package org.bouncycastle.tls.crypto.impl.jcajce;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGenerator;
import org.bouncycastle.jcajce.SecretKeyWithEncapsulation;
import org.bouncycastle.jcajce.spec.KEMExtractSpec;
import org.bouncycastle.jcajce.spec.KEMGenerateSpec;
import org.bouncycastle.jcajce.spec.MLKEMParameterSpec;
import org.bouncycastle.tls.NamedGroup;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsKemConfig;
import org.bouncycastle.tls.crypto.TlsKemDomain;

/* loaded from: input_file:org/bouncycastle/tls/crypto/impl/jcajce/JceTlsMLKemDomain.class */
public class JceTlsMLKemDomain implements TlsKemDomain {
    protected final JcaTlsCrypto crypto;
    protected final String kemName;
    protected final boolean isServer;

    public JceTlsMLKemDomain(JcaTlsCrypto jcaTlsCrypto, TlsKemConfig tlsKemConfig) {
        this.crypto = jcaTlsCrypto;
        this.kemName = NamedGroup.getKemName(tlsKemConfig.getNamedGroup());
        this.isServer = tlsKemConfig.isServer();
    }

    public JceTlsSecret adoptLocalSecret(byte[] bArr) {
        return this.crypto.adoptLocalSecret(bArr);
    }

    @Override // org.bouncycastle.tls.crypto.TlsKemDomain
    public TlsAgreement createKem() {
        return new JceTlsMLKem(this);
    }

    public JceTlsSecret decapsulate(PrivateKey privateKey, byte[] bArr) {
        try {
            KeyGenerator createKeyGenerator = this.crypto.getHelper().createKeyGenerator(this.kemName);
            createKeyGenerator.init((AlgorithmParameterSpec) new KEMExtractSpec.Builder(privateKey, bArr, "DEF", NamedGroup.ffdhe2048).withNoKdf().build());
            return adoptLocalSecret(createKeyGenerator.generateKey().getEncoded());
        } catch (Exception e) {
            throw Exceptions.illegalArgumentException("invalid key: " + e.getMessage(), e);
        }
    }

    public PublicKey decodePublicKey(byte[] bArr) throws IOException {
        return KemUtil.decodePublicKey(this.crypto, this.kemName, bArr);
    }

    public SecretKeyWithEncapsulation encapsulate(PublicKey publicKey) {
        try {
            KeyGenerator createKeyGenerator = this.crypto.getHelper().createKeyGenerator(this.kemName);
            createKeyGenerator.init((AlgorithmParameterSpec) new KEMGenerateSpec.Builder(publicKey, "DEF", NamedGroup.ffdhe2048).withNoKdf().build());
            return createKeyGenerator.generateKey();
        } catch (Exception e) {
            throw Exceptions.illegalArgumentException("invalid key: " + e.getMessage(), e);
        }
    }

    public byte[] encodePublicKey(PublicKey publicKey) throws IOException {
        return KemUtil.encodePublicKey(publicKey);
    }

    public KeyPair generateKeyPair() {
        try {
            KeyPairGenerator createKeyPairGenerator = this.crypto.getHelper().createKeyPairGenerator("ML-KEM");
            createKeyPairGenerator.initialize((AlgorithmParameterSpec) MLKEMParameterSpec.fromName(this.kemName), this.crypto.getSecureRandom());
            return createKeyPairGenerator.generateKeyPair();
        } catch (GeneralSecurityException e) {
            throw Exceptions.illegalStateException("unable to create key pair: " + e.getMessage(), e);
        }
    }

    public boolean isServer() {
        return this.isServer;
    }
}
