package cfca.sadk.tls.sun.security.ssl.sec;

import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.sm.SM2DHAlgorithmParameter;
import cfca.sadk.org.bouncycastle.jcajce.provider.asymmetric.sm.SM2Params;
import cfca.sadk.org.bouncycastle.jce.interfaces.ECPrivateKey;
import cfca.sadk.org.bouncycastle.jce.interfaces.ECPublicKey;
import cfca.sadk.org.bouncycastle.jce.spec.ECParameterSpec;
import cfca.sadk.org.bouncycastle.jce.spec.MQVPrivateKeySpec;
import cfca.sadk.org.bouncycastle.jce.spec.MQVPublicKeySpec;
import cfca.sadk.tls.sun.security.ssl.Debugger;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/sec/ECDHCrypt.class */
public final class ECDHCrypt {
    static final Mechanism mechanism_sm2 = new Mechanism("SM2");
    private PrivateKey privateKey;
    private ECPublicKey publicKey;

    ECDHCrypt(TLSCredentials tLSCredentials) {
        if (tLSCredentials == null) {
            throw new RuntimeException("no cipher TLSCredentials");
        }
        this.privateKey = tLSCredentials.privateKey;
        this.publicKey = tLSCredentials.getCertificate().getPublicKey();
    }

    public ECDHCrypt(boolean z, String str, SecureRandom secureRandom) {
        this(z, z ? SM2Params.sm2ParameterSpec : ECNamedCurve.getECParameterSpec(str), secureRandom);
    }

    public ECDHCrypt(boolean z, ECParameterSpec eCParameterSpec, SecureRandom secureRandom) {
        try {
            if (!z) {
                throw new SecurityException("ecc not support");
            }
            KeyPair generateKeyPair = CryptoFactory.singleton().session().generateKeyPair(mechanism_sm2, 256);
            this.privateKey = generateKeyPair.getPrivate();
            this.publicKey = generateKeyPair.getPublic();
        } catch (Exception e) {
            if (Debugger.handshaker.isDebugEnabled()) {
                Debugger.handshaker.debug("Could not generate ECDH keypair", e);
            }
            throw new RuntimeException("Could not generate ECDH keypair", e);
        }
    }

    public ECPublicKey getPublicKey() {
        return this.publicKey;
    }

    public SecretKey getSM2AgreedSecret(ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey, ECPublicKey eCPublicKey2, ECPublicKey eCPublicKey3) {
        try {
            Key mQVPrivateKeySpec = new MQVPrivateKeySpec(eCPrivateKey, this.privateKey, this.publicKey);
            Key mQVPublicKeySpec = new MQVPublicKeySpec(eCPublicKey2, eCPublicKey3);
            AlgorithmParameterSpec sM2DHAlgorithmParameter = new SM2DHAlgorithmParameter(eCPublicKey2.getQ(), eCPublicKey.getQ());
            KeyAgreement agreement = JSSEJCE.getAgreement("SM2");
            agreement.init(mQVPrivateKeySpec, sM2DHAlgorithmParameter);
            agreement.doPhase(mQVPublicKeySpec, true);
            byte[] bArr = new byte[48];
            agreement.generateSecret(bArr, 0);
            return new SecretKeySpec(bArr, "TlsPremasterSecret");
        } catch (Exception e) {
            if (Debugger.handshaker.isDebugEnabled()) {
                Debugger.handshaker.debug("Could not generate secret", e);
            }
            throw new RuntimeException("Could not generate secret", e);
        }
    }

    public SecretKey getSM2AgreedSecret(TLSCredentials tLSCredentials, ECPublicKey eCPublicKey, ECPublicKey eCPublicKey2) {
        ECPrivateKey eCPrivateKey = tLSCredentials.privateKey;
        ECPublicKey eCPublicKey3 = tLSCredentials.publicKey;
        try {
            Key mQVPrivateKeySpec = new MQVPrivateKeySpec(eCPrivateKey, this.privateKey, this.publicKey);
            Key mQVPublicKeySpec = new MQVPublicKeySpec(eCPublicKey, eCPublicKey2);
            AlgorithmParameterSpec sM2DHAlgorithmParameter = new SM2DHAlgorithmParameter(eCPublicKey3.getQ(), eCPublicKey.getQ());
            KeyAgreement agreement = JSSEJCE.getAgreement("SM2");
            agreement.init(mQVPrivateKeySpec, sM2DHAlgorithmParameter);
            agreement.doPhase(mQVPublicKeySpec, true);
            byte[] bArr = new byte[48];
            agreement.generateSecret(bArr, 0);
            return new SecretKeySpec(bArr, "TlsPremasterSecret");
        } catch (Exception e) {
            if (Debugger.handshaker.isDebugEnabled()) {
                Debugger.handshaker.debug("Could not generate secret", e);
            }
            throw new RuntimeException("Could not generate secret", e);
        }
    }
}
