package org.opensaml.xmlsec.agreement.impl;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.crypto.dh.DHSupport;
import org.opensaml.xmlsec.agreement.KeyAgreementException;
import org.opensaml.xmlsec.agreement.KeyAgreementParameters;
import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
import org.slf4j.Logger;

/* loaded from: input_file:WEB-INF/lib/opensaml-xmlsec-impl-5.1.0.jar:org/opensaml/xmlsec/agreement/impl/DHWithExplicitKDFKeyAgreementProcessor.class */
public class DHWithExplicitKDFKeyAgreementProcessor extends AbstractDerivationKeyAgreementProcessor {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) DHWithExplicitKDFKeyAgreementProcessor.class);

    @Override // org.opensaml.xmlsec.agreement.KeyAgreementProcessor
    @Nonnull
    public String getAlgorithm() {
        return EncryptionConstants.ALGO_ID_KEYAGREEMENT_DH_EXPLICIT_KDF;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.xmlsec.agreement.impl.AbstractKeyAgreementProcessor
    @Nullable
    public Credential obtainPrivateCredential(@Nonnull Credential credential, @Nonnull KeyAgreementParameters keyAgreementParameters) throws KeyAgreementException {
        Credential obtainPrivateCredential = super.obtainPrivateCredential(credential, keyAgreementParameters);
        if (obtainPrivateCredential != null) {
            return obtainPrivateCredential;
        }
        this.log.debug("Found no supplied PrivateCredential in KeyAgreementParameters, generating ephemeral key pair");
        if (!DHPublicKey.class.isInstance(credential.getPublicKey())) {
            throw new KeyAgreementException("Public credential's public key is not an instance of DHPublicKey");
        }
        try {
            KeyPair generateCompatibleKeyPair = DHSupport.generateCompatibleKeyPair((DHPublicKey) DHPublicKey.class.cast(credential.getPublicKey()), null);
            return new BasicCredential(generateCompatibleKeyPair.getPublic(), generateCompatibleKeyPair.getPrivate());
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KeyAgreementException("Error generating private KeyPair from DH public key", e);
        }
    }

    @Override // org.opensaml.xmlsec.agreement.impl.AbstractKeyAgreementProcessor
    @Nonnull
    protected byte[] generateAgreementSecret(@Nonnull Credential credential, @Nonnull Credential credential2, @Nonnull KeyAgreementParameters keyAgreementParameters) throws KeyAgreementException {
        if (!DHPublicKey.class.isInstance(credential.getPublicKey())) {
            throw new KeyAgreementException("Public credential's public key is not an instance of DHPublicKey");
        }
        if (!DHPrivateKey.class.isInstance(credential2.getPrivateKey())) {
            throw new KeyAgreementException("Private credential's private key is not an instance of DHPrivateKey");
        }
        try {
            return DHSupport.performKeyAgreement((DHPublicKey) DHPublicKey.class.cast(credential.getPublicKey()), (DHPrivateKey) DHPrivateKey.class.cast(credential2.getPrivateKey()), null);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KeyAgreementException("Error generating secret from public and private DH keys", e);
        }
    }
}
