package com.sun.crypto.provider;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.XECKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.NamedParameterSpec;
import java.security.spec.XECPrivateKeySpec;
import java.security.spec.XECPublicKeySpec;
import java.util.Arrays;
import java.util.Objects;
import java.util.stream.Stream;
import javax.crypto.DecapsulateException;
import javax.crypto.KEM;
import javax.crypto.KEMSpi;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import sun.security.jca.JCAUtil;
import sun.security.ssl.HKDF;
import sun.security.util.ArrayUtil;
import sun.security.util.CurveDB;
import sun.security.util.ECUtil;
import sun.security.util.InternalPrivateKey;
import sun.security.util.NamedCurve;

/* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/com/sun/crypto/provider/DHKEM.class */
public class DHKEM implements KEMSpi {
    private static final byte[] KEM;
    private static final byte[] EAE_PRK;
    private static final byte[] SHARED_SECRET;
    private static final byte[] DKP_PRK;
    private static final byte[] CANDIDATE;
    private static final byte[] SK;
    private static final byte[] HPKE_V1;
    private static final byte[] EMPTY;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/com/sun/crypto/provider/DHKEM$Handler.class */
    private static final class Handler extends Record implements KEMSpi.EncapsulatorSpi, KEMSpi.DecapsulatorSpi {
        private final Params params;
        private final SecureRandom secureRandom;
        private final PrivateKey skR;
        private final PublicKey pkR;

        private Handler(Params params, SecureRandom secureRandom, PrivateKey privateKey, PublicKey publicKey) {
            this.params = params;
            this.secureRandom = secureRandom;
            this.skR = privateKey;
            this.pkR = publicKey;
        }

        /* JADX WARN: Type inference failed for: r0v18, types: [byte[], byte[][]] */
        @Override // javax.crypto.KEMSpi.EncapsulatorSpi
        public KEM.Encapsulated engineEncapsulate(int i, int i2, String str) {
            Objects.checkFromToIndex(i, i2, this.params.Nsecret);
            Objects.requireNonNull(str, "null algorithm");
            KeyPair generateKeyPair = this.params.generateKeyPair(this.secureRandom);
            PrivateKey privateKey = generateKeyPair.getPrivate();
            byte[] SerializePublicKey = this.params.SerializePublicKey(generateKeyPair.getPublic());
            try {
                return new KEM.Encapsulated(new SecretKeySpec(this.params.ExtractAndExpand(this.params.DH(privateKey, this.pkR), DHKEM.concat(new byte[]{SerializePublicKey, this.params.SerializePublicKey(this.pkR)})), i, i2 - i, str), SerializePublicKey, null);
            } catch (Exception e) {
                throw new ProviderException("internal error", e);
            }
        }

        /* JADX WARN: Type inference failed for: r0v20, types: [byte[], byte[][]] */
        @Override // javax.crypto.KEMSpi.DecapsulatorSpi
        public SecretKey engineDecapsulate(byte[] bArr, int i, int i2, String str) throws DecapsulateException {
            Objects.checkFromToIndex(i, i2, this.params.Nsecret);
            Objects.requireNonNull(str, "null algorithm");
            Objects.requireNonNull(bArr, "null encapsulation");
            if (bArr.length != this.params.Npk) {
                throw new DecapsulateException("incorrect encapsulation size");
            }
            try {
                return new SecretKeySpec(this.params.ExtractAndExpand(this.params.DH(this.skR, this.params.DeserializePublicKey(bArr)), DHKEM.concat(new byte[]{bArr, this.params.SerializePublicKey(this.pkR)})), i, i2 - i, str);
            } catch (IOException | InvalidKeyException e) {
                throw new DecapsulateException("Cannot decapsulate", e);
            } catch (Exception e2) {
                throw new ProviderException("internal error", e2);
            }
        }

        @Override // javax.crypto.KEMSpi.EncapsulatorSpi, javax.crypto.KEMSpi.DecapsulatorSpi
        public int engineSecretSize() {
            return this.params.Nsecret;
        }

