package com.google.crypto.tink.apps.paymentmethodtoken;

import com.google.crypto.tink.HybridEncrypt;
import com.google.crypto.tink.PublicKeySign;
import com.google.crypto.tink.apps.paymentmethodtoken.PaymentMethodTokenConstants;
import com.google.crypto.tink.subtle.Base64;
import com.google.crypto.tink.subtle.EcdsaSignJce;
import com.google.crypto.tink.subtle.EllipticCurves;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:com/google/crypto/tink/apps/paymentmethodtoken/PaymentMethodTokenSender.class */
public final class PaymentMethodTokenSender {
    private final String protocolVersion;
    private final PaymentMethodTokenConstants.ProtocolVersionConfig protocolVersionConfig;
    private final PublicKeySign signer;
    private final String senderIntermediateCert;
    private final String senderId;
    private final String recipientId;
    private HybridEncrypt hybridEncrypter;

    /* loaded from: input_file:com/google/crypto/tink/apps/paymentmethodtoken/PaymentMethodTokenSender$Builder.class */
    public static class Builder {
        private String protocolVersion = PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V1;
        private String senderId = PaymentMethodTokenConstants.GOOGLE_SENDER_ID;
        private String recipientId = null;
        private ECPrivateKey senderSigningKey = null;
        private ECPrivateKey senderIntermediateSigningKey = null;
        private String senderIntermediateCert = null;
        private ECPublicKey recipientPublicKey = null;

        public Builder protocolVersion(String str) {
            this.protocolVersion = str;
            return this;
        }

        public Builder senderId(String str) {
            this.senderId = str;
            return this;
        }

        public Builder recipientId(String str) {
            this.recipientId = str;
            return this;
        }

        public Builder senderSigningKey(String str) throws GeneralSecurityException {
            this.senderSigningKey = PaymentMethodTokenUtil.pkcs8EcPrivateKey(str);
            return this;
        }

        public Builder senderSigningKey(ECPrivateKey eCPrivateKey) throws GeneralSecurityException {
            this.senderSigningKey = eCPrivateKey;
            return this;
        }

        public Builder senderIntermediateSigningKey(String str) throws GeneralSecurityException {
            return senderIntermediateSigningKey(PaymentMethodTokenUtil.pkcs8EcPrivateKey(str));
        }

        public Builder senderIntermediateSigningKey(ECPrivateKey eCPrivateKey) throws GeneralSecurityException {
            this.senderIntermediateSigningKey = eCPrivateKey;
            return this;
        }

        public Builder senderIntermediateCert(String str) throws GeneralSecurityException {
            this.senderIntermediateCert = str;
            return this;
        }

        public Builder recipientPublicKey(String str) throws GeneralSecurityException {
            this.recipientPublicKey = PaymentMethodTokenUtil.x509EcPublicKey(str);
            return this;
        }

        public Builder rawUncompressedRecipientPublicKey(String str) throws GeneralSecurityException {
            this.recipientPublicKey = PaymentMethodTokenUtil.rawUncompressedEcPublicKey(str);
            return this;
        }

        public Builder recipientPublicKey(ECPublicKey eCPublicKey) throws GeneralSecurityException {
            this.recipientPublicKey = eCPublicKey;
            return this;
        }

        public PaymentMethodTokenSender build() throws GeneralSecurityException {
            return new PaymentMethodTokenSender(this);
        }
    }

    PaymentMethodTokenSender(Builder builder) throws GeneralSecurityException {
        String str = builder.protocolVersion;
        boolean z = -1;
        switch (str.hashCode()) {
            case -53843369:
                if (str.equals(PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V2_SIGNING_ONLY)) {
                    z = 2;
                    break;
                }
                break;
            case 2123673:
                if (str.equals(PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V1)) {
                    z = false;
                    break;
                }
                break;
            case 2123674:
                if (str.equals(PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V2)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                validateV1(builder);
                break;
            case true:
                validateV2(builder);
                break;
            case true:
                validateV2SigningOnly(builder);
                break;
            default:
                throw new IllegalArgumentException("invalid version: " + builder.protocolVersion);
        }
        this.protocolVersion = builder.protocolVersion;
        this.protocolVersionConfig = PaymentMethodTokenConstants.ProtocolVersionConfig.forProtocolVersion(this.protocolVersion);
        this.signer = new EcdsaSignJce(builder.senderIntermediateSigningKey != null ? builder.senderIntermediateSigningKey : builder.senderSigningKey, PaymentMethodTokenConstants.ECDSA_HASH_SHA256, EllipticCurves.EcdsaEncoding.DER);
        this.senderId = builder.senderId;
        if (this.protocolVersionConfig.isEncryptionRequired) {
            this.hybridEncrypter = new PaymentMethodTokenHybridEncrypt(builder.recipientPublicKey, this.protocolVersionConfig);
        }
        if (builder.recipientId == null) {
            throw new IllegalArgumentException("must set recipient Id using Builder.recipientId");
        }
        this.recipientId = builder.recipientId;
        this.senderIntermediateCert = builder.senderIntermediateCert;
    }

