package com.wolfssl.provider.jce;

import com.wolfssl.wolfcrypt.Dh;
import com.wolfssl.wolfcrypt.Ecc;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes5.dex */
public class WolfCryptKeyAgreement extends KeyAgreementSpi {
    private String algString;
    private String curveName;
    private int curveSize;
    private WolfCryptDebug debug;
    private Dh dh;
    private Ecc ecPrivate;
    private Ecc ecPublic;
    private int primeLen;
    private EngineState state;
    private KeyAgreeType type;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.wolfssl.provider.jce.WolfCryptKeyAgreement$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType;

        static {
            int[] iArr = new int[KeyAgreeType.values().length];
            $SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType = iArr;
            try {
                iArr[KeyAgreeType.WC_DH.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType[KeyAgreeType.WC_ECDH.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public enum EngineState {
        WC_UNINITIALIZED,
        WC_INIT_DONE,
        WC_PRIVKEY_DONE,
        WC_PUBKEY_DONE
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public enum KeyAgreeType {
        WC_DH,
        WC_ECDH
    }

    /* loaded from: classes5.dex */
    public static final class wcDH extends WolfCryptKeyAgreement {
        public wcDH() {
            super(KeyAgreeType.WC_DH, null);
        }
    }

    /* loaded from: classes5.dex */
    public static final class wcECDH extends WolfCryptKeyAgreement {
        public wcECDH() {
            super(KeyAgreeType.WC_ECDH, null);
        }
    }

    private WolfCryptKeyAgreement(KeyAgreeType keyAgreeType) {
        this.dh = null;
        this.ecPublic = null;
        this.ecPrivate = null;
        this.primeLen = 0;
        this.curveSize = 0;
        this.curveName = null;
        this.state = EngineState.WC_UNINITIALIZED;
        this.type = keyAgreeType;
        int i = AnonymousClass1.$SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType[keyAgreeType.ordinal()];
        if (i == 1) {
            this.dh = new Dh();
        } else if (i == 2) {
            this.ecPublic = new Ecc();
            this.ecPrivate = new Ecc();
        }
        if (WolfCryptDebug.DEBUG) {
            this.algString = typeToString(keyAgreeType);
        }
        this.state = EngineState.WC_INIT_DONE;
    }

    /* synthetic */ WolfCryptKeyAgreement(KeyAgreeType keyAgreeType, AnonymousClass1 anonymousClass1) {
        this(keyAgreeType);
    }

    private void getCurveFromSpec(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec instanceof ECGenParameterSpec) {
            String name = ((ECGenParameterSpec) algorithmParameterSpec).getName();
            this.curveName = name;
            this.curveSize = Ecc.getCurveSizeFromName(name);
            if (WolfCryptDebug.DEBUG) {
                log("curveName: " + this.curveName + ", curveSize: " + this.curveSize);
                return;
            }
            return;
        }
        if (!(algorithmParameterSpec instanceof ECParameterSpec)) {
            throw new InvalidAlgorithmParameterException("AlgorithmParameterSpec is not of type ECParameterSpec or ECGenParameterSpec");
        }
        String curveName = Ecc.getCurveName((ECParameterSpec) algorithmParameterSpec);
        this.curveName = curveName;
        this.curveSize = Ecc.getCurveSizeFromName(curveName);
        if (WolfCryptDebug.DEBUG) {
            log("curveName: " + this.curveName + ", curveSize: " + this.curveSize);
        }
    }

    private void log(String str) {
        WolfCryptDebug.print("[KeyAgreement, " + this.algString + "] " + str);
    }

    private String typeToString(KeyAgreeType keyAgreeType) {
        int i = AnonymousClass1.$SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType[keyAgreeType.ordinal()];
        return i != 1 ? i != 2 ? "None" : "ECDH" : "DH";
    }

