package kl.ssl.gmvpn.crypto.impl.bc;

import c.b.a.a.a;
import java.io.IOException;
import java.security.SecureRandom;
import kl.ssl.gmvpn.HashAlgorithm;
import kl.ssl.gmvpn.NamedGroup;
import kl.ssl.gmvpn.ProtocolVersion;
import kl.ssl.gmvpn.SignatureAndHashAlgorithm;
import kl.ssl.gmvpn.TlsFatalAlert;
import kl.ssl.gmvpn.TlsUtils;
import kl.ssl.gmvpn.crypto.TlsCertificate;
import kl.ssl.gmvpn.crypto.TlsCipher;
import kl.ssl.gmvpn.crypto.TlsCryptoParameters;
import kl.ssl.gmvpn.crypto.TlsHMAC;
import kl.ssl.gmvpn.crypto.TlsHash;
import kl.ssl.gmvpn.crypto.TlsNonceGenerator;
import kl.ssl.gmvpn.crypto.TlsSecret;
import kl.ssl.gmvpn.crypto.impl.AbstractTlsCrypto;
import kl.ssl.gmvpn.crypto.impl.SM2Util;
import kl.ssl.gmvpn.crypto.impl.TlsAEADCipher;
import kl.ssl.gmvpn.crypto.impl.TlsAEADCipherImpl;
import kl.ssl.gmvpn.crypto.impl.TlsBlockCipher;
import kl.ssl.gmvpn.crypto.impl.TlsBlockCipherImpl;
import kl.ssl.gmvpn.crypto.impl.TlsEncryptor;
import kl.ssl.gmvpn.crypto.impl.TlsNullCipher;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.RuntimeCryptoException;
import org.bouncycastle.crypto.digests.MD5Digest;
import org.bouncycastle.crypto.digests.NullDigest;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.SHA224Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.RSABlindedEngine;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.engines.SM4Engine;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.modes.AEADBlockCipher;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.prng.DigestRandomGenerator;
import org.bouncycastle.util.Arrays;

/* loaded from: classes2.dex */
public class BcTlsCrypto extends AbstractTlsCrypto {
    public final SecureRandom entropySource;

    /* loaded from: classes2.dex */
    public class AeadOperator implements TlsAEADCipherImpl {
        public final AEADBlockCipher cipher;
        public final boolean isEncrypting;
        public KeyParameter key;

        public AeadOperator(AEADBlockCipher aEADBlockCipher, boolean z) {
            this.cipher = aEADBlockCipher;
            this.isEncrypting = z;
        }

        @Override // kl.ssl.gmvpn.crypto.impl.TlsAEADCipherImpl
        public int doFinal(byte[] bArr, int i2, int i3, byte[] bArr2, int i4) {
            int processBytes = this.cipher.processBytes(bArr, i2, i3, bArr2, i4);
            try {
                return processBytes + this.cipher.doFinal(bArr2, i4 + processBytes);
            } catch (InvalidCipherTextException e2) {
                throw new RuntimeCryptoException(e2.toString());
            }
        }

        @Override // kl.ssl.gmvpn.crypto.impl.TlsAEADCipherImpl
        public int getOutputSize(int i2) {
            return this.cipher.getOutputSize(i2);
        }

        @Override // kl.ssl.gmvpn.crypto.impl.TlsAEADCipherImpl
        public void init(byte[] bArr, int i2, byte[] bArr2) {
            this.cipher.init(this.isEncrypting, new AEADParameters(this.key, i2 * 8, bArr, bArr2));
        }

        @Override // kl.ssl.gmvpn.crypto.impl.TlsAEADCipherImpl
        public void setKey(byte[] bArr, int i2, int i3) {
            this.key = new KeyParameter(bArr, i2, i3);
        }
    }

    /* loaded from: classes2.dex */
    public static class BcTlsHash implements TlsHash {
        public final Digest digest;
        public final short hashAlgorithm;

        public BcTlsHash(short s, Digest digest) {
            this.hashAlgorithm = s;
            this.digest = digest;
        }

