package com.google.scp.shared.util;

import com.google.crypto.tink.CleartextKeysetHandle;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.KeysetWriter;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.HpkePublicKey;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Base64;

/* loaded from: input_file:com/google/scp/shared/util/PublicKeyConversionUtil.class */
public final class PublicKeyConversionUtil {

    /* loaded from: input_file:com/google/scp/shared/util/PublicKeyConversionUtil$PublicKeyExtractor.class */
    private static class PublicKeyExtractor implements KeysetWriter {
        private ByteString serializedKey;

        private PublicKeyExtractor() {
        }

        @Override // com.google.crypto.tink.KeysetWriter
        public void write(Keyset keyset) throws IOException {
            if (keyset.getKeyCount() != 1) {
                throw new IllegalArgumentException(String.format("Unexpected number of keys, got %d, expected 1", Integer.valueOf(keyset.getKeyCount())));
            }
            KeyData keyData = keyset.getKey(0).getKeyData();
            if (keyData.getKeyMaterialType() != KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC) {
                throw new IllegalArgumentException("Unexpected non-public key");
            }
            this.serializedKey = keyData.getValue();
        }

        @Override // com.google.crypto.tink.KeysetWriter
        public void write(EncryptedKeyset encryptedKeyset) throws IOException {
            throw new IOException("PublicKeyExtractor does not support encrypted keysets");
        }

        public ByteString getSerializedKey() {
            return this.serializedKey;
        }
    }

    private PublicKeyConversionUtil() {
    }

    public static String getPublicKey(KeysetHandle keysetHandle) {
        PublicKeyExtractor publicKeyExtractor = new PublicKeyExtractor();
        try {
            CleartextKeysetHandle.write(keysetHandle, publicKeyExtractor);
            return getRawKeyFromSerializedKey(publicKeyExtractor.getSerializedKey());
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalStateException("Failed to write keysethandle", e);
        }
    }

    public static KeysetHandle getKeysetHandle(String str) throws GeneralSecurityException {
        return CleartextKeysetHandle.fromKeyset(Keyset.newBuilder().addKey(Keyset.Key.newBuilder().setStatus(KeyStatusType.ENABLED).setOutputPrefixType(OutputPrefixType.RAW).setKeyData(KeyData.newBuilder().setTypeUrl("type.googleapis.com/google.crypto.tink.HpkePublicKey").setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).setValue(createSerializedKeyFromRawKey(str)).build()).build()).build());
    }

    private static String getRawKeyFromSerializedKey(ByteString byteString) throws InvalidProtocolBufferException, GeneralSecurityException {
        HpkePublicKey parseFrom = HpkePublicKey.parseFrom(byteString);
        KeyParams.validateHpkeParams(parseFrom);
        return new String(Base64.getEncoder().encode(parseFrom.getPublicKey().toByteArray()));
    }

    private static ByteString createSerializedKeyFromRawKey(String str) {
        return HpkePublicKey.newBuilder().setPublicKey(ByteString.copyFrom(Base64.getDecoder().decode(str))).setParams(KeyParams.getHpkeParams()).build().toByteString();
    }
}
