package org.multipaz.crypto;

import com.google.crypto.tink.HybridDecrypt;
import com.google.crypto.tink.HybridEncrypt;
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.TinkProtoKeysetFormat;
import com.google.crypto.tink.config.TinkConfig;
import com.google.crypto.tink.hybrid.HybridConfig;
import com.google.crypto.tink.proto.HpkeAead;
import com.google.crypto.tink.proto.HpkeKdf;
import com.google.crypto.tink.proto.HpkeKem;
import com.google.crypto.tink.proto.HpkeParams;
import com.google.crypto.tink.proto.HpkePrivateKey;
import com.google.crypto.tink.proto.HpkePublicKey;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyStatusType;
import com.google.crypto.tink.proto.Keyset;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.subtle.EllipticCurves;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.HeaderParameterNames;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDHDecrypter;
import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyOperation;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import io.ktor.http.ContentDisposition;
import io.ktor.http.LinkHeader;
import java.net.URI;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Pair;
import kotlin.Result;
import kotlin.ResultKt;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.MagicApiIntrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.ranges.IntRange;
import kotlin.reflect.KType;
import kotlin.text.StringsKt;
import kotlinx.io.bytestring.ByteStringBuilder;
import kotlinx.serialization.SerializersKt;
import kotlinx.serialization.json.Json;
import kotlinx.serialization.json.JsonElement;
import kotlinx.serialization.json.JsonElementKt;
import kotlinx.serialization.json.JsonObject;
import kotlinx.serialization.modules.SerializersModule;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.agreement.X25519Agreement;
import org.bouncycastle.crypto.agreement.X448Agreement;
import org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator;
import org.bouncycastle.crypto.generators.Ed448KeyPairGenerator;
import org.bouncycastle.crypto.generators.X25519KeyPairGenerator;
import org.bouncycastle.crypto.generators.X448KeyPairGenerator;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.params.Ed448KeyGenerationParameters;
import org.bouncycastle.crypto.params.Ed448PrivateKeyParameters;
import org.bouncycastle.crypto.params.Ed448PublicKeyParameters;
import org.bouncycastle.crypto.params.X25519KeyGenerationParameters;
import org.bouncycastle.crypto.params.X25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.X25519PublicKeyParameters;
import org.bouncycastle.crypto.params.X448KeyGenerationParameters;
import org.bouncycastle.crypto.params.X448PrivateKeyParameters;
import org.bouncycastle.crypto.params.X448PublicKeyParameters;
import org.bouncycastle.crypto.signers.Ed25519Signer;
import org.bouncycastle.crypto.signers.Ed448Signer;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.bouncycastle.util.BigIntegers;
import org.multipaz.crypto.EcPublicKeyDoubleCoordinate;
import org.multipaz.crypto.EcSignature;
import org.multipaz.util.Base64UtilKt;
import org.multipaz.util.UUID;
import org.multipaz.util.UUIDJvmKt;

/* compiled from: CryptoJvm.kt */
@Metadata(d1 = {"\u0000\u0088\u0001\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\r\n\u0002\u0010\b\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u000b\n\u0002\u0010\u000e\n\u0002\b\t\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0010\n\u0002\u0018\u0002\n\u0002\b\u0002\bÆ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u0016\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\nJ\u001e\u0010\u000e\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u000f\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\nJ&\u0010\u0010\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u000f\u001a\u00020\n2\u0006\u0010\u0011\u001a\u00020\n2\u0006\u0010\u0012\u001a\u00020\nJ&\u0010\u0013\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u000f\u001a\u00020\n2\u0006\u0010\u0011\u001a\u00020\n2\u0006\u0010\u0014\u001a\u00020\nJ2\u0010\u0015\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u0016\u001a\u00020\n2\b\u0010\u0017\u001a\u0004\u0018\u00010\n2\b\u0010\u0018\u001a\u0004\u0018\u00010\n2\u0006\u0010\u0019\u001a\u00020\u001aJ&\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\r\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u001f\u001a\u00020 J\u000e\u0010!\u001a\u00020\"2\u0006\u0010#\u001a\u00020\u0006J\u001e\u0010$\u001a\u00020 2\u0006\u0010\u000f\u001a\u00020\"2\u0006\u0010%\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\nJ\u0016\u0010&\u001a\u00020\n2\u0006\u0010\u000f\u001a\u00020\"2\u0006\u0010'\u001a\u00020\u001eJ(\u0010(\u001a\u0010\u0012\u0004\u0012\u00020*\u0012\u0006\u0012\u0004\u0018\u00010*0)2\u0006\u0010\u001d\u001a\u00020\u001e2\b\u0010+\u001a\u0004\u0018\u00010\"H\u0002J2\u0010,\u001a\u000e\u0012\u0004\u0012\u00020\n\u0012\u0004\u0012\u00020\u001e0)2\u0006\u0010-\u001a\u00020\f2\u0006\u0010.\u001a\u00020\u001e2\u0006\u0010/\u001a\u00020\n2\u0006\u00100\u001a\u00020\nJ.\u00101\u001a\u00020\n2\u0006\u0010-\u001a\u00020\f2\u0006\u00102\u001a\u00020\"2\u0006\u00103\u001a\u00020\n2\u0006\u00100\u001a\u00020\n2\u0006\u00104\u001a\u00020\u001eJ\u0015\u00105\u001a\u0002062\u0006\u0010\u001d\u001a\u00020\u001eH\u0000¢\u0006\u0002\b7J\u001d\u00108\u001a\u00020\u001e2\u0006\u00109\u001a\u0002062\u0006\u0010#\u001a\u00020\u0006H\u0000¢\u0006\u0002\b:J\u0015\u0010;\u001a\u0002062\u0006\u0010+\u001a\u00020\"H\u0000¢\u0006\u0002\b<J\u001d\u0010=\u001a\u00020\"2\u0006\u00109\u001a\u0002062\u0006\u0010\u001d\u001a\u00020\u001eH\u0000¢\u0006\u0002\b>J\r\u0010?\u001a\u00020@H\u0000¢\u0006\u0002\bAJ\u0015\u0010B\u001a\u00020C2\u0006\u0010D\u001a\u00020EH\u0000¢\u0006\u0002\bFJ5\u0010G\u001a\u00020H2\u0006\u0010\u000f\u001a\u00020\u001e2\u0006\u0010I\u001a\u00020\f2\u0006\u0010J\u001a\u00020K2\u0006\u0010L\u001a\u0002062\u0006\u0010M\u001a\u000206H\u0000¢\u0006\u0002\bNJ\u001d\u0010O\u001a\u00020K2\u0006\u0010P\u001a\u00020H2\u0006\u0010Q\u001a\u00020\"H\u0000¢\u0006\u0002\bRJ9\u0010S\u001a\u00020H2\u0006\u0010\u000f\u001a\u00020\"2\u0006\u0010%\u001a\u00020\f2\u0006\u0010T\u001a\u00020K2\b\u0010U\u001a\u0004\u0018\u0001062\b\u0010V\u001a\u0004\u0018\u00010EH\u0000¢\u0006\u0002\bWJ\u001d\u0010X\u001a\u00020\u001c2\u0006\u0010Y\u001a\u00020H2\u0006\u0010\u001d\u001a\u00020\u001eH\u0000¢\u0006\u0002\bZJ\u0015\u0010[\u001a\u00020\\2\u0006\u0010Y\u001a\u00020HH\u0000¢\u0006\u0002\b]R\u0017\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00060\u0005¢\u0006\b\n\u0000\u001a\u0004\b\u0007\u0010\b¨\u0006^"}, d2 = {"Lorg/multipaz/crypto/Crypto;", "", "<init>", "()V", "supportedCurves", "", "Lorg/multipaz/crypto/EcCurve;", "getSupportedCurves", "()Ljava/util/Set;", CMSAttributeTableGenerator.DIGEST, "", "algorithm", "Lorg/multipaz/crypto/Algorithm;", "message", "mac", "key", "encrypt", IDTokenClaimsSet.NONCE_CLAIM_NAME, "messagePlaintext", "decrypt", "messageCiphertext", "hkdf", "ikm", "salt", "info", ContentDisposition.Parameters.Size, "", "checkSignature", "", "publicKey", "Lorg/multipaz/crypto/EcPublicKey;", "signature", "Lorg/multipaz/crypto/EcSignature;", "createEcPrivateKey", "Lorg/multipaz/crypto/EcPrivateKey;", "curve", "sign", "signatureAlgorithm", "keyAgreement", "otherKey", "hpkeGetKeysetHandles", "Lkotlin/Pair;", "Lcom/google/crypto/tink/KeysetHandle;", "privateKey", "hpkeEncrypt", "cipherSuite", "receiverPublicKey", "plainText", "aad", "hpkeDecrypt", "receiverPrivateKey", "cipherText", "encapsulatedPublicKey", "ecPublicKeyToPem", "", "ecPublicKeyToPem$multipaz_release", "ecPublicKeyFromPem", "pemEncoding", "ecPublicKeyFromPem$multipaz_release", "ecPrivateKeyToPem", "ecPrivateKeyToPem$multipaz_release", "ecPrivateKeyFromPem", "ecPrivateKeyFromPem$multipaz_release", "uuidGetRandom", "Lorg/multipaz/util/UUID;", "uuidGetRandom$multipaz_release", "validateCertChain", "", "certChain", "Lorg/multipaz/crypto/X509CertChain;", "validateCertChain$multipaz_release", "encryptJwtEcdhEs", "Lkotlinx/serialization/json/JsonElement;", "encAlgorithm", "claims", "Lkotlinx/serialization/json/JsonObject;", HeaderParameterNames.AGREEMENT_PARTY_U_INFO, HeaderParameterNames.AGREEMENT_PARTY_V_INFO, "encryptJwtEcdhEs$multipaz_release", "decryptJwtEcdhEs", "encryptedJwt", "recipientKey", "decryptJwtEcdhEs$multipaz_release", "jwsSign", "claimsSet", LinkHeader.Parameters.Type, "x5c", "jwsSign$multipaz_release", "jwsVerify", "signedJwt", "jwsVerify$multipaz_release", "jwsGetInfo", "Lorg/multipaz/crypto/JwsInfo;", "jwsGetInfo$multipaz_release", "multipaz_release"}, k = 1, mv = {2, 1, 0}, xi = 48)
/* loaded from: classes5.dex */
public final class Crypto {
    public static final int $stable;
    public static final Crypto INSTANCE = new Crypto();
    private static final Set<EcCurve> supportedCurves = SetsKt.setOf((Object[]) new EcCurve[]{EcCurve.P256, EcCurve.P384, EcCurve.P521, EcCurve.BRAINPOOLP256R1, EcCurve.BRAINPOOLP320R1, EcCurve.BRAINPOOLP384R1, EcCurve.BRAINPOOLP512R1, EcCurve.ED25519, EcCurve.X25519, EcCurve.ED448, EcCurve.X448});

