package org.opensaml.xmlsec.agreement.impl;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import javax.annotation.Nonnull;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.crypto.ec.ECSupport;
import org.opensaml.xmlsec.agreement.KeyAgreementException;
import org.opensaml.xmlsec.agreement.KeyAgreementParameters;
import org.opensaml.xmlsec.encryption.support.EncryptionConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opensaml-xmlsec-impl-4.3.2.jar:org/opensaml/xmlsec/agreement/impl/ECDHKeyAgreementProcessor.class */
public class ECDHKeyAgreementProcessor extends AbstractDerivationKeyAgreementProcessor {
    private final Logger log = LoggerFactory.getLogger((Class<?>) ECDHKeyAgreementProcessor.class);

    @Override // org.opensaml.xmlsec.agreement.KeyAgreementProcessor
    public String getAlgorithm() {
        return EncryptionConstants.ALGO_ID_KEYAGREEMENT_ECDH_ES;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.xmlsec.agreement.impl.AbstractKeyAgreementProcessor
    public Credential obtainPrivateCredential(@Nonnull Credential credential, @Nonnull KeyAgreementParameters keyAgreementParameters) throws KeyAgreementException {
        Credential obtainPrivateCredential = super.obtainPrivateCredential(credential, keyAgreementParameters);
        if (obtainPrivateCredential != null) {
            return obtainPrivateCredential;
        }
        this.log.debug("Found no supplied PrivateCredential in KeyAgreementParameters, generating ephemeral key pair");
        if (!ECPublicKey.class.isInstance(credential.getPublicKey())) {
            throw new KeyAgreementException("Public credential's public key is not an instance of ECPublicKey");
        }
        try {
            KeyPair generateCompatibleKeyPair = ECSupport.generateCompatibleKeyPair((ECPublicKey) ECPublicKey.class.cast(credential.getPublicKey()), null);
            return new BasicCredential(generateCompatibleKeyPair.getPublic(), generateCompatibleKeyPair.getPrivate());
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KeyAgreementException("Error generating private KeyPair from EC public key", e);
        }
    }

    @Override // org.opensaml.xmlsec.agreement.impl.AbstractKeyAgreementProcessor
    protected byte[] generateAgreementSecret(@Nonnull Credential credential, @Nonnull Credential credential2, @Nonnull KeyAgreementParameters keyAgreementParameters) throws KeyAgreementException {
        if (!ECPublicKey.class.isInstance(credential.getPublicKey())) {
            throw new KeyAgreementException("Public credential's public key is not an instance of ECPublicKey");
        }
        if (!ECPrivateKey.class.isInstance(credential2.getPrivateKey())) {
            throw new KeyAgreementException("Private credential's private key is not an instance of ECPrivateKey");
        }
        try {
            return ECSupport.performKeyAgreement((ECPublicKey) ECPublicKey.class.cast(credential.getPublicKey()), (ECPrivateKey) ECPrivateKey.class.cast(credential2.getPrivateKey()), null);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new KeyAgreementException("Error generating secret from public and private EC keys", e);
        }
    }
}
