package kl.ssl.gmvpn.crypto.impl.jcajce;

import c.b.a.a.a;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import kl.ssl.gmvpn.Certificate;
import kl.ssl.gmvpn.SignatureAndHashAlgorithm;
import kl.ssl.gmvpn.TlsCredentialedSignerAndDecryptor;
import kl.ssl.gmvpn.crypto.TlsCryptoParameters;
import kl.ssl.gmvpn.crypto.TlsSecret;
import kl.ssl.gmvpn.crypto.TlsSigner;
import kl.ssl.gmvpn.crypto.TlsStreamSigner;
import kl.ssl.gmvpn.crypto.impl.TlsImplUtils;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.util.PrivateKeyFactory;

/* loaded from: classes2.dex */
public class JcaDefaultTlsCredentialedSignerAndDecryptor implements TlsCredentialedSignerAndDecryptor {
    public Certificate certificate;
    public JcaTlsCrypto crypto;
    public TlsCryptoParameters cryptoParams;
    public PrivateKey[] privateKey;
    public SignatureAndHashAlgorithm signatureAndHashAlgorithm;
    public TlsSigner signer;

    public JcaDefaultTlsCredentialedSignerAndDecryptor(TlsCryptoParameters tlsCryptoParameters, JcaTlsCrypto jcaTlsCrypto, Certificate certificate, PrivateKey[] privateKeyArr, SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        this.crypto = jcaTlsCrypto;
        this.certificate = certificate;
        this.privateKey = privateKeyArr;
        this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
        this.signer = makeSigner(jcaTlsCrypto, privateKeyArr[0], certificate, signatureAndHashAlgorithm);
        this.cryptoParams = tlsCryptoParameters;
    }

    public static TlsSigner makeSigner(JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey, Certificate certificate, SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        if (privateKey instanceof RSAPrivateKey) {
            return new JcaTlsRSASigner(jcaTlsCrypto, privateKey);
        }
        if (privateKey instanceof ECPrivateKey) {
            return new JcaTlsSM2Signer(jcaTlsCrypto, (ECPrivateKey) privateKey);
        }
        StringBuilder l0 = a.l0("'privateKey' type not supported: ");
        l0.append(privateKey.getClass().getName());
        throw new IllegalArgumentException(l0.toString());
    }

    @Override // kl.ssl.gmvpn.TlsCredentialedDecryptor
    public TlsSecret decrypt(TlsCryptoParameters tlsCryptoParameters, byte[] bArr) throws IOException {
        return safeDecryptPreMasterSecret(tlsCryptoParameters, (ECPrivateKeyParameters) PrivateKeyFactory.createKey(this.privateKey[1].getEncoded()), bArr);
    }

    @Override // kl.ssl.gmvpn.TlsCredentialedSigner
    public byte[] generateRawSignature(byte[] bArr) throws IOException {
        return this.signer.generateRawSignature(getEffectiveAlgorithm(), bArr);
    }

    @Override // kl.ssl.gmvpn.TlsCredentials
    public Certificate getCertificate() {
        return this.certificate;
    }

    public SignatureAndHashAlgorithm getEffectiveAlgorithm() {
        if (!TlsImplUtils.isTLSv12(this.cryptoParams)) {
            return null;
        }
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = getSignatureAndHashAlgorithm();
        if (signatureAndHashAlgorithm != null) {
            return signatureAndHashAlgorithm;
        }
        throw new IllegalStateException("'signatureAndHashAlgorithm' cannot be null for (D)TLS 1.2+");
    }

    @Override // kl.ssl.gmvpn.TlsCredentialedSigner
    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
        return this.signatureAndHashAlgorithm;
    }

    @Override // kl.ssl.gmvpn.TlsCredentialedSigner
    public TlsStreamSigner getStreamSigner() throws IOException {
        return this.signer.getStreamSigner(getEffectiveAlgorithm());
    }

    public TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters tlsCryptoParameters, ECPrivateKeyParameters eCPrivateKeyParameters, byte[] bArr) {
        byte[] bArr2;
        this.crypto.getSecureRandom();
        tlsCryptoParameters.getClientVersion();
        SM2Engine sM2Engine = new SM2Engine();
        sM2Engine.init(false, eCPrivateKeyParameters);
        try {
            bArr2 = sM2Engine.processBlock(bArr, 0, bArr.length);
        } catch (Exception e2) {
            e2.printStackTrace();
            bArr2 = null;
        }
        return this.crypto.createSecret(bArr2);
    }
}
