package org.bouncycastle.tls.crypto.impl.jcajce;

import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Hashtable;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
import org.bouncycastle.tls.DigitallySigned;
import org.bouncycastle.tls.NamedGroup;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.SignatureScheme;
import org.bouncycastle.tls.TlsDHUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.SRP6Group;
import org.bouncycastle.tls.crypto.Tls13Verifier;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsCryptoException;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsDHDomain;
import org.bouncycastle.tls.crypto.TlsECConfig;
import org.bouncycastle.tls.crypto.TlsECDomain;
import org.bouncycastle.tls.crypto.TlsHMAC;
import org.bouncycastle.tls.crypto.TlsHash;
import org.bouncycastle.tls.crypto.TlsNonceGenerator;
import org.bouncycastle.tls.crypto.TlsSRP6Client;
import org.bouncycastle.tls.crypto.TlsSRP6Server;
import org.bouncycastle.tls.crypto.TlsSRP6VerifierGenerator;
import org.bouncycastle.tls.crypto.TlsSRPConfig;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.tls.crypto.TlsStreamSigner;
import org.bouncycastle.tls.crypto.TlsStreamVerifier;
import org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto;
import org.bouncycastle.tls.crypto.impl.TlsAEADCipher;
import org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl;
import org.bouncycastle.tls.crypto.impl.TlsBlockCipher;
import org.bouncycastle.tls.crypto.impl.TlsBlockCipherImpl;
import org.bouncycastle.tls.crypto.impl.TlsImplUtils;
import org.bouncycastle.tls.crypto.impl.TlsNullCipher;
import org.bouncycastle.tls.crypto.impl.jcajce.srp.SRP6Client;
import org.bouncycastle.tls.crypto.impl.jcajce.srp.SRP6Server;
import org.bouncycastle.tls.crypto.impl.jcajce.srp.SRP6VerifierGenerator;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.jose4j.jwe.SimpleAeadCipher;
import org.jose4j.keys.AesKey;
import org.jose4j.mac.MacUtil;

/* loaded from: input_file:BOOT-INF/lib/bctls-jdk18on-1.76.jar:org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.class */
public class JcaTlsCrypto extends AbstractTlsCrypto {
    private final JcaJceHelper helper;
    private final SecureRandom entropySource;
    private final SecureRandom nonceEntropySource;
    private final Hashtable supportedEncryptionAlgorithms = new Hashtable();
    private final Hashtable supportedNamedGroups = new Hashtable();
    private final Hashtable supportedOther = new Hashtable();

    /* JADX INFO: Access modifiers changed from: protected */
    public JcaTlsCrypto(JcaJceHelper jcaJceHelper, SecureRandom secureRandom, SecureRandom secureRandom2) {
        this.helper = jcaJceHelper;
        this.entropySource = secureRandom;
        this.nonceEntropySource = secureRandom2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JceTlsSecret adoptLocalSecret(byte[] bArr) {
        return new JceTlsSecret(this, bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Cipher createRSAEncryptionCipher() throws GeneralSecurityException {
        try {
            return getHelper().createCipher("RSA/NONE/PKCS1Padding");
        } catch (GeneralSecurityException e) {
            return getHelper().createCipher("RSA/ECB/PKCS1Padding");
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsNonceGenerator createNonceGenerator(byte[] bArr) {
        return new JcaNonceGenerator(this.nonceEntropySource, bArr);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public SecureRandom getSecureRandom() {
        return this.entropySource;
    }

