package org.bouncycastle.tls.crypto.impl.jcajce;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import javax.crypto.Cipher;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.TlsCredentialedDecryptor;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.util.Arrays;

/* loaded from: classes4.dex */
public class JceDefaultTlsCredentialedDecryptor implements TlsCredentialedDecryptor {
    public final JcaTlsCrypto a;
    public final Certificate b;
    public final PrivateKey c;

    public JceDefaultTlsCredentialedDecryptor(JcaTlsCrypto jcaTlsCrypto, Certificate certificate, PrivateKey privateKey) {
        if (jcaTlsCrypto == null) {
            throw new IllegalArgumentException("'crypto' cannot be null");
        }
        if (certificate.d()) {
            throw new IllegalArgumentException("'certificate' cannot be empty");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("'privateKey' cannot be null");
        }
        if (!(privateKey instanceof RSAPrivateKey) && !"RSA".equals(privateKey.getAlgorithm())) {
            throw new IllegalArgumentException("'privateKey' type not supported: ".concat(privateKey.getClass().getName()));
        }
        this.a = jcaTlsCrypto;
        this.b = certificate;
        this.c = privateKey;
    }

    @Override // org.bouncycastle.tls.TlsCredentials
    public final Certificate a() {
        return this.b;
    }

    @Override // org.bouncycastle.tls.TlsCredentialedDecryptor
    public final JceTlsSecret f(TlsCryptoParameters tlsCryptoParameters, byte[] bArr) throws IOException {
        Cipher b;
        PrivateKey privateKey = this.c;
        JcaTlsCrypto jcaTlsCrypto = this.a;
        SecureRandom secureRandom = jcaTlsCrypto.b;
        ProtocolVersion d = tlsCryptoParameters.a.d();
        byte[] bArr2 = new byte[48];
        secureRandom.nextBytes(bArr2);
        byte[] a = Arrays.a(bArr2);
        try {
            JcaJceHelper jcaJceHelper = jcaTlsCrypto.a;
            try {
                b = jcaJceHelper.b("RSA/NONE/PKCS1Padding");
            } catch (GeneralSecurityException unused) {
                b = jcaJceHelper.b("RSA/ECB/PKCS1Padding");
            }
            b.init(2, privateKey, secureRandom);
            byte[] doFinal = b.doFinal(bArr);
            if (doFinal != null) {
                if (doFinal.length == 48) {
                    a = doFinal;
                }
            }
        } catch (Exception unused2) {
        }
        int i = d.a;
        int i2 = ((((i & 255) ^ (a[1] & 255)) | ((i >> 8) ^ (a[0] & 255))) - 1) >> 31;
        for (int i3 = 0; i3 < 48; i3++) {
            a[i3] = (byte) ((a[i3] & i2) | (bArr2[i3] & (~i2)));
        }
        return new JceTlsSecret(jcaTlsCrypto, Arrays.a(a));
    }
}
