package kl.ssl.gmvpn.crypto.impl.jcajce;

import c.b.a.a.a;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import kl.ssl.gmvpn.HashAlgorithm;
import kl.ssl.gmvpn.MACAlgorithm;
import kl.ssl.gmvpn.ProtocolVersion;
import kl.ssl.gmvpn.SignatureAndHashAlgorithm;
import kl.ssl.gmvpn.TlsFatalAlert;
import kl.ssl.gmvpn.TlsUtils;
import kl.ssl.gmvpn.crypto.TlsCertificate;
import kl.ssl.gmvpn.crypto.TlsCipher;
import kl.ssl.gmvpn.crypto.TlsCryptoException;
import kl.ssl.gmvpn.crypto.TlsCryptoParameters;
import kl.ssl.gmvpn.crypto.TlsHMAC;
import kl.ssl.gmvpn.crypto.TlsHash;
import kl.ssl.gmvpn.crypto.TlsNonceGenerator;
import kl.ssl.gmvpn.crypto.TlsSecret;
import kl.ssl.gmvpn.crypto.impl.AbstractTlsCrypto;
import kl.ssl.gmvpn.crypto.impl.SM2Util;
import kl.ssl.gmvpn.crypto.impl.TlsAEADCipher;
import kl.ssl.gmvpn.crypto.impl.TlsAEADCipherImpl;
import kl.ssl.gmvpn.crypto.impl.TlsBlockCipher;
import kl.ssl.gmvpn.crypto.impl.TlsBlockCipherImpl;
import kl.ssl.gmvpn.crypto.impl.TlsEncryptor;
import kl.ssl.gmvpn.crypto.impl.TlsNullCipher;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.bouncycastle.util.Arrays;

/* loaded from: classes2.dex */
public class JcaTlsCrypto extends AbstractTlsCrypto {
    public final SecureRandom entropySource;
    public final JcaJceHelper helper;
    public final SecureRandom nonceEntropySource;

    /* loaded from: classes2.dex */
    public class HMacOperator implements TlsHMAC {
        public final HMac hmac;

        public HMacOperator(Digest digest) {
            this.hmac = new HMac(digest);
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public void calculateMAC(byte[] bArr, int i2) {
            this.hmac.doFinal(bArr, i2);
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public byte[] calculateMAC() {
            byte[] bArr = new byte[this.hmac.getMacSize()];
            this.hmac.doFinal(bArr, 0);
            return bArr;
        }

        @Override // kl.ssl.gmvpn.crypto.TlsHMAC
        public int getInternalBlockSize() {
            return ((ExtendedDigest) this.hmac.getUnderlyingDigest()).getByteLength();
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public int getMacLength() {
            return this.hmac.getMacSize();
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public void reset() {
            this.hmac.reset();
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public void setKey(byte[] bArr, int i2, int i3) {
            this.hmac.init(new KeyParameter(bArr, i2, i3));
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public void update(byte[] bArr, int i2, int i3) {
            this.hmac.update(bArr, i2, i3);
        }
    }

    public JcaTlsCrypto(JcaJceHelper jcaJceHelper, SecureRandom secureRandom, SecureRandom secureRandom2) {
        this.helper = jcaJceHelper;
        this.entropySource = secureRandom;
        this.nonceEntropySource = secureRandom2;
    }

    private TlsBlockCipherImpl createCBCBlockOperator(TlsCryptoParameters tlsCryptoParameters, String str, boolean z, int i2) throws GeneralSecurityException {
        return createBlockCipher(a.L(str, "/CBC/NoPadding"), str, i2, z);
    }

    private TlsHMAC createHMACSM3() {
        return new HMacOperator(new SM3Digest());
    }

    private TlsHMAC createMAC(int i2) throws IOException {
        return createHMAC(i2);
    }

    private TlsBlockCipher createSM4Cipher(TlsCryptoParameters tlsCryptoParameters, int i2, int i3) throws IOException, GeneralSecurityException {
        return new TlsBlockCipher(this, tlsCryptoParameters, createCBCBlockOperator(tlsCryptoParameters, "SM4", true, i2), createCBCBlockOperator(tlsCryptoParameters, "SM4", false, i2), createMAC(i3), createMAC(i3), i2);
    }

    public JceTlsSecret adoptLocalSecret(byte[] bArr) {
        return new JceTlsSecret(this, bArr);
    }

    public TlsAEADCipherImpl createAEADCipher(String str, String str2, int i2, boolean z) throws GeneralSecurityException {
        return new JceAEADCipherImpl(this.helper, str, str2, i2, z);
    }

