package c6;

import android.os.Build;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public abstract class a1 implements g0 {

    /* renamed from: a, reason: collision with root package name */
    public final X509TrustManager f1627a;

    /* renamed from: b, reason: collision with root package name */
    public PublicKey f1628b;

    /* renamed from: c, reason: collision with root package name */
    public PrivateKey f1629c;

    /* renamed from: d, reason: collision with root package name */
    public e1 f1630d;

    /* renamed from: e, reason: collision with root package name */
    public X509Certificate f1631e;

    /* renamed from: f, reason: collision with root package name */
    public X509Certificate[] f1632f;

    public a1(X509TrustManager x509TrustManager) {
        this.f1627a = x509TrustManager;
    }

    public static byte[] k(byte[] bArr, PrivateKey privateKey, s0 s0Var, boolean z6) {
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    byteArrayOutputStream.write(a5.e.X(" ").getBytes(StandardCharsets.US_ASCII));
                    StringBuilder sb = new StringBuilder("TLS 1.3, ");
                    sb.append(z6 ? "client" : "server");
                    sb.append(" CertificateVerify");
                    byteArrayOutputStream.write(sb.toString().getBytes(StandardCharsets.US_ASCII));
                    byteArrayOutputStream.write(0);
                    byteArrayOutputStream.write(bArr);
                    Signature m6 = m(s0Var);
                    m6.initSign(privateKey);
                    m6.update(byteArrayOutputStream.toByteArray());
                    byte[] sign = m6.sign();
                    byteArrayOutputStream.close();
                    return sign;
                } catch (Throwable th) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (InvalidKeyException unused) {
                throw new c(5, "invalid private key");
            }
        } catch (IOException | SignatureException e7) {
            throw new RuntimeException(e7);
        }
    }

    public static Signature m(s0 s0Var) {
        if (s0Var == s0.f1740i) {
            try {
                return Signature.getInstance("SHA256withRSA/PSS");
            } catch (NoSuchAlgorithmException unused) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (s0Var == s0.f1741j) {
            try {
                return Signature.getInstance("SHA384withRSA/PSS");
            } catch (NoSuchAlgorithmException unused2) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (s0Var == s0.f1742k) {
            try {
                return Signature.getInstance("SHA512withRSA/PSS");
            } catch (NoSuchAlgorithmException unused3) {
                throw new RuntimeException("Missing RSASSA-PSS support");
            }
        }
        if (s0Var == s0.f1739h) {
            try {
                return Signature.getInstance("SHA256withECDSA");
            } catch (NoSuchAlgorithmException unused4) {
                throw new RuntimeException("Missing SHA256withECDSA support");
            }
        }
        throw new c(3, "Signature algorithm not supported " + s0Var);
    }

    public static boolean n(byte[] bArr, s0 s0Var, X509Certificate x509Certificate, byte[] bArr2, boolean z6) {
        String b02 = a5.e.b0(new StringBuilder("TLS 1.3, "), z6 ? "client" : "server", " CertificateVerify");
        ByteBuffer allocate = ByteBuffer.allocate(b02.getBytes(StandardCharsets.ISO_8859_1).length + 64 + 1 + bArr2.length);
        for (int i7 = 0; i7 < 64; i7++) {
            allocate.put((byte) 32);
        }
        allocate.put(b02.getBytes(StandardCharsets.ISO_8859_1));
        allocate.put((byte) 0);
        allocate.put(bArr2);
        try {
            Signature m6 = m(s0Var);
            m6.initVerify(x509Certificate);
            m6.update(allocate.array());
            return m6.verify(bArr);
        } catch (InvalidKeyException | SignatureException e7) {
            throw new q(e7.getMessage());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x000d, code lost:
    
        r3.checkClientTrusted(r4, r1);
     */
    /* JADX WARN: Code restructure failed: missing block: B:11:?, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0025, code lost:
    
        if (r5 != false) goto L7;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x004a, code lost:
    
        if (r4 != false) goto L25;
     */
    /* JADX WARN: Code restructure failed: missing block: B:6:0x0007, code lost:
    
        if (r5 != false) goto L7;
     */
    /* JADX WARN: Code restructure failed: missing block: B:7:0x0009, code lost:
    
