package h6;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.function.IntFunction;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public abstract class j1 implements y, e6.x {

    /* renamed from: g, reason: collision with root package name */
    private static final String f8387g = "j1";

    /* renamed from: a, reason: collision with root package name */
    protected PublicKey f8388a;

    /* renamed from: b, reason: collision with root package name */
    protected PrivateKey f8389b;

    /* renamed from: c, reason: collision with root package name */
    protected e6.w f8390c;

    /* renamed from: d, reason: collision with root package name */
    protected X509TrustManager f8391d;

    /* renamed from: e, reason: collision with root package name */
    protected X509Certificate f8392e;

    /* renamed from: f, reason: collision with root package name */
    protected List<X509Certificate> f8393f = Collections.emptyList();

    /* loaded from: classes.dex */
    enum a {
        Initial,
        ClientHelloSent,
        ServerHelloReceived,
        EncryptedExtensionsReceived,
        CertificateRequestReceived,
        CertificateReceived,
        CertificateVerifyReceived,
        Finished,
        ClientHelloReceived,
        ServerHelloSent,
        EncryptedExtensionsSent,
        CertificateRequestSent,
        CertificateSent,
        CertificateVerifySent,
        FinishedSent,
        FinishedReceived
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ X509Certificate[] A(int i10) {
        return new X509Certificate[i10];
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ X509Certificate[] B(int i10) {
        return new X509Certificate[i10];
    }

    private Optional<String> u(CertificateException certificateException) {
        String message;
        Throwable cause = certificateException.getCause();
        if (!(cause instanceof CertPathValidatorException)) {
            return (!(cause instanceof CertPathBuilderException) || (message = cause.getMessage()) == null) ? Optional.empty() : Optional.of(message);
        }
        return Optional.of(cause.getMessage() + ": " + ((CertPathValidatorException) cause).getReason());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ X509Certificate[] y(int i10) {
        return new X509Certificate[i10];
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ X509Certificate[] z(int i10) {
        return new X509Certificate[i10];
    }

    public void C(X509TrustManager x509TrustManager) {
        this.f8391d = x509TrustManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean D(byte[] bArr, e6.r rVar, Certificate certificate, byte[] bArr2, boolean z9) {
        String str;
        String str2;
        StringBuilder sb = new StringBuilder();
        sb.append("TLS 1.3, ");
        sb.append(z9 ? "client" : "server");
        sb.append(" CertificateVerify");
        String sb2 = sb.toString();
        ByteBuffer allocate = ByteBuffer.allocate(sb2.getBytes(StandardCharsets.ISO_8859_1).length + 64 + 1 + bArr2.length);
        for (int i10 = 0; i10 < 64; i10++) {
            allocate.put((byte) 32);
        }
        allocate.put(sb2.getBytes(StandardCharsets.ISO_8859_1));
        allocate.put((byte) 0);
        allocate.put(bArr2);
        try {
            Signature x9 = x(rVar);
            x9.initVerify(certificate);
            x9.update(allocate.array());
            return x9.verify(bArr);
        } catch (InvalidKeyException unused) {
            str = f8387g;
            str2 = "Certificate verify: invalid key.";
            p5.a.b(str, str2);
            return false;
        } catch (SignatureException unused2) {
            str = f8387g;
            str2 = "Certificate verify: invalid signature.";
            p5.a.b(str, str2);
            return false;
        }
    }