    /* compiled from: CryptoJvm.kt */
    @Metadata(k = 3, mv = {2, 1, 0}, xi = 48)
    /* loaded from: classes5.dex */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            int[] iArr = new int[Algorithm.values().length];
            try {
                iArr[Algorithm.INSECURE_SHA1.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                iArr[Algorithm.SHA256.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                iArr[Algorithm.SHA384.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                iArr[Algorithm.SHA512.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                iArr[Algorithm.HMAC_SHA256.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                iArr[Algorithm.HMAC_SHA384.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                iArr[Algorithm.HMAC_SHA512.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                iArr[Algorithm.A128GCM.ordinal()] = 8;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                iArr[Algorithm.A192GCM.ordinal()] = 9;
            } catch (NoSuchFieldError unused9) {
            }
            try {
                iArr[Algorithm.A256GCM.ordinal()] = 10;
            } catch (NoSuchFieldError unused10) {
            }
            try {
                iArr[Algorithm.UNSET.ordinal()] = 11;
            } catch (NoSuchFieldError unused11) {
            }
            try {
                iArr[Algorithm.ES256.ordinal()] = 12;
            } catch (NoSuchFieldError unused12) {
            }
            try {
                iArr[Algorithm.ESP256.ordinal()] = 13;
            } catch (NoSuchFieldError unused13) {
            }
            try {
                iArr[Algorithm.ESB256.ordinal()] = 14;
            } catch (NoSuchFieldError unused14) {
            }
            try {
                iArr[Algorithm.ES384.ordinal()] = 15;
            } catch (NoSuchFieldError unused15) {
            }
            try {
                iArr[Algorithm.ESP384.ordinal()] = 16;
            } catch (NoSuchFieldError unused16) {
            }
            try {
                iArr[Algorithm.ESB320.ordinal()] = 17;
            } catch (NoSuchFieldError unused17) {
            }
            try {
                iArr[Algorithm.ESB384.ordinal()] = 18;
            } catch (NoSuchFieldError unused18) {
            }
            try {
                iArr[Algorithm.ES512.ordinal()] = 19;
            } catch (NoSuchFieldError unused19) {
            }
            try {
                iArr[Algorithm.ESP512.ordinal()] = 20;
            } catch (NoSuchFieldError unused20) {
            }
            try {
                iArr[Algorithm.ESB512.ordinal()] = 21;
            } catch (NoSuchFieldError unused21) {
            }
            try {
                iArr[Algorithm.EDDSA.ordinal()] = 22;
            } catch (NoSuchFieldError unused22) {
            }
            try {
                iArr[Algorithm.ED25519.ordinal()] = 23;
            } catch (NoSuchFieldError unused23) {
            }
            try {
                iArr[Algorithm.ED448.ordinal()] = 24;
            } catch (NoSuchFieldError unused24) {
            }
            $EnumSwitchMapping$0 = iArr;
            int[] iArr2 = new int[EcCurve.values().length];
            try {
                iArr2[EcCurve.ED25519.ordinal()] = 1;
            } catch (NoSuchFieldError unused25) {
            }
            try {
                iArr2[EcCurve.ED448.ordinal()] = 2;
            } catch (NoSuchFieldError unused26) {
            }
            try {
                iArr2[EcCurve.P256.ordinal()] = 3;
            } catch (NoSuchFieldError unused27) {
            }
            try {
                iArr2[EcCurve.P384.ordinal()] = 4;
            } catch (NoSuchFieldError unused28) {
            }
            try {
                iArr2[EcCurve.P521.ordinal()] = 5;
            } catch (NoSuchFieldError unused29) {
            }
            try {
                iArr2[EcCurve.BRAINPOOLP256R1.ordinal()] = 6;
            } catch (NoSuchFieldError unused30) {
            }
            try {
                iArr2[EcCurve.BRAINPOOLP320R1.ordinal()] = 7;
            } catch (NoSuchFieldError unused31) {
            }
            try {
                iArr2[EcCurve.BRAINPOOLP384R1.ordinal()] = 8;
            } catch (NoSuchFieldError unused32) {
            }
            try {
                iArr2[EcCurve.BRAINPOOLP512R1.ordinal()] = 9;
            } catch (NoSuchFieldError unused33) {
            }
            try {
                iArr2[EcCurve.X25519.ordinal()] = 10;
            } catch (NoSuchFieldError unused34) {
            }
            try {
                iArr2[EcCurve.X448.ordinal()] = 11;
            } catch (NoSuchFieldError unused35) {
            }
            $EnumSwitchMapping$1 = iArr2;
        }
    }

