package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AccessControlContext;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import org.openeuler.sun.misc.HexDumpEncoder;
import org.openeuler.sun.security.ssl.KrbKeyExchange;
import org.openeuler.sun.security.ssl.SSLHandshake;

/* loaded from: classes6.dex */
final class KrbClientKeyExchange {
    static final SSLConsumer krbHandshakeConsumer;
    static final HandshakeProducer krbHandshakeProducer;

    /* loaded from: classes6.dex */
    private static final class KrbClientKeyExchangeConsumer implements SSLConsumer {
        private KrbClientKeyExchangeConsumer() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            Object obj;
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            Iterator<SSLPossession> it = serverHandshakeContext.handshakePossessions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    obj = null;
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof KrbKeyExchange.KrbServiceCreds) {
                    obj = ((KrbKeyExchange.KrbServiceCreds) next).serviceCreds;
                    break;
                }
            }
            if (obj == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "No Kerberos service credentials for KRB Client Key Exchange");
            }
            KrbClientKeyExchangeMessage krbClientKeyExchangeMessage = new KrbClientKeyExchangeMessage(serverHandshakeContext, byteBuffer, obj, serverHandshakeContext.conContext.acc);
            KrbKeyExchange.KrbPremasterSecret decode = KrbKeyExchange.KrbPremasterSecret.decode(serverHandshakeContext.negotiatedProtocol, ProtocolVersion.valueOf(serverHandshakeContext.clientHelloVersion), krbClientKeyExchangeMessage.getPlainPreMasterSecret(), serverHandshakeContext.sslContext.getSecureRandom());
            serverHandshakeContext.handshakeSession.setPeerPrincipal(krbClientKeyExchangeMessage.getPeerPrincipal());
            serverHandshakeContext.handshakeSession.setLocalPrincipal(krbClientKeyExchangeMessage.getLocalPrincipal());
            serverHandshakeContext.handshakeCredentials.add(decode);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming KRB5 ClientKeyExchange handshake message", krbClientKeyExchangeMessage);
            }
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(serverHandshakeContext.negotiatedCipherSuite.keyExchange, serverHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SecretKey deriveKey = valueOf.createKeyDerivation(serverHandshakeContext).deriveKey("MasterSecret", null);
            serverHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(serverHandshakeContext.negotiatedProtocol);
            if (valueOf2 != null) {
                serverHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(serverHandshakeContext, deriveKey);
                return;
            }
            throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + serverHandshakeContext.negotiatedProtocol);
        }
    }

    /* loaded from: classes6.dex */
    private static final class KrbClientKeyExchangeMessage extends SSLHandshake.HandshakeMessage {
        private final KrbClientKeyExchangeHelper krb5Helper;

        private KrbClientKeyExchangeMessage(HandshakeContext handshakeContext) {
            super(handshakeContext);
            this.krb5Helper = new KrbClientKeyExchangeHelper();
        }

        KrbClientKeyExchangeMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer, Object obj, AccessControlContext accessControlContext) throws IOException {
            this(handshakeContext);
            byte[] m80858 = C10343.m80858(byteBuffer);
            boolean z = SSLLogger.isOn;
            if (z && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("encoded Kerberos service ticket", m80858);
            }
            C10343.m80858(byteBuffer);
            byte[] m808582 = C10343.m80858(byteBuffer);
            if (m808582 != null && z && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("encrypted Kerberos pre-master secret", m808582);
            }
            this.krb5Helper.init(m80858, m808582, obj, accessControlContext);
        }

        KrbClientKeyExchangeMessage(HandshakeContext handshakeContext, byte[] bArr, String str, AccessControlContext accessControlContext) throws IOException {
            this(handshakeContext);
            this.krb5Helper.init(bArr, str, accessControlContext);
        }

        Principal getLocalPrincipal() {
            return this.krb5Helper.getLocalPrincipal();
        }

