package org.eclipse.californium.scandium.dtls.cipher;

import com.urbandroid.lux.integration.taskerplugin.TaskerPlugin;
import j$.util.DesugarCollections;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.KeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.security.auth.Destroyable;
import org.eclipse.californium.elements.util.Asn1DerDecoder;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public final class XECDHECryptography implements Destroyable {
    private static final Map<EllipticCurve, SupportedGroup> EC_CURVE_MAP_BY_CURVE;
    private static final Map<Integer, SupportedGroup> EC_CURVE_MAP_BY_ID;
    private static final Method NamedParameterSpecGetName;
    private static final Class<?> XECPublicKeyClass;
    private static final Method XECPublicKeyGetParams;
    private static final Method XECPublicKeyGetU;
    private static final Constructor<?> XECPublicKeySpecInit;
    private byte[] encodedPoint;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private final SupportedGroup supportedGroup;
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) XECDHECryptography.class);
    private static final ThreadLocalKeyPairGenerator EC_KEYPAIR_GENERATOR = new ThreadLocalKeyPairGenerator("EC");
    private static final ThreadLocalKeyPairGenerator XDH_KEYPAIR_GENERATOR = new ThreadLocalKeyPairGenerator("XDH");
    private static final ThreadLocalKeyFactory EC_KEY_FACTORY = new ThreadLocalKeyFactory("EC");
    private static final ThreadLocalKeyFactory XDH_KEY_FACTORY = new ThreadLocalKeyFactory("XDH");
    private static final ThreadLocalKeyAgreement ECDH_KEY_AGREEMENT = new ThreadLocalKeyAgreement("ECDH");
    private static final ThreadLocalKeyAgreement XDH_KEY_AGREEMENT = new ThreadLocalKeyAgreement("XDH");

    /* loaded from: classes.dex */
    private static class Initialize {
        private static final SupportedGroup[] PREFERRED = {SupportedGroup.secp256r1, SupportedGroup.X25519, SupportedGroup.X448, SupportedGroup.secp384r1};
        private static final List<SupportedGroup> PREFERRED_GROUPS;
        private static final List<SupportedGroup> USABLE_GROUPS;

        static {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            for (SupportedGroup supportedGroup : SupportedGroup.values()) {
                if (supportedGroup.isUsable()) {
                    arrayList.add(supportedGroup);
                }
            }
            for (SupportedGroup supportedGroup2 : PREFERRED) {
                if (supportedGroup2.isUsable()) {
                    arrayList2.add(supportedGroup2);
                }
            }
            if (arrayList2.isEmpty() && !arrayList.isEmpty()) {
                arrayList2.add(arrayList.get(0));
            }
            USABLE_GROUPS = DesugarCollections.unmodifiableList(arrayList);
            PREFERRED_GROUPS = DesugarCollections.unmodifiableList(arrayList2);
        }
    }

    /* loaded from: classes.dex */
    public enum SupportedGroup {
        sect163k1(1, false),
        sect163r1(2, false),
        sect163r2(3, false),
        sect193r1(4, false),
        sect193r2(5, false),
        sect233k1(6, false),
        sect233r1(7, false),
        sect239k1(8, false),
        sect283k1(9, false),
        sect283r1(10, false),
        sect409k1(11, false),
        sect409r1(12, false),
        sect571k1(13, false),
        sect571r1(14, false),
        secp160k1(15, false),
        secp160r1(16, false),
        secp160r2(17, false),
        secp192k1(18, false),
        secp192r1(19, false),
        secp224k1(20, false),
        secp224r1(21, false),
        secp256k1(22, false),
        secp256r1(23, true),
        secp384r1(24, true),
        secp521r1(25, false),
        brainpoolP256r1(26, false),
        brainpoolP384r1(27, false),
        brainpoolP512r1(28, false),
        ffdhe2048(256, false),
        ffdhe3072(257, false),
        ffdhe4096(258, false),
        ffdhe6144(259, false),
        ffdhe8192(260, false),
        arbitrary_explicit_prime_curves(65281, false),
        arbitrary_explicit_char2_curves(65282, false),
        X25519(29, 32, "XDH", true),
        X448(30, 56, "XDH", true);

        private final String algorithmName;
        private final int id;
        private final int keySizeInBytes;
        private final boolean recommended;
        private final boolean usable;