    static {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        TinkConfig.register();
        HybridConfig.register();
        $stable = 8;
    }

    private Crypto() {
    }

    private final Pair<KeysetHandle, KeysetHandle> hpkeGetKeysetHandles(EcPublicKey publicKey, EcPrivateKey privateKey) {
        KeysetHandle keysetHandle;
        HpkeParams hpkeParams = (HpkeParams) HpkeParams.newBuilder().setAead(HpkeAead.AES_128_GCM).setKdf(HpkeKdf.HKDF_SHA256).setKem(HpkeKem.DHKEM_P256_HKDF_SHA256).build();
        PublicKey javaPublicKey = EcPublicKeyJvmKt.getJavaPublicKey(publicKey);
        Intrinsics.checkNotNull(javaPublicKey, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
        HpkePublicKey hpkePublicKey = (HpkePublicKey) HpkePublicKey.newBuilder().setVersion(0).setPublicKey(ByteString.copyFrom(EllipticCurves.pointEncode(EllipticCurves.CurveType.NIST_P256, EllipticCurves.PointFormatType.UNCOMPRESSED, ((ECPublicKey) javaPublicKey).getW()))).setParams(hpkeParams).build();
        KeysetHandle parseKeyset = TinkProtoKeysetFormat.parseKeyset(((Keyset) Keyset.newBuilder().setPrimaryKeyId(1).addKey((Keyset.Key) Keyset.Key.newBuilder().setKeyId(1).setKeyData((KeyData) KeyData.newBuilder().setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC).setTypeUrl("type.googleapis.com/google.crypto.tink.HpkePublicKey").setValue(hpkePublicKey.toByteString()).build()).setOutputPrefixType(OutputPrefixType.RAW).setStatus(KeyStatusType.ENABLED).build()).build()).toByteArray(), InsecureSecretKeyAccess.get());
        if (privateKey != null) {
            PrivateKey javaPrivateKey = EcPrivateKeyJvmKt.getJavaPrivateKey(privateKey);
            Intrinsics.checkNotNull(javaPrivateKey, "null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
            keysetHandle = TinkProtoKeysetFormat.parseKeyset(((Keyset) Keyset.newBuilder().setPrimaryKeyId(1).addKey((Keyset.Key) Keyset.Key.newBuilder().setKeyId(1).setKeyData((KeyData) KeyData.newBuilder().setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE).setTypeUrl("type.googleapis.com/google.crypto.tink.HpkePrivateKey").setValue(((HpkePrivateKey) HpkePrivateKey.newBuilder().setPublicKey(hpkePublicKey).setPrivateKey(ByteString.copyFrom(((ECPrivateKey) javaPrivateKey).getS().toByteArray())).build()).toByteString()).build()).setOutputPrefixType(OutputPrefixType.RAW).setStatus(KeyStatusType.ENABLED).build()).build()).toByteArray(), InsecureSecretKeyAccess.get());
        } else {
            keysetHandle = null;
        }
        return new Pair<>(parseKeyset, keysetHandle);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final List jwsVerify$lambda$23(EcPublicKey ecPublicKey, JWSHeader jWSHeader, SecurityContext securityContext) {
        return CollectionsKt.listOf(EcPublicKeyJvmKt.getJavaPublicKey(ecPublicKey));
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0022. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0086 A[ADDED_TO_REGION] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x00a3 A[Catch: all -> 0x00c8, TryCatch #0 {all -> 0x00c8, blocks: (B:18:0x0078, B:21:0x0088, B:22:0x0099, B:24:0x00a3, B:25:0x00ae, B:31:0x00aa, B:32:0x008d), top: B:17:0x0078 }] */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00be A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00bf  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x00aa A[Catch: all -> 0x00c8, TryCatch #0 {all -> 0x00c8, blocks: (B:18:0x0078, B:21:0x0088, B:22:0x0099, B:24:0x00a3, B:25:0x00ae, B:31:0x00aa, B:32:0x008d), top: B:17:0x0078 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void checkSignature(org.multipaz.crypto.EcPublicKey r6, byte[] r7, org.multipaz.crypto.Algorithm r8, org.multipaz.crypto.EcSignature r9) {
        /*
            r5 = this;
            java.lang.String r5 = "publicKey"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r6, r5)
            java.lang.String r5 = "message"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r7, r5)
            java.lang.String r5 = "algorithm"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r8, r5)
            java.lang.String r5 = "signature"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r9, r5)
            int[] r5 = org.multipaz.crypto.Crypto.WhenMappings.$EnumSwitchMapping$0
            int r0 = r8.ordinal()
            r5 = r5[r0]
            java.lang.String r0 = "Ed448"
            java.lang.String r1 = "Ed25519"
            r2 = 1
            r3 = 2
            switch(r5) {
                case 11: goto Ld1;
                case 12: goto L76;
                case 13: goto L76;
                case 14: goto L76;
                case 15: goto L73;
                case 16: goto L73;
                case 17: goto L73;
                case 18: goto L73;
                case 19: goto L70;
                case 20: goto L70;
                case 21: goto L70;
                case 22: goto L3c;
                case 23: goto L3a;
                case 24: goto L78;
                default: goto L25;
            }
        L25:
            java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException
            java.lang.StringBuilder r6 = new java.lang.StringBuilder
            java.lang.String r7 = "Unsupported algorithm "
            r6.<init>(r7)
            java.lang.StringBuilder r6 = r6.append(r8)
            java.lang.String r6 = r6.toString()
            r5.<init>(r6)
            throw r5
        L3a:
            r0 = r1
            goto L78
        L3c:
            org.multipaz.crypto.EcCurve r5 = r6.getCurve()
            int[] r4 = org.multipaz.crypto.Crypto.WhenMappings.$EnumSwitchMapping$1
            int r5 = r5.ordinal()
            r5 = r4[r5]
            if (r5 == r2) goto L3a
            if (r5 != r3) goto L4d
            goto L78
        L4d:
            java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException
            org.multipaz.crypto.EcCurve r6 = r6.getCurve()
            java.lang.StringBuilder r7 = new java.lang.StringBuilder
            java.lang.String r9 = "Algorithm "
            r7.<init>(r9)
            java.lang.StringBuilder r7 = r7.append(r8)
            java.lang.String r8 = " incompatible with curve "
            java.lang.StringBuilder r7 = r7.append(r8)
            java.lang.StringBuilder r6 = r7.append(r6)
            java.lang.String r6 = r6.toString()
            r5.<init>(r6)
            throw r5
        L70:
            java.lang.String r0 = "SHA512withECDSA"
            goto L78
        L73:
            java.lang.String r0 = "SHA384withECDSA"
            goto L78
        L76:
            java.lang.String r0 = "SHA256withECDSA"
        L78:
            org.multipaz.crypto.EcCurve r5 = r6.getCurve()     // Catch: java.lang.Throwable -> Lc8
            int[] r8 = org.multipaz.crypto.Crypto.WhenMappings.$EnumSwitchMapping$1     // Catch: java.lang.Throwable -> Lc8
            int r5 = r5.ordinal()     // Catch: java.lang.Throwable -> Lc8
            r5 = r8[r5]     // Catch: java.lang.Throwable -> Lc8
            if (r5 == r2) goto L8d
            if (r5 == r3) goto L8d
            byte[] r5 = r9.toDerEncoded()     // Catch: java.lang.Throwable -> Lc8
            goto L99
        L8d:
            byte[] r5 = r9.getR()     // Catch: java.lang.Throwable -> Lc8
            byte[] r8 = r9.getS()     // Catch: java.lang.Throwable -> Lc8
            byte[] r5 = kotlin.collections.ArraysKt.plus(r5, r8)     // Catch: java.lang.Throwable -> Lc8
        L99:
            org.multipaz.crypto.EcCurve r8 = r6.getCurve()     // Catch: java.lang.Throwable -> Lc8
            boolean r8 = org.multipaz.crypto.EcPublicKeyJvmKt.getRequireBouncyCastle(r8)     // Catch: java.lang.Throwable -> Lc8
            if (r8 == 0) goto Laa
            java.lang.String r8 = "BC"
            java.security.Signature r8 = java.security.Signature.getInstance(r0, r8)     // Catch: java.lang.Throwable -> Lc8
            goto Lae
        Laa:
            java.security.Signature r8 = java.security.Signature.getInstance(r0)     // Catch: java.lang.Throwable -> Lc8
        Lae:
            java.security.PublicKey r6 = org.multipaz.crypto.EcPublicKeyJvmKt.getJavaPublicKey(r6)     // Catch: java.lang.Throwable -> Lc8
            r8.initVerify(r6)     // Catch: java.lang.Throwable -> Lc8
            r8.update(r7)     // Catch: java.lang.Throwable -> Lc8
            boolean r5 = r8.verify(r5)     // Catch: java.lang.Throwable -> Lc8
            if (r5 == 0) goto Lbf
            return
        Lbf:
            org.multipaz.crypto.SignatureVerificationException r5 = new org.multipaz.crypto.SignatureVerificationException
            java.lang.String r6 = "Signature verification failed"
            r7 = 0
            r5.<init>(r6, r7, r3, r7)
            throw r5
        Lc8:
            r5 = move-exception
            java.lang.IllegalStateException r6 = new java.lang.IllegalStateException
            java.lang.String r7 = "Error occurred verifying signature"
            r6.<init>(r7, r5)
            throw r6
        Ld1:
            java.lang.IllegalArgumentException r5 = new java.lang.IllegalArgumentException
            java.lang.String r6 = "Algorithm not set"
            r5.<init>(r6)
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: org.multipaz.crypto.Crypto.checkSignature(org.multipaz.crypto.EcPublicKey, byte[], org.multipaz.crypto.Algorithm, org.multipaz.crypto.EcSignature):void");
    }

