package M;

import J.h;
import L.f;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.security.spec.PSSParameterSpec;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public abstract class b implements f {

    /* renamed from: a, reason: collision with root package name */
    public PublicKey f494a;

    /* renamed from: b, reason: collision with root package name */
    public PrivateKey f495b;

    /* renamed from: c, reason: collision with root package name */
    public c f496c;

    /* renamed from: d, reason: collision with root package name */
    public final N.a f497d = N.b.a();

    public static int a(J.c cVar) {
        switch (cVar) {
            case TLS_AES_128_GCM_SHA256:
                return 32;
            case TLS_AES_256_GCM_SHA384:
                return 48;
            case TLS_CHACHA20_POLY1305_SHA256:
            case TLS_AES_128_CCM_SHA256:
            case TLS_AES_128_CCM_8_SHA256:
                return 32;
            default:
                throw new RuntimeException();
        }
    }

    public final Signature a(h hVar) {
        if (hVar.equals(h.rsa_pss_rsae_sha256)) {
            try {
                this.f497d.getClass();
                Signature signature = Signature.getInstance("RSASSA-PSS");
                signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
                return signature;
            } catch (InvalidAlgorithmParameterException e2) {
                throw new RuntimeException(e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (hVar.equals(h.rsa_pss_rsae_sha384)) {
            try {
                this.f497d.getClass();
                Signature signature2 = Signature.getInstance("RSASSA-PSS");
                signature2.setParameter(new PSSParameterSpec("SHA-384", "MGF1", new MGF1ParameterSpec("SHA-384"), 48, 1));
                return signature2;
            } catch (InvalidAlgorithmParameterException e4) {
                throw new RuntimeException(e4);
            } catch (NoSuchAlgorithmException e5) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (hVar.equals(h.rsa_pss_rsae_sha512)) {
            try {
                this.f497d.getClass();
                Signature signature3 = Signature.getInstance("RSASSA-PSS");
                signature3.setParameter(new PSSParameterSpec("SHA-512", "MGF1", new MGF1ParameterSpec("SHA-512"), 64, 1));
                return signature3;
            } catch (InvalidAlgorithmParameterException e6) {
                throw new RuntimeException(e6);
            } catch (NoSuchAlgorithmException e7) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (hVar.equals(h.ecdsa_secp256r1_sha256)) {
            try {
                return Signature.getInstance("SHA256withECDSA");
            } catch (NoSuchAlgorithmException e8) {
                throw new RuntimeException("Missing SHA256withECDSA support");
            }
        }
        if (hVar.equals(h.ecdsa_secp384r1_sha384)) {
            try {
                return Signature.getInstance("SHA384withECDSA");
            } catch (NoSuchAlgorithmException e9) {
                throw new RuntimeException("Missing SHA384withECDSA support");
            }
        }
        if (!hVar.equals(h.ecdsa_secp521r1_sha512)) {
            throw new K.f("Signature algorithm not supported " + hVar);
        }
        try {
            return Signature.getInstance("SHA512withECDSA");
        } catch (NoSuchAlgorithmException e10) {
            throw new RuntimeException("Missing SHA512withECDSA support");
        }
    }

    public final void a(J.f fVar) {
        KeyPairGenerator keyPairGenerator;
        AlgorithmParameterSpec eCGenParameterSpec;
        try {
            if (fVar != J.f.secp256r1 && fVar != J.f.secp384r1 && fVar != J.f.secp521r1) {
                if (fVar != J.f.x25519 && fVar != J.f.x448) {
                    throw new RuntimeException("unsupported group " + fVar);
                }
                keyPairGenerator = KeyPairGenerator.getInstance("XDH");
                eCGenParameterSpec = new NamedParameterSpec(fVar.toString().toUpperCase());
                keyPairGenerator.initialize(eCGenParameterSpec);
                KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                this.f495b = genKeyPair.getPrivate();
                this.f494a = genKeyPair.getPublic();
            }
            keyPairGenerator = KeyPairGenerator.getInstance("EC");
            eCGenParameterSpec = new ECGenParameterSpec(fVar.toString());
            keyPairGenerator.initialize(eCGenParameterSpec);
            KeyPair genKeyPair2 = keyPairGenerator.genKeyPair();
            this.f495b = genKeyPair2.getPrivate();
            this.f494a = genKeyPair2.getPublic();
        } catch (InvalidAlgorithmParameterException e2) {
            throw new RuntimeException();
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("missing key pair generator algorithm EC");
        }
    }

    public final byte[] a(byte[] bArr, PrivateKey privateKey, h hVar) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            String m2 = b$$ExternalSyntheticBackport0.m(" ", 64);
            Charset charset = StandardCharsets.US_ASCII;
            byteArrayOutputStream.write(m2.getBytes(charset));
            byteArrayOutputStream.write(("TLS 1.3, client CertificateVerify").getBytes(charset));
            byteArrayOutputStream.write(0);
            byteArrayOutputStream.write(bArr);
            try {
                Signature a2 = a(hVar);
                a2.initSign(privateKey);
                a2.update(byteArrayOutputStream.toByteArray());
                return a2.sign();
            } catch (InvalidKeyException e2) {
                throw new K.h("invalid private key");
            } catch (SignatureException e3) {
                throw new RuntimeException();
            }
        } catch (IOException e4) {
            throw new RuntimeException();
        }
    }

    public final byte[] a(byte[] bArr, byte[] bArr2) {
        c cVar = this.f496c;
        short s2 = cVar.f504e;
        byte[] a2 = cVar.a(bArr2, s2);
        String str = "HmacSHA" + (s2 * 8);
        SecretKeySpec secretKeySpec = new SecretKeySpec(a2, str);
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException e2) {
            throw new RuntimeException();
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("Missing " + str + " support");
        }
    }
}