        SupportedGroup(int i2, int i3, String str, boolean z2) {
            boolean z3;
            this.id = i2;
            this.algorithmName = str;
            this.keySizeInBytes = i3;
            this.recommended = z2;
            try {
                KeyPairGenerator currentWithCause = XECDHECryptography.XDH_KEYPAIR_GENERATOR.currentWithCause();
                currentWithCause.initialize(new ECGenParameterSpec(name()));
                currentWithCause.generateKeyPair();
                z3 = true;
            } catch (Throwable th) {
                XECDHECryptography.LOGGER.trace("Group [{}] is not supported by JRE! {}", name(), th.getMessage());
                z3 = false;
            }
            this.usable = z3;
            XECDHECryptography.EC_CURVE_MAP_BY_ID.put(Integer.valueOf(i2), this);
        }

        /* JADX WARN: Removed duplicated region for block: B:8:0x0060  */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        SupportedGroup(int r6, boolean r7) {
            /*
                r3 = this;
                r3.<init>(r4, r5)
                r3.id = r6
                java.lang.String r4 = "EC"
                r3.algorithmName = r4
                r3.recommended = r7
                r4 = 0
                org.eclipse.californium.scandium.dtls.cipher.ThreadLocalKeyPairGenerator r5 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.access$000()     // Catch: java.lang.Throwable -> L4a
                java.lang.Object r5 = r5.currentWithCause()     // Catch: java.lang.Throwable -> L4a
                java.security.KeyPairGenerator r5 = (java.security.KeyPairGenerator) r5     // Catch: java.lang.Throwable -> L4a
                java.security.spec.ECGenParameterSpec r7 = new java.security.spec.ECGenParameterSpec     // Catch: java.lang.Throwable -> L4a
                java.lang.String r0 = r3.name()     // Catch: java.lang.Throwable -> L4a
                r7.<init>(r0)     // Catch: java.lang.Throwable -> L4a
                r5.initialize(r7)     // Catch: java.lang.Throwable -> L4a
                java.security.KeyPair r5 = r5.generateKeyPair()     // Catch: java.lang.Throwable -> L4a
                java.security.PublicKey r5 = r5.getPublic()     // Catch: java.lang.Throwable -> L4a
                java.security.interfaces.ECPublicKey r5 = (java.security.interfaces.ECPublicKey) r5     // Catch: java.lang.Throwable -> L4a
                java.security.spec.ECParameterSpec r5 = r5.getParams()     // Catch: java.lang.Throwable -> L4a
                java.security.spec.EllipticCurve r5 = r5.getCurve()     // Catch: java.lang.Throwable -> L4a
                java.security.spec.ECField r7 = r5.getField()     // Catch: java.lang.Throwable -> L4a
                int r7 = r7.getFieldSize()     // Catch: java.lang.Throwable -> L4a
                int r7 = r7 + 7
                int r7 = r7 / 8
                java.util.Map r0 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.access$100()     // Catch: java.lang.Throwable -> L48
                r0.put(r5, r3)     // Catch: java.lang.Throwable -> L48
                goto L5c
            L48:
                r5 = move-exception
                goto L4c
            L4a:
                r5 = move-exception
                r7 = 0
            L4c:
                org.slf4j.Logger r0 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.LOGGER
                java.lang.String r1 = r3.name()
                java.lang.String r5 = r5.getMessage()
                java.lang.String r2 = "Group [{}] is not supported by JRE! {}"
                r0.trace(r2, r1, r5)
                r5 = 0
            L5c:
                r3.keySizeInBytes = r7
                if (r5 == 0) goto L61
                r4 = 1
            L61:
                r3.usable = r4
                java.util.Map r4 = org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.access$200()
                java.lang.Integer r5 = java.lang.Integer.valueOf(r6)
                r4.put(r5, r3)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography.SupportedGroup.<init>(java.lang.String, int, int, boolean):void");
        }

        public static SupportedGroup fromId(int i2) {
            return (SupportedGroup) XECDHECryptography.EC_CURVE_MAP_BY_ID.get(Integer.valueOf(i2));
        }

        public static SupportedGroup fromPublicKey(PublicKey publicKey) {
            if (publicKey != null) {
                if (publicKey instanceof ECPublicKey) {
                    return (SupportedGroup) XECDHECryptography.EC_CURVE_MAP_BY_CURVE.get(((ECPublicKey) publicKey).getParams().getCurve());
                }
                if (XECDHECryptography.XECPublicKeyClass == null || !XECDHECryptography.XECPublicKeyClass.isInstance(publicKey)) {
                    String edDsaStandardAlgorithmName = Asn1DerDecoder.getEdDsaStandardAlgorithmName(publicKey.getAlgorithm(), null);
                    if ("OID.1.3.101.112".equals(edDsaStandardAlgorithmName) || "EdDSA".equalsIgnoreCase(edDsaStandardAlgorithmName)) {
                        return X25519;
                    }
                    if ("OID.1.3.101.113".equals(edDsaStandardAlgorithmName)) {
                        return X448;
                    }
                    XECDHECryptography.LOGGER.warn("No supported curve {}/{}", publicKey.getAlgorithm(), edDsaStandardAlgorithmName);
                } else {
                    try {
                        return valueOf(XECDHECryptography.getXECPublicKeyName(publicKey));
                    } catch (GeneralSecurityException unused) {
                    }
                }
            }
            return null;
        }