        r3.checkServerTrusted(r4, r1);
     */
    /* JADX WARN: Code restructure failed: missing block: B:8:0x0028, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void i(java.security.cert.X509Certificate[] r4, boolean r5) {
        /*
            r3 = this;
            r0 = 0
            javax.net.ssl.X509TrustManager r3 = r3.f1627a     // Catch: java.lang.Throwable -> L29
            if (r3 == 0) goto L11
            java.lang.String r1 = "RSA"
            if (r5 == 0) goto Ld
        L9:
            r3.checkServerTrusted(r4, r1)     // Catch: java.lang.Throwable -> L29
            goto L28
        Ld:
            r3.checkClientTrusted(r4, r1)     // Catch: java.lang.Throwable -> L29
            goto L28
        L11:
            java.lang.String r3 = "PKIX"
            javax.net.ssl.TrustManagerFactory r3 = javax.net.ssl.TrustManagerFactory.getInstance(r3)     // Catch: java.lang.Throwable -> L29
            r1 = 0
            r3.init(r1)     // Catch: java.lang.Throwable -> L29
            javax.net.ssl.TrustManager[] r3 = r3.getTrustManagers()     // Catch: java.lang.Throwable -> L29
            r3 = r3[r0]     // Catch: java.lang.Throwable -> L29
            javax.net.ssl.X509TrustManager r3 = (javax.net.ssl.X509TrustManager) r3     // Catch: java.lang.Throwable -> L29
            java.lang.String r1 = "UNKNOWN"
            if (r5 == 0) goto Ld
            goto L9
        L28:
            return
        L29:
            r3 = move-exception
            java.lang.String r3 = r3.getMessage()
            if (r3 == 0) goto L4c
            int r4 = r3.length()
            r5 = r0
        L35:
            if (r5 >= r4) goto L49
            int r1 = r3.codePointAt(r5)
            boolean r2 = java.lang.Character.isWhitespace(r1)
            if (r2 != 0) goto L43
            r4 = r0
            goto L4a
        L43:
            int r1 = java.lang.Character.charCount(r1)
            int r5 = r5 + r1
            goto L35
        L49:
            r4 = 1
        L4a:
            if (r4 == 0) goto L4e
        L4c:
            java.lang.String r3 = "certificate validation failed"
        L4e:
            c6.c r4 = new c6.c
            r4.<init>(r0, r3)
            throw r4
        */
        throw new UnsupportedOperationException("Method not decompiled: c6.a1.i(java.security.cert.X509Certificate[], boolean):void");
    }

    public final byte[] j(byte[] bArr, byte[] bArr2) {
        Charset charset = e1.f1655o;
        e1 e1Var = this.f1630d;
        e1Var.getClass();
        SecretKeySpec secretKeySpec = new SecretKeySpec(e1Var.f(bArr2, "finished", "".getBytes(e1.f1655o)), "HmacSHA256");
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            mac.update(bArr);
            return mac.doFinal();
        } catch (InvalidKeyException e7) {
            throw new RuntimeException(e7);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("Missing HmacSHA256 support");
        }
    }

    public final void l(h0 h0Var) {
        KeyPairGenerator keyPairGenerator;
        try {
            if (h0Var != h0.f1685h && h0Var != h0.f1686i && h0Var != h0.f1687j) {
                if (h0Var != h0.f1688k && h0Var != h0.f1689l) {
                    throw new RuntimeException("unsupported group " + h0Var);
                }
                if (Build.VERSION.SDK_INT < 33) {
                    throw new RuntimeException("unsupported group " + h0Var);
                }
                keyPairGenerator = KeyPairGenerator.getInstance("XDH");
                androidx.activity.o.l();
                keyPairGenerator.initialize(androidx.activity.o.j(h0Var.toString().toUpperCase()));
                KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                this.f1629c = genKeyPair.getPrivate();
                this.f1628b = genKeyPair.getPublic();
            }
            keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec(h0Var.toString()));
            KeyPair genKeyPair2 = keyPairGenerator.genKeyPair();
            this.f1629c = genKeyPair2.getPrivate();
            this.f1628b = genKeyPair2.getPublic();
        } catch (InvalidAlgorithmParameterException e7) {
            throw new RuntimeException(e7);
        } catch (NoSuchAlgorithmException unused) {
            throw new RuntimeException("missing key pair generator algorithm EC");
        }
    }
}
