// 
// Decompiled by Procyon v0.6.0
// 

package com.google.crypto.tink;

import com.google.crypto.tink.signature.internal.RsaSsaPssVerifyConscrypt;
import com.google.crypto.tink.signature.internal.RsaSsaPssSignConscrypt;
import com.google.crypto.tink.signature.internal.RsaSsaPkcs1VerifyConscrypt;
import com.google.crypto.tink.subtle.RsaSsaPkcs1SignJce;
import com.google.crypto.tink.internal.InternalConfiguration;
import com.google.crypto.tink.signature.RsaSsaPssPublicKey;
import com.google.crypto.tink.signature.RsaSsaPssPrivateKey;
import com.google.crypto.tink.signature.RsaSsaPkcs1PublicKey;
import com.google.crypto.tink.signature.RsaSsaPkcs1PrivateKey;
import com.google.crypto.tink.signature.EcdsaPublicKey;
import com.google.crypto.tink.subtle.EcdsaVerifyJce;
import com.google.crypto.tink.signature.EcdsaPrivateKey;
import com.google.crypto.tink.subtle.EcdsaSignJce;
import com.google.crypto.tink.signature.PublicKeyVerifyWrapper;
import com.google.crypto.tink.signature.PublicKeySignWrapper;
import com.google.crypto.tink.prf.Prf;
import com.google.crypto.tink.prf.HmacPrfKey;
import com.google.crypto.tink.subtle.PrfHmacJce;
import com.google.crypto.tink.prf.PrfSetWrapper;
import com.google.crypto.tink.aead.AesGcmKey;
import com.google.crypto.tink.subtle.AesGcmJce;
import com.google.crypto.tink.aead.AesCtrHmacAeadKey;
import com.google.crypto.tink.subtle.EncryptThenAuthenticate;
import com.google.crypto.tink.aead.AeadWrapper;
import com.google.crypto.tink.mac.ChunkedMac;
import com.google.crypto.tink.mac.internal.ChunkedHmacImpl;
import com.google.crypto.tink.internal.PrimitiveConstructor;
import com.google.crypto.tink.mac.HmacKey;
import com.google.crypto.tink.subtle.PrfMac;
import com.google.crypto.tink.mac.ChunkedMacWrapper;
import com.google.crypto.tink.mac.MacWrapper;
import com.google.crypto.tink.internal.PrimitiveRegistry;
import com.google.crypto.tink.internal.Random;
import java.security.GeneralSecurityException;
import com.google.crypto.tink.config.internal.TinkFipsUtil;

public class ConfigurationFips140v2
{
    private ConfigurationFips140v2() {
    }
    
    public static Configuration get() throws GeneralSecurityException {
        if (!TinkFipsUtil.fipsModuleAvailable()) {
            throw new GeneralSecurityException("Conscrypt is not available or does not support checking for FIPS build.");
        }
        Random.validateUsesConscrypt();
        final PrimitiveRegistry.Builder builder = PrimitiveRegistry.builder();
        MacWrapper.registerToInternalPrimitiveRegistry(builder);
        ChunkedMacWrapper.registerToInternalPrimitiveRegistry(builder);
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)PrfMac::create, (Class<KeyT>)HmacKey.class, (Class<PrimitiveT>)Mac.class));
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)ChunkedHmacImpl::new, (Class<KeyT>)HmacKey.class, (Class<PrimitiveT>)ChunkedMac.class));
        AeadWrapper.registerToInternalPrimitiveRegistry(builder);
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)EncryptThenAuthenticate::create, (Class<KeyT>)AesCtrHmacAeadKey.class, (Class<PrimitiveT>)Aead.class));
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)AesGcmJce::create, (Class<KeyT>)AesGcmKey.class, (Class<PrimitiveT>)Aead.class));
        PrfSetWrapper.registerToInternalPrimitiveRegistry(builder);
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)PrfHmacJce::create, (Class<KeyT>)HmacPrfKey.class, (Class<PrimitiveT>)Prf.class));
        PublicKeySignWrapper.registerToInternalPrimitiveRegistry(builder);
        PublicKeyVerifyWrapper.registerToInternalPrimitiveRegistry(builder);
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)EcdsaSignJce::create, (Class<KeyT>)EcdsaPrivateKey.class, (Class<PrimitiveT>)PublicKeySign.class));
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)EcdsaVerifyJce::create, (Class<KeyT>)EcdsaPublicKey.class, (Class<PrimitiveT>)PublicKeyVerify.class));
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)ConfigurationFips140v2::rsaSsaPkcs1SignCreate, (Class<KeyT>)RsaSsaPkcs1PrivateKey.class, (Class<PrimitiveT>)PublicKeySign.class));
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)ConfigurationFips140v2::rsaSsaPkcs1VerifyCreate, (Class<KeyT>)RsaSsaPkcs1PublicKey.class, (Class<PrimitiveT>)PublicKeyVerify.class));
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)ConfigurationFips140v2::rsaSsaPssSignCreate, (Class<KeyT>)RsaSsaPssPrivateKey.class, (Class<PrimitiveT>)PublicKeySign.class));
        builder.registerPrimitiveConstructor((PrimitiveConstructor<Key, Object>)PrimitiveConstructor.create((PrimitiveConstructor.PrimitiveConstructionFunction<KeyT, PrimitiveT>)ConfigurationFips140v2::rsaSsaPssVerifyCreate, (Class<KeyT>)RsaSsaPssPublicKey.class, (Class<PrimitiveT>)PublicKeyVerify.class));
        return InternalConfiguration.createFromPrimitiveRegistry(builder.build());
    }
    
    private static PublicKeySign rsaSsaPkcs1SignCreate(final RsaSsaPkcs1PrivateKey key) throws GeneralSecurityException {
        if (key.getParameters().getModulusSizeBits() != 2048 && key.getParameters().getModulusSizeBits() != 3072) {
            throw new GeneralSecurityException("Cannot create FIPS-compliant PublicKeySign: wrong RsaSsaPkcs1 key modulus size");
        }
        return RsaSsaPkcs1SignJce.create(key);
    }
    
    private static PublicKeyVerify rsaSsaPkcs1VerifyCreate(final RsaSsaPkcs1PublicKey key) throws GeneralSecurityException {
        if (key.getParameters().getModulusSizeBits() != 2048 && key.getParameters().getModulusSizeBits() != 3072) {
            throw new GeneralSecurityException("Cannot create FIPS-compliant PublicKeyVerify: wrong RsaSsaPkcs1 key modulus size");
        }
        return RsaSsaPkcs1VerifyConscrypt.create(key);
    }
    
    private static PublicKeySign rsaSsaPssSignCreate(final RsaSsaPssPrivateKey key) throws GeneralSecurityException {
        if (key.getParameters().getModulusSizeBits() != 2048 && key.getParameters().getModulusSizeBits() != 3072) {
            throw new GeneralSecurityException("Cannot create FIPS-compliant PublicKeySign: wrong RsaSsaPss key modulus size");
        }
        return RsaSsaPssSignConscrypt.create(key);
    }
    
    private static PublicKeyVerify rsaSsaPssVerifyCreate(final RsaSsaPssPublicKey key) throws GeneralSecurityException {
        if (key.getParameters().getModulusSizeBits() != 2048 && key.getParameters().getModulusSizeBits() != 3072) {
            throw new GeneralSecurityException("Cannot create FIPS-compliant PublicKeyVerify: wrong RsaSsaPss key modulus size");
        }
        return RsaSsaPssVerifyConscrypt.create(key);
    }
}