    public final EcPrivateKey createEcPrivateKey(EcCurve curve) {
        Intrinsics.checkNotNullParameter(curve, "curve");
        switch (WhenMappings.$EnumSwitchMapping$1[curve.ordinal()]) {
            case 1:
                Ed25519KeyPairGenerator ed25519KeyPairGenerator = new Ed25519KeyPairGenerator();
                ed25519KeyPairGenerator.init(new Ed25519KeyGenerationParameters(new SecureRandom()));
                AsymmetricCipherKeyPair generateKeyPair = ed25519KeyPairGenerator.generateKeyPair();
                AsymmetricKeyParameter asymmetricKeyParameter = generateKeyPair.getPrivate();
                Intrinsics.checkNotNull(asymmetricKeyParameter, "null cannot be cast to non-null type org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters");
                AsymmetricKeyParameter asymmetricKeyParameter2 = generateKeyPair.getPublic();
                Intrinsics.checkNotNull(asymmetricKeyParameter2, "null cannot be cast to non-null type org.bouncycastle.crypto.params.Ed25519PublicKeyParameters");
                byte[] encoded = ((Ed25519PrivateKeyParameters) asymmetricKeyParameter).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
                byte[] encoded2 = ((Ed25519PublicKeyParameters) asymmetricKeyParameter2).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded2, "getEncoded(...)");
                return new EcPrivateKeyOkp(curve, encoded, encoded2);
            case 2:
                Ed448KeyPairGenerator ed448KeyPairGenerator = new Ed448KeyPairGenerator();
                ed448KeyPairGenerator.init(new Ed448KeyGenerationParameters(new SecureRandom()));
                AsymmetricCipherKeyPair generateKeyPair2 = ed448KeyPairGenerator.generateKeyPair();
                AsymmetricKeyParameter asymmetricKeyParameter3 = generateKeyPair2.getPrivate();
                Intrinsics.checkNotNull(asymmetricKeyParameter3, "null cannot be cast to non-null type org.bouncycastle.crypto.params.Ed448PrivateKeyParameters");
                AsymmetricKeyParameter asymmetricKeyParameter4 = generateKeyPair2.getPublic();
                Intrinsics.checkNotNull(asymmetricKeyParameter4, "null cannot be cast to non-null type org.bouncycastle.crypto.params.Ed448PublicKeyParameters");
                byte[] encoded3 = ((Ed448PrivateKeyParameters) asymmetricKeyParameter3).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded3, "getEncoded(...)");
                byte[] encoded4 = ((Ed448PublicKeyParameters) asymmetricKeyParameter4).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded4, "getEncoded(...)");
                return new EcPrivateKeyOkp(curve, encoded3, encoded4);
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
                keyPairGenerator.initialize(new ECGenParameterSpec(curve.getSECGName()));
                KeyPair generateKeyPair3 = keyPairGenerator.generateKeyPair();
                PublicKey publicKey = generateKeyPair3.getPublic();
                Intrinsics.checkNotNullExpressionValue(publicKey, "getPublic(...)");
                EcPublicKey ecPublicKey = EcPublicKeyJvmKt.toEcPublicKey(publicKey, curve);
                if (!(ecPublicKey instanceof EcPublicKeyDoubleCoordinate)) {
                    throw new IllegalStateException("Check failed.");
                }
                PrivateKey privateKey = generateKeyPair3.getPrivate();
                Intrinsics.checkNotNull(privateKey, "null cannot be cast to non-null type org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey");
                byte[] byteArray = ((BCECPrivateKey) privateKey).getD().toByteArray();
                Intrinsics.checkNotNull(byteArray);
                EcPublicKeyDoubleCoordinate ecPublicKeyDoubleCoordinate = (EcPublicKeyDoubleCoordinate) ecPublicKey;
                return new EcPrivateKeyDoubleCoordinate(curve, byteArray, ecPublicKeyDoubleCoordinate.getX(), ecPublicKeyDoubleCoordinate.getY());
            case 10:
                X25519KeyPairGenerator x25519KeyPairGenerator = new X25519KeyPairGenerator();
                x25519KeyPairGenerator.init(new X25519KeyGenerationParameters(new SecureRandom()));
                AsymmetricCipherKeyPair generateKeyPair4 = x25519KeyPairGenerator.generateKeyPair();
                AsymmetricKeyParameter asymmetricKeyParameter5 = generateKeyPair4.getPrivate();
                Intrinsics.checkNotNull(asymmetricKeyParameter5, "null cannot be cast to non-null type org.bouncycastle.crypto.params.X25519PrivateKeyParameters");
                AsymmetricKeyParameter asymmetricKeyParameter6 = generateKeyPair4.getPublic();
                Intrinsics.checkNotNull(asymmetricKeyParameter6, "null cannot be cast to non-null type org.bouncycastle.crypto.params.X25519PublicKeyParameters");
                byte[] encoded5 = ((X25519PrivateKeyParameters) asymmetricKeyParameter5).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded5, "getEncoded(...)");
                byte[] encoded6 = ((X25519PublicKeyParameters) asymmetricKeyParameter6).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded6, "getEncoded(...)");
                return new EcPrivateKeyOkp(curve, encoded5, encoded6);
            case 11:
                X448KeyPairGenerator x448KeyPairGenerator = new X448KeyPairGenerator();
                x448KeyPairGenerator.init(new X448KeyGenerationParameters(new SecureRandom()));
                AsymmetricCipherKeyPair generateKeyPair5 = x448KeyPairGenerator.generateKeyPair();
                AsymmetricKeyParameter asymmetricKeyParameter7 = generateKeyPair5.getPrivate();
                Intrinsics.checkNotNull(asymmetricKeyParameter7, "null cannot be cast to non-null type org.bouncycastle.crypto.params.X448PrivateKeyParameters");
                AsymmetricKeyParameter asymmetricKeyParameter8 = generateKeyPair5.getPublic();
                Intrinsics.checkNotNull(asymmetricKeyParameter8, "null cannot be cast to non-null type org.bouncycastle.crypto.params.X448PublicKeyParameters");
                byte[] encoded7 = ((X448PrivateKeyParameters) asymmetricKeyParameter7).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded7, "getEncoded(...)");
                byte[] encoded8 = ((X448PublicKeyParameters) asymmetricKeyParameter8).getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded8, "getEncoded(...)");
                return new EcPrivateKeyOkp(curve, encoded7, encoded8);
            default:
                throw new NoWhenBranchMatchedException();
        }
    }

