package sun.security.ec;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.interfaces.XECPrivateKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.util.function.Function;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/kohlschutter/jdk/home/modules/jdk.crypto.ec/sun/security/ec/XDHKeyAgreement.class */
public class XDHKeyAgreement extends KeyAgreementSpi {
    private byte[] privateKey;
    private byte[] secret;
    private XECOperations ops;
    private XECParameters lockedParams;

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/jdk.crypto.ec/sun/security/ec/XDHKeyAgreement$X25519.class */
    static class X25519 extends XDHKeyAgreement {
        public X25519() {
            super(NamedParameterSpec.X25519);
        }
    }

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/jdk.crypto.ec/sun/security/ec/XDHKeyAgreement$X448.class */
    static class X448 extends XDHKeyAgreement {
        public X448() {
            super(NamedParameterSpec.X448);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public XDHKeyAgreement() {
        this.lockedParams = null;
    }

    XDHKeyAgreement(AlgorithmParameterSpec algorithmParameterSpec) {
        this.lockedParams = null;
        this.lockedParams = XECParameters.get(ProviderException::new, algorithmParameterSpec);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        initImpl(key);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        initImpl(key);
        if (algorithmParameterSpec != null && !XECParameters.get(InvalidAlgorithmParameterException::new, algorithmParameterSpec).oidEquals(this.ops.getParameters())) {
            throw new InvalidKeyException("Incorrect private key parameters");
        }
    }

    private <T extends Throwable> void checkLockedParams(Function<String, T> function, XECParameters xECParameters) throws Throwable {
        if (this.lockedParams != null && this.lockedParams != xECParameters) {
            throw function.apply("Parameters must be " + this.lockedParams.getName());
        }
    }

    private void initImpl(Key key) throws InvalidKeyException {
        if (!(key instanceof XECPrivateKey)) {
            throw new InvalidKeyException("Unsupported key type");
        }
        XECPrivateKey xECPrivateKey = (XECPrivateKey) key;
        XECParameters xECParameters = XECParameters.get(InvalidKeyException::new, xECPrivateKey.getParams());
        checkLockedParams(InvalidKeyException::new, xECParameters);
        this.ops = new XECOperations(xECParameters);
        this.privateKey = xECPrivateKey.getScalar().orElseThrow(() -> {
            return new InvalidKeyException("No private key value");
        });
        this.secret = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (this.privateKey == null) {
            throw new IllegalStateException("Not initialized");
        }
        if (this.secret != null) {
            throw new IllegalStateException("Phase already executed");
        }
        if (!z) {
            throw new IllegalStateException("Only two party agreement supported, lastPhase must be true");
        }
        if (!(key instanceof XECPublicKey)) {
            throw new InvalidKeyException("Unsupported key type");
        }
        XECPublicKey xECPublicKey = (XECPublicKey) key;
        if (!this.ops.getParameters().oidEquals(XECParameters.get(InvalidKeyException::new, xECPublicKey.getParams()))) {
            throw new InvalidKeyException("Public key parameters are not compatible with private key.");
        }
        byte[] encodedPointMultiply = this.ops.encodedPointMultiply(this.privateKey, xECPublicKey.getU());
        if (allZero(encodedPointMultiply)) {
            throw new InvalidKeyException("Point has small order");
        }
        this.secret = encodedPointMultiply;
        return null;
    }

    private boolean allZero(byte[] bArr) {
        byte b = 0;
        for (byte b2 : bArr) {
            b = (byte) (b | b2);
        }
        return b == 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public byte[] engineGenerateSecret() throws IllegalStateException {
        if (this.secret == null) {
            throw new IllegalStateException("Not initialized correctly");
        }
        byte[] bArr = this.secret;
        this.secret = null;
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        if (this.secret == null) {
            throw new IllegalStateException("Not initialized correctly");
        }
        int length = this.secret.length;
        if (length > bArr.length - i) {
            throw new ShortBufferException("Need " + length + " bytes, only " + (bArr.length - i) + " available");
        }
        System.arraycopy(this.secret, 0, bArr, i, length);
        this.secret = null;
        return length;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm must not be null");
        }
        if (str.equals("TlsPremasterSecret")) {
            return new SecretKeySpec(engineGenerateSecret(), str);
        }
        throw new NoSuchAlgorithmException("Only supported for algorithm TlsPremasterSecret");
    }
}