    @Override // e6.x
    public byte[] i() {
        e6.w wVar = this.f8390c;
        if (wVar != null) {
            return wVar.o();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // e6.x
    public byte[] j() {
        e6.w wVar = this.f8390c;
        if (wVar != null) {
            return wVar.k();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // e6.x
    public byte[] k() {
        e6.w wVar = this.f8390c;
        if (wVar != null) {
            return wVar.l();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // e6.x
    public byte[] l() {
        e6.w wVar = this.f8390c;
        if (wVar != null) {
            return wVar.j();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // e6.x
    public byte[] m() {
        e6.w wVar = this.f8390c;
        if (wVar != null) {
            return wVar.n();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void r(List<X509Certificate> list, boolean z9) {
        try {
            X509TrustManager x509TrustManager = this.f8391d;
            if (x509TrustManager != null) {
                if (z9) {
                    x509TrustManager.checkServerTrusted((X509Certificate[]) list.stream().toArray(new IntFunction() { // from class: h6.f1
                        @Override // java.util.function.IntFunction
                        public final Object apply(int i10) {
                            X509Certificate[] y9;
                            y9 = j1.y(i10);
                            return y9;
                        }
                    }), "RSA");
                    return;
                } else {
                    x509TrustManager.checkClientTrusted((X509Certificate[]) list.stream().toArray(new IntFunction() { // from class: h6.g1
                        @Override // java.util.function.IntFunction
                        public final Object apply(int i10) {
                            X509Certificate[] z10;
                            z10 = j1.z(i10);
                            return z10;
                        }
                    }), "RSA");
                    return;
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init((KeyStore) null);
            X509TrustManager x509TrustManager2 = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            if (z9) {
                x509TrustManager2.checkServerTrusted((X509Certificate[]) list.stream().toArray(new IntFunction() { // from class: h6.h1
                    @Override // java.util.function.IntFunction
                    public final Object apply(int i10) {
                        X509Certificate[] A;
                        A = j1.A(i10);
                        return A;
                    }
                }), "UNKNOWN");
            } else {
                x509TrustManager2.checkClientTrusted((X509Certificate[]) list.stream().toArray(new IntFunction() { // from class: h6.i1
                    @Override // java.util.function.IntFunction
                    public final Object apply(int i10) {
                        X509Certificate[] B;
                        B = j1.B(i10);
                        return B;
                    }
                }), "UNKNOWN");
            }
        } catch (KeyStoreException e10) {
            p5.a.b(f8387g, e10.getMessage());
            throw new RuntimeException("keystore exception");
        } catch (NoSuchAlgorithmException e11) {
            p5.a.b(f8387g, e11.getMessage());
            throw new RuntimeException("unsupported trust manager algorithm");
        } catch (CertificateException e12) {
            p5.a.b(f8387g, e12.getMessage());
            throw new f6.a(u(e12).orElse("certificate validation failed"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] s(byte[] bArr, byte[] bArr2) {
        short m9 = this.f8390c.m();
        byte[] p9 = this.f8390c.p(bArr2, "finished", "", m9);
        String str = "HmacSHA" + (m9 * 8);
        SecretKeySpec secretKeySpec = new SecretKeySpec(p9, str);
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException e10) {
            throw new RuntimeException(e10);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("Missing " + str + " support");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] t(byte[] bArr, PrivateKey privateKey, e6.r rVar, boolean z9) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(e1.a(" ", 64).getBytes(StandardCharsets.US_ASCII));
                StringBuilder sb = new StringBuilder();
                sb.append("TLS 1.3, ");
                sb.append(z9 ? "client" : "server");
                sb.append(" CertificateVerify");
                byteArrayOutputStream.write(sb.toString().getBytes(StandardCharsets.US_ASCII));
                byteArrayOutputStream.write(0);
                byteArrayOutputStream.write(bArr);
                Signature x9 = x(rVar);
                x9.initSign(privateKey);
                x9.update(byteArrayOutputStream.toByteArray());
                byte[] sign = x9.sign();
                byteArrayOutputStream.close();
                return sign;
            } catch (Throwable th) {
                try {
                    byteArrayOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException e10) {
            e = e10;
            throw new RuntimeException(e);
        } catch (InvalidKeyException unused) {
            throw new f6.h("invalid private key");
        } catch (SignatureException e11) {
            e = e11;
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void v(e6.o oVar) {
        try {
            if (oVar != e6.o.secp256r1 && oVar != e6.o.secp384r1 && oVar != e6.o.secp521r1) {
                throw new RuntimeException("unsupported group " + oVar);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec(oVar.toString()));
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            this.f8389b = genKeyPair.getPrivate();
            this.f8388a = genKeyPair.getPublic();
        } catch (InvalidAlgorithmParameterException e10) {
            throw new RuntimeException(e10);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("missing key pair generator algorithm EC");
        }
    }

    public X509Certificate w() {
        return this.f8392e;
    }

    protected Signature x(e6.r rVar) {
        if (rVar.equals(e6.r.rsa_pss_rsae_sha256)) {
            try {
                return Signature.getInstance("SHA256withRSA/PSS");
            } catch (NoSuchAlgorithmException unused) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (rVar.equals(e6.r.rsa_pss_rsae_sha384)) {
            try {
                return Signature.getInstance("SHA384withRSA/PSS");
            } catch (NoSuchAlgorithmException unused2) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (rVar.equals(e6.r.rsa_pss_rsae_sha512)) {
            try {
                return Signature.getInstance("SHA512withRSA/PSS");
            } catch (NoSuchAlgorithmException unused3) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (rVar.equals(e6.r.ecdsa_secp256r1_sha256)) {
            try {
                return Signature.getInstance("SHA256withECDSA");
            } catch (NoSuchAlgorithmException unused4) {
                throw new RuntimeException("Missing SHA256withECDSA support");
            }
        }
        throw new f6.f("Signature algorithm not supported " + rVar);
    }
}