        public static List<SupportedGroup> getPreferredGroups() {
            return Initialize.PREFERRED_GROUPS;
        }

        public static boolean isEcPublicKey(PublicKey publicKey) {
            if (publicKey instanceof ECPublicKey) {
                return true;
            }
            return XECDHECryptography.XECPublicKeyClass != null && XECDHECryptography.XECPublicKeyClass.isInstance(publicKey);
        }

        public static boolean isSupported(List<SupportedGroup> list, List<X509Certificate> list2) {
            SupportedGroup fromPublicKey;
            for (X509Certificate x509Certificate : list2) {
                if (isEcPublicKey(x509Certificate.getPublicKey()) && ((fromPublicKey = fromPublicKey(x509Certificate.getPublicKey())) == null || !fromPublicKey.isUsable() || !list.contains(fromPublicKey))) {
                    return false;
                }
            }
            return true;
        }

        public String getAlgorithmName() {
            return this.algorithmName;
        }

        public int getId() {
            return this.id;
        }

        public int getKeySizeInBytes() {
            return this.keySizeInBytes;
        }

        public boolean isRecommended() {
            return this.recommended;
        }

        public boolean isUsable() {
            return this.usable;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v0 */
    /* JADX WARN: Type inference failed for: r3v1 */
    /* JADX WARN: Type inference failed for: r3v2 */
    /* JADX WARN: Type inference failed for: r3v6 */
    /* JADX WARN: Type inference failed for: r3v9, types: [java.lang.reflect.Method] */
    static {
        Class<?> cls;
        Constructor<?> constructor;
        ?? r3;
        Method method;
        Method method2;
        Method method3 = null;
        try {
            cls = Class.forName("java.security.spec.XECPublicKeySpec");
            try {
                constructor = cls.getConstructor(AlgorithmParameterSpec.class, BigInteger.class);
                try {
                    cls = Class.forName("java.security.spec.NamedParameterSpec");
                    r3 = cls.getMethod("getName", null);
                    try {
                        cls = Class.forName("java.security.interfaces.XECPublicKey");
                        method = cls.getMethod("getU", null);
                        try {
                            method3 = cls.getMethod("getParams", null);
                            method2 = r3;
                        } catch (Throwable unused) {
                            LOGGER.info("X25519/X448 not supported!");
                            method2 = r3;
                            XECPublicKeyClass = cls;
                            XECPublicKeyGetU = method;
                            XECPublicKeyGetParams = method3;
                            NamedParameterSpecGetName = method2;
                            XECPublicKeySpecInit = constructor;
                            EC_CURVE_MAP_BY_ID = new HashMap();
                            EC_CURVE_MAP_BY_CURVE = new HashMap();
                        }
                    } catch (Throwable unused2) {
                        method = null;
                    }
                } catch (Throwable unused3) {
                    r3 = 0;
                    method = r3;
                    LOGGER.info("X25519/X448 not supported!");
                    method2 = r3;
                    XECPublicKeyClass = cls;
                    XECPublicKeyGetU = method;
                    XECPublicKeyGetParams = method3;
                    NamedParameterSpecGetName = method2;
                    XECPublicKeySpecInit = constructor;
                    EC_CURVE_MAP_BY_ID = new HashMap();
                    EC_CURVE_MAP_BY_CURVE = new HashMap();
                }
            } catch (Throwable unused4) {
                constructor = null;
                r3 = constructor;
                method = r3;
                LOGGER.info("X25519/X448 not supported!");
                method2 = r3;
                XECPublicKeyClass = cls;
                XECPublicKeyGetU = method;
                XECPublicKeyGetParams = method3;
                NamedParameterSpecGetName = method2;
                XECPublicKeySpecInit = constructor;
                EC_CURVE_MAP_BY_ID = new HashMap();
                EC_CURVE_MAP_BY_CURVE = new HashMap();
            }
        } catch (Throwable unused5) {
            cls = null;
            constructor = null;
        }
        XECPublicKeyClass = cls;
        XECPublicKeyGetU = method;
        XECPublicKeyGetParams = method3;
        NamedParameterSpecGetName = method2;
        XECPublicKeySpecInit = constructor;
        EC_CURVE_MAP_BY_ID = new HashMap();
        EC_CURVE_MAP_BY_CURVE = new HashMap();
    }