    public byte[] calculateKeyAgreement(String str, PrivateKey privateKey, PublicKey publicKey, String str2) throws GeneralSecurityException {
        KeyAgreement createKeyAgreement = this.helper.createKeyAgreement(str);
        createKeyAgreement.init(privateKey);
        createKeyAgreement.doPhase(publicKey, true);
        try {
            return createKeyAgreement.generateSecret(str2).getEncoded();
        } catch (NoSuchAlgorithmException e) {
            if ("X25519".equals(str) || "X448".equals(str)) {
                return createKeyAgreement.generateSecret();
            }
            throw e;
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsCertificate createCertificate(byte[] bArr) throws IOException {
        return createCertificate((short) 0, bArr);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsCertificate createCertificate(short s, byte[] bArr) throws IOException {
        if (s != 0) {
            throw new TlsFatalAlert((short) 43);
        }
        return new JcaTlsCertificate(this, bArr);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsCipher createCipher(TlsCryptoParameters tlsCryptoParameters, int i, int i2) throws IOException {
        try {
            switch (i) {
                case 0:
                    return createNullCipher(tlsCryptoParameters, i2);
                case 1:
                case 2:
                case 3:
                case 4:
                case 5:
                case 6:
                default:
                    throw new TlsFatalAlert((short) 80);
                case 7:
                    return createCipher_CBC(tlsCryptoParameters, "DESede", 24, i2);
                case 8:
                    return createCipher_CBC(tlsCryptoParameters, AesKey.ALGORITHM, 16, i2);
                case 9:
                    return createCipher_CBC(tlsCryptoParameters, AesKey.ALGORITHM, 32, i2);
                case 10:
                    return createCipher_AES_GCM(tlsCryptoParameters, 16, 16);
                case 11:
                    return createCipher_AES_GCM(tlsCryptoParameters, 32, 16);
                case 12:
                    return createCipher_CBC(tlsCryptoParameters, "Camellia", 16, i2);
                case 13:
                    return createCipher_CBC(tlsCryptoParameters, "Camellia", 32, i2);
                case 14:
                    return createCipher_CBC(tlsCryptoParameters, "SEED", 16, i2);
                case 15:
                    return createCipher_AES_CCM(tlsCryptoParameters, 16, 16);
                case 16:
                    return createCipher_AES_CCM(tlsCryptoParameters, 16, 8);
                case 17:
                    return createCipher_AES_CCM(tlsCryptoParameters, 32, 16);
                case 18:
                    return createCipher_AES_CCM(tlsCryptoParameters, 32, 8);
                case 19:
                    return createCipher_Camellia_GCM(tlsCryptoParameters, 16, 16);
                case 20:
                    return createCipher_Camellia_GCM(tlsCryptoParameters, 32, 16);
                case 21:
                    return createChaCha20Poly1305(tlsCryptoParameters);
                case 22:
                    return createCipher_CBC(tlsCryptoParameters, "ARIA", 16, i2);
                case 23:
                    return createCipher_CBC(tlsCryptoParameters, "ARIA", 32, i2);
                case 24:
                    return createCipher_ARIA_GCM(tlsCryptoParameters, 16, 16);
                case 25:
                    return createCipher_ARIA_GCM(tlsCryptoParameters, 32, 16);
                case 26:
                    return createCipher_SM4_CCM(tlsCryptoParameters);
                case 27:
                    return createCipher_SM4_GCM(tlsCryptoParameters);
                case 28:
                    return createCipher_CBC(tlsCryptoParameters, "SM4", 16, i2);
            }
        } catch (GeneralSecurityException e) {
            throw new TlsCryptoException("cannot create cipher: " + e.getMessage(), e);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsHMAC createHMAC(int i) {
        switch (i) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
                return createHMACForHash(TlsCryptoUtils.getHashForHMAC(i));
            default:
                throw new IllegalArgumentException("invalid MACAlgorithm: " + i);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsHMAC createHMACForHash(int i) {
        String hMACAlgorithmName = getHMACAlgorithmName(i);
        try {
            return new JceTlsHMAC(i, this.helper.createMac(hMACAlgorithmName), hMACAlgorithmName);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("cannot create HMAC: " + hMACAlgorithmName, e);
        }
    }

    protected TlsHMAC createHMAC_SSL(int i) throws GeneralSecurityException, IOException {
        switch (i) {
            case 1:
                return new JcaSSL3HMAC(createHash(getDigestName(1)), 16, 64);
            case 2:
                return new JcaSSL3HMAC(createHash(getDigestName(2)), 20, 64);
            case 3:
                return new JcaSSL3HMAC(createHash(getDigestName(4)), 32, 64);
            case 4:
                return new JcaSSL3HMAC(createHash(getDigestName(5)), 48, 128);
            case 5:
                return new JcaSSL3HMAC(createHash(getDigestName(6)), 64, 128);
            default:
                throw new TlsFatalAlert((short) 80);
        }
    }

    protected TlsHMAC createMAC(TlsCryptoParameters tlsCryptoParameters, int i) throws GeneralSecurityException, IOException {
        return TlsImplUtils.isSSL(tlsCryptoParameters) ? createHMAC_SSL(i) : createHMAC(i);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsSRP6Client createSRP6Client(TlsSRPConfig tlsSRPConfig) {
        final SRP6Client sRP6Client = new SRP6Client();
        BigInteger[] explicitNG = tlsSRPConfig.getExplicitNG();
        sRP6Client.init(new SRP6Group(explicitNG[0], explicitNG[1]), createHash(2), getSecureRandom());
        return new TlsSRP6Client() { // from class: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto.1
            @Override // org.bouncycastle.tls.crypto.TlsSRP6Client
            public BigInteger calculateSecret(BigInteger bigInteger) throws TlsFatalAlert {
                try {
                    return sRP6Client.calculateSecret(bigInteger);
                } catch (IllegalArgumentException e) {
                    throw new TlsFatalAlert((short) 47, (Throwable) e);
                }
            }

