package com.rsa.sslj.x;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.provider.JsafeJCE;
import com.rsa.jsafe.provider.PKCS11SessionParameterSpec;
import com.rsa.ssl.SSLException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.spec.DHParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class cx {

    /* renamed from: a, reason: collision with root package name */
    cz f4453a;

    /* renamed from: b, reason: collision with root package name */
    private JsafeJCE f4454b;

    /* renamed from: c, reason: collision with root package name */
    private cB f4455c;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cx(JsafeJCE jsafeJCE, cB cBVar, cz czVar) {
        this.f4454b = jsafeJCE;
        this.f4455c = cBVar;
        this.f4453a = czVar;
    }

    private void a(PrivateKey privateKey, PublicKey publicKey, String str) {
        JSAFE_SecureRandom b2 = this.f4455c.b();
        DHParameterSpec params = ((DHPrivateKey) privateKey).getParams();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, this.f4454b);
        keyPairGenerator.initialize(params, b2);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey2 = generateKeyPair.getPublic();
        PrivateKey privateKey2 = generateKeyPair.getPrivate();
        KeyAgreement keyAgreement = KeyAgreement.getInstance(str, this.f4454b);
        keyAgreement.init(privateKey, b2);
        keyAgreement.doPhase(publicKey2, true);
        byte[] generateSecret = keyAgreement.generateSecret();
        keyAgreement.init(privateKey2, b2);
        keyAgreement.doPhase(publicKey, true);
        if (!com.rsa.jsse.engine.util.k.a(generateSecret, keyAgreement.generateSecret())) {
            throw new SSLException("Private key and public key does not match");
        }
    }

    private void a(PrivateKey privateKey, PublicKey publicKey, boolean z, String str) {
        Signature signature;
        byte[] bArr = {0};
        if (z) {
            signature = Signature.getInstance(b.a.a.a.a.a(str, "andPKCS11"), this.f4454b);
            PKCS11SessionParameterSpec[] c2 = this.f4453a.c();
            if (c2 == null) {
                throw new SSLException("No PKCS #11 sessions configured whilst using a PKCS #11 private key");
            }
            signature.setParameter(c2[0]);
        } else {
            signature = Signature.getInstance(str, this.f4454b);
        }
        signature.initSign(privateKey, this.f4455c.b());
        signature.update(bArr);
        byte[] sign = signature.sign();
        Signature signature2 = Signature.getInstance(str, this.f4454b);
        signature2.initVerify(publicKey);
        signature2.update(bArr);
        if (!signature2.verify(sign)) {
            throw new SSLException("Private key and public key does not match");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(X509Certificate[] x509CertificateArr, PrivateKey privateKey, boolean z) {
        String algorithm = privateKey.getAlgorithm();
        PublicKey publicKey = x509CertificateArr[0].getPublicKey();
        String algorithm2 = publicKey.getAlgorithm();
        if (!algorithm.equals(algorithm2)) {
            throw new SSLException("Private key and public key algorithms do not match");
        }
        if (algorithm2.equals(AlgorithmStrings.EC)) {
            a(privateKey, publicKey, false, "SHA1/ECDSA");
            return;
        }
        if (algorithm2.equals("RSA") || algorithm2.equals(AlgorithmStrings.DSA)) {
            a(privateKey, publicKey, z, b.a.a.a.a.a("SHA1with", algorithm2));
        } else {
            if (!algorithm2.equals("DiffieHellman")) {
                throw new Exception(b.a.a.a.a.a("Unknown key format: ", algorithm2));
            }
            a(privateKey, publicKey, algorithm2);
        }
    }
}