    public TlsBlockCipherImpl createBlockCipher(String str, String str2, int i2, boolean z) throws GeneralSecurityException {
        return new JceBlockCipherImpl(this.helper.createCipher(str), str2, i2, z);
    }

    public TlsBlockCipherImpl createBlockCipherWithCBCImplicitIV(String str, String str2, int i2, boolean z) throws GeneralSecurityException {
        return new JceBlockCipherWithCBCImplicitIVImpl(this.helper.createCipher(str), str2, z);
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsCertificate createCertificate(byte[] bArr) throws IOException {
        return new JcaTlsCertificate(this, bArr);
    }

    @Override // kl.ssl.gmvpn.crypto.impl.AbstractTlsCrypto
    public TlsCipher createCipher(TlsCryptoParameters tlsCryptoParameters, int i2, int i3) throws IOException {
        try {
            if (i2 == 1) {
                return createSM4Cipher(tlsCryptoParameters, 16, i3);
            }
            if (i2 == 2) {
                return createSM4GCMCipher(tlsCryptoParameters, 16, 16);
            }
            throw new TlsFatalAlert((short) 80);
        } catch (GeneralSecurityException e2) {
            StringBuilder l0 = a.l0("cannot create cipher: ");
            l0.append(e2.getMessage());
            throw new TlsCryptoException(l0.toString(), e2);
        }
    }

    @Override // kl.ssl.gmvpn.crypto.impl.AbstractTlsCrypto
    public TlsEncryptor createEncryptor(TlsCertificate tlsCertificate) throws IOException {
        JcaTlsCertificate convert = JcaTlsCertificate.convert(this, tlsCertificate);
        convert.validateKeyUsage(32);
        if (convert.getPublicKey() instanceof ECPublicKey) {
            final ECPublicKey pubKeyEC = convert.getPubKeyEC();
            return new TlsEncryptor() { // from class: kl.ssl.gmvpn.crypto.impl.jcajce.JcaTlsCrypto.1
                @Override // kl.ssl.gmvpn.crypto.impl.TlsEncryptor
                public byte[] encrypt(byte[] bArr, int i2, int i3) throws IOException {
                    try {
                        ECPublicKeyParameters convertPublicKeyToParameters = SM2Util.convertPublicKeyToParameters(pubKeyEC);
                        SM2Engine sM2Engine = new SM2Engine();
                        sM2Engine.init(true, new ParametersWithRandom(convertPublicKeyToParameters, JcaTlsCrypto.this.getSecureRandom()));
                        return SM2Util.getSM2CipherStructure(sM2Engine.processBlock(bArr, i2, i3)).getEncoded();
                    } catch (Exception e2) {
                        throw new TlsFatalAlert((short) 80, e2);
                    }
                }
            };
        }
        final RSAPublicKey pubKeyRSA = convert.getPubKeyRSA();
        return new TlsEncryptor() { // from class: kl.ssl.gmvpn.crypto.impl.jcajce.JcaTlsCrypto.2
            @Override // kl.ssl.gmvpn.crypto.impl.TlsEncryptor
            public byte[] encrypt(byte[] bArr, int i2, int i3) throws IOException {
                try {
                    Cipher createRSAEncryptionCipher = JcaTlsCrypto.this.createRSAEncryptionCipher();
                    try {
                        createRSAEncryptionCipher.init(3, pubKeyRSA, JcaTlsCrypto.this.getSecureRandom());
                        return createRSAEncryptionCipher.wrap(new SecretKeySpec(bArr, i2, i3, "TLS"));
                    } catch (Exception e2) {
                        try {
                            createRSAEncryptionCipher.init(1, pubKeyRSA, JcaTlsCrypto.this.getSecureRandom());
                            return createRSAEncryptionCipher.doFinal(bArr, i2, i3);
                        } catch (Exception unused) {
                            throw new TlsFatalAlert((short) 80, e2);
                        }
                    }
                } catch (GeneralSecurityException e3) {
                    throw new TlsFatalAlert((short) 80, e3);
                }
            }
        };
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsHMAC createHMAC(int i2) {
        switch (i2) {
            case 0:
                return null;
            case 1:
                return createHMAC("HmacMD5");
            case 2:
                return createHMAC("HmacSHA1");
            case 3:
                return createHMAC("HmacSHA256");
            case 4:
                return createHMAC("HmacSHA384");
            case 5:
                return createHMAC("HmacSHA512");
            case 6:
                return createHMACSM3();
            default:
                StringBuilder l0 = a.l0("unknown MACAlgorithm: ");
                l0.append(MACAlgorithm.getText(i2));
                throw new IllegalArgumentException(l0.toString());
        }
    }