        @Override // kl.ssl.gmvpn.crypto.TlsHash
        public byte[] calculateHash() {
            byte[] bArr = new byte[this.digest.getDigestSize()];
            this.digest.doFinal(bArr, 0);
            return bArr;
        }

        @Override // kl.ssl.gmvpn.crypto.TlsHash
        public Object clone() {
            short s = this.hashAlgorithm;
            return new BcTlsHash(s, BcTlsCrypto.cloneDigest(s, this.digest));
        }

        @Override // kl.ssl.gmvpn.crypto.TlsHash
        public void reset() {
            this.digest.reset();
        }

        @Override // kl.ssl.gmvpn.crypto.TlsHash
        public void update(byte[] bArr, int i2, int i3) {
            this.digest.update(bArr, i2, i3);
        }
    }

    /* loaded from: classes2.dex */
    public class BlockOperator implements TlsBlockCipherImpl {
        public final BlockCipher cipher;
        public final boolean isEncrypting;
        public KeyParameter key;

        public BlockOperator(BlockCipher blockCipher, boolean z) {
            this.cipher = blockCipher;
            this.isEncrypting = z;
        }

        @Override // kl.ssl.gmvpn.crypto.impl.TlsBlockCipherImpl
        public int doFinal(byte[] bArr, int i2, int i3, byte[] bArr2, int i4) {
            int blockSize = this.cipher.getBlockSize();
            for (int i5 = 0; i5 < i3; i5 += blockSize) {
                this.cipher.processBlock(bArr, i2 + i5, bArr2, i4 + i5);
            }
            return i3;
        }

        @Override // kl.ssl.gmvpn.crypto.impl.TlsBlockCipherImpl
        public int getBlockSize() {
            return this.cipher.getBlockSize();
        }

        @Override // kl.ssl.gmvpn.crypto.impl.TlsBlockCipherImpl
        public void init(byte[] bArr, int i2, int i3) {
            this.cipher.init(this.isEncrypting, new ParametersWithIV(null, bArr, i2, i3));
        }

        @Override // kl.ssl.gmvpn.crypto.impl.TlsBlockCipherImpl
        public void setKey(byte[] bArr, int i2, int i3) {
            KeyParameter keyParameter = new KeyParameter(bArr, i2, i3);
            this.key = keyParameter;
            BlockCipher blockCipher = this.cipher;
            blockCipher.init(this.isEncrypting, new ParametersWithIV(keyParameter, new byte[blockCipher.getBlockSize()]));
        }
    }

    /* loaded from: classes2.dex */
    public class HMacOperator implements TlsHMAC {
        public final HMac hmac;

        public HMacOperator(Digest digest) {
            this.hmac = new HMac(digest);
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public void calculateMAC(byte[] bArr, int i2) {
            this.hmac.doFinal(bArr, i2);
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public byte[] calculateMAC() {
            byte[] bArr = new byte[this.hmac.getMacSize()];
            this.hmac.doFinal(bArr, 0);
            return bArr;
        }

        @Override // kl.ssl.gmvpn.crypto.TlsHMAC
        public int getInternalBlockSize() {
            return ((ExtendedDigest) this.hmac.getUnderlyingDigest()).getByteLength();
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public int getMacLength() {
            return this.hmac.getMacSize();
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public void reset() {
            this.hmac.reset();
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public void setKey(byte[] bArr, int i2, int i3) {
            this.hmac.init(new KeyParameter(bArr, i2, i3));
        }

        @Override // kl.ssl.gmvpn.crypto.TlsMAC
        public void update(byte[] bArr, int i2, int i3) {
            this.hmac.update(bArr, i2, i3);
        }
    }

    public BcTlsCrypto(SecureRandom secureRandom) {
        this.entropySource = secureRandom;
    }

    public static Digest cloneDigest(short s, Digest digest) {
        switch (s) {
            case 1:
                return new MD5Digest((MD5Digest) digest);
            case 2:
                return new SHA1Digest((SHA1Digest) digest);
            case 3:
                return new SHA224Digest((SHA224Digest) digest);
            case 4:
                return new SHA256Digest((SHA256Digest) digest);
            case 5:
                return new SHA384Digest((SHA384Digest) digest);
            case 6:
                return new SHA512Digest((SHA512Digest) digest);
            case 7:
                return new SM3Digest((SM3Digest) digest);
            default:
                StringBuilder l0 = a.l0("invalid HashAlgorithm: ");
                l0.append(HashAlgorithm.getText(s));
                throw new IllegalArgumentException(l0.toString());
        }
    }