            @Override // org.bouncycastle.tls.crypto.TlsSRP6Client
            public BigInteger generateClientCredentials(byte[] bArr, byte[] bArr2, byte[] bArr3) {
                return sRP6Client.generateClientCredentials(bArr, bArr2, bArr3);
            }
        };
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsSRP6Server createSRP6Server(TlsSRPConfig tlsSRPConfig, BigInteger bigInteger) {
        final SRP6Server sRP6Server = new SRP6Server();
        BigInteger[] explicitNG = tlsSRPConfig.getExplicitNG();
        sRP6Server.init(new SRP6Group(explicitNG[0], explicitNG[1]), bigInteger, createHash(2), getSecureRandom());
        return new TlsSRP6Server() { // from class: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto.2
            @Override // org.bouncycastle.tls.crypto.TlsSRP6Server
            public BigInteger generateServerCredentials() {
                return sRP6Server.generateServerCredentials();
            }

            @Override // org.bouncycastle.tls.crypto.TlsSRP6Server
            public BigInteger calculateSecret(BigInteger bigInteger2) throws IOException {
                try {
                    return sRP6Server.calculateSecret(bigInteger2);
                } catch (IllegalArgumentException e) {
                    throw new TlsFatalAlert((short) 47, (Throwable) e);
                }
            }
        };
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig tlsSRPConfig) {
        BigInteger[] explicitNG = tlsSRPConfig.getExplicitNG();
        final SRP6VerifierGenerator sRP6VerifierGenerator = new SRP6VerifierGenerator();
        sRP6VerifierGenerator.init(explicitNG[0], explicitNG[1], createHash(2));
        return new TlsSRP6VerifierGenerator() { // from class: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto.3
            @Override // org.bouncycastle.tls.crypto.TlsSRP6VerifierGenerator
            public BigInteger generateVerifier(byte[] bArr, byte[] bArr2, byte[] bArr3) {
                return sRP6VerifierGenerator.generateVerifier(bArr, bArr2, bArr3);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHMACAlgorithmName(int i) {
        switch (i) {
            case 1:
                return "HmacMD5";
            case 2:
                return "HmacSHA1";
            case 3:
                return "HmacSHA224";
            case 4:
                return MacUtil.HMAC_SHA256;
            case 5:
                return MacUtil.HMAC_SHA384;
            case 6:
                return MacUtil.HMAC_SHA512;
            case 7:
                return "HmacSM3";
            default:
                throw new IllegalArgumentException("invalid CryptoHashAlgorithm: " + i);
        }
    }

    public AlgorithmParameters getNamedGroupAlgorithmParameters(int i) throws GeneralSecurityException {
        if (NamedGroup.refersToAnXDHCurve(i)) {
            switch (i) {
                case 29:
                case 30:
                    return null;
            }
        }
        if (NamedGroup.refersToAnECDSACurve(i)) {
            return ECUtil.getAlgorithmParameters(this, NamedGroup.getCurveName(i));
        }
        if (NamedGroup.refersToASpecificFiniteField(i)) {
            return DHUtil.getAlgorithmParameters(this, TlsDHUtils.getNamedDHGroup(i));
        }
        throw new IllegalArgumentException("NamedGroup not supported: " + NamedGroup.getText(i));
    }