    public final byte[] decrypt(Algorithm algorithm, byte[] key, byte[] nonce, byte[] messageCiphertext) {
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Intrinsics.checkNotNullParameter(messageCiphertext, "messageCiphertext");
        switch (WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()]) {
            case 8:
            case 9:
            case 10:
                try {
                    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                    cipher.init(2, new SecretKeySpec(key, "AES"), new GCMParameterSpec(128, nonce));
                    byte[] doFinal = cipher.doFinal(messageCiphertext);
                    Intrinsics.checkNotNull(doFinal);
                    return doFinal;
                } catch (Exception e) {
                    throw new IllegalStateException("Error decrypting", e);
                }
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
        }
    }

    public final JsonObject decryptJwtEcdhEs$multipaz_release(JsonElement encryptedJwt, EcPrivateKey recipientKey) {
        Intrinsics.checkNotNullParameter(encryptedJwt, "encryptedJwt");
        Intrinsics.checkNotNullParameter(recipientKey, "recipientKey");
        EncryptedJWT parse = EncryptedJWT.parse(JsonElementKt.getJsonPrimitive(encryptedJwt).getContent());
        Curve curve = Curve.P_256;
        PublicKey javaPublicKey = EcPublicKeyJvmKt.getJavaPublicKey(recipientKey.getPublicKey());
        Intrinsics.checkNotNull(javaPublicKey, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
        PrivateKey javaPrivateKey = EcPrivateKeyJvmKt.getJavaPrivateKey(recipientKey);
        Intrinsics.checkNotNull(javaPrivateKey, "null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
        parse.decrypt(new ECDHDecrypter(new ECKey(curve, (ECPublicKey) javaPublicKey, (ECPrivateKey) javaPrivateKey, (KeyUse) null, (Set<KeyOperation>) null, (com.nimbusds.jose.Algorithm) null, (String) null, (URI) null, (Base64URL) null, (Base64URL) null, (List<Base64>) null, (KeyStore) null)));
        Json.Companion companion = Json.INSTANCE;
        String jWTClaimsSet = parse.getJWTClaimsSet().toString();
        Intrinsics.checkNotNullExpressionValue(jWTClaimsSet, "toString(...)");
        SerializersModule serializersModule = companion.getSerializersModule();
        KType typeOf = Reflection.typeOf(JsonObject.class);
        MagicApiIntrinsics.voidMagicApiCall("kotlinx.serialization.serializer.withModule");
        return (JsonObject) companion.decodeFromString(SerializersKt.serializer(serializersModule, typeOf), jWTClaimsSet);
    }

    public final byte[] digest(Algorithm algorithm, byte[] message) {
        String str;
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(message, "message");
        int i = WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()];
        if (i == 1) {
            str = McElieceCCA2KeyGenParameterSpec.SHA1;
        } else if (i == 2) {
            str = "SHA-256";
        } else if (i == 3) {
            str = McElieceCCA2KeyGenParameterSpec.SHA384;
        } else {
            if (i != 4) {
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
            }
            str = "SHA-512";
        }
        byte[] digest = MessageDigest.getInstance(str).digest(message);
        Intrinsics.checkNotNullExpressionValue(digest, "digest(...)");
        return digest;
    }

    public final EcPrivateKey ecPrivateKeyFromPem$multipaz_release(String pemEncoding, EcPublicKey publicKey) {
        Intrinsics.checkNotNullParameter(pemEncoding, "pemEncoding");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        PrivateKey generatePrivate = KeyFactory.getInstance(EcPublicKeyJvmKt.getJavaKeyAlgorithm(publicKey.getCurve()), BouncyCastleProvider.PROVIDER_NAME).generatePrivate(new PKCS8EncodedKeySpec(kotlin.io.encoding.Base64.decode$default(kotlin.io.encoding.Base64.INSTANCE.getMime(), StringsKt.trim((CharSequence) StringsKt.replace$default(StringsKt.replace$default(pemEncoding, "-----BEGIN PRIVATE KEY-----", "", false, 4, (Object) null), "-----END PRIVATE KEY-----", "", false, 4, (Object) null)).toString(), 0, 0, 6, (Object) null)));
        Intrinsics.checkNotNull(generatePrivate);
        return EcPrivateKeyJvmKt.toEcPrivateKey(generatePrivate, EcPublicKeyJvmKt.getJavaPublicKey(publicKey), publicKey.getCurve());
    }

    public final String ecPrivateKeyToPem$multipaz_release(EcPrivateKey privateKey) {
        Intrinsics.checkNotNullParameter(privateKey, "privateKey");
        StringBuilder sb = new StringBuilder("-----BEGIN PRIVATE KEY-----\n");
        kotlin.io.encoding.Base64 mime = kotlin.io.encoding.Base64.INSTANCE.getMime();
        byte[] encoded = EcPrivateKeyJvmKt.getJavaPrivateKey(privateKey).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
        sb.append(kotlin.io.encoding.Base64.encode$default(mime, encoded, 0, 0, 6, null));
        sb.append("\n-----END PRIVATE KEY-----\n");
        String sb2 = sb.toString();
        Intrinsics.checkNotNullExpressionValue(sb2, "toString(...)");
        return sb2;
    }

