package com.google.crypto.tink.jwt;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.SecretKeyAccess;
import com.google.crypto.tink.internal.BigIntegerEncoding;
import com.google.crypto.tink.internal.KeyParser;
import com.google.crypto.tink.internal.KeySerializer;
import com.google.crypto.tink.internal.MutableSerializationRegistry;
import com.google.crypto.tink.internal.ParametersParser;
import com.google.crypto.tink.internal.ParametersSerializer;
import com.google.crypto.tink.internal.ProtoKeySerialization;
import com.google.crypto.tink.internal.ProtoParametersSerialization;
import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.jwt.JwtEcdsaParameters;
import com.google.crypto.tink.jwt.JwtEcdsaPublicKey;
import com.google.crypto.tink.proto.JwtEcdsaAlgorithm;
import com.google.crypto.tink.proto.JwtEcdsaKeyFormat;
import com.google.crypto.tink.proto.JwtEcdsaPublicKey;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyTemplate;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.util.Bytes;
import com.google.crypto.tink.util.SecretBigInteger;
import com.google.protobuf.ByteString;
import com.google.protobuf.ExtensionRegistryLite;
import com.google.protobuf.InvalidProtocolBufferException;
import java.security.GeneralSecurityException;
import java.security.spec.ECPoint;
import javax.annotation.Nullable;

@AccessesPartialKey
/* loaded from: input_file:META-INF/jars/tink-1.14.1.jar:com/google/crypto/tink/jwt/JwtEcdsaProtoSerialization.class */
final class JwtEcdsaProtoSerialization {
    private static final String TYPE_URL = "type.googleapis.com/google.crypto.tink.JwtEcdsaPrivateKey";
    private static final Bytes TYPE_URL_BYTES = Util.toBytesFromPrintableAscii(TYPE_URL);
    private static final String PUBLIC_TYPE_URL = "type.googleapis.com/google.crypto.tink.JwtEcdsaPublicKey";
    private static final Bytes PUBLIC_TYPE_URL_BYTES = Util.toBytesFromPrintableAscii(PUBLIC_TYPE_URL);
    private static final ParametersSerializer<JwtEcdsaParameters, ProtoParametersSerialization> PARAMETERS_SERIALIZER = ParametersSerializer.create(JwtEcdsaProtoSerialization::serializeParameters, JwtEcdsaParameters.class, ProtoParametersSerialization.class);
    private static final ParametersParser<ProtoParametersSerialization> PARAMETERS_PARSER = ParametersParser.create(JwtEcdsaProtoSerialization::parseParameters, TYPE_URL_BYTES, ProtoParametersSerialization.class);
    private static final KeySerializer<JwtEcdsaPublicKey, ProtoKeySerialization> PUBLIC_KEY_SERIALIZER = KeySerializer.create(JwtEcdsaProtoSerialization::serializePublicKey, JwtEcdsaPublicKey.class, ProtoKeySerialization.class);
    private static final KeyParser<ProtoKeySerialization> PUBLIC_KEY_PARSER = KeyParser.create(JwtEcdsaProtoSerialization::parsePublicKey, PUBLIC_TYPE_URL_BYTES, ProtoKeySerialization.class);
    private static final KeySerializer<JwtEcdsaPrivateKey, ProtoKeySerialization> PRIVATE_KEY_SERIALIZER = KeySerializer.create(JwtEcdsaProtoSerialization::serializePrivateKey, JwtEcdsaPrivateKey.class, ProtoKeySerialization.class);
    private static final KeyParser<ProtoKeySerialization> PRIVATE_KEY_PARSER = KeyParser.create(JwtEcdsaProtoSerialization::parsePrivateKey, TYPE_URL_BYTES, ProtoKeySerialization.class);

    private static JwtEcdsaAlgorithm toProtoAlgorithm(JwtEcdsaParameters.Algorithm algorithm) throws GeneralSecurityException {
        if (JwtEcdsaParameters.Algorithm.ES256.equals(algorithm)) {
            return JwtEcdsaAlgorithm.ES256;
        }
        if (JwtEcdsaParameters.Algorithm.ES384.equals(algorithm)) {
            return JwtEcdsaAlgorithm.ES384;
        }
        if (JwtEcdsaParameters.Algorithm.ES512.equals(algorithm)) {
            return JwtEcdsaAlgorithm.ES512;
        }
        throw new GeneralSecurityException("Unable to serialize algorithm: " + algorithm);
    }