    public AlgorithmParameters getSignatureSchemeAlgorithmParameters(int i) throws GeneralSecurityException {
        int cryptoHashAlgorithm;
        if (!SignatureScheme.isRSAPSS(i) || (cryptoHashAlgorithm = SignatureScheme.getCryptoHashAlgorithm(i)) < 0) {
            return null;
        }
        String digestName = getDigestName(cryptoHashAlgorithm);
        String str = RSAUtil.getDigestSigAlgName(digestName) + "WITHRSAANDMGF1";
        AlgorithmParameterSpec pSSParameterSpec = RSAUtil.getPSSParameterSpec(cryptoHashAlgorithm, digestName, getHelper());
        Signature createSignature = getHelper().createSignature(str);
        createSignature.setParameter(pSSParameterSpec);
        return createSignature.getParameters();
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0021. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0086 A[LOOP:0: B:2:0x000c->B:17:0x0086, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:18:0x0084 A[SYNTHETIC] */
    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean hasAnyStreamVerifiers(java.util.Vector r4) {
        /*
            r3 = this;
            boolean r0 = org.bouncycastle.tls.crypto.impl.jcajce.JcaUtils.isSunMSCAPIProviderActive()
            r5 = r0
            r0 = 0
            r6 = r0
            r0 = r4
            int r0 = r0.size()
            r7 = r0
        Lc:
            r0 = r6
            r1 = r7
            if (r0 >= r1) goto L8c
            r0 = r4
            r1 = r6
            java.lang.Object r0 = r0.elementAt(r1)
            org.bouncycastle.tls.SignatureAndHashAlgorithm r0 = (org.bouncycastle.tls.SignatureAndHashAlgorithm) r0
            r8 = r0
            r0 = r8
            short r0 = r0.getSignature()
            switch(r0) {
                case 1: goto L3c;
                case 2: goto L42;
                default: goto L51;
            }
        L3c:
            r0 = r5
            if (r0 == 0) goto L51
            r0 = 1
            return r0
        L42:
            r0 = r8
            short r0 = r0.getHash()
            int r0 = org.bouncycastle.tls.HashAlgorithm.getOutputSize(r0)
            r1 = 20
            if (r0 == r1) goto L51
            r0 = 1
            return r0
        L51:
            r0 = r8
            int r0 = org.bouncycastle.tls.SignatureScheme.from(r0)
            switch(r0) {
                case 2052: goto L84;
                case 2053: goto L84;
                case 2054: goto L84;
                case 2055: goto L84;
                case 2056: goto L84;
                case 2057: goto L84;
                case 2058: goto L84;
                case 2059: goto L84;
                default: goto L86;
            }
        L84:
            r0 = 1
            return r0
        L86:
            int r6 = r6 + 1
            goto Lc
        L8c:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto.hasAnyStreamVerifiers(java.util.Vector):boolean");
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasAnyStreamVerifiersLegacy(short[] sArr) {
        return false;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasCryptoHashAlgorithm(int i) {
        return true;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasCryptoSignatureAlgorithm(int i) {
        switch (i) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 11:
                return true;
            case 64:
            case 65:
            case 200:
            default:
                return false;
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasDHAgreement() {
        return true;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasECDHAgreement() {
        return true;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasEncryptionAlgorithm(int i) {
        Integer valueOf = Integers.valueOf(i);
        synchronized (this.supportedEncryptionAlgorithms) {
            Boolean bool = (Boolean) this.supportedEncryptionAlgorithms.get(valueOf);
            if (bool != null) {
                return bool.booleanValue();
            }
            Boolean isSupportedEncryptionAlgorithm = isSupportedEncryptionAlgorithm(i);
            if (null == isSupportedEncryptionAlgorithm) {
                return false;
            }
            synchronized (this.supportedEncryptionAlgorithms) {
                Boolean bool2 = (Boolean) this.supportedEncryptionAlgorithms.put(valueOf, isSupportedEncryptionAlgorithm);
                if (null != bool2 && isSupportedEncryptionAlgorithm != bool2) {
                    this.supportedEncryptionAlgorithms.put(valueOf, bool2);
                    isSupportedEncryptionAlgorithm = bool2;
                }
            }
            return isSupportedEncryptionAlgorithm.booleanValue();
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasHKDFAlgorithm(int i) {
        switch (i) {
            case 4:
            case 5:
            case 6:
            case 7:
                return true;
            default:
                return false;
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasMacAlgorithm(int i) {
        switch (i) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
                return true;
            default:
                return false;
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasNamedGroup(int i) {
        Integer valueOf = Integers.valueOf(i);
        synchronized (this.supportedNamedGroups) {
            Boolean bool = (Boolean) this.supportedNamedGroups.get(valueOf);
            if (null != bool) {
                return bool.booleanValue();
            }
            Boolean isSupportedNamedGroup = isSupportedNamedGroup(i);
