package com.amazon.corretto.crypto.provider;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/amazon/corretto/crypto/provider/EvpKeyAgreement.class */
class EvpKeyAgreement extends KeyAgreementSpi {
    private static final int[] AES_KEYSIZES_BYTES = {16, 24, 32};
    private static final Pattern ALGORITHM_WITH_EXPLICIT_KEYSIZE = Pattern.compile("(\\S+?)(?:\\[(\\d+)\\])?");
    private final AmazonCorrettoCryptoProvider provider_;
    private final EvpKeyType keyType_;
    private final String algorithm_;
    private EvpKey privKey = null;
    private byte[] secret = null;

    /* loaded from: input_file:com/amazon/corretto/crypto/provider/EvpKeyAgreement$ECDH.class */
    static class ECDH extends EvpKeyAgreement {
        ECDH(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider) {
            super(amazonCorrettoCryptoProvider, "ECDH", EvpKeyType.EC);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static native byte[] agree(long j, long j2) throws InvalidKeyException;

    EvpKeyAgreement(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider, String str, EvpKeyType evpKeyType) {
        Loader.checkNativeLibraryAvailability();
        this.provider_ = amazonCorrettoCryptoProvider;
        this.algorithm_ = str;
        this.keyType_ = evpKeyType;
    }

    private byte[] agree(EvpKey evpKey) throws InvalidKeyException {
        return (byte[]) this.privKey.use(j -> {
            return (byte[]) evpKey.use(j -> {
                return agree(j, j);
            });
        });
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (this.privKey == null) {
            throw new IllegalStateException("KeyAgreement has not been initialized");
        }
        if (!this.keyType_.publicKeyClass.isAssignableFrom(key.getClass())) {
            throw new InvalidKeyException("Expected key of type " + this.keyType_.publicKeyClass + " not " + key.getClass());
        }
        EvpKey translateKey = this.provider_.translateKey(key, this.keyType_);
        try {
            if (!z) {
                this.secret = null;
                throw new IllegalStateException("Only single phase agreement is supported");
            }
            this.secret = agree(translateKey);
            translateKey.releaseEphemeral();
            return null;
        } catch (Throwable th) {
            translateKey.releaseEphemeral();
            throw th;
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        if (this.privKey == null) {
            throw new IllegalStateException("KeyAgreement has not been initialized");
        }
        if (this.secret == null) {
            throw new IllegalStateException("KeyAgreement has not been completed");
        }
        byte[] bArr = this.secret;
        reset();
        return bArr;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        byte[] engineGenerateSecret = engineGenerateSecret();
        if (str.equalsIgnoreCase("TlsPremasterSecret")) {
            return new SecretKeySpec(engineGenerateSecret, "TlsPremasterSecret");
        }
        Matcher matcher = ALGORITHM_WITH_EXPLICIT_KEYSIZE.matcher(str);
        if (!matcher.matches()) {
            throw new InvalidKeyException("Unrecognized algorithm: " + str);
        }
        String group = matcher.group(1);
        boolean z = -1;
        switch (group.hashCode()) {
            case 64687:
                if (group.equals("AES")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String group2 = matcher.group(2);
                int i = 0;
                boolean z2 = false;
                if (group2 != null) {
                    i = Integer.parseInt(group2);
                    int[] iArr = AES_KEYSIZES_BYTES;
                    int length = iArr.length;
                    int i2 = 0;
                    while (true) {
                        if (i2 < length) {
                            if (iArr[i2] == i) {
                                z2 = true;
                            } else {
                                i2++;
                            }
                        }
                    }
                } else {
                    for (int i3 : AES_KEYSIZES_BYTES) {
                        if (i3 <= engineGenerateSecret.length) {
                            i = i3;
                            z2 = true;
                        }
                    }
                }
                if (!z2 || i > engineGenerateSecret.length) {
                    throw new InvalidKeyException("Invalid key length");
                }
                return new SecretKeySpec(engineGenerateSecret, 0, i, "AES");
            default:
                throw new InvalidKeyException("Unsupported algorithm: " + matcher.group(1));
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        byte[] engineGenerateSecret = engineGenerateSecret();
        if (bArr.length - i < engineGenerateSecret.length) {
            throw new ShortBufferException();
        }
        System.arraycopy(engineGenerateSecret, 0, bArr, i, engineGenerateSecret.length);
        reset();
        return engineGenerateSecret.length;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        if (!this.keyType_.privateKeyClass.isAssignableFrom(key.getClass())) {
            throw new InvalidKeyException("Expected key of type " + this.keyType_.privateKeyClass + " not " + key.getClass());
        }
        if (this.privKey != null) {
            this.privKey.releaseEphemeral();
        }
        this.privKey = this.provider_.translateKey(key, this.keyType_);
        reset();
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("No algorithm parameter spec expected");
        }
        engineInit(key, secureRandom);
    }

    protected void reset() {
        this.secret = null;
    }
}
