package cn.com.bouncycastle.tls.crypto.impl.bc;

import cn.com.bouncycastle.tls.Certificate;
import cn.com.bouncycastle.tls.ProtocolVersion;
import cn.com.bouncycastle.tls.SignatureAndHashAlgorithm;
import cn.com.bouncycastle.tls.TlsCredentialedDecryptor;
import cn.com.bouncycastle.tls.TlsCredentialedSigner;
import cn.com.bouncycastle.tls.crypto.TlsCryptoParameters;
import cn.com.bouncycastle.tls.crypto.TlsSecret;
import cn.com.bouncycastle.tls.crypto.TlsStreamSigner;
import cn.com.bouncycastle.tls.crypto.impl.TlsImplUtils;
import cn.com.bouncycastle.tls.crypto.impl.external.BcExternalSM2Signer;
import cn.com.bouncycastle.tls.crypto.impl.external.ExternalCredentialedProvider;
import cn.com.bouncycastle.tls.crypto.impl.external.ExternalCryptor;
import f.j1;
import java.io.IOException;
import java.security.SecureRandom;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
public class BcSM2TlsExternalSignerAndDecryptor implements TlsCredentialedDecryptor, TlsCredentialedSigner {
    public Certificate certificate;
    public ExternalCredentialedProvider credentialedProvider;
    public BcTlsCrypto crypto;
    public TlsCryptoParameters cryptoParams;
    public SignatureAndHashAlgorithm signatureAndHashAlgorithm;

    public BcSM2TlsExternalSignerAndDecryptor(BcTlsCrypto bcTlsCrypto, TlsCryptoParameters tlsCryptoParameters, Certificate certificate, ExternalCredentialedProvider externalCredentialedProvider, SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        if (bcTlsCrypto == null) {
            throw new IllegalArgumentException("'crypto' cannot be null");
        }
        if (certificate == null) {
            throw new IllegalArgumentException("'certificate' cannot be null");
        }
        if (certificate.isEmpty()) {
            throw new IllegalArgumentException("'certificate' cannot be empty");
        }
        if (externalCredentialedProvider == null) {
            throw new IllegalArgumentException("'credentialedProvider' cannot be null");
        }
        this.crypto = bcTlsCrypto;
        this.cryptoParams = tlsCryptoParameters;
        this.certificate = certificate;
        this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
        this.credentialedProvider = externalCredentialedProvider;
    }

    @Override // cn.com.bouncycastle.tls.TlsCredentialedDecryptor
    public TlsSecret decrypt(TlsCryptoParameters tlsCryptoParameters, byte[] bArr) throws IOException {
        SecureRandom secureRandom = this.crypto.getSecureRandom();
        ProtocolVersion clientVersion = tlsCryptoParameters.getClientVersion();
        byte[] bArr2 = new byte[48];
        secureRandom.nextBytes(bArr2);
        byte[] clone = Arrays.clone(bArr2);
        try {
            clone = this.credentialedProvider.decrypt(bArr);
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        int minorVersion = (clientVersion.getMinorVersion() ^ (clone[1] & j1.f9420c)) | (clientVersion.getMajorVersion() ^ (clone[0] & j1.f9420c));
        int i2 = minorVersion | (minorVersion >> 1);
        int i3 = i2 | (i2 >> 2);
        int i4 = ~(((i3 | (i3 >> 4)) & 1) - 1);
        for (int i5 = 0; i5 < 48; i5++) {
            clone[i5] = (byte) ((clone[i5] & (~i4)) | (bArr2[i5] & i4));
        }
        return this.crypto.createSecret(clone);
    }

    @Override // cn.com.bouncycastle.tls.TlsCredentialedSigner
    public byte[] generateRawSignature(byte[] bArr) throws IOException {
        return this.credentialedProvider.signHash(bArr);
    }

    @Override // cn.com.bouncycastle.tls.TlsCredentials
    public Certificate getCertificate() {
        return this.certificate;
    }

    public SignatureAndHashAlgorithm getEffectiveAlgorithm() {
        if (!TlsImplUtils.isTLSv12(this.cryptoParams)) {
            return null;
        }
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = getSignatureAndHashAlgorithm();
        if (signatureAndHashAlgorithm != null) {
            return signatureAndHashAlgorithm;
        }
        throw new IllegalStateException("'signatureAndHashAlgorithm' cannot be null for (D)TLS 1.2+");
    }

    public ExternalCryptor getExternalCryptor() {
        return this.credentialedProvider;
    }

    @Override // cn.com.bouncycastle.tls.TlsCredentialedSigner
    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
        return this.signatureAndHashAlgorithm;
    }

    @Override // cn.com.bouncycastle.tls.TlsCredentialedSigner
    public TlsStreamSigner getStreamSigner() throws IOException {
        return new BcExternalSM2Signer(this.crypto, null, this.credentialedProvider).getStreamSigner(getEffectiveAlgorithm());
    }
}
