package net.luminis.tls.engine.impl;

import com.huawei.openalliance.ad.ppskit.constant.av;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import net.luminis.tls.TlsConstants;
import net.luminis.tls.alert.ErrorAlert;
import net.luminis.tls.alert.HandshakeFailureAlert;
import net.luminis.tls.alert.InternalErrorAlert;
import net.luminis.tls.engine.TlsEngine;
import net.luminis.tls.env.AlgorithmMapping;
import net.luminis.tls.env.PlatformMapping;
import net.luminis.tls.extension.Extension;
import net.luminis.tls.extension.UnknownExtension;

/* loaded from: classes4.dex */
public abstract class TlsEngineImpl implements TlsEngine {

    /* renamed from: a, reason: collision with root package name */
    public PublicKey f24147a;
    public PrivateKey b;
    public TlsState c;
    public AlgorithmMapping d = PlatformMapping.a();

    /* renamed from: net.luminis.tls.engine.impl.TlsEngineImpl$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {

        /* renamed from: a, reason: collision with root package name */
        public static final /* synthetic */ int[] f24148a;

        static {
            int[] iArr = new int[TlsConstants.CipherSuite.values().length];
            f24148a = iArr;
            try {
                iArr[TlsConstants.CipherSuite.TLS_AES_128_GCM_SHA256.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f24148a[TlsConstants.CipherSuite.TLS_AES_256_GCM_SHA384.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f24148a[TlsConstants.CipherSuite.TLS_CHACHA20_POLY1305_SHA256.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f24148a[TlsConstants.CipherSuite.TLS_AES_128_CCM_SHA256.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                f24148a[TlsConstants.CipherSuite.TLS_AES_128_CCM_8_SHA256.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    public static int E(TlsConstants.CipherSuite cipherSuite) {
        int i = AnonymousClass1.f24148a[cipherSuite.ordinal()];
        if (i == 1) {
            return 32;
        }
        if (i == 2) {
            return 48;
        }
        if (i == 3 || i == 4 || i == 5) {
            return 32;
        }
        throw new RuntimeException();
    }

    public static int F(TlsConstants.CipherSuite cipherSuite) {
        int i = AnonymousClass1.f24148a[cipherSuite.ordinal()];
        if (i == 1) {
            return 16;
        }
        if (i == 2 || i == 3) {
            return 32;
        }
        if (i == 4 || i == 5) {
            return 16;
        }
        throw new RuntimeException();
    }

    public byte[] A(byte[] bArr, byte[] bArr2) {
        short m = this.c.m();
        byte[] p = this.c.p(bArr2, "finished", "", m);
        String str = "HmacSHA" + (m * 8);
        SecretKeySpec secretKeySpec = new SecretKeySpec(p, str);
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException unused) {
            throw new RuntimeException();
        } catch (NoSuchAlgorithmException unused2) {
            throw new RuntimeException("Missing " + str + " support");
        }
    }

    public byte[] B(byte[] bArr, PrivateKey privateKey, TlsConstants.SignatureScheme signatureScheme, boolean z) throws ErrorAlert {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            String a2 = net.luminis.quic.log.a.a(" ", 64);
            Charset charset = StandardCharsets.US_ASCII;
            byteArrayOutputStream.write(a2.getBytes(charset));
            StringBuilder sb = new StringBuilder();
            sb.append("TLS 1.3, ");
            sb.append(z ? "client" : "server");
            sb.append(" CertificateVerify");
            byteArrayOutputStream.write(sb.toString().getBytes(charset));
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(bArr);
            try {
                Signature D = D(signatureScheme);
                D.initSign(privateKey);
                D.update(byteArrayOutputStream.toByteArray());
                return D.sign();
            } catch (InvalidKeyException unused) {
                throw new InternalErrorAlert("invalid private key");
            } catch (SignatureException unused2) {
                throw new RuntimeException();
            }
        } catch (IOException unused3) {
            throw new RuntimeException();
        }
    }