    private static JwtEcdsaParameters.Algorithm toAlgorithm(JwtEcdsaAlgorithm jwtEcdsaAlgorithm) throws GeneralSecurityException {
        switch (jwtEcdsaAlgorithm) {
            case ES256:
                return JwtEcdsaParameters.Algorithm.ES256;
            case ES384:
                return JwtEcdsaParameters.Algorithm.ES384;
            case ES512:
                return JwtEcdsaParameters.Algorithm.ES512;
            default:
                throw new GeneralSecurityException("Unable to parse algorithm: " + jwtEcdsaAlgorithm.getNumber());
        }
    }

    private static JwtEcdsaKeyFormat serializeToJwtEcdsaKeyFormat(JwtEcdsaParameters jwtEcdsaParameters) throws GeneralSecurityException {
        if (jwtEcdsaParameters.getKidStrategy().equals(JwtEcdsaParameters.KidStrategy.IGNORED) || jwtEcdsaParameters.getKidStrategy().equals(JwtEcdsaParameters.KidStrategy.BASE64_ENCODED_KEY_ID)) {
            return JwtEcdsaKeyFormat.newBuilder().setVersion(0).setAlgorithm(toProtoAlgorithm(jwtEcdsaParameters.getAlgorithm())).m4400build();
        }
        throw new GeneralSecurityException("Unable to serialize Parameters object with KidStrategy " + jwtEcdsaParameters.getKidStrategy());
    }

    private static ProtoParametersSerialization serializeParameters(JwtEcdsaParameters jwtEcdsaParameters) throws GeneralSecurityException {
        OutputPrefixType outputPrefixType = OutputPrefixType.TINK;
        if (jwtEcdsaParameters.getKidStrategy().equals(JwtEcdsaParameters.KidStrategy.IGNORED)) {
            outputPrefixType = OutputPrefixType.RAW;
        }
        return ProtoParametersSerialization.create(KeyTemplate.newBuilder().setTypeUrl(TYPE_URL).setValue(serializeToJwtEcdsaKeyFormat(jwtEcdsaParameters).toByteString()).setOutputPrefixType(outputPrefixType).m5453build());
    }

    private static JwtEcdsaParameters parseParameters(ProtoParametersSerialization protoParametersSerialization) throws GeneralSecurityException {
        if (!protoParametersSerialization.getKeyTemplate().getTypeUrl().equals(TYPE_URL)) {
            throw new IllegalArgumentException("Wrong type URL in call to JwtEcdsaParameters.parseParameters: " + protoParametersSerialization.getKeyTemplate().getTypeUrl());
        }
        try {
            JwtEcdsaKeyFormat parseFrom = JwtEcdsaKeyFormat.parseFrom(protoParametersSerialization.getKeyTemplate().getValue(), ExtensionRegistryLite.getEmptyRegistry());
            if (parseFrom.getVersion() != 0) {
                throw new GeneralSecurityException("Parsing HmacParameters failed: unknown Version " + parseFrom.getVersion());
            }
            JwtEcdsaParameters.KidStrategy kidStrategy = null;
            if (protoParametersSerialization.getKeyTemplate().getOutputPrefixType().equals(OutputPrefixType.TINK)) {
                kidStrategy = JwtEcdsaParameters.KidStrategy.BASE64_ENCODED_KEY_ID;
            }
            if (protoParametersSerialization.getKeyTemplate().getOutputPrefixType().equals(OutputPrefixType.RAW)) {
                kidStrategy = JwtEcdsaParameters.KidStrategy.IGNORED;
            }
            if (kidStrategy == null) {
                throw new GeneralSecurityException("Invalid OutputPrefixType for JwtHmacKeyFormat");
            }
            return JwtEcdsaParameters.builder().setAlgorithm(toAlgorithm(parseFrom.getAlgorithm())).setKidStrategy(kidStrategy).build();
        } catch (InvalidProtocolBufferException e) {
            throw new GeneralSecurityException("Parsing JwtEcdsaKeyFormat failed: ", e);
        }
    }

    private static int getEncodingLength(JwtEcdsaParameters.Algorithm algorithm) throws GeneralSecurityException {
        if (algorithm.equals(JwtEcdsaParameters.Algorithm.ES256)) {
            return 33;
        }
        if (algorithm.equals(JwtEcdsaParameters.Algorithm.ES384)) {
            return 49;
        }
        if (algorithm.equals(JwtEcdsaParameters.Algorithm.ES512)) {
            return 67;
        }
        throw new GeneralSecurityException("Unknown algorithm: " + algorithm);
    }

