package tech.relaycorp.veraid.pki;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.collections.MapsKt;
import kotlin.jvm.JvmName;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import tech.relaycorp.veraid.KeyAlgorithm;
import tech.relaycorp.veraid.OrganisationKeySpec;
import tech.relaycorp.veraid.utils.Crypto;
import tech.relaycorp.veraid.utils.Hash;

/* compiled from: Keys.kt */
@Metadata(mv = {1, 9, 0}, k = 2, xi = 48, d1 = {"��B\n��\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0012\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\u001a\u0010\u0010\u000b\u001a\u00020\f2\b\b\u0002\u0010\r\u001a\u00020\u0002\u001a\u0014\u0010\u000e\u001a\u00020\u000f*\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0002\u001a\u0014\u0010\u0013\u001a\u00020\b*\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0002\u001a\n\u0010\u0014\u001a\u00020\f*\u00020\u0010\u001a\n\u0010\u0015\u001a\u00020\u0016*\u00020\u0010\"\u001a\u0010��\u001a\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00030\u0001X\u0082\u0004¢\u0006\u0002\n��\"\u001a\u0010\u0004\u001a\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00050\u0001X\u0082\u0004¢\u0006\u0002\n��\"\u0018\u0010\u0006\u001a\u00020\u0007*\u00020\b8@X\u0080\u0004¢\u0006\u0006\u001a\u0004\b\t\u0010\n¨\u0006\u0017"}, d2 = {"rsaModulusHashMap", "", "Ltech/relaycorp/veraid/pki/RsaModulus;", "Ltech/relaycorp/veraid/utils/Hash;", "rsaModulusKeyAlgorithmMap", "Ltech/relaycorp/veraid/KeyAlgorithm;", "orgKeySpec", "Ltech/relaycorp/veraid/OrganisationKeySpec;", "Ljava/security/PublicKey;", "getOrgKeySpec", "(Ljava/security/PublicKey;)Ltech/relaycorp/veraid/OrganisationKeySpec;", "generateRSAKeyPair", "Ljava/security/KeyPair;", "modulus", "deserialisePrivateKey", "Ljava/security/PrivateKey;", "", "algorithm", "", "deserialisePublicKey", "deserialiseRSAKeyPair", "deserialiseRSAPublicKey", "Ljava/security/interfaces/RSAPublicKey;", "veraid"})
@JvmName(name = "Keys")
/* loaded from: input_file:tech/relaycorp/veraid/pki/Keys.class */
public final class Keys {

    @NotNull
    private static final Map<RsaModulus, KeyAlgorithm> rsaModulusKeyAlgorithmMap = MapsKt.mapOf(new Pair[]{TuplesKt.to(RsaModulus.RSA_2048, KeyAlgorithm.RSA_2048), TuplesKt.to(RsaModulus.RSA_3072, KeyAlgorithm.RSA_3072), TuplesKt.to(RsaModulus.RSA_4096, KeyAlgorithm.RSA_4096)});

    @NotNull
    private static final Map<RsaModulus, Hash> rsaModulusHashMap = MapsKt.mapOf(new Pair[]{TuplesKt.to(RsaModulus.RSA_2048, Hash.SHA_256), TuplesKt.to(RsaModulus.RSA_3072, Hash.SHA_384), TuplesKt.to(RsaModulus.RSA_4096, Hash.SHA_512)});

    @NotNull
    public static final KeyPair generateRSAKeyPair(@NotNull RsaModulus rsaModulus) {
        Intrinsics.checkNotNullParameter(rsaModulus, "modulus");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", Crypto.getBC_PROVIDER());
        keyPairGenerator.initialize(rsaModulus.getModulus$veraid());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkNotNullExpressionValue(generateKeyPair, "generateKeyPair(...)");
        return generateKeyPair;
    }

    public static /* synthetic */ KeyPair generateRSAKeyPair$default(RsaModulus rsaModulus, int i, Object obj) {
        if ((i & 1) != 0) {
            rsaModulus = RsaModulus.RSA_2048;
        }
        return generateRSAKeyPair(rsaModulus);
    }

    @NotNull
    public static final OrganisationKeySpec getOrgKeySpec(@NotNull PublicKey publicKey) {
        Intrinsics.checkNotNullParameter(publicKey, "<this>");
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new PkiException("Key type (" + publicKey.getAlgorithm() + ") is unsupported", null, 2, null);
        }
        int bitLength = ((RSAPublicKey) publicKey).getModulus().bitLength();
        RsaModulus rsaModulus = RsaModulus.Companion.get(bitLength);
        if (rsaModulus == null) {
            throw new PkiException("RSA modulus " + bitLength + " is unsupported", null, 2, null);
        }
        KeyAlgorithm keyAlgorithm = rsaModulusKeyAlgorithmMap.get(rsaModulus);
        Intrinsics.checkNotNull(keyAlgorithm);
        KeyAlgorithm keyAlgorithm2 = keyAlgorithm;
        Hash hash = rsaModulusHashMap.get(rsaModulus);
        Intrinsics.checkNotNull(hash);
        Hash hash2 = hash;
        byte[] encoded = ((RSAPublicKey) publicKey).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
        String encodeToString = Base64.getEncoder().encodeToString(Crypto.hash(encoded, hash2));
        Intrinsics.checkNotNull(encodeToString);
        return new OrganisationKeySpec(keyAlgorithm2, encodeToString);
    }

    @NotNull
    public static final KeyPair deserialiseRSAKeyPair(@NotNull byte[] bArr) throws PkiException {
        Intrinsics.checkNotNullParameter(bArr, "<this>");
        PrivateKey deserialisePrivateKey = deserialisePrivateKey(bArr, "RSA");
        Intrinsics.checkNotNull(deserialisePrivateKey, "null cannot be cast to non-null type java.security.interfaces.RSAPrivateCrtKey");
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) deserialisePrivateKey;
        return new KeyPair(KeyFactory.getInstance("RSA", Crypto.getBC_PROVIDER()).generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent())), rSAPrivateCrtKey);
    }

    private static final PrivateKey deserialisePrivateKey(byte[] bArr, String str) {
        try {
            PrivateKey generatePrivate = KeyFactory.getInstance(str, Crypto.getBC_PROVIDER()).generatePrivate(new PKCS8EncodedKeySpec(bArr));
            Intrinsics.checkNotNull(generatePrivate);
            return generatePrivate;
        } catch (InvalidKeySpecException e) {
            throw new PkiException("Value is not a valid " + str + " private key", e);
        }
    }

    @NotNull
    public static final RSAPublicKey deserialiseRSAPublicKey(@NotNull byte[] bArr) {
        Intrinsics.checkNotNullParameter(bArr, "<this>");
        PublicKey deserialisePublicKey = deserialisePublicKey(bArr, "RSA");
        Intrinsics.checkNotNull(deserialisePublicKey, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
        return (RSAPublicKey) deserialisePublicKey;
    }

    private static final PublicKey deserialisePublicKey(byte[] bArr, String str) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance(str, Crypto.getBC_PROVIDER()).generatePublic(new X509EncodedKeySpec(bArr));
            Intrinsics.checkNotNull(generatePublic);
            return generatePublic;
        } catch (InvalidKeySpecException e) {
            throw new PkiException("Value is not a valid " + str + " public key", e);
        }
    }
}