    private void wcInitDHParams(Key key, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (!(key instanceof DHPrivateKey)) {
            throw new InvalidKeyException("Key must be of type DHPrivateKey");
        }
        DHPrivateKey dHPrivateKey = (DHPrivateKey) key;
        if (algorithmParameterSpec != null) {
            if (!(algorithmParameterSpec instanceof DHParameterSpec)) {
                throw new InvalidAlgorithmParameterException("AlgorithmParameterSpec is not of type DHParameterSpec");
            }
            DHParameterSpec dHParameterSpec = (DHParameterSpec) algorithmParameterSpec;
            byte[] byteArray = dHParameterSpec.getP().toByteArray();
            byte[] byteArray2 = dHParameterSpec.getG().toByteArray();
            if (byteArray == null || byteArray2 == null) {
                throw new InvalidParameterException("AlgorithmParameterSpec does not include required DH parameters (P,G)");
            }
            this.dh.setParams(byteArray, byteArray2);
            this.primeLen = byteArray.length;
            return;
        }
        byte[] byteArray3 = dHPrivateKey.getParams().getP().toByteArray();
        byte[] byteArray4 = dHPrivateKey.getParams().getG().toByteArray();
        if (byteArray3 == null || byteArray4 == null) {
            throw new InvalidKeyException("Key must include DH parameters when not called with explicit AlgorithmParameterSpec");
        }
        this.dh.setParams(byteArray3, byteArray4);
        this.primeLen = byteArray3.length;
        byte[] byteArray5 = dHPrivateKey.getX().toByteArray();
        if (byteArray5 == null) {
            throw new InvalidKeyException("Unable to get DH private key from Key object");
        }
        this.dh.setPrivateKey(byteArray5);
        zeroArray(byteArray5);
    }

    private void wcInitECDHParams(Key key, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (!(key instanceof ECPrivateKey)) {
            throw new InvalidKeyException("Key must be of type ECPrivateKey");
        }
        ECPrivateKey eCPrivateKey = (ECPrivateKey) key;
        if (algorithmParameterSpec != null) {
            getCurveFromSpec(algorithmParameterSpec);
        } else {
            getCurveFromSpec(eCPrivateKey.getParams());
        }
        if (this.curveName == null) {
            throw new InvalidAlgorithmParameterException("ECC curve is null, please check algorithm parameters");
        }
        this.ecPrivate.importPrivateOnCurve(eCPrivateKey.getS().toByteArray(), null, this.curveName);
    }

    private void wcKeyAgreementInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        int i = AnonymousClass1.$SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType[this.type.ordinal()];
        if (i == 1) {
            wcInitDHParams(key, algorithmParameterSpec);
        } else {
            if (i != 2) {
                return;
            }
            wcInitECDHParams(key, algorithmParameterSpec);
        }
    }

