package org.bouncycastle.tls.crypto.impl.jcajce;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.util.Objects;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import org.bouncycastle.jcajce.spec.DHExtendedPublicKeySpec;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCryptoException;
import org.bouncycastle.tls.crypto.impl.AbstractTlsSecret;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes4.dex */
public class JceTlsDH implements TlsAgreement {
    protected final JceTlsDHDomain domain;
    protected KeyPair localKeyPair;
    protected DHPublicKey peerPublicKey;

    public JceTlsDH(JceTlsDHDomain jceTlsDHDomain) {
        this.domain = jceTlsDHDomain;
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public AbstractTlsSecret calculateSecret() throws IOException {
        return this.domain.calculateDHAgreement((DHPrivateKey) this.localKeyPair.getPrivate(), this.peerPublicKey);
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public byte[] generateEphemeral() throws IOException {
        JceTlsDHDomain jceTlsDHDomain = this.domain;
        Objects.requireNonNull(jceTlsDHDomain);
        try {
            KeyPairGenerator createKeyPairGenerator = jceTlsDHDomain.crypto.getHelper().createKeyPairGenerator("DiffieHellman");
            createKeyPairGenerator.initialize(jceTlsDHDomain.dhSpec, jceTlsDHDomain.crypto.getSecureRandom());
            KeyPair generateKeyPair = createKeyPairGenerator.generateKeyPair();
            this.localKeyPair = generateKeyPair;
            JceTlsDHDomain jceTlsDHDomain2 = this.domain;
            DHPublicKey dHPublicKey = (DHPublicKey) generateKeyPair.getPublic();
            DHParameterSpec dHParameterSpec = jceTlsDHDomain2.dhSpec;
            return BigIntegers.asUnsignedByteArray((dHParameterSpec.getP().bitLength() + 7) / 8, dHPublicKey.getY());
        } catch (GeneralSecurityException e2) {
            throw new TlsCryptoException("unable to create key pair", e2);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public void receivePeerValue(byte[] bArr) throws IOException {
        JceTlsDHDomain jceTlsDHDomain = this.domain;
        Objects.requireNonNull(jceTlsDHDomain);
        try {
            this.peerPublicKey = (DHPublicKey) jceTlsDHDomain.crypto.getHelper().createKeyFactory("DiffieHellman").generatePublic(new DHExtendedPublicKeySpec(jceTlsDHDomain.decodeParameter(bArr), jceTlsDHDomain.dhSpec));
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new TlsFatalAlert((short) 40, (Throwable) e3);
        }
    }
}