    private static OutputPrefixType toProtoOutputPrefixType(JwtEcdsaParameters jwtEcdsaParameters) {
        return jwtEcdsaParameters.getKidStrategy().equals(JwtEcdsaParameters.KidStrategy.BASE64_ENCODED_KEY_ID) ? OutputPrefixType.TINK : OutputPrefixType.RAW;
    }

    private static com.google.crypto.tink.proto.JwtEcdsaPublicKey serializePublicKey(JwtEcdsaPublicKey jwtEcdsaPublicKey) throws GeneralSecurityException {
        int encodingLength = getEncodingLength(jwtEcdsaPublicKey.getParameters().getAlgorithm());
        ECPoint publicPoint = jwtEcdsaPublicKey.getPublicPoint();
        JwtEcdsaPublicKey.Builder y = com.google.crypto.tink.proto.JwtEcdsaPublicKey.newBuilder().setVersion(0).setAlgorithm(toProtoAlgorithm(jwtEcdsaPublicKey.getParameters().getAlgorithm())).setX(ByteString.copyFrom(BigIntegerEncoding.toBigEndianBytesOfFixedLength(publicPoint.getAffineX(), encodingLength))).setY(ByteString.copyFrom(BigIntegerEncoding.toBigEndianBytesOfFixedLength(publicPoint.getAffineY(), encodingLength)));
        if (jwtEcdsaPublicKey.getParameters().getKidStrategy().equals(JwtEcdsaParameters.KidStrategy.CUSTOM)) {
            y.setCustomKid(JwtEcdsaPublicKey.CustomKid.newBuilder().setValue(jwtEcdsaPublicKey.getKid().get()).m4595build());
        }
        return y.m4530build();
    }

    private static ProtoKeySerialization serializePublicKey(JwtEcdsaPublicKey jwtEcdsaPublicKey, @Nullable SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        return ProtoKeySerialization.create(PUBLIC_TYPE_URL, serializePublicKey(jwtEcdsaPublicKey).toByteString(), KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, toProtoOutputPrefixType(jwtEcdsaPublicKey.getParameters()), jwtEcdsaPublicKey.getIdRequirementOrNull());
    }

    private static JwtEcdsaPublicKey parsePublicKeyFromProto(com.google.crypto.tink.proto.JwtEcdsaPublicKey jwtEcdsaPublicKey, OutputPrefixType outputPrefixType, @Nullable Integer num) throws GeneralSecurityException {
        if (jwtEcdsaPublicKey.getVersion() != 0) {
            throw new GeneralSecurityException("Only version 0 keys are accepted");
        }
        JwtEcdsaParameters.Builder builder = JwtEcdsaParameters.builder();
        JwtEcdsaPublicKey.Builder builder2 = JwtEcdsaPublicKey.builder();
        if (outputPrefixType.equals(OutputPrefixType.TINK)) {
            if (jwtEcdsaPublicKey.hasCustomKid()) {
                throw new GeneralSecurityException("Keys serialized with OutputPrefixType TINK should not have a custom kid");
            }
            if (num == null) {
                throw new GeneralSecurityException("Keys serialized with OutputPrefixType TINK need an ID Requirement");
            }
            builder.setKidStrategy(JwtEcdsaParameters.KidStrategy.BASE64_ENCODED_KEY_ID);
            builder2.setIdRequirement(num);
        } else if (outputPrefixType.equals(OutputPrefixType.RAW)) {
            if (jwtEcdsaPublicKey.hasCustomKid()) {
                builder.setKidStrategy(JwtEcdsaParameters.KidStrategy.CUSTOM);
                builder2.setCustomKid(jwtEcdsaPublicKey.getCustomKid().getValue());
            } else {
                builder.setKidStrategy(JwtEcdsaParameters.KidStrategy.IGNORED);
            }
        }
        builder.setAlgorithm(toAlgorithm(jwtEcdsaPublicKey.getAlgorithm()));
        builder2.setPublicPoint(new ECPoint(BigIntegerEncoding.fromUnsignedBigEndianBytes(jwtEcdsaPublicKey.getX().toByteArray()), BigIntegerEncoding.fromUnsignedBigEndianBytes(jwtEcdsaPublicKey.getY().toByteArray())));
        return builder2.setParameters(builder.build()).build();
    }