    private void zeroArray(byte[] bArr) {
        if (bArr == null) {
            return;
        }
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = 0;
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        byte[] byteArray;
        if (WolfCryptDebug.DEBUG) {
            log("engineDoPhase, lastPhase: " + z);
        }
        if (this.state != EngineState.WC_PRIVKEY_DONE) {
            throw new IllegalStateException("KeyAgreement object must be initialized with private key before calling doPhase");
        }
        if (!z) {
            throw new IllegalStateException("wolfJCE KeyAgreement currently only supports two parties and thus one single doPhase call. lastPhase must be set to true.");
        }
        int i = AnonymousClass1.$SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType[this.type.ordinal()];
        if (i != 1) {
            if (i != 2) {
                byteArray = null;
            } else {
                if (!(key instanceof ECPublicKey)) {
                    throw new InvalidKeyException("Key must be of type ECPublicKey");
                }
                byteArray = key.getEncoded();
                if (byteArray == null) {
                    throw new InvalidKeyException("Failed to get ECC public key from Key object");
                }
                this.ecPublic.publicKeyDecode(byteArray);
            }
        } else {
            if (!(key instanceof DHPublicKey)) {
                throw new InvalidKeyException("Key must be of type DHPublicKey");
            }
            byteArray = ((DHPublicKey) key).getY().toByteArray();
            if (byteArray == null) {
                throw new InvalidKeyException("Failed to get DH public key from Key object");
            }
            this.dh.setPublicKey(byteArray);
        }
        zeroArray(byteArray);
        this.state = EngineState.WC_PUBKEY_DONE;
        return null;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        if (this.state != EngineState.WC_PUBKEY_DONE) {
            throw new IllegalStateException("KeyAgreement object must be initialized with init() and doPhase() before generating a shared secret");
        }
        if (bArr == null) {
            throw new ShortBufferException("Input buffer is null");
        }
        int i2 = AnonymousClass1.$SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType[this.type.ordinal()];
        byte[] bArr2 = null;
        if (i2 != 1) {
            if (i2 == 2) {
                byte[] makeSharedSecret = this.ecPrivate.makeSharedSecret(this.ecPublic);
                if (makeSharedSecret == null) {
                    throw new RuntimeException("Error when creating ECDH shared secret");
                }
                if (bArr.length - i < makeSharedSecret.length) {
                    zeroArray(makeSharedSecret);
                    throw new ShortBufferException("Output buffer too small when generating ECDH shared secret");
                }
                System.arraycopy(makeSharedSecret, 0, bArr, i, makeSharedSecret.length);
                byte[] exportPrivate = this.ecPrivate.exportPrivate();
                if (exportPrivate == null) {
                    throw new RuntimeException("Error reseting native wolfCrypt state during ECDH operation");
                }
                this.ecPublic.releaseNativeStruct();
                this.ecPublic = new Ecc();
                this.ecPrivate.releaseNativeStruct();
                Ecc ecc = new Ecc();
                this.ecPrivate = ecc;
                ecc.importPrivateOnCurve(exportPrivate, null, this.curveName);
                zeroArray(exportPrivate);
                this.state = EngineState.WC_PRIVKEY_DONE;
                bArr2 = makeSharedSecret;
            }
        } else {
            if (bArr.length - i < this.primeLen) {
                throw new ShortBufferException("Input buffer too small when generating shared secret");
            }
            Dh dh = this.dh;
            bArr2 = dh.makeSharedSecret(dh);
            if (bArr2 == null) {
                throw new RuntimeException("Error when creating DH shared secret");
            }
            if (bArr.length - i < bArr2.length) {
                zeroArray(bArr2);
                throw new ShortBufferException("Output buffer too small when generating DH shared secret");
            }
            System.arraycopy(bArr2, 0, bArr, i, bArr2.length);
            this.state = EngineState.WC_PRIVKEY_DONE;
        }
        if (bArr2 == null) {
            return 0;
        }
        if (WolfCryptDebug.DEBUG) {
            log("generated secret, len: " + bArr2.length);
        }
        zeroArray(bArr2);
        return bArr2.length;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        byte[] engineGenerateSecret = engineGenerateSecret();
        if (WolfCryptDebug.DEBUG) {
            log("generating SecretKey for " + str);
        }
        return str.equals("DES") ? (SecretKey) new DESKeySpec(engineGenerateSecret) : str.equals("DESede") ? (SecretKey) new DESedeKeySpec(engineGenerateSecret) : new SecretKeySpec(engineGenerateSecret, str);
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        byte[] bArr;
        byte[] bArr2 = null;
        try {
            int i = AnonymousClass1.$SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType[this.type.ordinal()];
            byte[] bArr3 = i != 1 ? i != 2 ? null : new byte[this.curveSize] : new byte[this.primeLen];
            try {
                int engineGenerateSecret = engineGenerateSecret(bArr3, 0);
                if (WolfCryptDebug.DEBUG) {
                    log("generated secret, len: " + engineGenerateSecret);
                }
                bArr2 = new byte[engineGenerateSecret];
                System.arraycopy(bArr3, 0, bArr2, 0, engineGenerateSecret);
                zeroArray(bArr3);
                return bArr2;
            } catch (ShortBufferException unused) {
                byte[] bArr4 = bArr3;
                bArr = bArr2;
                bArr2 = bArr4;
                zeroArray(bArr2);
                zeroArray(bArr);
                throw new RuntimeException("Buffer error when generating shared secret, input buffer too small");
            }
        } catch (ShortBufferException unused2) {
            bArr = null;
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        try {
            if (WolfCryptDebug.DEBUG) {
                log("initialized with key");
            }
            wcKeyAgreementInit(key, null, secureRandom);
            this.state = EngineState.WC_PRIVKEY_DONE;
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidKeyException(e.getMessage());
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (WolfCryptDebug.DEBUG) {
            log("initialized with key and AlgorithmParameterSpec");
        }
        wcKeyAgreementInit(key, algorithmParameterSpec, secureRandom);
        this.state = EngineState.WC_PRIVKEY_DONE;
    }

    protected void finalize() throws Throwable {
        try {
            int i = AnonymousClass1.$SwitchMap$com$wolfssl$provider$jce$WolfCryptKeyAgreement$KeyAgreeType[this.type.ordinal()];
            if (i == 1) {
                Dh dh = this.dh;
                if (dh != null) {
                    dh.releaseNativeStruct();
                }
            } else if (i == 2) {
                Ecc ecc = this.ecPublic;
                if (ecc != null) {
                    ecc.releaseNativeStruct();
                }
                Ecc ecc2 = this.ecPrivate;
                if (ecc2 != null) {
                    ecc2.releaseNativeStruct();
                }
            }
        } finally {
            super.finalize();
        }
    }
}