        Principal getPeerPrincipal() {
            return this.krb5Helper.getPeerPrincipal();
        }

        byte[] getPlainPreMasterSecret() {
            return this.krb5Helper.getPlainPreMasterSecret();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_KEY_EXCHANGE;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        int messageLength() {
            return this.krb5Helper.getEncodedTicket().length + 6 + this.krb5Helper.getEncryptedPreMasterSecret().length;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.krb5Helper.getEncodedTicket());
            handshakeOutStream.putBytes16(null);
            handshakeOutStream.putBytes16(this.krb5Helper.getEncryptedPreMasterSecret());
        }

        public String toString() {
            MessageFormat messageFormat = new MessageFormat("\"KRB5 ClientKeyExchange\": '{'\n  \"ticket\": '{'\n{0}\n  '}'\n  \"pre-master\": '{'\n    \"plain\": '{'\n{1}\n    '}'\n    \"encrypted\": '{'\n{2}\n    '}'\n  '}'\n'}'", Locale.ENGLISH);
            HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
            return messageFormat.format(new Object[]{Utilities.indent(hexDumpEncoder.encodeBuffer(this.krb5Helper.getEncodedTicket()), "  "), Utilities.indent(hexDumpEncoder.encodeBuffer(this.krb5Helper.getPlainPreMasterSecret()), "      "), Utilities.indent(hexDumpEncoder.encodeBuffer(this.krb5Helper.getEncryptedPreMasterSecret()), "      ")});
        }
    }

    /* loaded from: classes6.dex */
    private static final class KrbClientKeyExchangeProducer implements HandshakeProducer {
        private KrbClientKeyExchangeProducer() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            String peerHost;
            SNIHostName sNIHostName;
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            SNIServerName sNIServerName = clientHandshakeContext.negotiatedServerName;
            if (sNIServerName != null) {
                if (sNIServerName.getType() == 0) {
                    SNIServerName sNIServerName2 = clientHandshakeContext.negotiatedServerName;
                    if (sNIServerName2 instanceof SNIHostName) {
                        sNIHostName = (SNIHostName) sNIServerName2;
                    } else {
                        try {
                            sNIHostName = new SNIHostName(clientHandshakeContext.negotiatedServerName.getEncoded());
                        } catch (IllegalArgumentException unused) {
                            sNIHostName = null;
                        }
                    }
                    if (sNIHostName != null) {
                        peerHost = sNIHostName.getAsciiName();
                    }
                }
                peerHost = null;
            } else {
                peerHost = clientHandshakeContext.handshakeSession.getPeerHost();
            }
            try {
                KrbKeyExchange.KrbPremasterSecret createPremasterSecret = KrbKeyExchange.KrbPremasterSecret.createPremasterSecret(clientHandshakeContext.negotiatedProtocol, clientHandshakeContext.sslContext.getSecureRandom());
                KrbClientKeyExchangeMessage krbClientKeyExchangeMessage = new KrbClientKeyExchangeMessage(clientHandshakeContext, createPremasterSecret.preMaster, peerHost, clientHandshakeContext.conContext.acc);
                clientHandshakeContext.handshakePossessions.add(createPremasterSecret);
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Produced KRB5 ClientKeyExchange handshake message", krbClientKeyExchangeMessage);
                }
                clientHandshakeContext.handshakeSession.setPeerPrincipal(krbClientKeyExchangeMessage.getPeerPrincipal());
                clientHandshakeContext.handshakeSession.setLocalPrincipal(krbClientKeyExchangeMessage.getLocalPrincipal());
                krbClientKeyExchangeMessage.write(clientHandshakeContext.handshakeOutput);
                clientHandshakeContext.handshakeOutput.flush();
                SSLKeyExchange valueOf = SSLKeyExchange.valueOf(clientHandshakeContext.negotiatedCipherSuite.keyExchange, clientHandshakeContext.negotiatedProtocol);
                if (valueOf == null) {
                    throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
                }
                SecretKey deriveKey = valueOf.createKeyDerivation(clientHandshakeContext).deriveKey("MasterSecret", null);
                clientHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
                SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(clientHandshakeContext.negotiatedProtocol);
                if (valueOf2 != null) {
                    clientHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(clientHandshakeContext, deriveKey);
                    return null;
                }
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + clientHandshakeContext.negotiatedProtocol);
            } catch (IOException e) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Error generating KRB premaster secret. Hostname: " + peerHost + " - Negotiated server name: " + clientHandshakeContext.negotiatedServerName, new Object[0]);
                }
                throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Cannot generate KRB premaster secret", e);
            }
        }
    }

    static {
        krbHandshakeConsumer = new KrbClientKeyExchangeConsumer();
        krbHandshakeProducer = new KrbClientKeyExchangeProducer();
    }

    KrbClientKeyExchange() {
    }
}