            if (null == isSupportedNamedGroup) {
                return false;
            }
            synchronized (this.supportedNamedGroups) {
                Boolean bool2 = (Boolean) this.supportedNamedGroups.put(valueOf, isSupportedNamedGroup);
                if (null != bool2 && isSupportedNamedGroup != bool2) {
                    this.supportedNamedGroups.put(valueOf, bool2);
                    isSupportedNamedGroup = bool2;
                }
            }
            return isSupportedNamedGroup.booleanValue();
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasRSAEncryption() {
        Boolean bool;
        synchronized (this.supportedOther) {
            Boolean bool2 = (Boolean) this.supportedOther.get("KE_RSA");
            if (bool2 != null) {
                return bool2.booleanValue();
            }
            try {
                createRSAEncryptionCipher();
                bool = Boolean.TRUE;
            } catch (GeneralSecurityException e) {
                bool = Boolean.FALSE;
            }
            synchronized (this.supportedOther) {
                Boolean bool3 = (Boolean) this.supportedOther.put("KE_RSA", bool);
                if (null != bool3 && bool != bool3) {
                    this.supportedOther.put("KE_RSA", bool3);
                    bool = bool3;
                }
            }
            return bool.booleanValue();
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasSignatureAlgorithm(short s) {
        switch (s) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 11:
            case 26:
            case 27:
            case 28:
                return true;
            case 12:
            case 13:
            case 14:
            case 15:
            case 16:
            case 17:
            case 18:
            case 19:
            case 20:
            case 21:
            case 22:
            case 23:
            case 24:
            case 25:
            case 29:
            case 30:
            case 31:
            case 32:
            case 33:
            case 34:
            case 35:
            case 36:
            case 37:
            case 38:
            case 39:
            case 40:
            case 41:
            case 42:
            case 43:
            case 44:
            case 45:
            case 46:
            case 47:
            case 48:
            case 49:
            case 50:
            case 51:
            case 52:
            case 53:
            case 54:
            case 55:
            case 56:
            case 57:
            case 58:
            case 59:
            case 60:
            case 61:
            case 62:
            case 63:
            case 64:
            case 65:
            default:
                return false;
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        short signature = signatureAndHashAlgorithm.getSignature();
        switch (signatureAndHashAlgorithm.getHash()) {
            case 1:
                return 1 == signature && hasSignatureAlgorithm(signature);
            case 3:
                return !JcaUtils.isSunMSCAPIProviderActive() && hasSignatureAlgorithm(signature);
            default:
                return hasSignatureAlgorithm(signature);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasSignatureScheme(int i) {
        switch (i) {
            case SignatureScheme.sm2sig_sm3 /* 1800 */:
                return false;
            default:
                short signatureAlgorithm = SignatureScheme.getSignatureAlgorithm(i);
                switch (SignatureScheme.getCryptoHashAlgorithm(i)) {
                    case 1:
                        return 1 == signatureAlgorithm && hasSignatureAlgorithm(signatureAlgorithm);
                    case 3:
                        return !JcaUtils.isSunMSCAPIProviderActive() && hasSignatureAlgorithm(signatureAlgorithm);
                    default:
                        return hasSignatureAlgorithm(signatureAlgorithm);
                }
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public boolean hasSRPAuthentication() {
        return true;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsSecret createSecret(byte[] bArr) {
        return adoptLocalSecret(Arrays.clone(bArr));
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsSecret generateRSAPreMasterSecret(ProtocolVersion protocolVersion) {
        byte[] bArr = new byte[48];
        getSecureRandom().nextBytes(bArr);
        TlsUtils.writeVersion(protocolVersion, bArr, 0);
        return adoptLocalSecret(bArr);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsHash createHash(int i) {
        try {
            return createHash(getDigestName(i));
        } catch (GeneralSecurityException e) {
            throw Exceptions.illegalArgumentException("unable to create message digest:" + e.getMessage(), e);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsDHDomain createDHDomain(TlsDHConfig tlsDHConfig) {
        return new JceTlsDHDomain(this, tlsDHConfig);
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsECDomain createECDomain(TlsECConfig tlsECConfig) {
        switch (tlsECConfig.getNamedGroup()) {
            case 29:
                return new JceX25519Domain(this);
            case 30:
                return new JceX448Domain(this);
            default:
                return new JceTlsECDomain(this, tlsECConfig);
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsCrypto
    public TlsSecret hkdfInit(int i) {
        return adoptLocalSecret(new byte[TlsCryptoUtils.getHashOutputSize(i)]);
    }