        @Override // javax.crypto.KEMSpi.EncapsulatorSpi, javax.crypto.KEMSpi.DecapsulatorSpi
        public int engineEncapsulationSize() {
            return this.params.Npk;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Handler.class), Handler.class, "params;secureRandom;skR;pkR", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->params:Lcom/sun/crypto/provider/DHKEM$Params;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->secureRandom:Ljava/security/SecureRandom;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->skR:Ljava/security/PrivateKey;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->pkR:Ljava/security/PublicKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Handler.class), Handler.class, "params;secureRandom;skR;pkR", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->params:Lcom/sun/crypto/provider/DHKEM$Params;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->secureRandom:Ljava/security/SecureRandom;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->skR:Ljava/security/PrivateKey;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->pkR:Ljava/security/PublicKey;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Handler.class, Object.class), Handler.class, "params;secureRandom;skR;pkR", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->params:Lcom/sun/crypto/provider/DHKEM$Params;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->secureRandom:Ljava/security/SecureRandom;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->skR:Ljava/security/PrivateKey;", "FIELD:Lcom/sun/crypto/provider/DHKEM$Handler;->pkR:Ljava/security/PublicKey;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Params params() {
            return this.params;
        }

        public SecureRandom secureRandom() {
            return this.secureRandom;
        }

        public PrivateKey skR() {
            return this.skR;
        }

        public PublicKey pkR() {
            return this.pkR;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/com/sun/crypto/provider/DHKEM$Params.class */
    public enum Params {
        P256(16, 32, 32, 65, "ECDH", "EC", CurveDB.P_256, "SHA-256"),
        P384(17, 48, 48, 97, "ECDH", "EC", CurveDB.P_384, "SHA-384"),
        P521(18, 64, 66, 133, "ECDH", "EC", CurveDB.P_521, "SHA-512"),
        X25519(32, 32, 32, 32, "XDH", "XDH", NamedParameterSpec.X25519, "SHA-256"),
        X448(33, 64, 56, 56, "XDH", "XDH", NamedParameterSpec.X448, "SHA-512");

        private final int kem_id;
        private final int Nsecret;
        private final int Nsk;
        private final int Npk;
        private final String kaAlgorithm;
        private final String keyAlgorithm;
        private final AlgorithmParameterSpec spec;
        private final String hkdfAlgorithm;
        private final byte[] suiteId;

        /* JADX WARN: Type inference failed for: r1v10, types: [byte[], byte[][]] */
        Params(int i, int i2, int i3, int i4, String str, String str2, AlgorithmParameterSpec algorithmParameterSpec, String str3) {
            this.kem_id = i;
            this.spec = algorithmParameterSpec;
            this.Nsecret = i2;
            this.Nsk = i3;
            this.Npk = i4;
            this.kaAlgorithm = str;
            this.keyAlgorithm = str2;
            this.hkdfAlgorithm = str3;
            this.suiteId = DHKEM.concat(new byte[]{DHKEM.KEM, DHKEM.I2OSP(i, 2)});
        }

        private boolean isEC() {
            return this == P256 || this == P384 || this == P521;
        }

        private KeyPair generateKeyPair(SecureRandom secureRandom) {
            if (secureRandom instanceof RFC9180DeriveKeyPairSR) {
                return ((RFC9180DeriveKeyPairSR) secureRandom).derive(this);
            }
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyAlgorithm);
                keyPairGenerator.initialize(this.spec, secureRandom);
                return keyPairGenerator.generateKeyPair();
            } catch (Exception e) {
                throw new ProviderException("internal error", e);
            }
        }

        private byte[] SerializePublicKey(PublicKey publicKey) {
            if (isEC()) {
                return ECUtil.encodePoint(((ECPublicKey) publicKey).getW(), ((NamedCurve) this.spec).getCurve());
            }
            byte[] byteArray = ((XECPublicKey) publicKey).getU().toByteArray();
            ArrayUtil.reverse(byteArray);
            return Arrays.copyOf(byteArray, this.Npk);
        }

        private PublicKey DeserializePublicKey(byte[] bArr) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
            KeySpec xECPublicKeySpec;
            if (isEC()) {
                NamedCurve namedCurve = (NamedCurve) this.spec;
                xECPublicKeySpec = new ECPublicKeySpec(ECUtil.decodePoint(bArr, namedCurve.getCurve()), namedCurve);
            } else {
                byte[] bArr2 = (byte[]) bArr.clone();
                ArrayUtil.reverse(bArr2);
                xECPublicKeySpec = new XECPublicKeySpec(this.spec, new BigInteger(1, bArr2));
            }
            return KeyFactory.getInstance(this.keyAlgorithm).generatePublic(xECPublicKeySpec);
        }

