package android.security.keystore2;

import android.security.KeyStoreException;
import android.security.KeyStoreOperation;
import android.security.keystore.KeyStoreCryptoOperation;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes10.dex */
public class AndroidKeyStoreKeyAgreementSpi extends KeyAgreementSpi implements KeyStoreCryptoOperation {
    private static final String TAG = "AndroidKeyStoreKeyAgreementSpi";
    private AndroidKeyStorePrivateKey mKey;
    private final int mKeymintAlgorithm;
    private KeyStoreOperation mOperation;
    private long mOperationHandle;
    private PublicKey mOtherPartyKey;

    /* loaded from: classes10.dex */
    public static class ECDH extends AndroidKeyStoreKeyAgreementSpi {
        public ECDH() {
            super(3);
        }
    }

    /* loaded from: classes10.dex */
    public static class XDH extends AndroidKeyStoreKeyAgreementSpi {
        public XDH() {
            super(3);
        }
    }

    protected AndroidKeyStoreKeyAgreementSpi(int i) {
        resetAll();
        this.mKeymintAlgorithm = i;
    }

    private void ensureKeystoreOperationInitialized() throws InvalidKeyException, IllegalStateException {
        if (this.mKey == null) {
            throw new IllegalStateException("Not initialized");
        }
        if (this.mOperation != null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(KeyStore2ParameterUtils.makeEnum(536870913, 6));
        try {
            this.mOperation = this.mKey.getSecurityLevel().createOperation(this.mKey.getKeyIdDescriptor(), arrayList);
        } catch (KeyStoreException e) {
            InvalidKeyException invalidKeyException = KeyStoreCryptoOperationUtils.getInvalidKeyException(this.mKey, e);
            if (invalidKeyException != null) {
                throw invalidKeyException;
            }
        }
        this.mOperationHandle = KeyStoreCryptoOperationUtils.getOrMakeOperationChallenge(this.mOperation, this.mKey);
    }

    private void resetAll() {
        resetWhilePreservingInitState();
        this.mKey = null;
    }

    private void resetWhilePreservingInitState() {
        KeyStoreCryptoOperationUtils.abortOperation(this.mOperation);
        this.mOperationHandle = 0L;
        this.mOperation = null;
        this.mOtherPartyKey = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        ensureKeystoreOperationInitialized();
        if (key == null) {
            throw new InvalidKeyException("key == null");
        }
        if (!(key instanceof PublicKey)) {
            throw new InvalidKeyException("Only public keys supported. Key: " + ((Object) key));
        }
        if (!z) {
            throw new IllegalStateException("Only one other party supported. lastPhase must be set to true.");
        }
        if (this.mOtherPartyKey != null) {
            throw new IllegalStateException("Only one other party supported. doPhase() must only be called exactly once.");
        }
        this.mOtherPartyKey = (PublicKey) key;
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        byte[] engineGenerateSecret = engineGenerateSecret();
        if (engineGenerateSecret.length > bArr.length - i) {
            throw new ShortBufferException("Needed: " + engineGenerateSecret.length);
        }
        System.arraycopy((Object) engineGenerateSecret, 0, (Object) bArr, i, engineGenerateSecret.length);
        return engineGenerateSecret.length;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        return new SecretKeySpec(engineGenerateSecret(), str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public byte[] engineGenerateSecret() throws IllegalStateException {
        try {
            ensureKeystoreOperationInitialized();
            PublicKey publicKey = this.mOtherPartyKey;
            if (publicKey == null) {
                throw new IllegalStateException("Other party key not provided. Call doPhase() first.");
            }
            try {
                try {
                    return this.mOperation.finish(publicKey.getEncoded(), null);
                } catch (KeyStoreException e) {
                    throw new ProviderException("Keystore operation failed", e);
                }
            } finally {
                resetWhilePreservingInitState();
            }
        } catch (InvalidKeyException e2) {
            throw new IllegalStateException("Not initialized", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("key == null");
        }
        if (!(key instanceof AndroidKeyStorePrivateKey)) {
            throw new InvalidKeyException("Only Android KeyStore private keys supported. Key: " + ((Object) key));
        }
        this.mKey = (AndroidKeyStorePrivateKey) key;
        try {
            ensureKeystoreOperationInitialized();
        } finally {
            resetAll();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("Unsupported algorithm parameters: " + ((Object) algorithmParameterSpec));
        }
        engineInit(key, secureRandom);
    }

    protected void finalize() throws Throwable {
        try {
            resetAll();
        } finally {
            super.finalize();
        }
    }

    @Override // android.security.keystore.KeyStoreCryptoOperation
    public long getOperationHandle() {
        return this.mOperationHandle;
    }
}