    protected TlsAEADCipherImpl createAEADCipher(String str, String str2, int i, boolean z) throws GeneralSecurityException {
        return new JceAEADCipherImpl(this, this.helper, str, str2, i, z);
    }

    protected TlsBlockCipherImpl createBlockCipher(String str, String str2, int i, boolean z) throws GeneralSecurityException {
        return new JceBlockCipherImpl(this, this.helper.createCipher(str), str2, i, z);
    }

    protected TlsBlockCipherImpl createBlockCipherWithCBCImplicitIV(String str, String str2, int i, boolean z) throws GeneralSecurityException {
        return new JceBlockCipherWithCBCImplicitIVImpl(this, this.helper.createCipher(str), str2, z);
    }

    protected TlsHash createHash(String str) throws GeneralSecurityException {
        return new JcaTlsHash(this.helper.createMessageDigest(str));
    }

    protected TlsNullCipher createNullCipher(TlsCryptoParameters tlsCryptoParameters, int i) throws IOException, GeneralSecurityException {
        return new TlsNullCipher(tlsCryptoParameters, createMAC(tlsCryptoParameters, i), createMAC(tlsCryptoParameters, i));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TlsStreamSigner createStreamSigner(SignatureAndHashAlgorithm signatureAndHashAlgorithm, PrivateKey privateKey, boolean z) throws IOException {
        return createStreamSigner(JcaUtils.getJcaAlgorithmName(signatureAndHashAlgorithm), null, privateKey, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TlsStreamSigner createStreamSigner(String str, AlgorithmParameterSpec algorithmParameterSpec, PrivateKey privateKey, boolean z) throws IOException {
        SecureRandom secureRandom;
        if (z) {
            try {
                secureRandom = getSecureRandom();
            } catch (GeneralSecurityException e) {
                throw new TlsFatalAlert((short) 80, (Throwable) e);
            }
        } else {
            secureRandom = null;
        }
        SecureRandom secureRandom2 = secureRandom;
        JcaJceHelper helper = getHelper();
        if (null != algorithmParameterSpec) {
            Signature createSignature = helper.createSignature(str);
            createSignature.initSign(privateKey, secureRandom2);
            helper = new ProviderJcaJceHelper(createSignature.getProvider());
        }
        Signature createSignature2 = helper.createSignature(str);
        if (null != algorithmParameterSpec) {
            createSignature2.setParameter(algorithmParameterSpec);
        }
        createSignature2.initSign(privateKey, secureRandom2);
        return new JcaTlsStreamSigner(createSignature2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TlsStreamVerifier createStreamVerifier(DigitallySigned digitallySigned, PublicKey publicKey) throws IOException {
        return createStreamVerifier(JcaUtils.getJcaAlgorithmName(digitallySigned.getAlgorithm()), null, digitallySigned.getSignature(), publicKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TlsStreamVerifier createStreamVerifier(String str, AlgorithmParameterSpec algorithmParameterSpec, byte[] bArr, PublicKey publicKey) throws IOException {
        try {
            JcaJceHelper helper = getHelper();
            if (null != algorithmParameterSpec) {
                Signature createSignature = helper.createSignature(str);
                createSignature.initVerify(publicKey);
                helper = new ProviderJcaJceHelper(createSignature.getProvider());
            }
            Signature createSignature2 = helper.createSignature(str);
            if (null != algorithmParameterSpec) {
                createSignature2.setParameter(algorithmParameterSpec);
            }
            createSignature2.initVerify(publicKey);
            return new JcaTlsStreamVerifier(createSignature2, bArr);
        } catch (GeneralSecurityException e) {
            throw new TlsFatalAlert((short) 80, (Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Tls13Verifier createTls13Verifier(String str, AlgorithmParameterSpec algorithmParameterSpec, PublicKey publicKey) throws IOException {
        try {
            JcaJceHelper helper = getHelper();
            if (null != algorithmParameterSpec) {
                Signature createSignature = helper.createSignature(str);
                createSignature.initVerify(publicKey);
                helper = new ProviderJcaJceHelper(createSignature.getProvider());
            }
            Signature createSignature2 = helper.createSignature(str);
            if (null != algorithmParameterSpec) {
                createSignature2.setParameter(algorithmParameterSpec);
            }
            createSignature2.initVerify(publicKey);
            return new JcaTls13Verifier(createSignature2);
        } catch (GeneralSecurityException e) {
            throw new TlsFatalAlert((short) 80, (Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TlsStreamSigner createVerifyingStreamSigner(SignatureAndHashAlgorithm signatureAndHashAlgorithm, PrivateKey privateKey, boolean z, PublicKey publicKey) throws IOException {
        return createVerifyingStreamSigner(JcaUtils.getJcaAlgorithmName(signatureAndHashAlgorithm), null, privateKey, z, publicKey);
    }