        private byte[] DH(PrivateKey privateKey, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(this.kaAlgorithm);
            keyAgreement.init(privateKey);
            keyAgreement.doPhase(publicKey, true);
            return keyAgreement.generateSecret();
        }

        private byte[] ExtractAndExpand(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
            HKDF hkdf = new HKDF(this.hkdfAlgorithm);
            return DHKEM.LabeledExpand(hkdf, this.suiteId, DHKEM.LabeledExtract(hkdf, this.suiteId, null, DHKEM.EAE_PRK, bArr), DHKEM.SHARED_SECRET, bArr2, this.Nsecret);
        }

        private PublicKey getPublicKey(PrivateKey privateKey) throws InvalidKeyException {
            if (!(privateKey instanceof InternalPrivateKey)) {
                try {
                    privateKey = (PrivateKey) KeyFactory.getInstance(this.keyAlgorithm, "SunEC").translateKey(privateKey);
                } catch (Exception e) {
                    throw new InvalidKeyException("Error translating key", e);
                }
            }
            if (!(privateKey instanceof InternalPrivateKey)) {
                throw new ProviderException("Unknown key");
            }
            try {
                return ((InternalPrivateKey) privateKey).calculatePublicKey();
            } catch (UnsupportedOperationException e2) {
                throw new InvalidKeyException("Error retrieving key", e2);
            }
        }

        public KeyPair deriveKeyPair(byte[] bArr) throws Exception {
            HKDF hkdf = new HKDF(this.hkdfAlgorithm);
            SecretKey LabeledExtract = DHKEM.LabeledExtract(hkdf, this.suiteId, null, DHKEM.DKP_PRK, bArr);
            if (!isEC()) {
                PrivateKey DeserializePrivateKey = DeserializePrivateKey(DHKEM.LabeledExpand(hkdf, this.suiteId, LabeledExtract, DHKEM.SK, DHKEM.EMPTY, this.Nsk));
                return new KeyPair(getPublicKey(DeserializePrivateKey), DeserializePrivateKey);
            }
            NamedCurve namedCurve = (NamedCurve) this.spec;
            BigInteger bigInteger = BigInteger.ZERO;
            int i = 0;
            while (true) {
                int i2 = i;
                if (bigInteger.signum() != 0 && bigInteger.compareTo(namedCurve.getOrder()) < 0) {
                    PrivateKey DeserializePrivateKey2 = DeserializePrivateKey(bigInteger.toByteArray());
                    return new KeyPair(getPublicKey(DeserializePrivateKey2), DeserializePrivateKey2);
                }
                if (i2 > 255) {
                    throw new RuntimeException();
                }
                byte[] LabeledExpand = DHKEM.LabeledExpand(hkdf, this.suiteId, LabeledExtract, DHKEM.CANDIDATE, DHKEM.I2OSP(i2, 1), this.Nsk);
                if (this == P521) {
                    LabeledExpand[0] = (byte) (LabeledExpand[0] & 1);
                }
                bigInteger = new BigInteger(1, LabeledExpand);
                i = i2 + 1;
            }
        }

        private PrivateKey DeserializePrivateKey(byte[] bArr) throws Exception {
            return KeyFactory.getInstance(this.keyAlgorithm).generatePrivate(isEC() ? new ECPrivateKeySpec(new BigInteger(1, bArr), (NamedCurve) this.spec) : new XECPrivateKeySpec(this.spec, bArr));
        }
    }

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/com/sun/crypto/provider/DHKEM$RFC9180DeriveKeyPairSR.class */
    public static class RFC9180DeriveKeyPairSR extends SecureRandom {
        static final long serialVersionUID = 0;
        private final byte[] ikm;

        public RFC9180DeriveKeyPairSR(byte[] bArr) {
            super(null, null);
            this.ikm = bArr;
        }

        public KeyPair derive(Params params) {
            try {
                return params.deriveKeyPair(this.ikm);
            } catch (Exception e) {
                throw new UnsupportedOperationException(e);
            }
        }

        public KeyPair derive(int i) {
            return derive((Params) Arrays.stream(Params.values()).filter(params -> {
                return params.kem_id == i;
            }).findFirst().orElseThrow());
        }
    }

    private static SecureRandom getSecureRandom(SecureRandom secureRandom) {
        return secureRandom != null ? secureRandom : JCAUtil.getSecureRandom();
    }

