package kh;

import com.rsa.crypto.AlgorithmStrings;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.provider.JsafeJCE;
import com.rsa.jsafe.provider.PKCS11SessionParameterSpec;
import com.rsa.ssl.SSLException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.spec.DHParameterSpec;

/* loaded from: classes2.dex */
public final class c5 {

    /* renamed from: a, reason: collision with root package name */
    public JsafeJCE f39923a;

    /* renamed from: b, reason: collision with root package name */
    public w3 f39924b;

    /* renamed from: c, reason: collision with root package name */
    public e5 f39925c;

    public c5(JsafeJCE jsafeJCE, w3 w3Var, e5 e5Var) {
        this.f39923a = jsafeJCE;
        this.f39924b = w3Var;
        this.f39925c = e5Var;
    }

    public final void a(PrivateKey privateKey, PublicKey publicKey, String str) throws Exception {
        JSAFE_SecureRandom d10 = this.f39924b.d();
        DHParameterSpec params = ((DHPrivateKey) privateKey).getParams();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str, this.f39923a);
        keyPairGenerator.initialize(params, d10);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey2 = generateKeyPair.getPublic();
        PrivateKey privateKey2 = generateKeyPair.getPrivate();
        KeyAgreement keyAgreement = KeyAgreement.getInstance(str, this.f39923a);
        keyAgreement.init(privateKey, d10);
        keyAgreement.doPhase(publicKey2, true);
        byte[] generateSecret = keyAgreement.generateSecret();
        keyAgreement.init(privateKey2, d10);
        keyAgreement.doPhase(publicKey, true);
        if (!mg.l.h(generateSecret, keyAgreement.generateSecret())) {
            throw new SSLException("Private key and public key does not match");
        }
    }

    public final void b(PrivateKey privateKey, PublicKey publicKey, boolean z10, String str) throws Exception {
        Signature signature;
        byte[] bArr = {0};
        if (z10) {
            signature = Signature.getInstance(str + "andPKCS11", this.f39923a);
            PKCS11SessionParameterSpec[] d10 = this.f39925c.d();
            if (d10 == null) {
                throw new SSLException("No PKCS #11 sessions configured whilst using a PKCS #11 private key");
            }
            signature.setParameter(d10[0]);
        } else {
            signature = Signature.getInstance(str, this.f39923a);
        }
        signature.initSign(privateKey, this.f39924b.d());
        signature.update(bArr);
        byte[] sign = signature.sign();
        Signature signature2 = Signature.getInstance(str, this.f39923a);
        signature2.initVerify(publicKey);
        signature2.update(bArr);
        if (!signature2.verify(sign)) {
            throw new SSLException("Private key and public key does not match");
        }
    }

    public void c(X509Certificate[] x509CertificateArr, PrivateKey privateKey, boolean z10) throws Exception {
        String algorithm = privateKey.getAlgorithm();
        PublicKey publicKey = x509CertificateArr[0].getPublicKey();
        String algorithm2 = publicKey.getAlgorithm();
        if (!algorithm.equals(algorithm2)) {
            throw new SSLException("Private key and public key algorithms do not match");
        }
        if (algorithm2.equals("EC")) {
            b(privateKey, publicKey, false, "SHA1/ECDSA");
            return;
        }
        if (algorithm2.equals("RSA") || algorithm2.equals(AlgorithmStrings.DSA)) {
            b(privateKey, publicKey, z10, "SHA1with" + algorithm2);
            return;
        }
        if (algorithm2.equals(l3.f40217i)) {
            a(privateKey, publicKey, algorithm2);
            return;
        }
        throw new Exception("Unknown key format: " + algorithm2);
    }
}