    public final EcPublicKey ecPublicKeyFromPem$multipaz_release(String pemEncoding, EcCurve curve) {
        Intrinsics.checkNotNullParameter(pemEncoding, "pemEncoding");
        Intrinsics.checkNotNullParameter(curve, "curve");
        PublicKey generatePublic = KeyFactory.getInstance(EcPublicKeyJvmKt.getJavaKeyAlgorithm(curve), BouncyCastleProvider.PROVIDER_NAME).generatePublic(new X509EncodedKeySpec(kotlin.io.encoding.Base64.decode$default(kotlin.io.encoding.Base64.INSTANCE.getMime(), StringsKt.trim((CharSequence) StringsKt.replace$default(StringsKt.replace$default(pemEncoding, "-----BEGIN PUBLIC KEY-----", "", false, 4, (Object) null), "-----END PUBLIC KEY-----", "", false, 4, (Object) null)).toString(), 0, 0, 6, (Object) null)));
        Intrinsics.checkNotNull(generatePublic);
        return EcPublicKeyJvmKt.toEcPublicKey(generatePublic, curve);
    }

    public final String ecPublicKeyToPem$multipaz_release(EcPublicKey publicKey) {
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        StringBuilder sb = new StringBuilder("-----BEGIN PUBLIC KEY-----\n");
        kotlin.io.encoding.Base64 mime = kotlin.io.encoding.Base64.INSTANCE.getMime();
        byte[] encoded = EcPublicKeyJvmKt.getJavaPublicKey(publicKey).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
        sb.append(kotlin.io.encoding.Base64.encode$default(mime, encoded, 0, 0, 6, null));
        sb.append("\n-----END PUBLIC KEY-----\n");
        String sb2 = sb.toString();
        Intrinsics.checkNotNullExpressionValue(sb2, "toString(...)");
        return sb2;
    }

    public final byte[] encrypt(Algorithm algorithm, byte[] key, byte[] nonce, byte[] messagePlaintext) {
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(nonce, "nonce");
        Intrinsics.checkNotNullParameter(messagePlaintext, "messagePlaintext");
        switch (WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()]) {
            case 8:
            case 9:
            case 10:
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(1, new SecretKeySpec(key, "AES"), new GCMParameterSpec(128, nonce));
                byte[] doFinal = cipher.doFinal(messagePlaintext);
                Intrinsics.checkNotNullExpressionValue(doFinal, "run(...)");
                return doFinal;
            default:
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
        }
    }

    public final JsonElement encryptJwtEcdhEs$multipaz_release(EcPublicKey key, Algorithm encAlgorithm, JsonObject claims, String apu, String apv) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(encAlgorithm, "encAlgorithm");
        Intrinsics.checkNotNullParameter(claims, "claims");
        Intrinsics.checkNotNullParameter(apu, "apu");
        Intrinsics.checkNotNullParameter(apv, "apv");
        JWEAlgorithm parse = JWEAlgorithm.parse("ECDH-ES");
        String joseAlgorithmIdentifier = encAlgorithm.getJoseAlgorithmIdentifier();
        Intrinsics.checkNotNull(joseAlgorithmIdentifier);
        JWEHeader build = new JWEHeader.Builder(parse, EncryptionMethod.parse(joseAlgorithmIdentifier)).agreementPartyUInfo(new Base64URL(apu)).agreementPartyVInfo(new Base64URL(apv)).build();
        JWKSet jWKSet = new JWKSet(JWK.parseFromPEMEncodedObjects(key.toPem()));
        EncryptedJWT encryptedJWT = new EncryptedJWT(build, JWTClaimsSet.parse(claims.toString()));
        JWK jwk = jWKSet.getKeys().get(0);
        Intrinsics.checkNotNull(jwk, "null cannot be cast to non-null type com.nimbusds.jose.jwk.ECKey");
        encryptedJWT.encrypt(new ECDHEncrypter((ECKey) jwk));
        return JsonElementKt.JsonPrimitive(encryptedJWT.serialize());
    }

    public final Set<EcCurve> getSupportedCurves() {
        return supportedCurves;
    }

    public final byte[] hkdf(Algorithm algorithm, byte[] ikm, byte[] salt, byte[] info, int size) {
        int i;
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(ikm, "ikm");
        int i2 = WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()];
        if (i2 == 5) {
            i = 32;
        } else if (i2 == 6) {
            i = 48;
        } else {
            if (i2 != 7) {
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
            }
            i = 64;
        }
        if (size > i * 255) {
            throw new IllegalArgumentException("size too large".toString());
        }
        if (salt == null || salt.length == 0) {
            salt = new byte[i];
        }
        byte[] mac = mac(algorithm, salt, ikm);
        byte[] bArr = new byte[size];
        byte[] bArr2 = new byte[0];
        int i3 = 0;
        int i4 = 1;
        while (true) {
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder(0, 1, null);
            byteStringBuilder.append(bArr2, 0, bArr2.length);
            if (info != null) {
                byteStringBuilder.append(info, 0, info.length);
            }
            byteStringBuilder.append((byte) i4);
            bArr2 = mac(algorithm, mac, kotlinx.io.bytestring.ByteString.toByteArray$default(byteStringBuilder.toByteString(), 0, 0, 3, null));
            if (bArr2.length + i3 >= size) {
                System.arraycopy(bArr2, 0, bArr, i3, size - i3);
                return bArr;
            }
            System.arraycopy(bArr2, 0, bArr, i3, bArr2.length);
            i3 += bArr2.length;
            i4++;
        }
    }

    public final byte[] hpkeDecrypt(Algorithm cipherSuite, EcPrivateKey receiverPrivateKey, byte[] cipherText, byte[] aad, EcPublicKey encapsulatedPublicKey) {
        Intrinsics.checkNotNullParameter(cipherSuite, "cipherSuite");
        Intrinsics.checkNotNullParameter(receiverPrivateKey, "receiverPrivateKey");
        Intrinsics.checkNotNullParameter(cipherText, "cipherText");
        Intrinsics.checkNotNullParameter(aad, "aad");
        Intrinsics.checkNotNullParameter(encapsulatedPublicKey, "encapsulatedPublicKey");
        if (cipherSuite != Algorithm.HPKE_BASE_P256_SHA256_AES128GCM) {
            throw new IllegalArgumentException("Only HPKE_BASE_P256_SHA256_AES128GCM is supported right now".toString());
        }
        if (receiverPrivateKey.getCurve() != EcCurve.P256) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        KeysetHandle component2 = hpkeGetKeysetHandles(receiverPrivateKey.getPublicKey(), receiverPrivateKey).component2();
        Intrinsics.checkNotNull(component2);
        byte[] decrypt = ((HybridDecrypt) component2.getPrimitive(HybridDecrypt.class)).decrypt(ArraysKt.plus(((EcPublicKeyDoubleCoordinate) encapsulatedPublicKey).getAsUncompressedPointEncoding(), cipherText), aad);
        Intrinsics.checkNotNullExpressionValue(decrypt, "decrypt(...)");
        return decrypt;
    }

