package com.netflix.msl.keyx;

import com.netflix.msl.MslError;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.MslKeyExchangeException;
import com.netflix.msl.crypto.CryptoCache;
import com.netflix.msl.entityauth.PresharedKeyStore;
import com.netflix.msl.keyx.AbstractAuthenticatedDiffieHellmanExchange;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.CryptoUtil;
import com.netflix.msl.util.MslContext;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

/* loaded from: classes2.dex */
public class AuthenticatedDiffieHellmanClientExchange extends AbstractAuthenticatedDiffieHellmanExchange {
    private final PresharedKeyStore presharedKeyStore;

    public AuthenticatedDiffieHellmanClientExchange(DerivationKeyRepository derivationKeyRepository, DiffieHellmanParameters diffieHellmanParameters, AuthenticationUtils authenticationUtils, PresharedKeyStore presharedKeyStore) {
        super(derivationKeyRepository, diffieHellmanParameters, authenticationUtils);
        this.presharedKeyStore = presharedKeyStore;
    }

    private byte[] wrapBytes(MslContext mslContext, AbstractAuthenticatedDiffieHellmanExchange.Mechanism mechanism, byte[] bArr, String str) {
        switch (mechanism) {
            case WRAP:
                byte[] unwrap = mslContext.getMslCryptoContext().unwrap(bArr, mslContext.getMslEncoderFactory());
                if (unwrap == null || unwrap.length == 0) {
                    throw new MslKeyExchangeException(MslError.KEYX_WRAPPING_KEY_MISSING);
                }
                return unwrap;
            case PSK:
            case MGK:
                PresharedKeyStore.KeySet keys = this.presharedKeyStore.getKeys(str);
                try {
                    return CryptoUtil.deriveWrappingKey(keys.encryptionKey.getEncoded(), keys.hmacKey.getEncoded());
                } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                    throw new MslInternalException("Wrapping key derivation failed.", e);
                }
            default:
                throw new MslKeyExchangeException(MslError.UNSUPPORTED_KEYX_MECHANISM, mechanism.name());
        }
    }

    @Override // com.netflix.msl.keyx.AbstractAuthenticatedDiffieHellmanExchange
    protected byte[] getHashWrapKeyData(MslContext mslContext, AbstractAuthenticatedDiffieHellmanExchange.Mechanism mechanism, byte[] bArr, String str) {
        try {
            return CryptoCache.getMessageDigest("SHA-384").digest(wrapBytes(mslContext, mechanism, bArr, str));
        } catch (NoSuchAlgorithmException e) {
            throw new MslInternalException("Invalid Hash algorithm specified SHA-384.", e);
        }
    }
}