    private static JwtEcdsaPublicKey parsePublicKey(ProtoKeySerialization protoKeySerialization, @Nullable SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        if (!protoKeySerialization.getTypeUrl().equals(PUBLIC_TYPE_URL)) {
            throw new IllegalArgumentException("Wrong type URL in call to EcdsaProtoSerialization.parsePublicKey: " + protoKeySerialization.getTypeUrl());
        }
        try {
            return parsePublicKeyFromProto(com.google.crypto.tink.proto.JwtEcdsaPublicKey.parseFrom(protoKeySerialization.getValue(), ExtensionRegistryLite.getEmptyRegistry()), protoKeySerialization.getOutputPrefixType(), protoKeySerialization.getIdRequirementOrNull());
        } catch (InvalidProtocolBufferException e) {
            throw new GeneralSecurityException("Parsing EcdsaPublicKey failed");
        }
    }

    private static com.google.crypto.tink.proto.JwtEcdsaPrivateKey serializePrivateKeyToProto(JwtEcdsaPrivateKey jwtEcdsaPrivateKey, SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        return com.google.crypto.tink.proto.JwtEcdsaPrivateKey.newBuilder().setPublicKey(serializePublicKey(jwtEcdsaPrivateKey.getPublicKey())).setKeyValue(ByteString.copyFrom(BigIntegerEncoding.toBigEndianBytesOfFixedLength(jwtEcdsaPrivateKey.getPrivateValue().getBigInteger(secretKeyAccess), getEncodingLength(jwtEcdsaPrivateKey.getParameters().getAlgorithm())))).m4465build();
    }

    private static ProtoKeySerialization serializePrivateKey(JwtEcdsaPrivateKey jwtEcdsaPrivateKey, @Nullable SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        return ProtoKeySerialization.create(TYPE_URL, serializePrivateKeyToProto(jwtEcdsaPrivateKey, SecretKeyAccess.requireAccess(secretKeyAccess)).toByteString(), KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE, toProtoOutputPrefixType(jwtEcdsaPrivateKey.getParameters()), jwtEcdsaPrivateKey.getIdRequirementOrNull());
    }

    private static JwtEcdsaPrivateKey parsePrivateKey(ProtoKeySerialization protoKeySerialization, @Nullable SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        if (!protoKeySerialization.getTypeUrl().equals(TYPE_URL)) {
            throw new IllegalArgumentException("Wrong type URL in call to EcdsaProtoSerialization.parsePublicKey: " + protoKeySerialization.getTypeUrl());
        }
        try {
            com.google.crypto.tink.proto.JwtEcdsaPrivateKey parseFrom = com.google.crypto.tink.proto.JwtEcdsaPrivateKey.parseFrom(protoKeySerialization.getValue(), ExtensionRegistryLite.getEmptyRegistry());
            if (parseFrom.getVersion() != 0) {
                throw new GeneralSecurityException("Only version 0 keys are accepted");
            }
            return JwtEcdsaPrivateKey.create(parsePublicKeyFromProto(parseFrom.getPublicKey(), protoKeySerialization.getOutputPrefixType(), protoKeySerialization.getIdRequirementOrNull()), SecretBigInteger.fromBigInteger(BigIntegerEncoding.fromUnsignedBigEndianBytes(parseFrom.getKeyValue().toByteArray()), SecretKeyAccess.requireAccess(secretKeyAccess)));
        } catch (InvalidProtocolBufferException e) {
            throw new GeneralSecurityException("Parsing EcdsaPrivateKey failed");
        }
    }

    public static void register() throws GeneralSecurityException {
        register(MutableSerializationRegistry.globalInstance());
    }

    public static void register(MutableSerializationRegistry mutableSerializationRegistry) throws GeneralSecurityException {
        mutableSerializationRegistry.registerParametersSerializer(PARAMETERS_SERIALIZER);
        mutableSerializationRegistry.registerParametersParser(PARAMETERS_PARSER);
        mutableSerializationRegistry.registerKeySerializer(PUBLIC_KEY_SERIALIZER);
        mutableSerializationRegistry.registerKeyParser(PUBLIC_KEY_PARSER);
        mutableSerializationRegistry.registerKeySerializer(PRIVATE_KEY_SERIALIZER);
        mutableSerializationRegistry.registerKeyParser(PRIVATE_KEY_PARSER);
    }

    private JwtEcdsaProtoSerialization() {
    }
}