    public final Pair<byte[], EcPublicKey> hpkeEncrypt(Algorithm cipherSuite, EcPublicKey receiverPublicKey, byte[] plainText, byte[] aad) {
        Intrinsics.checkNotNullParameter(cipherSuite, "cipherSuite");
        Intrinsics.checkNotNullParameter(receiverPublicKey, "receiverPublicKey");
        Intrinsics.checkNotNullParameter(plainText, "plainText");
        Intrinsics.checkNotNullParameter(aad, "aad");
        if (cipherSuite != Algorithm.HPKE_BASE_P256_SHA256_AES128GCM) {
            throw new IllegalArgumentException("Only HPKE_BASE_P256_SHA256_AES128GCM is supported right now".toString());
        }
        if (receiverPublicKey.getCurve() != EcCurve.P256) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        byte[] encrypt = ((HybridEncrypt) hpkeGetKeysetHandles(receiverPublicKey, null).component1().getPrimitive(HybridEncrypt.class)).encrypt(plainText, aad);
        int bitSize = ((((EcPublicKeyDoubleCoordinate) receiverPublicKey).getCurve().getBitSize() + 7) / 8) * 2;
        int i = bitSize + 1;
        EcPublicKeyDoubleCoordinate.Companion companion = EcPublicKeyDoubleCoordinate.INSTANCE;
        EcCurve ecCurve = EcCurve.P256;
        Intrinsics.checkNotNull(encrypt);
        return new Pair<>(ArraysKt.sliceArray(encrypt, new IntRange(i, encrypt.length - 1)), companion.fromUncompressedPointEncoding(ecCurve, ArraysKt.sliceArray(encrypt, new IntRange(0, bitSize))));
    }

    public final JwsInfo jwsGetInfo$multipaz_release(JsonElement signedJwt) {
        ArrayList arrayList;
        List<Base64> x509CertChain;
        Object m8739constructorimpl;
        Intrinsics.checkNotNullParameter(signedJwt, "signedJwt");
        SignedJWT parse = SignedJWT.parse(JsonElementKt.getJsonPrimitive(signedJwt).getContent());
        JWSHeader header = parse.getHeader();
        if (header == null || (x509CertChain = header.getX509CertChain()) == null) {
            arrayList = null;
        } else {
            ArrayList arrayList2 = new ArrayList();
            for (Base64 base64 : x509CertChain) {
                try {
                    Result.Companion companion = Result.INSTANCE;
                    byte[] decode = base64.decode();
                    Intrinsics.checkNotNullExpressionValue(decode, "decode(...)");
                    m8739constructorimpl = Result.m8739constructorimpl(new X509Cert(decode));
                } catch (Throwable th) {
                    Result.Companion companion2 = Result.INSTANCE;
                    m8739constructorimpl = Result.m8739constructorimpl(ResultKt.createFailure(th));
                }
                if (Result.m8745isFailureimpl(m8739constructorimpl)) {
                    m8739constructorimpl = null;
                }
                X509Cert x509Cert = (X509Cert) m8739constructorimpl;
                if (x509Cert != null) {
                    arrayList2.add(x509Cert);
                }
            }
            arrayList = arrayList2;
        }
        Json.Companion companion3 = Json.INSTANCE;
        String jWTClaimsSet = parse.getJWTClaimsSet().toString();
        Intrinsics.checkNotNullExpressionValue(jWTClaimsSet, "toString(...)");
        JsonObject jsonObject = JsonElementKt.getJsonObject(companion3.parseToJsonElement(jWTClaimsSet));
        JOSEObjectType type = parse.getHeader().getType();
        return new JwsInfo(jsonObject, type != null ? type.toString() : null, arrayList != null ? new X509CertChain(arrayList) : null);
    }

    public final JsonElement jwsSign$multipaz_release(EcPrivateKey key, Algorithm signatureAlgorithm, JsonObject claimsSet, String type, X509CertChain x5c) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        Intrinsics.checkNotNullParameter(claimsSet, "claimsSet");
        Curve curve = Curve.P_256;
        PublicKey javaPublicKey = EcPublicKeyJvmKt.getJavaPublicKey(key.getPublicKey());
        Intrinsics.checkNotNull(javaPublicKey, "null cannot be cast to non-null type java.security.interfaces.ECPublicKey");
        PrivateKey javaPrivateKey = EcPrivateKeyJvmKt.getJavaPrivateKey(key);
        Intrinsics.checkNotNull(javaPrivateKey, "null cannot be cast to non-null type java.security.interfaces.ECPrivateKey");
        ECKey eCKey = new ECKey(curve, (ECPublicKey) javaPublicKey, (ECPrivateKey) javaPrivateKey, (KeyUse) null, (Set<KeyOperation>) null, (com.nimbusds.jose.Algorithm) null, (String) null, (URI) null, (Base64URL) null, (Base64URL) null, (List<Base64>) null, (KeyStore) null);
        if (signatureAlgorithm != Algorithm.ES256) {
            throw new IllegalStateException("Check failed.");
        }
        JWSHeader.Builder builder = new JWSHeader.Builder(JWSAlgorithm.ES256);
        if (x5c != null) {
            List<X509Cert> certificates = x5c.getCertificates();
            ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(certificates, 10));
            Iterator<T> it = certificates.iterator();
            while (it.hasNext()) {
                arrayList.add(Base64.from(Base64UtilKt.toBase64Url(((X509Cert) it.next()).getEncodedCertificate())));
            }
            builder.x509CertChain(arrayList);
        }
        if (type != null) {
            builder.type(new JOSEObjectType(type));
        }
        builder.keyID(eCKey.getKeyID());
        SignedJWT signedJWT = new SignedJWT(builder.build(), JWTClaimsSet.parse(claimsSet.toString()));
        signedJWT.sign(new ECDSASigner(eCKey));
        Json.Companion companion = Json.INSTANCE;
        String serialize = signedJWT.serialize();
        Intrinsics.checkNotNullExpressionValue(serialize, "serialize(...)");
        return companion.parseToJsonElement(serialize);
    }

    public final void jwsVerify$multipaz_release(JsonElement signedJwt, final EcPublicKey publicKey) {
        Intrinsics.checkNotNullParameter(signedJwt, "signedJwt");
        Intrinsics.checkNotNullParameter(publicKey, "publicKey");
        SignedJWT parse = SignedJWT.parse(JsonElementKt.getJsonPrimitive(signedJwt).getContent());
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier(parse.getHeader().getType(), JOSEObjectType.JWT, new JOSEObjectType(""), null));
        defaultJWTProcessor.setJWSKeySelector(new JWSKeySelector() { // from class: org.multipaz.crypto.Crypto$$ExternalSyntheticLambda0
            @Override // com.nimbusds.jose.proc.JWSKeySelector
            public final List selectJWSKeys(JWSHeader jWSHeader, SecurityContext securityContext) {
                List jwsVerify$lambda$23;
                jwsVerify$lambda$23 = Crypto.jwsVerify$lambda$23(EcPublicKey.this, jWSHeader, securityContext);
                return jwsVerify$lambda$23;
            }
        });
        defaultJWTProcessor.process(parse, (SignedJWT) null);
    }

