package org.bouncycastle.tls.crypto.impl.bc;

import java.io.IOException;
import java.math.BigInteger;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.agreement.DHBasicAgreement;
import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator;
import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes4.dex */
public class BcTlsDH implements TlsAgreement {
    public final BcTlsDHDomain domain;
    public AsymmetricCipherKeyPair localKeyPair;
    public DHPublicKeyParameters peerPublicKey;

    public BcTlsDH(BcTlsDHDomain bcTlsDHDomain) {
        this.domain = bcTlsDHDomain;
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public final TlsSecret calculateSecret() throws IOException {
        BcTlsDHDomain bcTlsDHDomain = this.domain;
        DHPrivateKeyParameters dHPrivateKeyParameters = (DHPrivateKeyParameters) this.localKeyPair.privateParam;
        DHPublicKeyParameters dHPublicKeyParameters = this.peerPublicKey;
        BcTlsCrypto bcTlsCrypto = bcTlsDHDomain.crypto;
        boolean z = bcTlsDHDomain.config.padded;
        DHBasicAgreement dHBasicAgreement = new DHBasicAgreement();
        dHBasicAgreement.init(dHPrivateKeyParameters);
        BigInteger calculateAgreement = dHBasicAgreement.calculateAgreement(dHPublicKeyParameters);
        byte[] asUnsignedByteArray = z ? BigIntegers.asUnsignedByteArray(calculateAgreement, (dHPrivateKeyParameters.params.p.bitLength() + 7) / 8) : BigIntegers.asUnsignedByteArray(calculateAgreement);
        bcTlsCrypto.getClass();
        return new BcTlsSecret(bcTlsCrypto, asUnsignedByteArray);
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public final byte[] generateEphemeral() throws IOException {
        BcTlsDHDomain bcTlsDHDomain = this.domain;
        bcTlsDHDomain.getClass();
        DHBasicKeyPairGenerator dHBasicKeyPairGenerator = new DHBasicKeyPairGenerator();
        bcTlsDHDomain.crypto.getClass();
        dHBasicKeyPairGenerator.init(new DHKeyGenerationParameters(null, bcTlsDHDomain.domainParameters));
        AsymmetricCipherKeyPair generateKeyPair = dHBasicKeyPairGenerator.generateKeyPair();
        this.localKeyPair = generateKeyPair;
        BcTlsDHDomain bcTlsDHDomain2 = this.domain;
        return BigIntegers.asUnsignedByteArray(((DHPublicKeyParameters) generateKeyPair.publicParam).y, (bcTlsDHDomain2.domainParameters.p.bitLength() + 7) / 8);
    }

    @Override // org.bouncycastle.tls.crypto.TlsAgreement
    public final void receivePeerValue(byte[] bArr) throws IOException {
        BcTlsDHDomain bcTlsDHDomain = this.domain;
        bcTlsDHDomain.getClass();
        try {
            if (bcTlsDHDomain.config.padded && (bcTlsDHDomain.domainParameters.p.bitLength() + 7) / 8 != bArr.length) {
                throw new TlsFatalAlert((short) 47);
            }
            this.peerPublicKey = new DHPublicKeyParameters(new BigInteger(1, bArr), bcTlsDHDomain.domainParameters);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 40, (Throwable) e);
        }
    }
}
