package F1;

import D1.AbstractC0165b0;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public abstract class U0 implements Z, m1 {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManager f779a;

    /* renamed from: b, reason: collision with root package name */
    PublicKey f780b;

    /* renamed from: c, reason: collision with root package name */
    PrivateKey f781c;

    /* renamed from: d, reason: collision with root package name */
    k1 f782d;

    /* renamed from: e, reason: collision with root package name */
    X509Certificate f783e;

    /* renamed from: f, reason: collision with root package name */
    X509Certificate[] f784f;

    /* loaded from: classes.dex */
    enum a {
        Initial,
        ClientHelloSent,
        ServerHelloReceived,
        EncryptedExtensionsReceived,
        CertificateRequestReceived,
        CertificateReceived,
        CertificateVerifyReceived,
        Finished,
        ClientHelloReceived,
        ServerHelloSent,
        EncryptedExtensionsSent,
        CertificateRequestSent,
        CertificateSent,
        CertificateVerifySent,
        FinishedSent,
        FinishedReceived
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public U0(X509TrustManager x509TrustManager) {
        this.f779a = x509TrustManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] n(byte[] bArr, PrivateKey privateKey, EnumC0243p0 enumC0243p0, boolean z2) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                String a2 = T0.a(" ", 64);
                Charset charset = StandardCharsets.US_ASCII;
                byteArrayOutputStream.write(a2.getBytes(charset));
                StringBuilder sb = new StringBuilder();
                sb.append("TLS 1.3, ");
                sb.append(z2 ? "client" : "server");
                sb.append(" CertificateVerify");
                byteArrayOutputStream.write(sb.toString().getBytes(charset));
                byteArrayOutputStream.write(0);
                byteArrayOutputStream.write(bArr);
                Signature p2 = p(enumC0243p0);
                p2.initSign(privateKey);
                p2.update(byteArrayOutputStream.toByteArray());
                byte[] sign = p2.sign();
                byteArrayOutputStream.close();
                return sign;
            } finally {
            }
        } catch (IOException e2) {
            e = e2;
            throw new RuntimeException(e);
        } catch (InvalidKeyException unused) {
            throw new O("invalid private key");
        } catch (SignatureException e3) {
            e = e3;
            throw new RuntimeException(e);
        }
    }

    private static Signature p(EnumC0243p0 enumC0243p0) {
        if (enumC0243p0 == EnumC0243p0.rsa_pss_rsae_sha256) {
            try {
                return Signature.getInstance("SHA256withRSA/PSS");
            } catch (NoSuchAlgorithmException unused) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (enumC0243p0 == EnumC0243p0.rsa_pss_rsae_sha384) {
            try {
                return Signature.getInstance("SHA384withRSA/PSS");
            } catch (NoSuchAlgorithmException unused2) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (enumC0243p0 == EnumC0243p0.rsa_pss_rsae_sha512) {
            try {
                return Signature.getInstance("SHA512withRSA/PSS");
            } catch (NoSuchAlgorithmException unused3) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (enumC0243p0 == EnumC0243p0.ecdsa_secp256r1_sha256) {
            try {
                return Signature.getInstance("SHA256withECDSA");
            } catch (NoSuchAlgorithmException unused4) {
                throw new RuntimeException("Missing SHA256withECDSA support");
            }
        }
        throw new J("Signature algorithm not supported " + enumC0243p0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean r(byte[] bArr, EnumC0243p0 enumC0243p0, Certificate certificate, byte[] bArr2, boolean z2) {
        StringBuilder sb = new StringBuilder();
        sb.append("TLS 1.3, ");
        sb.append(z2 ? "client" : "server");
        sb.append(" CertificateVerify");
        String sb2 = sb.toString();
        ByteBuffer allocate = ByteBuffer.allocate(sb2.getBytes(StandardCharsets.ISO_8859_1).length + 65 + bArr2.length);
        for (int i2 = 0; i2 < 64; i2++) {
            allocate.put((byte) 32);
        }
        allocate.put(sb2.getBytes(StandardCharsets.ISO_8859_1));
        allocate.put((byte) 0);
        allocate.put(bArr2);
        try {
            Signature p2 = p(enumC0243p0);
            p2.initVerify(certificate);
            p2.update(allocate.array());
            return p2.verify(bArr);
        } catch (InvalidKeyException | SignatureException e2) {
            throw new C0257x(e2.getMessage());
        }
    }

    @Override // F1.m1
    public byte[] h() {
        k1 k1Var = this.f782d;
        if (k1Var != null) {
            return k1Var.j();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // F1.m1
    public byte[] i() {
        k1 k1Var = this.f782d;
        if (k1Var != null) {
            return k1Var.i();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // F1.m1
    public byte[] j() {
        k1 k1Var = this.f782d;
        if (k1Var != null) {
            return k1Var.l();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // F1.m1
    public byte[] k() {
        k1 k1Var = this.f782d;
        if (k1Var != null) {
            return k1Var.m();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void l(X509Certificate[] x509CertificateArr, boolean z2) {
        try {
            X509TrustManager x509TrustManager = this.f779a;
            if (x509TrustManager != null) {
                if (z2) {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                    return;
                } else {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, "RSA");
                    return;
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init((KeyStore) null);
            X509TrustManager x509TrustManager2 = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            if (z2) {
                x509TrustManager2.checkServerTrusted(x509CertificateArr, "UNKNOWN");
            } else {
                x509TrustManager2.checkClientTrusted(x509CertificateArr, "UNKNOWN");
            }
        } catch (Throwable th) {
            String message = th.getMessage();
            if (message == null || AbstractC0165b0.a(message)) {
                message = "certificate validation failed";
            }
            throw new C0216c(message);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] m(byte[] bArr, byte[] bArr2) {
        short k2 = k1.k();
        byte[] n2 = this.f782d.n(bArr2, "finished", "", k2);
        String str = "HmacSHA" + (k2 * 8);
        SecretKeySpec secretKeySpec = new SecretKeySpec(n2, str);
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException e2) {
            throw new RuntimeException(e2);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("Missing " + str + " support");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void o(EnumC0215b0 enumC0215b0) {
        try {
            if (enumC0215b0 != EnumC0215b0.secp256r1 && enumC0215b0 != EnumC0215b0.secp384r1 && enumC0215b0 != EnumC0215b0.secp521r1) {
                throw new RuntimeException("unsupported group " + enumC0215b0);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec(enumC0215b0.toString()));
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            this.f781c = genKeyPair.getPrivate();
            this.f780b = genKeyPair.getPublic();
        } catch (InvalidAlgorithmParameterException e2) {
            throw new RuntimeException(e2);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("missing key pair generator algorithm EC");
        }
    }

    public X509Certificate q() {
        return this.f783e;
    }
}
