package org.bouncycastle.tls.crypto.impl.jcajce;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsDHDomain;
import org.bouncycastle.util.BigIntegers;

/* loaded from: input_file:org/bouncycastle/tls/crypto/impl/jcajce/JceTlsDHDomain.class */
public class JceTlsDHDomain implements TlsDHDomain {
    protected JcaTlsCrypto crypto;
    protected TlsDHConfig dhConfig;
    protected DHParameterSpec dhDomain;

    public JceTlsDHDomain(JcaTlsCrypto jcaTlsCrypto, TlsDHConfig tlsDHConfig) {
        this.crypto = jcaTlsCrypto;
        this.dhConfig = tlsDHConfig;
        this.dhDomain = getParameters(tlsDHConfig);
    }

    public byte[] calculateDHAgreement(DHPublicKey dHPublicKey, DHPrivateKey dHPrivateKey) throws GeneralSecurityException {
        KeyAgreement createKeyAgreement = this.crypto.getHelper().createKeyAgreement("DH");
        createKeyAgreement.init(dHPrivateKey);
        createKeyAgreement.doPhase(dHPublicKey, true);
        return createKeyAgreement.generateSecret("TlsPremasterSecret").getEncoded();
    }

    @Override // org.bouncycastle.tls.crypto.TlsDHDomain
    public TlsAgreement createDH() {
        return new JceTlsDH(this);
    }

    public static BigInteger decodeParameter(byte[] bArr) throws IOException {
        return new BigInteger(1, bArr);
    }

    public DHPublicKey decodePublicKey(byte[] bArr) throws IOException {
        try {
            return (DHPublicKey) this.crypto.getHelper().createKeyFactory("DH").generatePublic(new DHPublicKeySpec(decodeParameter(bArr), this.dhDomain.getP(), this.dhDomain.getG()));
        } catch (Exception e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    public byte[] encodeParameter(BigInteger bigInteger) throws IOException {
        return BigIntegers.asUnsignedByteArray(bigInteger);
    }

    public byte[] encodePublicKey(DHPublicKey dHPublicKey) throws IOException {
        return encodeParameter(dHPublicKey.getY());
    }

    public KeyPair generateKeyPair() {
        try {
            KeyPairGenerator createKeyPairGenerator = this.crypto.getHelper().createKeyPairGenerator("DH");
            createKeyPairGenerator.initialize(getParameters(this.dhConfig), this.crypto.getSecureRandom());
            return createKeyPairGenerator.generateKeyPair();
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("unable to create key pair: " + e.getMessage(), e);
        }
    }

    public JcaTlsCrypto getCrypto() {
        return this.crypto;
    }

    public DHParameterSpec getParameters(TlsDHConfig tlsDHConfig) {
        BigInteger[] explicitPG = tlsDHConfig.getExplicitPG();
        if (explicitPG != null) {
            return new DHParameterSpec(explicitPG[0], explicitPG[1]);
        }
        throw new IllegalStateException("No DH configuration provided");
    }
}