    public String seal(String str) throws GeneralSecurityException {
        if (this.protocolVersion.equals(PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V1) || this.protocolVersion.equals(PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V2) || this.protocolVersion.equals(PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V2_SIGNING_ONLY)) {
            return sealV1OrV2(str);
        }
        throw new GeneralSecurityException("Unsupported version: " + this.protocolVersion);
    }

    private String sealV1OrV2(String str) throws GeneralSecurityException {
        return signV1OrV2(this.protocolVersionConfig.isEncryptionRequired ? new String(this.hybridEncrypter.encrypt(str.getBytes(StandardCharsets.UTF_8), PaymentMethodTokenConstants.GOOGLE_CONTEXT_INFO_ECV1), StandardCharsets.UTF_8) : str);
    }

    private String signV1OrV2(String str) throws GeneralSecurityException {
        try {
            JSONObject put = new JSONObject().put(PaymentMethodTokenConstants.JSON_SIGNED_MESSAGE_KEY, str).put(PaymentMethodTokenConstants.JSON_PROTOCOL_VERSION_KEY, this.protocolVersion).put(PaymentMethodTokenConstants.JSON_SIGNATURE_KEY, Base64.encode(this.signer.sign(PaymentMethodTokenUtil.toLengthValue(this.senderId, this.recipientId, this.protocolVersion, str))));
            if (this.senderIntermediateCert != null) {
                put.put(PaymentMethodTokenConstants.JSON_INTERMEDIATE_SIGNING_KEY, new JSONObject(this.senderIntermediateCert));
            }
            return put.toString();
        } catch (JSONException e) {
            throw new GeneralSecurityException("cannot seal; JSON error");
        }
    }

    private static void validateV1(Builder builder) {
        if (builder.senderSigningKey == null) {
            throw new IllegalArgumentException("must set sender's signing key using Builder.senderSigningKey");
        }
        if (builder.senderIntermediateSigningKey != null) {
            throw new IllegalArgumentException("must not set sender's intermediate signing key using Builder.senderIntermediateSigningKey");
        }
        if (builder.senderIntermediateCert != null) {
            throw new IllegalArgumentException("must not set signed sender's intermediate signing key using Builder.senderIntermediateCert");
        }
        if (builder.recipientPublicKey == null) {
            throw new IllegalArgumentException("must set recipient's public key using Builder.recipientPublicKey");
        }
    }

    private static void validateV2(Builder builder) {
        validateIntermediateSigningKeys(builder);
        if (builder.recipientPublicKey == null) {
            throw new IllegalArgumentException("must set recipient's public key using Builder.recipientPublicKey");
        }
    }

    private static void validateV2SigningOnly(Builder builder) {
        validateIntermediateSigningKeys(builder);
        if (builder.recipientPublicKey != null) {
            throw new IllegalArgumentException("must not set recipient's public key using Builder.recipientPublicKey");
        }
    }

    private static void validateIntermediateSigningKeys(Builder builder) {
        if (builder.senderSigningKey != null) {
            throw new IllegalArgumentException("must not set sender's signing key using Builder.senderSigningKey");
        }
        if (builder.senderIntermediateSigningKey == null) {
            throw new IllegalArgumentException("must set sender's intermediate signing key using Builder.senderIntermediateSigningKey");
        }
        if (builder.senderIntermediateCert == null) {
            throw new IllegalArgumentException("must set signed sender's intermediate signing key using Builder.senderIntermediateCert");
        }
    }
}