    public final byte[] keyAgreement(EcPrivateKey key, EcPublicKey otherKey) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(otherKey, "otherKey");
        switch (WhenMappings.$EnumSwitchMapping$1[key.getCurve().ordinal()]) {
            case 1:
            case 2:
                throw new IllegalStateException("Key with curve " + key.getCurve() + " does not support key-agreement");
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
                if (otherKey.getCurve() != key.getCurve()) {
                    throw new IllegalArgumentException(("Other key for ECDH is not " + key.getCurve().name()).toString());
                }
                PrivateKey generatePrivate = KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(BigIntegers.fromUnsignedByteArray(key.getD()), ECNamedCurveTable.getParameterSpec(key.getCurve().getSECGName())));
                try {
                    KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
                    keyAgreement.init(generatePrivate);
                    keyAgreement.doPhase(EcPublicKeyJvmKt.getJavaPublicKey(otherKey), true);
                    byte[] generateSecret = keyAgreement.generateSecret();
                    Intrinsics.checkNotNull(generateSecret);
                    return generateSecret;
                } catch (Throwable th) {
                    throw new IllegalStateException("Unexpected Exception", th);
                }
            case 10:
                if (otherKey.getCurve() != EcCurve.X25519) {
                    throw new IllegalArgumentException("Other key for ECDH is not Curve X448".toString());
                }
                X25519PublicKeyParameters x25519PublicKeyParameters = new X25519PublicKeyParameters(((EcPublicKeyOkp) otherKey).getX(), 0);
                X25519PrivateKeyParameters x25519PrivateKeyParameters = new X25519PrivateKeyParameters(key.getD(), 0);
                X25519Agreement x25519Agreement = new X25519Agreement();
                x25519Agreement.init(x25519PrivateKeyParameters);
                byte[] bArr = new byte[x25519Agreement.getAgreementSize()];
                x25519Agreement.calculateAgreement(x25519PublicKeyParameters, bArr, 0);
                return bArr;
            case 11:
                if (otherKey.getCurve() != EcCurve.X448) {
                    throw new IllegalArgumentException("Other key for ECDH is not Curve X448".toString());
                }
                X448PublicKeyParameters x448PublicKeyParameters = new X448PublicKeyParameters(((EcPublicKeyOkp) otherKey).getX(), 0);
                X448PrivateKeyParameters x448PrivateKeyParameters = new X448PrivateKeyParameters(key.getD(), 0);
                X448Agreement x448Agreement = new X448Agreement();
                x448Agreement.init(x448PrivateKeyParameters);
                byte[] bArr2 = new byte[x448Agreement.getAgreementSize()];
                x448Agreement.calculateAgreement(x448PublicKeyParameters, bArr2, 0);
                return bArr2;
            default:
                throw new NoWhenBranchMatchedException();
        }
    }

    public final byte[] mac(Algorithm algorithm, byte[] key, byte[] message) {
        String str;
        Intrinsics.checkNotNullParameter(algorithm, "algorithm");
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(message, "message");
        int i = WhenMappings.$EnumSwitchMapping$0[algorithm.ordinal()];
        if (i == 5) {
            str = "HmacSha256";
        } else if (i == 6) {
            str = "HmacSha384";
        } else {
            if (i != 7) {
                throw new IllegalArgumentException("Unsupported algorithm " + algorithm);
            }
            str = "HmacSha512";
        }
        Mac mac = Mac.getInstance(str);
        mac.init(new SecretKeySpec(key, ""));
        mac.update(message);
        byte[] doFinal = mac.doFinal();
        Intrinsics.checkNotNullExpressionValue(doFinal, "run(...)");
        return doFinal;
    }

    public final EcSignature sign(EcPrivateKey key, Algorithm signatureAlgorithm, byte[] message) {
        EcSignature ecSignature;
        String str;
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(signatureAlgorithm, "signatureAlgorithm");
        Intrinsics.checkNotNullParameter(message, "message");
        switch (WhenMappings.$EnumSwitchMapping$1[key.getCurve().ordinal()]) {
            case 1:
                if (!SetsKt.setOf((Object[]) new Algorithm[]{Algorithm.EDDSA, Algorithm.ED25519}).contains(signatureAlgorithm)) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
                Ed25519PrivateKeyParameters ed25519PrivateKeyParameters = new Ed25519PrivateKeyParameters(key.getD(), 0);
                Ed25519Signer ed25519Signer = new Ed25519Signer();
                ed25519Signer.init(true, ed25519PrivateKeyParameters);
                ed25519Signer.update(message, 0, message.length);
                byte[] generateSignature = ed25519Signer.generateSignature();
                Intrinsics.checkNotNull(generateSignature);
                ecSignature = new EcSignature(ArraysKt.sliceArray(generateSignature, new IntRange(0, (generateSignature.length / 2) - 1)), ArraysKt.sliceArray(generateSignature, new IntRange(generateSignature.length / 2, generateSignature.length - 1)));
                break;
            case 2:
                if (!SetsKt.setOf((Object[]) new Algorithm[]{Algorithm.EDDSA, Algorithm.ED448}).contains(signatureAlgorithm)) {
                    throw new IllegalArgumentException("Failed requirement.".toString());
                }
                Ed448PrivateKeyParameters ed448PrivateKeyParameters = new Ed448PrivateKeyParameters(key.getD(), 0);
                Ed448Signer ed448Signer = new Ed448Signer(new byte[0]);
                ed448Signer.init(true, ed448PrivateKeyParameters);
                ed448Signer.update(message, 0, message.length);
                byte[] generateSignature2 = ed448Signer.generateSignature();
                Intrinsics.checkNotNull(generateSignature2);
                ecSignature = new EcSignature(ArraysKt.sliceArray(generateSignature2, new IntRange(0, (generateSignature2.length / 2) - 1)), ArraysKt.sliceArray(generateSignature2, new IntRange(generateSignature2.length / 2, generateSignature2.length - 1)));
                break;
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
                switch (WhenMappings.$EnumSwitchMapping$0[signatureAlgorithm.ordinal()]) {
                    case 12:
                    case 13:
                    case 14:
                        str = "SHA256withECDSA";
                        break;
                    case 15:
                    case 16:
                    case 17:
                    case 18:
                        str = "SHA384withECDSA";
                        break;
                    case 19:
                    case 20:
                    case 21:
                        str = "SHA512withECDSA";
                        break;
                    default:
                        throw new IllegalArgumentException("Unsupported signing algorithm " + signatureAlgorithm + " for curve " + key.getCurve());
                }
                PrivateKey generatePrivate = KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(BigIntegers.fromUnsignedByteArray(key.getD()), ECNamedCurveTable.getParameterSpec(key.getCurve().getSECGName())));
                try {
                    Signature signature = Signature.getInstance(str, BouncyCastleProvider.PROVIDER_NAME);
                    signature.initSign(generatePrivate);
                    signature.update(message);
                    byte[] sign = signature.sign();
                    EcSignature.Companion companion = EcSignature.INSTANCE;
                    int bitSize = key.getCurve().getBitSize();
                    Intrinsics.checkNotNull(sign);
                    return companion.fromDerEncoded(bitSize, sign);
                } catch (Exception e) {
                    throw new IllegalStateException("Unexpected Exception", e);
                }
            case 10:
            case 11:
                throw new IllegalStateException("Key with curve " + key.getCurve() + " does not support signing");
            default:
                throw new NoWhenBranchMatchedException();
        }
        return ecSignature;
    }

    public final UUID uuidGetRandom$multipaz_release() {
        UUID.Companion companion = UUID.INSTANCE;
        java.util.UUID randomUUID = java.util.UUID.randomUUID();
        Intrinsics.checkNotNullExpressionValue(randomUUID, "randomUUID(...)");
        return UUIDJvmKt.fromJavaUuid(companion, randomUUID);
    }

    public final boolean validateCertChain$multipaz_release(X509CertChain certChain) {
        Intrinsics.checkNotNullParameter(certChain, "certChain");
        List<X509Certificate> javaX509Certificates = X509CertChainJvmKt.getJavaX509Certificates(certChain);
        int size = javaX509Certificates.size();
        for (int i = 0; i < size; i++) {
            if (i < javaX509Certificates.size() - 1) {
                try {
                    javaX509Certificates.get(i).verify(javaX509Certificates.get(i + 1).getPublicKey());
                } catch (Throwable unused) {
                    return false;
                }
            }
        }
        return true;
    }
}
