package org.bouncycastle.tls.crypto.impl.bc;

import java.io.IOException;
import org.bouncycastle.crypto.BasicAgreement;
import org.bouncycastle.crypto.agreement.DHBasicAgreement;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.TlsCredentialedAgreement;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes.dex */
public class BcDefaultTlsCredentialedAgreement implements TlsCredentialedAgreement {
    protected TlsCredentialedAgreement agreementCredentials;

    /* loaded from: classes.dex */
    private class DHCredentialedAgreement implements TlsCredentialedAgreement {
        protected BasicAgreement basicAgreement = new DHBasicAgreement();
        private final Certificate certificate;
        private final BcTlsCrypto crypto;
        protected AsymmetricKeyParameter privateKey;

        public DHCredentialedAgreement(BcTlsCrypto bcTlsCrypto, AsymmetricKeyParameter asymmetricKeyParameter, Certificate certificate) {
            this.crypto = bcTlsCrypto;
            this.privateKey = asymmetricKeyParameter;
            this.certificate = certificate;
        }

        @Override // org.bouncycastle.tls.TlsCredentialedAgreement
        public TlsSecret generateAgreement(TlsCertificate tlsCertificate) throws IOException {
            AsymmetricKeyParameter publicKey = BcTlsCertificate.convert(this.crypto, this.certificate.getCertificateAt(0)).getPublicKey();
            this.basicAgreement.init(this.privateKey);
            return this.crypto.adoptLocalSecret(BigIntegers.asUnsignedByteArray(this.basicAgreement.calculateAgreement(publicKey)));
        }

        @Override // org.bouncycastle.tls.TlsCredentials
        public Certificate getCertificate() {
            return this.certificate;
        }
    }

    /* loaded from: classes.dex */
    private class ECCredentialedAgreement implements TlsCredentialedAgreement {
        protected BasicAgreement basicAgreement = new ECDHBasicAgreement();
        private final Certificate certificate;
        private final BcTlsCrypto crypto;
        private final AsymmetricKeyParameter privateKey;

        public ECCredentialedAgreement(BcTlsCrypto bcTlsCrypto, AsymmetricKeyParameter asymmetricKeyParameter, Certificate certificate) {
            this.crypto = bcTlsCrypto;
            this.privateKey = asymmetricKeyParameter;
            this.certificate = certificate;
        }

        @Override // org.bouncycastle.tls.TlsCredentialedAgreement
        public TlsSecret generateAgreement(TlsCertificate tlsCertificate) throws IOException {
            AsymmetricKeyParameter publicKey = BcTlsCertificate.convert(this.crypto, this.certificate.getCertificateAt(0)).getPublicKey();
            this.basicAgreement.init(this.privateKey);
            return this.crypto.adoptLocalSecret(BigIntegers.asUnsignedByteArray(this.basicAgreement.getFieldSize(), this.basicAgreement.calculateAgreement(publicKey)));
        }

        @Override // org.bouncycastle.tls.TlsCredentials
        public Certificate getCertificate() {
            return this.certificate;
        }
    }

    public BcDefaultTlsCredentialedAgreement(BcTlsCrypto bcTlsCrypto, Certificate certificate, AsymmetricKeyParameter asymmetricKeyParameter) {
        TlsCredentialedAgreement eCCredentialedAgreement;
        if (bcTlsCrypto == null) {
            throw new IllegalArgumentException("'crypto' cannot be null");
        }
        if (certificate == null) {
            throw new IllegalArgumentException("'certificate' cannot be null");
        }
        if (certificate.isEmpty()) {
            throw new IllegalArgumentException("'certificate' cannot be empty");
        }
        if (asymmetricKeyParameter == null) {
            throw new IllegalArgumentException("'privateKey' cannot be null");
        }
        if (!asymmetricKeyParameter.isPrivate()) {
            throw new IllegalArgumentException("'privateKey' must be private");
        }
        if (asymmetricKeyParameter instanceof DHPrivateKeyParameters) {
            eCCredentialedAgreement = new DHCredentialedAgreement(bcTlsCrypto, asymmetricKeyParameter, certificate);
        } else {
            if (!(asymmetricKeyParameter instanceof ECPrivateKeyParameters)) {
                throw new IllegalArgumentException("'privateKey' type not supported: " + asymmetricKeyParameter.getClass().getName());
            }
            eCCredentialedAgreement = new ECCredentialedAgreement(bcTlsCrypto, asymmetricKeyParameter, certificate);
        }
        this.agreementCredentials = eCCredentialedAgreement;
    }

    @Override // org.bouncycastle.tls.TlsCredentialedAgreement
    public TlsSecret generateAgreement(TlsCertificate tlsCertificate) throws IOException {
        return this.agreementCredentials.generateAgreement(tlsCertificate);
    }

    @Override // org.bouncycastle.tls.TlsCredentials
    public Certificate getCertificate() {
        return this.agreementCredentials.getCertificate();
    }
}
