package org.bouncycastle.tls.crypto.impl.jcajce;

import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.SecureRandomSpi;
import java.security.Security;
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
import org.bouncycastle.jcajce.util.JcaJceHelper;
import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoProvider;

/* loaded from: input_file:org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCryptoProvider.class */
public class JcaTlsCryptoProvider implements TlsCryptoProvider {
    private JcaJceHelper helper = new DefaultJcaJceHelper();

    /* loaded from: input_file:org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCryptoProvider$NonceEntropySource.class */
    private static class NonceEntropySource extends SecureRandom {

        /* loaded from: input_file:org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCryptoProvider$NonceEntropySource$NonceEntropySourceSpi.class */
        private static class NonceEntropySourceSpi extends SecureRandomSpi {
            private final SecureRandom source;
            private final MessageDigest digest;
            private final byte[] seed;
            private final byte[] state;

            NonceEntropySourceSpi(SecureRandom secureRandom, MessageDigest messageDigest) {
                this.source = secureRandom;
                this.digest = messageDigest;
                this.seed = secureRandom.generateSeed(messageDigest.getDigestLength());
                this.state = new byte[this.seed.length];
            }

            @Override // java.security.SecureRandomSpi
            protected void engineSetSeed(byte[] bArr) {
                synchronized (this.digest) {
                    runDigest(this.seed, bArr, this.seed);
                }
            }

            @Override // java.security.SecureRandomSpi
            protected void engineNextBytes(byte[] bArr) {
                synchronized (this.digest) {
                    int length = this.state.length;
                    for (int i = 0; i != bArr.length; i++) {
                        if (length == this.state.length) {
                            this.source.nextBytes(this.state);
                            runDigest(this.seed, this.state, this.state);
                            length = 0;
                        }
                        int i2 = length;
                        length++;
                        bArr[i] = this.state[i2];
                    }
                }
            }

            @Override // java.security.SecureRandomSpi
            protected byte[] engineGenerateSeed(int i) {
                return this.source.generateSeed(i);
            }

            private void runDigest(byte[] bArr, byte[] bArr2, byte[] bArr3) {
                this.digest.update(bArr);
                this.digest.update(bArr2);
                try {
                    this.digest.digest(bArr3, 0, bArr3.length);
                } catch (DigestException e) {
                    throw Exceptions.illegalStateException(new StringBuffer().append("unable to generate nonce data: ").append(e.getMessage()).toString(), e);
                }
            }
        }

        NonceEntropySource(JcaJceHelper jcaJceHelper, SecureRandom secureRandom) throws GeneralSecurityException {
            super(new NonceEntropySourceSpi(secureRandom, jcaJceHelper.createDigest("SHA-512")), secureRandom.getProvider());
        }
    }

    public JcaTlsCryptoProvider setProvider(Provider provider) {
        this.helper = new ProviderJcaJceHelper(provider);
        return this;
    }

    public JcaTlsCryptoProvider setProvider(String str) {
        this.helper = new NamedJcaJceHelper(str);
        return this;
    }

    @Override // org.bouncycastle.tls.crypto.TlsCryptoProvider
    public TlsCrypto create(SecureRandom secureRandom) {
        if (secureRandom == null) {
            try {
                secureRandom = this.helper instanceof DefaultJcaJceHelper ? SecureRandom.getInstance("DEFAULT") : SecureRandom.getInstance("DEFAULT", this.helper.createDigest("SHA-512").getProvider());
            } catch (GeneralSecurityException e) {
                throw Exceptions.illegalStateException(new StringBuffer().append("unable to create TlsCrypto: ").append(e.getMessage()).toString(), e);
            }
        }
        return create(secureRandom, new NonceEntropySource(this.helper, secureRandom));
    }

    @Override // org.bouncycastle.tls.crypto.TlsCryptoProvider
    public TlsCrypto create(SecureRandom secureRandom, SecureRandom secureRandom2) {
        return new JcaTlsCrypto(this.helper, secureRandom, secureRandom2);
    }

    public Provider getPkixProvider() {
        try {
            return Security.getProvider("IBMCertPath") != null ? Security.getProvider("IBMCertPath") : this.helper.createCertificateFactory("X.509").getProvider();
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("unable to find CertificateFactory");
        }
    }
}
