package org.bouncycastle.jcajce.provider;

import java.security.InvalidKeyException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.Algorithm;
import org.bouncycastle.crypto.PasswordConverter;
import org.bouncycastle.crypto.fips.FipsSHS;
import org.bouncycastle.crypto.internal.ValidatedSymmetricKey;
import org.bouncycastle.jcajce.provider.ProvPBEPBKDF2;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:payload/TIB_bwpluginconfidentiality_6.1.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_confidentiality_runtime_feature_6.1.0.001.zip:source/plugins/com.tibco.bw.confidentiality.runtime_6.1.0.001.jar:lib/bc-fips-1.0.2.jar:org/bouncycastle/jcajce/provider/BaseSecretKeyFactory.class */
public class BaseSecretKeyFactory extends SecretKeyFactorySpi {
    protected final String algorithmName;
    protected final Algorithm algorithm;
    protected final Validator validator;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:payload/TIB_bwpluginconfidentiality_6.1.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_confidentiality_runtime_feature_6.1.0.001.zip:source/plugins/com.tibco.bw.confidentiality.runtime_6.1.0.001.jar:lib/bc-fips-1.0.2.jar:org/bouncycastle/jcajce/provider/BaseSecretKeyFactory$Validator.class */
    public interface Validator {
        byte[] validated(byte[] bArr) throws InvalidKeySpecException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BaseSecretKeyFactory(String str, Algorithm algorithm, Validator validator) {
        this.algorithmName = str;
        this.algorithm = algorithm;
        this.validator = validator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.SecretKeyFactorySpi
    public KeySpec engineGetKeySpec(SecretKey secretKey, Class cls) throws InvalidKeySpecException {
        if (cls == null) {
            throw new InvalidKeySpecException("keySpec parameter is null");
        }
        if (secretKey == null) {
            throw new InvalidKeySpecException("key parameter is null");
        }
        return genericGetKeySpec(secretKey, cls);
    }

    protected KeySpec genericGetKeySpec(SecretKey secretKey, Class cls) throws InvalidKeySpecException {
        if (SecretKeySpec.class.isAssignableFrom(cls)) {
            return new SecretKeySpec(secretKey.getEncoded(), this.algorithmName);
        }
        if (!KeySpec.class.isAssignableFrom(cls)) {
            throw new InvalidKeySpecException("Passed in class is not a KeySpec: " + cls.getName());
        }
        try {
            return (KeySpec) cls.getConstructor(byte[].class).newInstance(this.validator.validated(secretKey.getEncoded()));
        } catch (NoSuchMethodException e) {
            throw new InvalidKeySpecException("Unable to transform encoded key to KeySpec: " + cls.getName());
        } catch (Exception e2) {
            throw new InvalidKeySpecException("Exception transforming to KeySpec: " + e2.toString(), e2);
        }
    }

    @Override // javax.crypto.SecretKeyFactorySpi
    protected SecretKey engineTranslateKey(SecretKey secretKey) throws InvalidKeyException {
        if (secretKey == null) {
            throw new InvalidKeyException("Secret key parameter cannot be null");
        }
        try {
            return new SecretKeySpec(this.validator.validated(secretKey.getEncoded()), this.algorithmName);
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.SecretKeyFactorySpi
    public SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
        if (keySpec instanceof SecretKeySpec) {
            return new ProvSecretKeySpec(new ValidatedSymmetricKey(this.algorithm, this.validator.validated(((SecretKeySpec) keySpec).getEncoded())), this.algorithmName);
        }
        if (keySpec instanceof PBEKeySpec) {
            return new ProvSecretKeySpec(new ValidatedSymmetricKey(this.algorithm, this.validator.validated(new ProvPBEPBKDF2.BasePBKDF2(this.algorithmName, PasswordConverter.UTF8, FipsSHS.Algorithm.SHA256_HMAC).engineGenerateSecret(keySpec).getEncoded())), this.algorithmName);
        }
        if (keySpec == null) {
            throw new InvalidKeySpecException("null KeySpec passed to SecretKeyFactory");
        }
        throw new InvalidKeySpecException("Unknown KeySpec passed to SecretKeyFactory: " + keySpec.getClass().getName());
    }
}
