicKey;
import com.google.crypto.tink.subtle.EcdsaVerifyJce;
import com.google.crypto.tink.subtle.EllipticCurves;
import com.google.crypto.tink.subtle.Enums;
import com.google.gson.JsonObject;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;

/* loaded from: input_file:META-INF/jars/tink-1.14.1.jar:com/google/crypto/tink/jwt/JwtEcdsaVerifyKeyManager.class */
class JwtEcdsaVerifyKeyManager {
    static final PrimitiveConstructor<JwtEcdsaPublicKey, JwtPublicKeyVerify> PRIMITIVE_CONSTRUCTOR = PrimitiveConstructor.create(JwtEcdsaVerifyKeyManager::createFullPrimitive, JwtEcdsaPublicKey.class, JwtPublicKeyVerify.class);

    static EcdsaParameters.CurveType getCurveType(JwtEcdsaParameters jwtEcdsaParameters) throws GeneralSecurityException {
        if (jwtEcdsaParameters.getAlgorithm().equals(JwtEcdsaParameters.Algorithm.ES256)) {
            return EcdsaParameters.CurveType.NIST_P256;
        }
        if (jwtEcdsaParameters.getAlgorithm().equals(JwtEcdsaParameters.Algorithm.ES384)) {
            return EcdsaParameters.CurveType.NIST_P384;
        }
        if (jwtEcdsaParameters.getAlgorithm().equals(JwtEcdsaParameters.Algorithm.ES512)) {
            return EcdsaParameters.CurveType.NIST_P521;
        }
        throw new GeneralSecurityException("unknown algorithm in parameters: " + jwtEcdsaParameters);
    }

    static EcdsaParameters.HashType getHash(JwtEcdsaParameters jwtEcdsaParameters) throws GeneralSecurityException {
        if (jwtEcdsaParameters.getAlgorithm().equals(JwtEcdsaParameters.Algorithm.ES256)) {
            return EcdsaParameters.HashType.SHA256;
        }
        if (jwtEcdsaParameters.getAlgorithm().equals(JwtEcdsaParameters.Algorithm.ES384)) {
            return EcdsaParameters.HashType.SHA384;
        }
        if (jwtEcdsaParameters.getAlgorithm().equals(JwtEcdsaParameters.Algorithm.ES512)) {
            return EcdsaParameters.HashType.SHA512;
        }
        throw new GeneralSecurityException("unknown algorithm in parameters: " + jwtEcdsaParameters);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @AccessesPartialKey
    public static EcdsaPublicKey toEcdsaPublicKey(JwtEcdsaPublicKey jwtEcdsaPublicKey) throws GeneralSecurityException {
        return EcdsaPublicKey.builder().setParameters(EcdsaParameters.builder().setSignatureEncoding(EcdsaParameters.SignatureEncoding.IEEE_P1363).setCurveType(getCurveType(jwtEcdsaPublicKey.getParameters())).setHashType(getHash(jwtEcdsaPublicKey.getParameters())).build()).setPublicPoint(jwtEcdsaPublicKey.getPublicPoint()).build();
    }

    static JwtPublicKeyVerify createFullPrimitive(final JwtEcdsaPublicKey jwtEcdsaPublicKey) throws GeneralSecurityException {
        final PublicKeyVerify create = EcdsaVerifyJce.create(toEcdsaPublicKey(jwtEcdsaPublicKey));
        return new JwtPublicKeyVerify() { // from class: com.google.crypto.tink.jwt.JwtEcdsaVerifyKeyManager.1
            @Override // com.google.crypto.tink.jwt.JwtPublicKeyVerify
            public VerifiedJwt verifyAndDecode(String str, JwtValidator jwtValidator) throws GeneralSecurityException {
                JwtFormat.Parts splitSignedCompact = JwtFormat.splitSignedCompact(str);
                PublicKeyVerify.this.verify(splitSignedCompact.signatureOrMac, splitSignedCompact.unsignedCompact.getBytes(StandardCharsets.US_ASCII));
                JsonObject parseJson = JsonUtil.parseJson(splitSignedCompact.header);
                JwtFormat.validateHeader(parseJson, jwtEcdsaPublicKey.getParameters().getAlgorithm().getStandardName(), jwtEcdsaPublicKey.getKid(), jwtEcdsaPublicKey.getParameters().allowKidAbsent());
                return jwtValidator.validate(RawJwt.fromJsonPayload(JwtFormat.getTypeHeader(parseJson), splitSignedCompact.payload));
            }
        };
    }

    static final EllipticCurves.CurveType getCurve(JwtEcdsaAlgorithm jwtEcdsaAlgorithm) throws GeneralSecurityException {
        switch (jwtEcdsaAlgorithm) {
            case ES256:
                return EllipticCurves.CurveType.NIST_P256;
            case ES384:
                return EllipticCurves.CurveType.NIST_P384;
            case ES512:
                return EllipticCurves.CurveType.NIST_P521;
            default:
                throw new GeneralSecurityException("unknown algorithm " + jwtEcdsaAlgorithm.name());
        }
    }

    public static Enums.HashType hashForEcdsaAlgorithm(JwtEcdsaAlgorithm jwtEcdsaAlgorithm) throws GeneralSecurityException {
        switch (jwtEcdsaAlgorithm) {
            case ES256:
                return Enums.HashType.SHA256;
            case ES384:
                return Enums.HashType.SHA384;
            case ES512:
                return Enums.HashType.SHA512;
            default:
                throw new GeneralSecurityException("unknown algorithm " + jwtEcdsaAlgorithm.name());
        }
    }

    static final void validateEcdsaAlgorithm(JwtEcdsaAlgorithm jwtEcdsaAlgorithm) throws GeneralSecurityException {
        hashForEcdsaAlgorithm(jwtEcdsaAlgorithm);
    }

    private JwtEcdsaVerifyKeyManager() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getKeyType() {
        return "type.googleapis.com/google.crypto.tink.JwtEcdsaPublicKey";
    }
}