    protected TlsStreamSigner createVerifyingStreamSigner(String str, AlgorithmParameterSpec algorithmParameterSpec, PrivateKey privateKey, boolean z, PublicKey publicKey) throws IOException {
        try {
            Signature createSignature = getHelper().createSignature(str);
            Signature createSignature2 = getHelper().createSignature(str);
            if (null != algorithmParameterSpec) {
                createSignature.setParameter(algorithmParameterSpec);
                createSignature2.setParameter(algorithmParameterSpec);
            }
            createSignature.initSign(privateKey, z ? getSecureRandom() : null);
            createSignature2.initVerify(publicKey);
            return new JcaVerifyingStreamSigner(createSignature, createSignature2);
        } catch (GeneralSecurityException e) {
            throw new TlsFatalAlert((short) 80, (Throwable) e);
        }
    }

    protected Boolean isSupportedEncryptionAlgorithm(int i) {
        switch (i) {
            case 0:
                return Boolean.TRUE;
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
                return Boolean.FALSE;
            case 7:
                return Boolean.valueOf(isUsableCipher("DESede/CBC/NoPadding", 192));
            case 8:
                return Boolean.valueOf(isUsableCipher("AES/CBC/NoPadding", 128));
            case 9:
                return Boolean.valueOf(isUsableCipher("AES/CBC/NoPadding", 256));
            case 10:
                return Boolean.valueOf(isUsableCipher(SimpleAeadCipher.GCM_TRANSFORMATION_NAME, 128));
            case 11:
                return Boolean.valueOf(isUsableCipher(SimpleAeadCipher.GCM_TRANSFORMATION_NAME, 256));
            case 12:
                return Boolean.valueOf(isUsableCipher("Camellia/CBC/NoPadding", 128));
            case 13:
                return Boolean.valueOf(isUsableCipher("Camellia/CBC/NoPadding", 256));
            case 14:
                return Boolean.valueOf(isUsableCipher("SEED/CBC/NoPadding", 128));
            case 15:
            case 16:
                return Boolean.valueOf(isUsableCipher("AES/CCM/NoPadding", 128));
            case 17:
            case 18:
                return Boolean.valueOf(isUsableCipher("AES/CCM/NoPadding", 256));
            case 19:
                return Boolean.valueOf(isUsableCipher("Camellia/GCM/NoPadding", 128));
            case 20:
                return Boolean.valueOf(isUsableCipher("Camellia/GCM/NoPadding", 256));
            case 21:
                return Boolean.valueOf(isUsableCipher("ChaCha7539", 256) && isUsableMAC("Poly1305"));
            case 22:
                return Boolean.valueOf(isUsableCipher("ARIA/CBC/NoPadding", 128));
            case 23:
                return Boolean.valueOf(isUsableCipher("ARIA/CBC/NoPadding", 256));
            case 24:
                return Boolean.valueOf(isUsableCipher("ARIA/GCM/NoPadding", 128));
            case 25:
                return Boolean.valueOf(isUsableCipher("ARIA/GCM/NoPadding", 256));
            case 26:
                return Boolean.valueOf(isUsableCipher("SM4/CCM/NoPadding", 128));
            case 27:
                return Boolean.valueOf(isUsableCipher("SM4/GCM/NoPadding", 128));
            case 28:
                return Boolean.valueOf(isUsableCipher("SM4/CBC/NoPadding", 128));
            default:
                return null;
        }
    }

    protected Boolean isSupportedNamedGroup(int i) {
        try {
            if (!NamedGroup.refersToAnXDHCurve(i)) {
                if (NamedGroup.refersToAnECDSACurve(i)) {
                    return Boolean.valueOf(ECUtil.isCurveSupported(this, NamedGroup.getCurveName(i)));
                }
                if (NamedGroup.refersToASpecificFiniteField(i)) {
                    return Boolean.valueOf(DHUtil.isGroupSupported(this, TlsDHUtils.getNamedDHGroup(i)));
                }
                return null;
            }
            switch (i) {
                case 29:
                    this.helper.createKeyAgreement("X25519");
                    return Boolean.TRUE;
                case 30:
                    this.helper.createKeyAgreement("X448");
                    return Boolean.TRUE;
                default:
                    return null;
            }
        } catch (GeneralSecurityException e) {
            return Boolean.FALSE;
        }
    }

    protected boolean isUsableCipher(String str, int i) {
        try {
            this.helper.createCipher(str);
            return Cipher.getMaxAllowedKeyLength(str) >= i;
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    protected boolean isUsableMAC(String str) {
        try {
            this.helper.createMac(str);
            return true;
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    public JcaJceHelper getHelper() {
        return this.helper;
    }