    public void C(TlsConstants.NamedGroup namedGroup) {
        KeyPairGenerator keyPairGenerator;
        try {
            if (namedGroup != TlsConstants.NamedGroup.secp256r1 && namedGroup != TlsConstants.NamedGroup.secp384r1 && namedGroup != TlsConstants.NamedGroup.secp521r1) {
                if (namedGroup != TlsConstants.NamedGroup.x25519 && namedGroup != TlsConstants.NamedGroup.x448) {
                    throw new RuntimeException("unsupported group " + namedGroup);
                }
                keyPairGenerator = KeyPairGenerator.getInstance("XDH");
                d.a();
                keyPairGenerator.initialize(c.a(namedGroup.toString().toUpperCase()));
                KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                this.b = genKeyPair.getPrivate();
                this.f24147a = genKeyPair.getPublic();
            }
            keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec(namedGroup.toString()));
            KeyPair genKeyPair2 = keyPairGenerator.genKeyPair();
            this.b = genKeyPair2.getPrivate();
            this.f24147a = genKeyPair2.getPublic();
        } catch (InvalidAlgorithmParameterException unused) {
            throw new RuntimeException();
        } catch (NoSuchAlgorithmException unused2) {
            throw new RuntimeException("missing key pair generator algorithm EC");
        }
    }

    public Signature D(TlsConstants.SignatureScheme signatureScheme) throws HandshakeFailureAlert {
        if (signatureScheme.equals(TlsConstants.SignatureScheme.rsa_pss_rsae_sha256)) {
            try {
                Signature signature = Signature.getInstance(this.d.get("RSASSA-PSS"));
                signature.setParameter(new PSSParameterSpec(av.lk, "MGF1", new MGF1ParameterSpec(av.lk), 32, 1));
                return signature;
            } catch (InvalidAlgorithmParameterException e) {
                throw new RuntimeException(e);
            } catch (NoSuchAlgorithmException unused) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (signatureScheme.equals(TlsConstants.SignatureScheme.rsa_pss_rsae_sha384)) {
            try {
                Signature signature2 = Signature.getInstance(this.d.get("RSASSA-PSS"));
                signature2.setParameter(new PSSParameterSpec("SHA-384", "MGF1", new MGF1ParameterSpec("SHA-384"), 48, 1));
                return signature2;
            } catch (InvalidAlgorithmParameterException e2) {
                throw new RuntimeException(e2);
            } catch (NoSuchAlgorithmException unused2) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (signatureScheme.equals(TlsConstants.SignatureScheme.rsa_pss_rsae_sha512)) {
            try {
                Signature signature3 = Signature.getInstance(this.d.get("RSASSA-PSS"));
                signature3.setParameter(new PSSParameterSpec("SHA-512", "MGF1", new MGF1ParameterSpec("SHA-512"), 64, 1));
                return signature3;
            } catch (InvalidAlgorithmParameterException e3) {
                throw new RuntimeException(e3);
            } catch (NoSuchAlgorithmException unused3) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (signatureScheme.equals(TlsConstants.SignatureScheme.ecdsa_secp256r1_sha256)) {
            try {
                return Signature.getInstance("SHA256withECDSA");
            } catch (NoSuchAlgorithmException unused4) {
                throw new RuntimeException("Missing SHA256withECDSA support");
            }
        }
        if (signatureScheme.equals(TlsConstants.SignatureScheme.ecdsa_secp384r1_sha384)) {
            try {
                return Signature.getInstance("SHA384withECDSA");
            } catch (NoSuchAlgorithmException unused5) {
                throw new RuntimeException("Missing SHA384withECDSA support");
            }
        }
        if (signatureScheme.equals(TlsConstants.SignatureScheme.ecdsa_secp521r1_sha512)) {
            try {
                return Signature.getInstance("SHA512withECDSA");
            } catch (NoSuchAlgorithmException unused6) {
                throw new RuntimeException("Missing SHA512withECDSA support");
            }
        }
        throw new HandshakeFailureAlert("Signature algorithm not supported " + signatureScheme);
    }

    public boolean G(Extension extension) {
        return !(extension instanceof UnknownExtension);
    }

    @Override // net.luminis.tls.engine.TrafficSecrets
    public byte[] l() {
        TlsState tlsState = this.c;
        if (tlsState != null) {
            return tlsState.n();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // net.luminis.tls.engine.TrafficSecrets
    public byte[] r() {
        TlsState tlsState = this.c;
        if (tlsState != null) {
            return tlsState.j();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // net.luminis.tls.engine.TrafficSecrets
    public byte[] v() {
        TlsState tlsState = this.c;
        if (tlsState != null) {
            return tlsState.k();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // net.luminis.tls.engine.TrafficSecrets
    public byte[] w() {
        TlsState tlsState = this.c;
        if (tlsState != null) {
            return tlsState.l();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // net.luminis.tls.engine.TrafficSecrets
    public byte[] x() {
        TlsState tlsState = this.c;
        if (tlsState != null) {
            return tlsState.o();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }
}
