package com.google.crypto.tink.jwt;

import com.google.android.gms.internal.wearable.e1;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.l;
import com.google.crypto.tink.proto.JwtRsaSsaPkcs1Algorithm;
import com.google.crypto.tink.proto.v0;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.subtle.EngineWrapper;
import com.google.crypto.tink.subtle.Enums$HashType;
import com.google.crypto.tink.subtle.b0;
import com.google.crypto.tink.subtle.h0;
import com.google.crypto.tink.subtle.p;
import com.google.crypto.tink.subtle.y;
import j$.util.Optional;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;

/* loaded from: classes2.dex */
class JwtRsaSsaPkcs1SignKeyManager$JwtPublicKeySignFactory extends l<d, v0> {
    public JwtRsaSsaPkcs1SignKeyManager$JwtPublicKeySignFactory() {
        super(d.class);
    }

    @Override // com.google.crypto.tink.internal.l
    public final d a(v0 v0Var) throws GeneralSecurityException {
        TinkFipsUtil.AlgorithmFipsCompatibility algorithmFipsCompatibility = TinkFipsUtil.AlgorithmFipsCompatibility.f24168b;
        v0 v0Var2 = v0Var;
        p<EngineWrapper.TKeyFactory, KeyFactory> pVar = p.f24702i;
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) pVar.a("RSA").generatePrivate(new RSAPrivateCrtKeySpec(new BigInteger(1, v0Var2.w().v().q()), new BigInteger(1, v0Var2.w().u().q()), new BigInteger(1, v0Var2.s().q()), new BigInteger(1, v0Var2.v().q()), new BigInteger(1, v0Var2.x().q()), new BigInteger(1, v0Var2.t().q()), new BigInteger(1, v0Var2.u().q()), new BigInteger(1, v0Var2.r().q())));
        RSAPublicKey rSAPublicKey = (RSAPublicKey) pVar.a("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, v0Var2.w().v().q()), new BigInteger(1, v0Var2.w().u().q())));
        Enums$HashType h2 = JwtRsaSsaPkcs1VerifyKeyManager.h(v0Var2.w().r());
        ByteString byteString = b0.f24628a;
        if (!algorithmFipsCompatibility.a()) {
            throw new GeneralSecurityException("Can not use RSA PKCS1.5 in FIPS-mode, as BoringCrypto module is not available.");
        }
        h0.e(h2);
        h0.c(rSAPrivateCrtKey.getModulus().bitLength());
        h0.d(rSAPrivateCrtKey.getPublicExponent());
        h0.e(h2);
        String str = h2 + "withRSA";
        RSAPublicKey rSAPublicKey2 = (RSAPublicKey) pVar.a("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        y yVar = new y(rSAPublicKey, h2);
        try {
            ByteString byteString2 = b0.f24628a;
            byte[] q = byteString2.q();
            p<EngineWrapper.TSignature, Signature> pVar2 = p.f24700g;
            Signature a2 = pVar2.a(str);
            a2.initSign(rSAPrivateCrtKey);
            a2.update(q);
            byte[] sign = a2.sign();
            Signature a3 = pVar2.a(str);
            a3.initVerify(rSAPublicKey2);
            a3.update(q);
            if (!a3.verify(sign)) {
                throw new RuntimeException("Security bug: RSA signature computation error");
            }
            yVar.a(sign, byteString2.q());
            JwtRsaSsaPkcs1Algorithm r = v0Var2.w().r();
            Enums$HashType h3 = JwtRsaSsaPkcs1VerifyKeyManager.h(r);
            if (!algorithmFipsCompatibility.a()) {
                throw new GeneralSecurityException("Can not use RSA PKCS1.5 in FIPS-mode, as BoringCrypto module is not available.");
            }
            h0.e(h3);
            h0.c(rSAPrivateCrtKey.getModulus().bitLength());
            h0.d(rSAPrivateCrtKey.getPublicExponent());
            h0.e(h3);
            h3.toString();
            r.name();
            if (v0Var2.w().x()) {
                Optional.of(v0Var2.w().s().s());
            } else {
                Optional.empty();
            }
            return new e1();
        } catch (GeneralSecurityException e2) {
            throw new GeneralSecurityException("RSA PKCS1 signing with private key followed by verifying with public key failed. The key may be corrupted.", e2);
        }
    }
}