    protected TlsBlockCipherImpl createCBCBlockCipherImpl(TlsCryptoParameters tlsCryptoParameters, String str, int i, boolean z) throws GeneralSecurityException {
        String str2 = str + "/CBC/NoPadding";
        return TlsImplUtils.isTLSv11(tlsCryptoParameters) ? createBlockCipher(str2, str, i, z) : createBlockCipherWithCBCImplicitIV(str2, str, i, z);
    }

    private TlsCipher createChaCha20Poly1305(TlsCryptoParameters tlsCryptoParameters) throws IOException, GeneralSecurityException {
        return new TlsAEADCipher(tlsCryptoParameters, new JceChaCha20Poly1305(this, this.helper, true), new JceChaCha20Poly1305(this, this.helper, false), 32, 16, 2);
    }

    private TlsAEADCipher createCipher_AES_CCM(TlsCryptoParameters tlsCryptoParameters, int i, int i2) throws IOException, GeneralSecurityException {
        return new TlsAEADCipher(tlsCryptoParameters, createAEADCipher("AES/CCM/NoPadding", AesKey.ALGORITHM, i, true), createAEADCipher("AES/CCM/NoPadding", AesKey.ALGORITHM, i, false), i, i2, 1);
    }

    private TlsAEADCipher createCipher_AES_GCM(TlsCryptoParameters tlsCryptoParameters, int i, int i2) throws IOException, GeneralSecurityException {
        return new TlsAEADCipher(tlsCryptoParameters, createAEADCipher(SimpleAeadCipher.GCM_TRANSFORMATION_NAME, AesKey.ALGORITHM, i, true), createAEADCipher(SimpleAeadCipher.GCM_TRANSFORMATION_NAME, AesKey.ALGORITHM, i, false), i, i2, 3);
    }

    private TlsAEADCipher createCipher_ARIA_GCM(TlsCryptoParameters tlsCryptoParameters, int i, int i2) throws IOException, GeneralSecurityException {
        return new TlsAEADCipher(tlsCryptoParameters, createAEADCipher("ARIA/GCM/NoPadding", "ARIA", i, true), createAEADCipher("ARIA/GCM/NoPadding", "ARIA", i, false), i, i2, 3);
    }

    private TlsAEADCipher createCipher_Camellia_GCM(TlsCryptoParameters tlsCryptoParameters, int i, int i2) throws IOException, GeneralSecurityException {
        return new TlsAEADCipher(tlsCryptoParameters, createAEADCipher("Camellia/GCM/NoPadding", "Camellia", i, true), createAEADCipher("Camellia/GCM/NoPadding", "Camellia", i, false), i, i2, 3);
    }

    protected TlsCipher createCipher_CBC(TlsCryptoParameters tlsCryptoParameters, String str, int i, int i2) throws GeneralSecurityException, IOException {
        return new TlsBlockCipher(tlsCryptoParameters, createCBCBlockCipherImpl(tlsCryptoParameters, str, i, true), createCBCBlockCipherImpl(tlsCryptoParameters, str, i, false), createMAC(tlsCryptoParameters, i2), createMAC(tlsCryptoParameters, i2), i);
    }

    private TlsAEADCipher createCipher_SM4_CCM(TlsCryptoParameters tlsCryptoParameters) throws IOException, GeneralSecurityException {
        return new TlsAEADCipher(tlsCryptoParameters, createAEADCipher("SM4/CCM/NoPadding", "SM4", 16, true), createAEADCipher("SM4/CCM/NoPadding", "SM4", 16, false), 16, 16, 1);
    }

    private TlsAEADCipher createCipher_SM4_GCM(TlsCryptoParameters tlsCryptoParameters) throws IOException, GeneralSecurityException {
        return new TlsAEADCipher(tlsCryptoParameters, createAEADCipher("SM4/GCM/NoPadding", "SM4", 16, true), createAEADCipher("SM4/GCM/NoPadding", "SM4", 16, false), 16, 16, 3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getDigestName(int i) {
        switch (i) {
            case 1:
                return MessageDigestAlgorithms.MD5;
            case 2:
                return "SHA-1";
            case 3:
                return "SHA-224";
            case 4:
                return "SHA-256";
            case 5:
                return "SHA-384";
            case 6:
                return "SHA-512";
            case 7:
                return "SM3";
            default:
                throw new IllegalArgumentException("invalid CryptoHashAlgorithm: " + i);
        }
    }
}