    public XECDHECryptography(SupportedGroup supportedGroup) {
        KeyPair generateKeyPair;
        if (supportedGroup.getAlgorithmName().equals("EC")) {
            KeyPairGenerator currentWithCause = EC_KEYPAIR_GENERATOR.currentWithCause();
            currentWithCause.initialize(new ECGenParameterSpec(supportedGroup.name()), RandomManager.currentSecureRandom());
            generateKeyPair = currentWithCause.generateKeyPair();
        } else {
            if (!supportedGroup.getAlgorithmName().equals("XDH")) {
                throw new GeneralSecurityException(supportedGroup.name() + " not supported by KeyPairGenerator!");
            }
            KeyPairGenerator currentWithCause2 = XDH_KEYPAIR_GENERATOR.currentWithCause();
            currentWithCause2.initialize(new ECGenParameterSpec(supportedGroup.name()), RandomManager.currentSecureRandom());
            generateKeyPair = currentWithCause2.generateKeyPair();
        }
        this.privateKey = generateKeyPair.getPrivate();
        this.publicKey = generateKeyPair.getPublic();
        this.supportedGroup = supportedGroup;
        this.encodedPoint = encodedPoint(generateKeyPair.getPublic());
    }

    private void check(String str, PublicKey publicKey, byte[] bArr) {
        Logger logger = LOGGER;
        if (logger.isDebugEnabled()) {
            byte[] encoded = publicKey.getEncoded();
            String byteArray2Hex = StringUtil.byteArray2Hex(encoded);
            String byteArray2Hex2 = StringUtil.byteArray2Hex(bArr);
            if (byteArray2Hex2.length() < byteArray2Hex.length()) {
                byteArray2Hex2 = String.format(TaskerPlugin.VARIABLE_PREFIX + byteArray2Hex.length() + "s", byteArray2Hex2);
            }
            logger.debug("{}ASN1 encoded '{}'", str, byteArray2Hex);
            logger.debug("{}DHE  encoded '{}'", str, byteArray2Hex2);
            for (int i2 = 0; i2 < bArr.length; i2++) {
                if (bArr[(bArr.length - i2) - 1] != encoded[(encoded.length - i2) - 1]) {
                    throw new GeneralSecurityException("DHE: failed to encoded point! " + this.supportedGroup.name() + ", position: " + i2);
                }
            }
        }
    }

    private static byte[] encodePoint(ECPoint eCPoint, int i2) {
        byte[] byteArray = eCPoint.getAffineX().toByteArray();
        byte[] byteArray2 = eCPoint.getAffineY().toByteArray();
        int noneZeroOffset = noneZeroOffset(byteArray);
        int length = byteArray.length - noneZeroOffset;
        int noneZeroOffset2 = noneZeroOffset(byteArray2);
        int length2 = byteArray2.length - noneZeroOffset2;
        if (length <= i2 && length2 <= i2) {
            int i3 = (i2 * 2) + 1;
            byte[] bArr = new byte[i3];
            bArr[0] = 4;
            System.arraycopy(byteArray, noneZeroOffset, bArr, (i2 + 1) - length, length);
            System.arraycopy(byteArray2, noneZeroOffset2, bArr, i3 - length2, length2);
            return bArr;
        }
        throw new IllegalArgumentException("ec point exceeds size! " + length + "," + length2 + " > " + i2);
    }

    private byte[] encodedPoint(PublicKey publicKey) {
        int keySizeInBytes = this.supportedGroup.getKeySizeInBytes();
        try {
            byte[] encodePoint = this.supportedGroup.getAlgorithmName().equals("EC") ? encodePoint(((ECPublicKey) publicKey).getW(), keySizeInBytes) : this.supportedGroup.getAlgorithmName().equals("XDH") ? revert(getXECPublicKeyU(publicKey).toByteArray(), keySizeInBytes) : null;
            if (encodePoint != null) {
                check("OUT: ", publicKey, encodePoint);
                return encodePoint;
            }
            throw new GeneralSecurityException("DHE: failed to encoded point! " + this.supportedGroup.name());
        } catch (RuntimeException e2) {
            throw new GeneralSecurityException("DHE: failed to encoded point! " + this.supportedGroup.name(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getXECPublicKeyName(PublicKey publicKey) {
        Method method;
        Method method2 = XECPublicKeyGetParams;
        if (method2 == null || (method = NamedParameterSpecGetName) == null) {
            throw new GeneralSecurityException("X25519/X448 not supported by JRE!");
        }
        try {
            return (String) method.invoke(method2.invoke(publicKey, null), null);
        } catch (Exception unused) {
            throw new GeneralSecurityException("X25519/X448 not supported by JRE!");
        }
    }

