package com.google.crypto.tink.signature;

import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.proto.EcdsaParams;
import com.google.crypto.tink.proto.EcdsaPublicKey;
import com.google.crypto.tink.proto.EcdsaSignatureEncoding;
import com.google.crypto.tink.proto.EllipticCurveType;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.HashType;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.proto.RsaSsaPkcs1Params;
import com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey;
import com.google.crypto.tink.proto.RsaSsaPssParams;
import com.google.crypto.tink.proto.RsaSsaPssPublicKey;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.subtle.Enums;
import com.google.crypto.tink.subtle.PemKeyType;
import com.google.crypto.tink.subtle.Random;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.security.Key;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.List;

/* loaded from: classes5.dex */
public final class SignaturePemKeysetReader implements KeysetReader {

    /* renamed from: a, reason: collision with root package name */
    private List<b> f48747a;

    /* loaded from: classes5.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        private List<b> f48748a = new ArrayList();

        Builder() {
        }

        public Builder addPem(String str, PemKeyType pemKeyType) {
            b bVar = new b(null);
            bVar.f48750a = new BufferedReader(new StringReader(str));
            bVar.f48751b = pemKeyType;
            this.f48748a.add(bVar);
            return this;
        }

        public KeysetReader build() {
            return new SignaturePemKeysetReader(this.f48748a);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f48749a;

        static {
            int[] iArr = new int[Enums.HashType.values().length];
            f48749a = iArr;
            try {
                iArr[Enums.HashType.SHA256.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f48749a[Enums.HashType.SHA384.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f48749a[Enums.HashType.SHA512.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes5.dex */
    private static final class b {

        /* renamed from: a, reason: collision with root package name */
        BufferedReader f48750a;

        /* renamed from: b, reason: collision with root package name */
        PemKeyType f48751b;

        private b() {
        }

        /* synthetic */ b(a aVar) {
            this();
        }
    }

    SignaturePemKeysetReader(List<b> list) {
        this.f48747a = list;
    }

    private static KeyData a(PemKeyType pemKeyType, ECPublicKey eCPublicKey) throws IOException {
        if (pemKeyType.algorithm.equals("ECDSA")) {
            return KeyData.newBuilder().setTypeUrl(new com.google.crypto.tink.signature.a().getKeyType()).setValue(EcdsaPublicKey.newBuilder().setVersion(new com.google.crypto.tink.signature.a().getVersion()).setParams(EcdsaParams.newBuilder().setHashType(e(pemKeyType)).setCurve(c(pemKeyType)).setEncoding(EcdsaSignatureEncoding.DER).build()).setX(ByteString.copyFrom(eCPublicKey.getW().getAffineX().toByteArray())).setY(ByteString.copyFrom(eCPublicKey.getW().getAffineY().toByteArray())).build().toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
        }
        throw new IOException("unsupported EC signature algorithm: " + pemKeyType.algorithm);
    }

    private static KeyData b(PemKeyType pemKeyType, RSAPublicKey rSAPublicKey) throws IOException {
        if (pemKeyType.algorithm.equals("RSASSA-PKCS1-v1_5")) {
            return KeyData.newBuilder().setTypeUrl(new d().getKeyType()).setValue(RsaSsaPkcs1PublicKey.newBuilder().setVersion(new d().getVersion()).setParams(RsaSsaPkcs1Params.newBuilder().setHashType(e(pemKeyType)).build()).setE(ByteString.copyFrom(rSAPublicKey.getPublicExponent().toByteArray())).setN(ByteString.copyFrom(rSAPublicKey.getModulus().toByteArray())).build().toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
        }
        if (pemKeyType.algorithm.equals("RSASSA-PSS")) {
            return KeyData.newBuilder().setTypeUrl(new e().getKeyType()).setValue(RsaSsaPssPublicKey.newBuilder().setVersion(new e().getVersion()).setParams(RsaSsaPssParams.newBuilder().setSigHash(e(pemKeyType)).setMgf1Hash(e(pemKeyType)).setSaltLength(d(pemKeyType)).build()).setE(ByteString.copyFrom(rSAPublicKey.getPublicExponent().toByteArray())).setN(ByteString.copyFrom(rSAPublicKey.getModulus().toByteArray())).build().toByteString()).setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).build();
        }
        throw new IOException("unsupported RSA signature algorithm: " + pemKeyType.algorithm);
    }

    private static EllipticCurveType c(PemKeyType pemKeyType) {
        int i7 = pemKeyType.keySizeInBits;
        if (i7 == 256) {
            return EllipticCurveType.NIST_P256;
        }
        if (i7 == 384) {
            return EllipticCurveType.NIST_P384;
        }
        if (i7 == 521) {
            return EllipticCurveType.NIST_P521;
        }
        throw new IllegalArgumentException("unsupported curve for key size: " + pemKeyType.keySizeInBits);
    }

    private static int d(PemKeyType pemKeyType) {
        int i7 = a.f48749a[pemKeyType.hash.ordinal()];
        if (i7 == 1) {
            return 32;
        }
        if (i7 == 2) {
            return 48;
        }
        if (i7 == 3) {
            return 64;
        }
        throw new IllegalArgumentException("unsupported hash type: " + pemKeyType.hash.name());
    }

    private static HashType e(PemKeyType pemKeyType) {
        int i7 = a.f48749a[pemKeyType.hash.ordinal()];
        if (i7 == 1) {
            return HashType.SHA256;
        }
        if (i7 == 2) {
            return HashType.SHA384;
        }
        if (i7 == 3) {
            return HashType.SHA512;
        }
        throw new IllegalArgumentException("unsupported hash type: " + pemKeyType.hash.name());
    }

    private static Keyset.Key f(BufferedReader bufferedReader, PemKeyType pemKeyType) throws IOException {
        KeyData a7;
        Key readKey = pemKeyType.readKey(bufferedReader);
        if (readKey == null) {
            return null;
        }
        if (readKey instanceof RSAPublicKey) {
            a7 = b(pemKeyType, (RSAPublicKey) readKey);
        } else {
            if (!(readKey instanceof ECPublicKey)) {
                return null;
            }
            a7 = a(pemKeyType, (ECPublicKey) readKey);
        }
        return Keyset.Key.newBuilder().setKeyData(a7).setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).setKeyId(Random.randInt()).build();
    }

    public static Builder newBuilder() {
        return new Builder();
    }

    @Override // com.google.crypto.tink.KeysetReader
    public Keyset read() throws IOException {
        Keyset.Builder newBuilder = Keyset.newBuilder();
        for (b bVar : this.f48747a) {
            for (Keyset.Key f7 = f(bVar.f48750a, bVar.f48751b); f7 != null; f7 = f(bVar.f48750a, bVar.f48751b)) {
                newBuilder.addKey(f7);
            }
        }
        if (newBuilder.getKeyCount() == 0) {
            throw new IOException("cannot find any key");
        }
        newBuilder.setPrimaryKeyId(newBuilder.getKey(0).getKeyId());
        return newBuilder.build();
    }

    @Override // com.google.crypto.tink.KeysetReader
    public EncryptedKeyset readEncrypted() throws IOException {
        throw new UnsupportedOperationException();
    }
}
