package com.google.crypto.tink.daead;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.DeterministicAead;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.KeyManager;
import com.google.crypto.tink.KeyTemplate;
import com.google.crypto.tink.Parameters;
import com.google.crypto.tink.SecretKeyAccess;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.daead.AesSivKey;
import com.google.crypto.tink.daead.AesSivKeyManager;
import com.google.crypto.tink.daead.AesSivParameters;
import com.google.crypto.tink.daead.internal.AesSivProtoSerialization;
import com.google.crypto.tink.internal.KeyManagerRegistry;
import com.google.crypto.tink.internal.LegacyKeyManagerImpl;
import com.google.crypto.tink.internal.MutableKeyCreationRegistry;
import com.google.crypto.tink.internal.MutableKeyDerivationRegistry;
import com.google.crypto.tink.internal.MutableParametersRegistry;
import com.google.crypto.tink.internal.MutablePrimitiveRegistry;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.internal.TinkBugException;
import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.subtle.AesSiv;
import com.google.crypto.tink.util.SecretBytes;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes3.dex */
public final class AesSivKeyManager {
    private static final int KEY_SIZE_IN_BYTES = 64;
    private static final PrimitiveConstructor<AesSivKey, DeterministicAead> AES_SIV_PRIMITIVE_CONSTRUCTOR = PrimitiveConstructor.create(new PrimitiveConstructor.PrimitiveConstructionFunction() { // from class: t0.a
        @Override // com.google.crypto.tink.internal.PrimitiveConstructor.PrimitiveConstructionFunction
        public final Object constructPrimitive(Key key) {
            DeterministicAead createDeterministicAead;
            createDeterministicAead = AesSivKeyManager.createDeterministicAead((AesSivKey) key);
            return createDeterministicAead;
        }
    }, AesSivKey.class, DeterministicAead.class);
    private static final KeyManager<DeterministicAead> legacyKeyManager = LegacyKeyManagerImpl.create(e(), DeterministicAead.class, KeyData.KeyMaterialType.SYMMETRIC, com.google.crypto.tink.proto.AesSivKey.parser());
    private static final MutableKeyDerivationRegistry.InsecureKeyCreator<AesSivParameters> KEY_DERIVER = new MutableKeyDerivationRegistry.InsecureKeyCreator() { // from class: com.google.crypto.tink.daead.a
        @Override // com.google.crypto.tink.internal.MutableKeyDerivationRegistry.InsecureKeyCreator
        public final Key createKeyFromRandomness(Parameters parameters, InputStream inputStream, Integer num, SecretKeyAccess secretKeyAccess) {
            return AesSivKeyManager.d((AesSivParameters) parameters, inputStream, num, secretKeyAccess);
        }
    };
    private static final MutableKeyCreationRegistry.KeyCreator<AesSivParameters> KEY_CREATOR = new MutableKeyCreationRegistry.KeyCreator() { // from class: com.google.crypto.tink.daead.b
        @Override // com.google.crypto.tink.internal.MutableKeyCreationRegistry.KeyCreator
        public final Key createKey(Parameters parameters, Integer num) {
            return AesSivKeyManager.f((AesSivParameters) parameters, num);
        }
    };

    private AesSivKeyManager() {
    }

    public static final KeyTemplate aes256SivTemplate() {
        return (KeyTemplate) TinkBugException.exceptionIsBug(new TinkBugException.ThrowingSupplier() { // from class: t0.c
            @Override // com.google.crypto.tink.internal.TinkBugException.ThrowingSupplier
            public final Object get() {
                KeyTemplate lambda$aes256SivTemplate$0;
                lambda$aes256SivTemplate$0 = AesSivKeyManager.lambda$aes256SivTemplate$0();
                return lambda$aes256SivTemplate$0;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static DeterministicAead createDeterministicAead(AesSivKey aesSivKey) throws GeneralSecurityException {
        validateParameters(aesSivKey.getParameters());
        return AesSiv.create(aesSivKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @AccessesPartialKey
    public static AesSivKey d(AesSivParameters aesSivParameters, InputStream inputStream, Integer num, SecretKeyAccess secretKeyAccess) throws GeneralSecurityException {
        validateParameters(aesSivParameters);
        return AesSivKey.builder().setParameters(aesSivParameters).setIdRequirement(num).setKeyBytes(Util.readIntoSecretBytes(inputStream, aesSivParameters.getKeySizeBytes(), secretKeyAccess)).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String e() {
        return "type.googleapis.com/google.crypto.tink.AesSivKey";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @AccessesPartialKey
    public static AesSivKey f(AesSivParameters aesSivParameters, Integer num) throws GeneralSecurityException {
        validateParameters(aesSivParameters);
        return AesSivKey.builder().setParameters(aesSivParameters).setIdRequirement(num).setKeyBytes(SecretBytes.randomBytes(aesSivParameters.getKeySizeBytes())).build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ KeyTemplate lambda$aes256SivTemplate$0() throws Exception {
        return KeyTemplate.createFrom(AesSivParameters.builder().setKeySizeBytes(64).setVariant(AesSivParameters.Variant.TINK).build());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ KeyTemplate lambda$rawAes256SivTemplate$1() throws Exception {
        return KeyTemplate.createFrom(AesSivParameters.builder().setKeySizeBytes(64).setVariant(AesSivParameters.Variant.NO_PREFIX).build());
    }

    private static Map<String, Parameters> namedParameters() throws GeneralSecurityException {
        HashMap hashMap = new HashMap();
        hashMap.put("AES256_SIV", PredefinedDeterministicAeadParameters.AES256_SIV);
        hashMap.put("AES256_SIV_RAW", AesSivParameters.builder().setKeySizeBytes(64).setVariant(AesSivParameters.Variant.NO_PREFIX).build());
        return Collections.unmodifiableMap(hashMap);
    }

    public static final KeyTemplate rawAes256SivTemplate() {
        return (KeyTemplate) TinkBugException.exceptionIsBug(new TinkBugException.ThrowingSupplier() { // from class: t0.b
            @Override // com.google.crypto.tink.internal.TinkBugException.ThrowingSupplier
            public final Object get() {
                KeyTemplate lambda$rawAes256SivTemplate$1;
                lambda$rawAes256SivTemplate$1 = AesSivKeyManager.lambda$rawAes256SivTemplate$1();
                return lambda$rawAes256SivTemplate$1;
            }
        });
    }

    public static void register(boolean z3) throws GeneralSecurityException {
        if (!TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_NOT_FIPS.isCompatible()) {
            throw new GeneralSecurityException("Registering AES SIV is not supported in FIPS mode");
        }
        AesSivProtoSerialization.register();
        MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(AES_SIV_PRIMITIVE_CONSTRUCTOR);
        MutableParametersRegistry.globalInstance().putAll(namedParameters());
        MutableKeyDerivationRegistry.globalInstance().add(KEY_DERIVER, AesSivParameters.class);
        MutableKeyCreationRegistry.globalInstance().add(KEY_CREATOR, AesSivParameters.class);
        KeyManagerRegistry.globalInstance().registerKeyManager(legacyKeyManager, z3);
    }

    private static void validateParameters(AesSivParameters aesSivParameters) throws GeneralSecurityException {
        if (aesSivParameters.getKeySizeBytes() == 64) {
            return;
        }
        throw new InvalidAlgorithmParameterException("invalid key size: " + aesSivParameters.getKeySizeBytes() + ". Valid keys must have 64 bytes.");
    }
}