    public TlsHMAC createHMAC(String str) {
        try {
            return new JceTlsHMAC(this.helper.createMac(str), str);
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(a.L("cannot create HMAC: ", str), e2);
        }
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsHMAC createHMAC(short s) {
        return createHMAC("Hmac" + getDigestName(s).replaceAll("-", ""));
    }

    public TlsHash createHash(String str) throws GeneralSecurityException {
        return new JcaTlsHash(this.helper.createDigest(str));
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsHash createHash(short s) {
        try {
            return createHash(getDigestName(s));
        } catch (GeneralSecurityException e2) {
            StringBuilder l0 = a.l0("unable to create message digest:");
            l0.append(e2.getMessage());
            throw Exceptions.illegalArgumentException(l0.toString(), e2);
        }
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsNonceGenerator createNonceGenerator(byte[] bArr) {
        return new JcaNonceGenerator(this.nonceEntropySource, bArr);
    }

    public TlsNullCipher createNullCipher(TlsCryptoParameters tlsCryptoParameters, int i2) throws IOException, GeneralSecurityException {
        return new TlsNullCipher(tlsCryptoParameters, createMAC(i2), createMAC(i2));
    }

    public Cipher createRSAEncryptionCipher() throws GeneralSecurityException {
        try {
            return getHelper().createCipher("RSA/NONE/PKCS1Padding");
        } catch (GeneralSecurityException unused) {
            return getHelper().createCipher("RSA/ECB/PKCS1Padding");
        }
    }

    public Cipher createSM2EncryptionCipher() throws GeneralSecurityException {
        return getHelper().createCipher("SM2/NONE/NOPADDING");
    }

    public TlsAEADCipher createSM4GCMCipher(TlsCryptoParameters tlsCryptoParameters, int i2, int i3) throws IOException, GeneralSecurityException {
        return new TlsAEADCipher(tlsCryptoParameters, createAEADCipher("SM4/GCM/NoPadding", "SM4", i2, true), createAEADCipher("SM4/GCM/NoPadding", "SM4", i2, false), i2, i3);
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsSecret createSecret(byte[] bArr) {
        return adoptLocalSecret(Arrays.clone(bArr));
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsSecret generateRSAPreMasterSecret(ProtocolVersion protocolVersion) {
        byte[] bArr = new byte[48];
        getSecureRandom().nextBytes(bArr);
        TlsUtils.writeVersion(protocolVersion, bArr, 0);
        return adoptLocalSecret(bArr);
    }

    public String getDigestName(short s) {
        switch (s) {
            case 1:
                return "MD5";
            case 2:
                return McElieceCCA2KeyGenParameterSpec.SHA1;
            case 3:
                return McElieceCCA2KeyGenParameterSpec.SHA224;
            case 4:
                return "SHA-256";
            case 5:
                return McElieceCCA2KeyGenParameterSpec.SHA384;
            case 6:
                return "SHA-512";
            case 7:
                return "SM3";
            default:
                StringBuilder l0 = a.l0("invalid HashAlgorithm: ");
                l0.append(HashAlgorithm.getText(s));
                throw new IllegalArgumentException(l0.toString());
        }
    }

    public JcaJceHelper getHelper() {
        return this.helper;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public SecureRandom getSecureRandom() {
        return this.entropySource;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasAllRawSignatureAlgorithms() {
        return false;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasEncryptionAlgorithm(int i2) {
        return i2 == 1 || i2 == 2;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasHashAlgorithm(short s) {
        return true;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasMacAlgorithm(int i2) {
        return true;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasNamedGroup(int i2) {
        return false;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasRSAEncryption() {
        try {
            createRSAEncryptionCipher();
            return true;
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasSignatureAlgorithm(short s) {
        return s == 1 || s == 3;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        if (signatureAndHashAlgorithm.getHash() == 3 && JcaUtils.isSunMSCAPIProviderActive()) {
            return false;
        }
        return hasSignatureAlgorithm(signatureAndHashAlgorithm.getSignature());
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsSecret hkdfInit(short s) {
        return adoptLocalSecret(new byte[HashAlgorithm.getOutputSize(s)]);
    }

    public boolean isCurveSupported(String str) {
        return ECUtil.isCurveSupported(str, getHelper());
    }
}
