package org.bouncycastle.tls.crypto.impl.jcajce;

import com.android.tools.r8.GeneratedOutlineSupport;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Objects;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCryptoException;
import org.bouncycastle.tls.crypto.impl.AbstractTlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class JceX448 implements TlsAgreement {
    protected final JceX448Domain domain;
    protected KeyPair localKeyPair;
    protected PublicKey peerPublicKey;

    public JceX448(JceX448Domain jceX448Domain) {
        this.domain = jceX448Domain;
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public AbstractTlsSecret calculateSecret() throws IOException {
        JceX448Domain jceX448Domain = this.domain;
        PrivateKey privateKey = this.localKeyPair.getPrivate();
        PublicKey publicKey = this.peerPublicKey;
        Objects.requireNonNull(jceX448Domain);
        try {
            byte[] calculateKeyAgreement = jceX448Domain.crypto.calculateKeyAgreement("X448", privateKey, publicKey, "TlsPremasterSecret");
            if (calculateKeyAgreement == null || calculateKeyAgreement.length != 56) {
                throw new TlsCryptoException("invalid secret calculated");
            }
            if (Arrays.areAllZeroes(calculateKeyAgreement, 0, calculateKeyAgreement.length)) {
                throw new TlsFatalAlert((short) 40);
            }
            JcaTlsCrypto jcaTlsCrypto = jceX448Domain.crypto;
            Objects.requireNonNull(jcaTlsCrypto);
            return new JceTlsSecret(jcaTlsCrypto, calculateKeyAgreement);
        } catch (GeneralSecurityException e2) {
            throw new TlsCryptoException("cannot calculate secret", e2);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public byte[] generateEphemeral() throws IOException {
        JceX448Domain jceX448Domain = this.domain;
        Objects.requireNonNull(jceX448Domain);
        try {
            KeyPairGenerator createKeyPairGenerator = jceX448Domain.crypto.getHelper().createKeyPairGenerator("X448");
            createKeyPairGenerator.initialize(448, jceX448Domain.crypto.getSecureRandom());
            KeyPair generateKeyPair = createKeyPairGenerator.generateKeyPair();
            this.localKeyPair = generateKeyPair;
            JceX448Domain jceX448Domain2 = this.domain;
            PublicKey publicKey = generateKeyPair.getPublic();
            Objects.requireNonNull(jceX448Domain2);
            return XDHUtil.encodePublicKey(publicKey);
        } catch (GeneralSecurityException e2) {
            StringBuilder outline65 = GeneratedOutlineSupport.outline65("unable to create key pair: ");
            outline65.append(e2.getMessage());
            throw new IllegalStateException(outline65.toString(), e2);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public void receivePeerValue(byte[] bArr) throws IOException {
        this.peerPublicKey = XDHUtil.decodePublicKey(this.domain.crypto, "X448", EdECObjectIdentifiers.id_X448, bArr);
    }
}
