package kl.ssl.gmvpn.crypto.impl.bc;

import java.io.IOException;
import java.security.SecureRandom;
import kl.ssl.gmvpn.Certificate;
import kl.ssl.gmvpn.TlsCredentialedDecryptor;
import kl.ssl.gmvpn.crypto.TlsCryptoParameters;
import kl.ssl.gmvpn.crypto.TlsSecret;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;

/* loaded from: classes2.dex */
public class BcDefaultTlsCredentialedDecryptor implements TlsCredentialedDecryptor {
    public Certificate certificate;
    public BcTlsCrypto crypto;
    public AsymmetricKeyParameter privateKey;

    public BcDefaultTlsCredentialedDecryptor(BcTlsCrypto bcTlsCrypto, Certificate certificate, AsymmetricKeyParameter asymmetricKeyParameter) {
        if (bcTlsCrypto == null) {
            throw new IllegalArgumentException("'crypto' cannot be null");
        }
        if (certificate == null) {
            throw new IllegalArgumentException("'certificate' cannot be null");
        }
        if (certificate.isEmpty()) {
            throw new IllegalArgumentException("'certificate' cannot be empty");
        }
        if (asymmetricKeyParameter == null) {
            throw new IllegalArgumentException("'privateKey' cannot be null");
        }
        if (!asymmetricKeyParameter.isPrivate()) {
            throw new IllegalArgumentException("'privateKey' must be private");
        }
        this.crypto = bcTlsCrypto;
        this.certificate = certificate;
        this.privateKey = asymmetricKeyParameter;
    }

    @Override // kl.ssl.gmvpn.TlsCredentialedDecryptor
    public TlsSecret decrypt(TlsCryptoParameters tlsCryptoParameters, byte[] bArr) throws IOException {
        return safeDecryptPreMasterSecret(tlsCryptoParameters, (ECPrivateKeyParameters) this.privateKey, bArr);
    }

    @Override // kl.ssl.gmvpn.TlsCredentials
    public Certificate getCertificate() {
        return this.certificate;
    }

    public TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters tlsCryptoParameters, ECPrivateKeyParameters eCPrivateKeyParameters, byte[] bArr) {
        byte[] bArr2;
        SecureRandom secureRandom = this.crypto.getSecureRandom();
        tlsCryptoParameters.getClientVersion();
        SM2Engine sM2Engine = new SM2Engine();
        sM2Engine.init(false, new ParametersWithRandom(eCPrivateKeyParameters, secureRandom));
        try {
            bArr2 = sM2Engine.processBlock(bArr, 0, bArr.length);
        } catch (Exception e2) {
            e2.printStackTrace();
            bArr2 = null;
        }
        return this.crypto.createSecret(bArr2);
    }
}