    public BcTlsSecret adoptLocalSecret(byte[] bArr) {
        return new BcTlsSecret(this, bArr);
    }

    public BlockCipher createAESBlockCipher() {
        return new CBCBlockCipher(createAESEngine());
    }

    public TlsCipher createAESCipher(TlsCryptoParameters tlsCryptoParameters, int i2, int i3) throws IOException {
        return new TlsBlockCipher(this, tlsCryptoParameters, new BlockOperator(createAESBlockCipher(), true), new BlockOperator(createAESBlockCipher(), false), createHMAC(i3), createHMAC(i3), i2);
    }

    public BlockCipher createAESEngine() {
        return new AESEngine();
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsCertificate createCertificate(byte[] bArr) throws IOException {
        return new BcTlsCertificate(this, bArr);
    }

    @Override // kl.ssl.gmvpn.crypto.impl.AbstractTlsCrypto
    public TlsCipher createCipher(TlsCryptoParameters tlsCryptoParameters, int i2, int i3) throws IOException {
        if (i2 == 0) {
            return createNullCipher(tlsCryptoParameters, i3);
        }
        if (i2 == 1) {
            return createSM4Cipher(tlsCryptoParameters, i3);
        }
        if (i2 == 2) {
            return createSM4GCMCipher(tlsCryptoParameters, 16, 16);
        }
        throw new TlsFatalAlert((short) 80);
    }

    public Digest createDigest(short s) {
        switch (s) {
            case 0:
                return new NullDigest();
            case 1:
                return new MD5Digest();
            case 2:
                return new SHA1Digest();
            case 3:
                return new SHA224Digest();
            case 4:
                return new SHA256Digest();
            case 5:
                return new SHA384Digest();
            case 6:
                return new SHA512Digest();
            case 7:
                return new SM3Digest();
            default:
                StringBuilder l0 = a.l0("invalid HashAlgorithm: ");
                l0.append(HashAlgorithm.getText(s));
                throw new IllegalArgumentException(l0.toString());
        }
    }

    @Override // kl.ssl.gmvpn.crypto.impl.AbstractTlsCrypto
    public TlsEncryptor createEncryptor(TlsCertificate tlsCertificate) throws IOException {
        BcTlsCertificate convert = BcTlsCertificate.convert(this, tlsCertificate);
        convert.validateKeyUsage(32);
        final AsymmetricKeyParameter publicKey = convert.getPublicKey();
        if (publicKey instanceof ECKeyParameters) {
            return new TlsEncryptor() { // from class: kl.ssl.gmvpn.crypto.impl.bc.BcTlsCrypto.1
                @Override // kl.ssl.gmvpn.crypto.impl.TlsEncryptor
                public byte[] encrypt(byte[] bArr, int i2, int i3) throws IOException {
                    try {
                        SM2Engine sM2Engine = new SM2Engine();
                        sM2Engine.init(true, new ParametersWithRandom(publicKey, BcTlsCrypto.this.getSecureRandom()));
                        return SM2Util.getSM2CipherStructure(sM2Engine.processBlock(bArr, i2, i3)).getEncoded();
                    } catch (InvalidCipherTextException e2) {
                        throw new TlsFatalAlert((short) 80, e2);
                    }
                }
            };
        }
        final RSAKeyParameters pubKeyRSA = convert.getPubKeyRSA();
        return new TlsEncryptor() { // from class: kl.ssl.gmvpn.crypto.impl.bc.BcTlsCrypto.2
            @Override // kl.ssl.gmvpn.crypto.impl.TlsEncryptor
            public byte[] encrypt(byte[] bArr, int i2, int i3) throws IOException {
                try {
                    PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSABlindedEngine());
                    pKCS1Encoding.init(true, new ParametersWithRandom(pubKeyRSA, BcTlsCrypto.this.getSecureRandom()));
                    return pKCS1Encoding.processBlock(bArr, i2, i3);
                } catch (InvalidCipherTextException e2) {
                    throw new TlsFatalAlert((short) 80, e2);
                }
            }
        };
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsHMAC createHMAC(int i2) {
        return createHMAC(TlsUtils.getHashAlgorithmForHMACAlgorithm(i2));
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsHMAC createHMAC(short s) {
        return new HMacOperator(createDigest(s));
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsHash createHash(short s) {
        return new BcTlsHash(s, createDigest(s));
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsNonceGenerator createNonceGenerator(byte[] bArr) {
        final DigestRandomGenerator digestRandomGenerator = new DigestRandomGenerator(createDigest((short) 4));
        if (bArr != null && bArr.length > 0) {
            digestRandomGenerator.addSeedMaterial(bArr);
        }
        byte[] bArr2 = new byte[createDigest((short) 4).getDigestSize()];
        this.entropySource.nextBytes(bArr2);
        digestRandomGenerator.addSeedMaterial(bArr2);
        return new TlsNonceGenerator() { // from class: kl.ssl.gmvpn.crypto.impl.bc.BcTlsCrypto.3
            @Override // kl.ssl.gmvpn.crypto.TlsNonceGenerator
            public byte[] generateNonce(int i2) {
                byte[] bArr3 = new byte[i2];
                digestRandomGenerator.nextBytes(bArr3);
                return bArr3;
            }
        };
    }

