package org.bouncycastle.tls.crypto.impl.jcajce;

import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.SecretWithEncapsulation;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKEMExtractor;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKEMGenerator;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKeyGenerationParameters;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKeyPairGenerator;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberParameters;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberPrivateKeyParameters;
import org.bouncycastle.pqc.crypto.crystals.kyber.KyberPublicKeyParameters;
import org.bouncycastle.tls.NamedGroup;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsKemConfig;
import org.bouncycastle.tls.crypto.TlsKemDomain;

/* loaded from: input_file:org/bouncycastle/tls/crypto/impl/jcajce/JceTlsMLKemDomain.class */
public class JceTlsMLKemDomain implements TlsKemDomain {
    protected final JcaTlsCrypto crypto;
    protected final KyberParameters kyberParameters;
    protected final boolean isServer;

    protected static KyberParameters getKyberParameters(int i) {
        switch (i) {
            case NamedGroup.OQS_mlkem512 /* 583 */:
                return KyberParameters.kyber512;
            case NamedGroup.OQS_mlkem768 /* 584 */:
            case NamedGroup.DRAFT_mlkem768 /* 1896 */:
                return KyberParameters.kyber768;
            case NamedGroup.OQS_mlkem1024 /* 585 */:
            case NamedGroup.DRAFT_mlkem1024 /* 4132 */:
                return KyberParameters.kyber1024;
            default:
                return null;
        }
    }

    public JceTlsMLKemDomain(JcaTlsCrypto jcaTlsCrypto, TlsKemConfig tlsKemConfig) {
        this.crypto = jcaTlsCrypto;
        this.kyberParameters = getKyberParameters(tlsKemConfig.getNamedGroup());
        this.isServer = tlsKemConfig.isServer();
    }

    public JceTlsSecret adoptLocalSecret(byte[] bArr) {
        return this.crypto.adoptLocalSecret(bArr);
    }

    @Override // org.bouncycastle.tls.crypto.TlsKemDomain
    public TlsAgreement createKem() {
        return new JceTlsMLKem(this);
    }

    public JceTlsSecret decapsulate(KyberPrivateKeyParameters kyberPrivateKeyParameters, byte[] bArr) {
        return adoptLocalSecret(new KyberKEMExtractor(kyberPrivateKeyParameters).extractSecret(bArr));
    }

    public KyberPublicKeyParameters decodePublicKey(byte[] bArr) {
        return new KyberPublicKeyParameters(this.kyberParameters, bArr);
    }

    public SecretWithEncapsulation encapsulate(KyberPublicKeyParameters kyberPublicKeyParameters) {
        return new KyberKEMGenerator(this.crypto.getSecureRandom()).generateEncapsulated(kyberPublicKeyParameters);
    }

    public byte[] encodePublicKey(KyberPublicKeyParameters kyberPublicKeyParameters) {
        return kyberPublicKeyParameters.getEncoded();
    }

    public AsymmetricCipherKeyPair generateKeyPair() {
        KyberKeyPairGenerator kyberKeyPairGenerator = new KyberKeyPairGenerator();
        kyberKeyPairGenerator.init(new KyberKeyGenerationParameters(this.crypto.getSecureRandom(), this.kyberParameters));
        return kyberKeyPairGenerator.generateKeyPair();
    }

    public boolean isServer() {
        return this.isServer;
    }
}
