package org.bouncycastle.tls.crypto.impl;

import java.io.IOException;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCipher;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsHMAC;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:BOOT-INF/lib/jruby-stdlib-9.2.17.0.jar:META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bctls-jdk15on/1.65/bctls-jdk15on-1.65.jar:org/bouncycastle/tls/crypto/impl/AbstractTlsSecret.class */
public abstract class AbstractTlsSecret implements TlsSecret {
    protected byte[] data;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractTlsSecret(byte[] bArr) {
        this.data = bArr;
    }

    protected abstract TlsSecret adoptLocalSecret(byte[] bArr);

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkAlive() {
        if (this.data == null) {
            throw new IllegalStateException("Secret has already been extracted or destroyed");
        }
    }

    protected abstract AbstractTlsCrypto getCrypto();

    @Override // org.bouncycastle.tls.crypto.TlsSecret
    public TlsCipher createCipher(TlsCryptoParameters tlsCryptoParameters, int i, int i2) throws IOException {
        return getCrypto().createCipher(tlsCryptoParameters, i, i2);
    }

    @Override // org.bouncycastle.tls.crypto.TlsSecret
    public synchronized void destroy() {
        if (this.data != null) {
            Arrays.fill(this.data, (byte) 0);
            this.data = null;
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsSecret
    public synchronized byte[] encrypt(TlsCertificate tlsCertificate) throws IOException {
        checkAlive();
        return getCrypto().createEncryptor(tlsCertificate).encrypt(this.data, 0, this.data.length);
    }

    @Override // org.bouncycastle.tls.crypto.TlsSecret
    public synchronized byte[] extract() {
        checkAlive();
        byte[] bArr = this.data;
        this.data = null;
        return bArr;
    }

    @Override // org.bouncycastle.tls.crypto.TlsSecret
    public synchronized TlsSecret hkdfExpand(short s, byte[] bArr, int i) {
        checkAlive();
        byte[] bArr2 = this.data;
        TlsHMAC createHMAC = getCrypto().createHMAC(s);
        createHMAC.setKey(bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[i];
        int macLength = createHMAC.getMacLength();
        byte[] bArr4 = new byte[macLength];
        byte b = 0;
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= i) {
                return adoptLocalSecret(bArr3);
            }
            if (b != 0) {
                createHMAC.update(bArr4, 0, bArr4.length);
            }
            createHMAC.update(bArr, 0, bArr.length);
            b = (byte) (b + 1);
            createHMAC.update(new byte[]{b}, 0, 1);
            createHMAC.calculateMAC(bArr4, 0);
            int min = Math.min(macLength, i - i3);
            System.arraycopy(bArr4, 0, bArr3, i3, min);
            i2 = i3 + min;
        }
    }

    @Override // org.bouncycastle.tls.crypto.TlsSecret
    public synchronized TlsSecret hkdfExtract(short s, byte[] bArr) {
        checkAlive();
        byte[] bArr2 = this.data;
        this.data = null;
        TlsHMAC createHMAC = getCrypto().createHMAC(s);
        createHMAC.setKey(bArr2, 0, bArr2.length);
        createHMAC.update(bArr, 0, bArr.length);
        return adoptLocalSecret(createHMAC.calculateMAC());
    }

    @Override // org.bouncycastle.tls.crypto.TlsSecret
    public synchronized boolean isAlive() {
        return null != this.data;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized byte[] copyData() {
        return Arrays.clone(this.data);
    }
}