    public TlsNullCipher createNullCipher(TlsCryptoParameters tlsCryptoParameters, int i2) throws IOException {
        return new TlsNullCipher(tlsCryptoParameters, createHMAC(i2), createHMAC(i2));
    }

    public BlockCipher createSM4BlockCipher() {
        return new CBCBlockCipher(createSM4Engine());
    }

    public TlsCipher createSM4Cipher(TlsCryptoParameters tlsCryptoParameters, int i2) throws IOException {
        return new TlsBlockCipher(this, tlsCryptoParameters, new BlockOperator(createSM4BlockCipher(), true), new BlockOperator(createSM4BlockCipher(), false), createHMAC(i2), createHMAC(i2), 16);
    }

    public BlockCipher createSM4Engine() {
        return new SM4Engine();
    }

    public AEADBlockCipher createSM4GCMBlockCipher() {
        return new GCMBlockCipher(createSM4Engine());
    }

    public TlsAEADCipher createSM4GCMCipher(TlsCryptoParameters tlsCryptoParameters, int i2, int i3) throws IOException {
        return new TlsAEADCipher(tlsCryptoParameters, new AeadOperator(createSM4GCMBlockCipher(), true), new AeadOperator(createSM4GCMBlockCipher(), false), i2, i3);
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsSecret createSecret(byte[] bArr) {
        return adoptLocalSecret(Arrays.clone(bArr));
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsSecret generateRSAPreMasterSecret(ProtocolVersion protocolVersion) {
        byte[] bArr = new byte[48];
        this.entropySource.nextBytes(bArr);
        TlsUtils.writeVersion(protocolVersion, bArr, 0);
        return adoptLocalSecret(bArr);
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public SecureRandom getSecureRandom() {
        return this.entropySource;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasAllRawSignatureAlgorithms() {
        return false;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasEncryptionAlgorithm(int i2) {
        return true;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasHashAlgorithm(short s) {
        return true;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasMacAlgorithm(int i2) {
        return true;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasNamedGroup(int i2) {
        return NamedGroup.refersToASpecificGroup(i2);
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasRSAEncryption() {
        return true;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasSignatureAlgorithm(short s) {
        switch (s) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 9:
            case 10:
            case 11:
                return true;
            case 7:
            case 8:
            default:
                return false;
        }
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        return hasSignatureAlgorithm(signatureAndHashAlgorithm.getSignature());
    }

    @Override // kl.ssl.gmvpn.crypto.TlsCrypto
    public TlsSecret hkdfInit(short s) {
        return adoptLocalSecret(new byte[HashAlgorithm.getOutputSize(s)]);
    }
}