    @Override // javax.crypto.KEMSpi
    public KEMSpi.EncapsulatorSpi engineNewEncapsulator(PublicKey publicKey, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException, InvalidKeyException {
        if (publicKey == null) {
            throw new InvalidKeyException("input key is null");
        }
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("no spec needed");
        }
        return new Handler(paramsFromKey(publicKey), getSecureRandom(secureRandom), null, publicKey);
    }

    @Override // javax.crypto.KEMSpi
    public KEMSpi.DecapsulatorSpi engineNewDecapsulator(PrivateKey privateKey, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException, InvalidKeyException {
        if (privateKey == null) {
            throw new InvalidKeyException("input key is null");
        }
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("no spec needed");
        }
        Params paramsFromKey = paramsFromKey(privateKey);
        return new Handler(paramsFromKey, null, privateKey, paramsFromKey.getPublicKey(privateKey));
    }

    private Params paramsFromKey(Key key) throws InvalidKeyException {
        if (key instanceof ECKey) {
            ECKey eCKey = (ECKey) key;
            if (ECUtil.equals(eCKey.getParams(), CurveDB.P_256)) {
                return Params.P256;
            }
            if (ECUtil.equals(eCKey.getParams(), CurveDB.P_384)) {
                return Params.P384;
            }
            if (ECUtil.equals(eCKey.getParams(), CurveDB.P_521)) {
                return Params.P521;
            }
        } else if (key instanceof XECKey) {
            AlgorithmParameterSpec params = ((XECKey) key).getParams();
            if (params instanceof NamedParameterSpec) {
                NamedParameterSpec namedParameterSpec = (NamedParameterSpec) params;
                if (namedParameterSpec.getName().equals("X25519")) {
                    return Params.X25519;
                }
                if (namedParameterSpec.getName().equals("X448")) {
                    return Params.X448;
                }
            }
        }
        throw new InvalidKeyException("Unsupported key");
    }

    private static byte[] concat(byte[]... bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Stream stream = Arrays.stream(bArr);
        Objects.requireNonNull(byteArrayOutputStream);
        stream.forEach(byteArrayOutputStream::writeBytes);
        return byteArrayOutputStream.toByteArray();
    }

    private static byte[] I2OSP(int i, int i2) {
        if (!$assertionsDisabled && i >= 256) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || i2 == 1 || i2 == 2) {
            return i2 == 1 ? new byte[]{(byte) i} : new byte[]{(byte) (i >> 8), (byte) i};
        }
        throw new AssertionError();
    }

    /* JADX WARN: Type inference failed for: r4v1, types: [byte[], byte[][]] */
    private static SecretKey LabeledExtract(HKDF hkdf, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws InvalidKeyException {
        return hkdf.extract(bArr2, new SecretKeySpec(concat(new byte[]{HPKE_V1, bArr, bArr3, bArr4}), "IKM"), "HKDF-PRK");
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    private static byte[] LabeledExpand(HKDF hkdf, byte[] bArr, SecretKey secretKey, byte[] bArr2, byte[] bArr3, int i) throws InvalidKeyException {
        return hkdf.expand(secretKey, concat(new byte[]{I2OSP(i, 2), HPKE_V1, bArr, bArr2, bArr3}), i, "NONE").getEncoded();
    }

    static {
        $assertionsDisabled = !DHKEM.class.desiredAssertionStatus();
        KEM = new byte[]{75, 69, 77};
        EAE_PRK = new byte[]{101, 97, 101, 95, 112, 114, 107};
        SHARED_SECRET = new byte[]{115, 104, 97, 114, 101, 100, 95, 115, 101, 99, 114, 101, 116};
        DKP_PRK = new byte[]{100, 107, 112, 95, 112, 114, 107};
        CANDIDATE = new byte[]{99, 97, 110, 100, 105, 100, 97, 116, 101};
        SK = new byte[]{115, 107};
        HPKE_V1 = new byte[]{72, 80, 75, 69, 45, 118, 49};
        EMPTY = new byte[0];
    }
}