    private KeySpec getXECPublicKeySpec(String str, BigInteger bigInteger) {
        Constructor<?> constructor = XECPublicKeySpecInit;
        if (constructor == null) {
            throw new GeneralSecurityException(this.supportedGroup.name() + " not supported by JRE!");
        }
        try {
            return (KeySpec) constructor.newInstance(new ECGenParameterSpec(str), bigInteger);
        } catch (Exception e2) {
            throw new GeneralSecurityException(this.supportedGroup.name() + " not supported by JRE!", e2);
        }
    }

    private BigInteger getXECPublicKeyU(PublicKey publicKey) {
        Method method = XECPublicKeyGetU;
        if (method == null) {
            throw new GeneralSecurityException(this.supportedGroup.name() + " not supported by JRE!");
        }
        try {
            return (BigInteger) method.invoke(publicKey, null);
        } catch (Exception e2) {
            throw new GeneralSecurityException(this.supportedGroup.name() + " not supported by JRE!", e2);
        }
    }

    private static int noneZeroOffset(byte[] bArr) {
        int i2 = 0;
        while (i2 < bArr.length && bArr[i2] == 0) {
            i2++;
        }
        return i2;
    }

    private static byte[] revert(byte[] bArr, int i2) {
        int noneZeroOffset = noneZeroOffset(bArr);
        int length = bArr.length - noneZeroOffset;
        if (length <= i2) {
            byte[] bArr2 = new byte[i2];
            for (int i3 = 0; i3 < length; i3++) {
                bArr2[(length - 1) - i3] = bArr[i3 + noneZeroOffset];
            }
            return bArr2;
        }
        throw new IllegalArgumentException("big integer array exceeds size! " + length + " > " + i2);
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        this.privateKey = null;
    }

    public SecretKey generateSecret(byte[] bArr) {
        PublicKey generatePublic;
        if (bArr == null) {
            throw new NullPointerException("encoded point must not be null!");
        }
        if (this.privateKey == null) {
            throw new IllegalStateException("private key must not be destroyed");
        }
        int keySizeInBytes = this.supportedGroup.getKeySizeInBytes();
        if (this.supportedGroup.getAlgorithmName().equals("EC")) {
            int length = bArr.length - 1;
            if (bArr[0] != 4 || length % 2 != 0 || length / 2 != keySizeInBytes) {
                throw new GeneralSecurityException("DHE: failed to decoded point! " + this.supportedGroup.name());
            }
            byte[] bArr2 = new byte[keySizeInBytes];
            System.arraycopy(bArr, 1, bArr2, 0, keySizeInBytes);
            BigInteger bigInteger = new BigInteger(1, bArr2);
            System.arraycopy(bArr, keySizeInBytes + 1, bArr2, 0, keySizeInBytes);
            generatePublic = EC_KEY_FACTORY.currentWithCause().generatePublic(new ECPublicKeySpec(new ECPoint(bigInteger, new BigInteger(1, bArr2)), ((ECPrivateKey) this.privateKey).getParams()));
        } else {
            generatePublic = XDH_KEY_FACTORY.currentWithCause().generatePublic(getXECPublicKeySpec(this.supportedGroup.name(), new BigInteger(1, revert(bArr, keySizeInBytes))));
        }
        check("IN: ", generatePublic, bArr);
        KeyAgreement currentWithCause = this.supportedGroup.getAlgorithmName().equals("EC") ? ECDH_KEY_AGREEMENT.currentWithCause() : this.supportedGroup.getAlgorithmName().equals("XDH") ? XDH_KEY_AGREEMENT.currentWithCause() : null;
        if (currentWithCause == null) {
            return null;
        }
        currentWithCause.init(this.privateKey);
        currentWithCause.doPhase(generatePublic, true);
        byte[] generateSecret = currentWithCause.generateSecret();
        SecretKey create = SecretUtil.create(generateSecret, "TlsPremasterSecret");
        Bytes.clear(generateSecret);
        return create;
    }

    public byte[] getEncodedPoint() {
        return this.encodedPoint;
    }

    public SupportedGroup getSupportedGroup() {
        return this.supportedGroup;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.privateKey == null;
    }
}
