package H1;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import w1.AbstractC1014a;

/* loaded from: classes.dex */
public abstract class J0 implements T, N0 {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManager f778a;

    /* renamed from: b, reason: collision with root package name */
    PublicKey f779b;

    /* renamed from: c, reason: collision with root package name */
    PrivateKey f780c;

    /* renamed from: d, reason: collision with root package name */
    L0 f781d;

    /* renamed from: e, reason: collision with root package name */
    X509Certificate f782e;

    /* renamed from: f, reason: collision with root package name */
    X509Certificate[] f783f;

    /* loaded from: classes.dex */
    enum a {
        Initial,
        ClientHelloSent,
        ServerHelloReceived,
        EncryptedExtensionsReceived,
        CertificateRequestReceived,
        CertificateReceived,
        CertificateVerifyReceived,
        Finished,
        ClientHelloReceived,
        ServerHelloSent,
        EncryptedExtensionsSent,
        CertificateRequestSent,
        CertificateSent,
        CertificateVerifySent,
        FinishedSent,
        FinishedReceived
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public J0(X509TrustManager x509TrustManager) {
        this.f778a = x509TrustManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] n(byte[] bArr, PrivateKey privateKey, EnumC0211e0 enumC0211e0) {
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    String a3 = I0.a(" ", 64);
                    Charset charset = StandardCharsets.US_ASCII;
                    byteArrayOutputStream.write(a3.getBytes(charset));
                    byteArrayOutputStream.write("TLS 1.3, client CertificateVerify".getBytes(charset));
                    byteArrayOutputStream.write(0);
                    byteArrayOutputStream.write(bArr);
                    Signature p3 = p(enumC0211e0);
                    p3.initSign(privateKey);
                    p3.update(byteArrayOutputStream.toByteArray());
                    byte[] sign = p3.sign();
                    byteArrayOutputStream.close();
                    return sign;
                } catch (Throwable th) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (IOException | SignatureException e3) {
                throw new RuntimeException(e3);
            }
        } catch (InvalidKeyException unused) {
            throw new I("invalid private key");
        }
    }

    private static Signature p(EnumC0211e0 enumC0211e0) {
        if (enumC0211e0 == EnumC0211e0.rsa_pss_rsae_sha256) {
            try {
                return Signature.getInstance("SHA256withRSA/PSS");
            } catch (NoSuchAlgorithmException unused) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (enumC0211e0 == EnumC0211e0.rsa_pss_rsae_sha384) {
            try {
                return Signature.getInstance("SHA384withRSA/PSS");
            } catch (NoSuchAlgorithmException unused2) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (enumC0211e0 == EnumC0211e0.rsa_pss_rsae_sha512) {
            try {
                return Signature.getInstance("SHA512withRSA/PSS");
            } catch (NoSuchAlgorithmException unused3) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (enumC0211e0 == EnumC0211e0.ecdsa_secp256r1_sha256) {
            try {
                return Signature.getInstance("SHA256withECDSA");
            } catch (NoSuchAlgorithmException unused4) {
                throw new RuntimeException("Missing SHA256withECDSA support");
            }
        }
        throw new E("Signature algorithm not supported " + enumC0211e0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean q(byte[] bArr, EnumC0211e0 enumC0211e0, Certificate certificate, byte[] bArr2) {
        ByteBuffer allocate = ByteBuffer.allocate("TLS 1.3, server CertificateVerify".getBytes(StandardCharsets.ISO_8859_1).length + 65 + bArr2.length);
        for (int i3 = 0; i3 < 64; i3++) {
            allocate.put((byte) 32);
        }
        allocate.put("TLS 1.3, server CertificateVerify".getBytes(StandardCharsets.ISO_8859_1));
        allocate.put((byte) 0);
        allocate.put(bArr2);
        try {
            Signature p3 = p(enumC0211e0);
            p3.initVerify(certificate);
            p3.update(allocate.array());
            return p3.verify(bArr);
        } catch (InvalidKeyException | SignatureException e3) {
            throw new C0241w(e3.getMessage());
        }
    }

    @Override // H1.N0
    public byte[] g() {
        L0 l02 = this.f781d;
        if (l02 != null) {
            return l02.m();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // H1.N0
    public byte[] i() {
        L0 l02 = this.f781d;
        if (l02 != null) {
            return l02.j();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // H1.N0
    public byte[] j() {
        L0 l02 = this.f781d;
        if (l02 != null) {
            return l02.i();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    @Override // H1.N0
    public byte[] k() {
        L0 l02 = this.f781d;
        if (l02 != null) {
            return l02.l();
        }
        throw new IllegalStateException("Traffic secret not yet available");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void l(X509Certificate[] x509CertificateArr) {
        try {
            X509TrustManager x509TrustManager = this.f778a;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                return;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init((KeyStore) null);
            ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted(x509CertificateArr, "UNKNOWN");
        } catch (Throwable th) {
            String message = th.getMessage();
            if (message == null || AbstractC1014a.a(message)) {
                message = "certificate validation failed";
            }
            throw new C0206c(message);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] m(byte[] bArr, byte[] bArr2) {
        short k3 = L0.k();
        byte[] n3 = this.f781d.n(bArr2, "finished", "", k3);
        String str = "HmacSHA" + (k3 * 8);
        SecretKeySpec secretKeySpec = new SecretKeySpec(n3, str);
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException e3) {
            throw new RuntimeException(e3);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("Missing " + str + " support");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void o(V v2) {
        try {
            if (v2 != V.secp256r1 && v2 != V.secp384r1 && v2 != V.secp521r1) {
                throw new RuntimeException("unsupported group " + v2);
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec(v2.name()));
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            this.f780c = genKeyPair.getPrivate();
            this.f779b = genKeyPair.getPublic();
        } catch (InvalidAlgorithmParameterException e3) {
            throw new RuntimeException(e3);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("missing key pair generator algorithm EC");
        }
    }
}
