package h5;

import android.os.Build;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public abstract class u implements j {

    /* renamed from: a, reason: collision with root package name */
    public PublicKey f4179a;

    /* renamed from: b, reason: collision with root package name */
    public PrivateKey f4180b;
    public e5.q c;

    /* renamed from: d, reason: collision with root package name */
    public X509TrustManager f4181d;

    /* renamed from: e, reason: collision with root package name */
    public X509Certificate f4182e;

    /* renamed from: f, reason: collision with root package name */
    public List<X509Certificate> f4183f = Collections.emptyList();

    public static byte[] k(byte[] bArr, PrivateKey privateKey, e5.l lVar, boolean z8) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(androidx.activity.e.f(" ").getBytes(StandardCharsets.US_ASCII));
                StringBuilder sb = new StringBuilder("TLS 1.3, ");
                sb.append(z8 ? "client" : "server");
                sb.append(" CertificateVerify");
                byteArrayOutputStream.write(sb.toString().getBytes(StandardCharsets.US_ASCII));
                byteArrayOutputStream.write(0);
                byteArrayOutputStream.write(bArr);
                Signature m8 = m(lVar);
                m8.initSign(privateKey);
                m8.update(byteArrayOutputStream.toByteArray());
                byte[] sign = m8.sign();
                byteArrayOutputStream.close();
                return sign;
            } catch (Throwable th) {
                try {
                    byteArrayOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException e9) {
            e = e9;
            throw new RuntimeException(e);
        } catch (InvalidKeyException unused) {
            throw new f5.a(3, "invalid private key");
        } catch (SignatureException e10) {
            e = e10;
            throw new RuntimeException(e);
        }
    }

    public static Signature m(e5.l lVar) {
        if (lVar.equals(e5.l.f3604d)) {
            try {
                return Signature.getInstance("SHA256withRSA/PSS");
            } catch (NoSuchAlgorithmException unused) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (lVar.equals(e5.l.f3605e)) {
            try {
                return Signature.getInstance("SHA384withRSA/PSS");
            } catch (NoSuchAlgorithmException unused2) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (lVar.equals(e5.l.f3606f)) {
            try {
                return Signature.getInstance("SHA512withRSA/PSS");
            } catch (NoSuchAlgorithmException unused3) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (lVar.equals(e5.l.c)) {
            try {
                return Signature.getInstance("SHA256withECDSA");
            } catch (NoSuchAlgorithmException unused4) {
                throw new RuntimeException("Missing SHA256withECDSA support");
            }
        }
        throw new f5.a(2, "Signature algorithm not supported " + lVar);
    }

    public static boolean n(byte[] bArr, e5.l lVar, X509Certificate x509Certificate, byte[] bArr2, boolean z8) {
        String b9 = androidx.activity.f.b(new StringBuilder("TLS 1.3, "), z8 ? "client" : "server", " CertificateVerify");
        ByteBuffer allocate = ByteBuffer.allocate(b9.getBytes(StandardCharsets.ISO_8859_1).length + 64 + 1 + bArr2.length);
        for (int i9 = 0; i9 < 64; i9++) {
            allocate.put((byte) 32);
        }
        allocate.put(b9.getBytes(StandardCharsets.ISO_8859_1));
        allocate.put((byte) 0);
        allocate.put(bArr2);
        try {
            Signature m8 = m(lVar);
            m8.initVerify(x509Certificate);
            m8.update(allocate.array());
            return m8.verify(bArr);
        } catch (InvalidKeyException | SignatureException unused) {
            return false;
        }
    }

    public final void i(List<X509Certificate> list, boolean z8) {
        String str;
        Optional optional;
        try {
            X509TrustManager x509TrustManager = this.f4181d;
            if (x509TrustManager != null) {
                if (z8) {
                    x509TrustManager.checkServerTrusted((X509Certificate[]) list.stream().toArray(new s(0)), "RSA");
                    return;
                } else {
                    x509TrustManager.checkClientTrusted((X509Certificate[]) list.stream().toArray(new t(0)), "RSA");
                    return;
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init((KeyStore) null);
            X509TrustManager x509TrustManager2 = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            if (z8) {
                x509TrustManager2.checkServerTrusted((X509Certificate[]) list.stream().toArray(new s(1)), "UNKNOWN");
            } else {
                x509TrustManager2.checkClientTrusted((X509Certificate[]) list.stream().toArray(new t(1)), "UNKNOWN");
            }
        } catch (KeyStoreException e9) {
            e9.getMessage();
            throw new RuntimeException("keystore exception");
        } catch (NoSuchAlgorithmException e10) {
            e10.getMessage();
            throw new RuntimeException("unsupported trust manager algorithm");
        } catch (CertificateException e11) {
            e11.getMessage();
            Throwable cause = e11.getCause();
            if (cause instanceof CertPathValidatorException) {
                str = cause.getMessage() + ": " + ((CertPathValidatorException) cause).getReason();
            } else if (!(cause instanceof CertPathBuilderException) || (str = cause.getMessage()) == null) {
                optional = Optional.empty();
                throw new f5.a(0, (String) optional.orElse("certificate validation failed"));
            }
            optional = Optional.of(str);
            throw new f5.a(0, (String) optional.orElse("certificate validation failed"));
        }
    }

    public final byte[] j(byte[] bArr, byte[] bArr2) {
        this.c.getClass();
        e5.q qVar = this.c;
        qVar.getClass();
        SecretKeySpec secretKeySpec = new SecretKeySpec(qVar.d(bArr2, "finished", "".getBytes(e5.q.f3636q)), "HmacSHA256");
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException e9) {
            throw new RuntimeException(e9);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("Missing HmacSHA256 support");
        }
    }

    public final void l(e5.i iVar) {
        KeyPairGenerator keyPairGenerator;
        AlgorithmParameterSpec eCGenParameterSpec;
        String str;
        y5.a aVar;
        try {
            if (iVar != e5.i.c && iVar != e5.i.f3592d && iVar != e5.i.f3593e) {
                e5.i iVar2 = e5.i.f3594f;
                if (iVar != iVar2 && iVar != e5.i.f3595g) {
                    throw new RuntimeException("unsupported group " + iVar);
                }
                if (Build.VERSION.SDK_INT >= 33) {
                    keyPairGenerator = KeyPairGenerator.getInstance("XDH");
                    eCGenParameterSpec = new NamedParameterSpec(iVar.toString().toUpperCase());
                    keyPairGenerator.initialize(eCGenParameterSpec);
                    KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                    this.f4180b = genKeyPair.getPrivate();
                    this.f4179a = genKeyPair.getPublic();
                }
                if (iVar == iVar2) {
                    str = "X25519";
                    aVar = new y5.a();
                } else {
                    str = "X448";
                    aVar = new y5.a();
                }
                keyPairGenerator = KeyPairGenerator.getInstance(str, aVar);
                KeyPair genKeyPair2 = keyPairGenerator.genKeyPair();
                this.f4180b = genKeyPair2.getPrivate();
                this.f4179a = genKeyPair2.getPublic();
            }
            keyPairGenerator = KeyPairGenerator.getInstance("EC");
            eCGenParameterSpec = new ECGenParameterSpec(iVar.toString());
            keyPairGenerator.initialize(eCGenParameterSpec);
            KeyPair genKeyPair22 = keyPairGenerator.genKeyPair();
            this.f4180b = genKeyPair22.getPrivate();
            this.f4179a = genKeyPair22.getPublic();
        } catch (InvalidAlgorithmParameterException e9) {
            throw new RuntimeException(e9);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("missing key pair generator algorithm EC");
        }
    }
}
