package com.unbound.provider;

import com.unbound.client.Client;
import com.unbound.client.DeriveMode;
import com.unbound.client.DeriveOper;
import com.unbound.client.ECPrivateKeyObject;
import com.unbound.common.crypto.EC;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/unbound/provider/UBECDHKeyAgreement.class */
public final class UBECDHKeyAgreement extends KeyAgreementSpi {
    final DeriveOper oper = Client.getInstance().newDeriveOperation();

    private EC.Curve getCurve() {
        return ((ECPrivateKeyObject) this.oper.keyObject).getCurve();
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (!(key instanceof UBECPrivateKey)) {
            throw new InvalidKeyException("Key must be instance of UBECPrivateKey");
        }
        this.oper.keyObject = ((UBECPrivateKey) key).object;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("Parameters not supported");
        }
        engineInit(key, null);
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (this.oper.keyObject == null) {
            throw new IllegalStateException("Not initialized");
        }
        if (!z) {
            throw new IllegalStateException("Only two party agreement supported, lastPhase must be true");
        }
        if (this.oper.ecdhPubKey != null) {
            throw new IllegalStateException("Phase already executed");
        }
        if (!(key instanceof ECPublicKey)) {
            throw new InvalidKeyException("Key must be a ECPublicKey");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) key;
        if (!eCPublicKey.getParams().equals(getCurve().spec)) {
            throw new InvalidKeyException("EC curve doesn't match");
        }
        this.oper.ecdhPubKey = eCPublicKey.getW();
        return null;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        if (this.oper.keyObject == null || this.oper.ecdhPubKey == null) {
            throw new IllegalStateException("Not initialized correctly");
        }
        this.oper.mode = DeriveMode.ECDH;
        return this.oper.derive();
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        if (this.oper.keyObject == null || this.oper.ecdhPubKey == null) {
            throw new IllegalStateException("Not initialized correctly");
        }
        int i2 = getCurve().size;
        if (i + i2 > bArr.length) {
            throw new ShortBufferException("Need " + i2 + " bytes, only " + (bArr.length - i) + " available");
        }
        byte[] engineGenerateSecret = engineGenerateSecret();
        System.arraycopy(engineGenerateSecret, 0, bArr, i, engineGenerateSecret.length);
        return engineGenerateSecret.length;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm must not be null");
        }
        if (str.equals("TlsPremasterSecret")) {
            return new SecretKeySpec(engineGenerateSecret(), "TlsPremasterSecret");
        }
        throw new NoSuchAlgorithmException("Only supported for algorithm TlsPremasterSecret");
    }
}
