package org.bouncycastle.tls.crypto.impl.jcajce;

import _COROUTINE.CoroutineDebuggingKt$$ExternalSyntheticOutline0;
import com.tencent.tpns.dataacquisition.DeviceInfos;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import javax.crypto.Cipher;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsCredentialedDecryptor;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class JceDefaultTlsCredentialedDecryptor implements TlsCredentialedDecryptor {
    public Certificate certificate;
    public JcaTlsCrypto crypto;
    public PrivateKey privateKey;

    public JceDefaultTlsCredentialedDecryptor(JcaTlsCrypto jcaTlsCrypto, Certificate certificate, PrivateKey privateKey) {
        if (jcaTlsCrypto == null) {
            throw new IllegalArgumentException("'crypto' cannot be null");
        }
        if (certificate.isEmpty()) {
            throw new IllegalArgumentException("'certificate' cannot be empty");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("'privateKey' cannot be null");
        }
        if (!(privateKey instanceof RSAPrivateKey) && !"RSA".equals(privateKey.getAlgorithm())) {
            StringBuilder m = CoroutineDebuggingKt$$ExternalSyntheticOutline0.m("'privateKey' type not supported: ");
            m.append(privateKey.getClass().getName());
            throw new IllegalArgumentException(m.toString());
        }
        this.crypto = jcaTlsCrypto;
        this.certificate = certificate;
        this.privateKey = privateKey;
    }

    @Override // org.bouncycastle.tls.TlsCredentialedDecryptor
    public final TlsSecret decrypt(TlsCryptoParameters tlsCryptoParameters, byte[] bArr) throws IOException {
        PrivateKey privateKey = this.privateKey;
        SecureRandom secureRandom = this.crypto.entropySource;
        ProtocolVersion rSAPreMasterSecretVersion = tlsCryptoParameters.context.getRSAPreMasterSecretVersion();
        byte[] bArr2 = new byte[48];
        secureRandom.nextBytes(bArr2);
        byte[] clone = Arrays.clone(bArr2);
        try {
            Cipher createRSAEncryptionCipher = this.crypto.createRSAEncryptionCipher();
            createRSAEncryptionCipher.init(2, privateKey, secureRandom);
            byte[] doFinal = createRSAEncryptionCipher.doFinal(bArr);
            if (doFinal != null) {
                if (doFinal.length == 48) {
                    clone = doFinal;
                }
            }
        } catch (Exception unused) {
        }
        int i = rSAPreMasterSecretVersion.version;
        int i2 = ((((i & 255) ^ (clone[1] & DeviceInfos.NETWORK_TYPE_UNCONNECTED)) | ((i >> 8) ^ (clone[0] & DeviceInfos.NETWORK_TYPE_UNCONNECTED))) - 1) >> 31;
        for (int i3 = 0; i3 < 48; i3++) {
            clone[i3] = (byte) ((clone[i3] & i2) | (bArr2[i3] & (~i2)));
        }
        return this.crypto.createSecret(clone);
    }

    @Override // org.bouncycastle.tls.TlsCredentials
    public final Certificate getCertificate() {
        return this.certificate;
    }
}
