package org.intellicastle.tls.crypto.impl.jcajce;

import java.io.IOException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.intellicastle.jcajce.SecretKeyWithEncapsulation;
import org.intellicastle.tls.crypto.TlsAgreement;
import org.intellicastle.tls.crypto.TlsSecret;

/* loaded from: input_file:org/intellicastle/tls/crypto/impl/jcajce/JceTlsMLKem.class */
public class JceTlsMLKem implements TlsAgreement {
    protected final JceTlsMLKemDomain domain;
    protected PrivateKey privateKey;
    protected PublicKey publicKey;
    protected TlsSecret secret;

    public JceTlsMLKem(JceTlsMLKemDomain jceTlsMLKemDomain) {
        this.domain = jceTlsMLKemDomain;
    }

    @Override // org.intellicastle.tls.crypto.TlsAgreement
    public byte[] generateEphemeral() throws IOException {
        if (!this.domain.isServer()) {
            KeyPair generateKeyPair = this.domain.generateKeyPair();
            this.privateKey = generateKeyPair.getPrivate();
            return KemUtil.encodePublicKey(generateKeyPair.getPublic());
        }
        SecretKeyWithEncapsulation encapsulate = this.domain.encapsulate(this.publicKey);
        this.publicKey = null;
        this.secret = this.domain.adoptLocalSecret(encapsulate.getEncoded());
        return encapsulate.getEncapsulation();
    }

    @Override // org.intellicastle.tls.crypto.TlsAgreement
    public void receivePeerValue(byte[] bArr) throws IOException {
        if (this.domain.isServer()) {
            this.publicKey = this.domain.decodePublicKey(bArr);
        } else {
            this.secret = this.domain.decapsulate(this.privateKey, bArr);
            this.privateKey = null;
        }
    }

    @Override // org.intellicastle.tls.crypto.TlsAgreement
    public TlsSecret calculateSecret() throws IOException {
        TlsSecret tlsSecret = this.secret;
        this.secret = null;
        return tlsSecret;
    }
}
