package org.bouncycastle.crypto;

import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import org.bouncycastle.crypto.fips.FipsOperationError;
import org.bouncycastle.crypto.internal.Permissions;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:bc-lib/bc-fips.jar:org/bouncycastle/crypto/SymmetricSecretKey.class */
public final class SymmetricSecretKey implements SymmetricKey, Destroyable {
    private Algorithm algorithm;
    private byte[] bytes;
    private final AtomicBoolean hasBeenDestroyed = new AtomicBoolean(false);
    private final boolean approvedModeOnly = CryptoServicesRegistrar.isInApprovedOnlyMode();
    private int hashCode = calculateHashCode();

    public SymmetricSecretKey(Algorithm algorithm, byte[] bArr) {
        this.algorithm = algorithm;
        this.bytes = (byte[]) bArr.clone();
    }

    public SymmetricSecretKey(Parameters parameters, byte[] bArr) {
        this.algorithm = parameters.getAlgorithm();
        this.bytes = (byte[]) bArr.clone();
    }

    @Override // org.bouncycastle.crypto.Key
    public Algorithm getAlgorithm() {
        checkDestroyed();
        return this.algorithm;
    }

    private void zeroize() {
        for (int i = 0; i != this.bytes.length; i++) {
            this.bytes[i] = 0;
        }
        this.bytes = null;
        this.algorithm = null;
        this.hashCode = 0;
    }

    @Override // org.bouncycastle.crypto.SymmetricKey
    public byte[] getKeyBytes() {
        checkApprovedOnlyModeStatus();
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(Permissions.CanOutputSecretKey);
        }
        byte[] clone = Arrays.clone(this.bytes);
        checkDestroyed();
        return clone;
    }

    @Override // org.bouncycastle.crypto.Key
    public boolean equals(Object obj) {
        checkApprovedOnlyModeStatus();
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof SymmetricSecretKey)) {
            return false;
        }
        SymmetricSecretKey symmetricSecretKey = (SymmetricSecretKey) obj;
        symmetricSecretKey.checkApprovedOnlyModeStatus();
        return this.algorithm != null && this.algorithm.equals(symmetricSecretKey.algorithm) && Arrays.constantTimeAreEqual(this.bytes, symmetricSecretKey.bytes);
    }

    @Override // org.bouncycastle.crypto.Key
    public int hashCode() {
        checkApprovedOnlyModeStatus();
        return this.hashCode;
    }

    private int calculateHashCode() {
        checkApprovedOnlyModeStatus();
        return (31 * getAlgorithm().hashCode()) + Arrays.hashCode(this.bytes);
    }

    final void checkApprovedOnlyModeStatus() {
        if (this.approvedModeOnly != CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            throw new FipsOperationError("attempt to use key created in " + (this.approvedModeOnly ? "approved mode" : "unapproved mode") + " in alternate mode.");
        }
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        if (this.hasBeenDestroyed.compareAndSet(false, true)) {
            zeroize();
        }
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.hasBeenDestroyed.get();
    }

    private void checkDestroyed() {
        if (isDestroyed()) {
            throw new IllegalStateException("key has been destroyed");
        }
    }
}
