package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Locale;
import javax.crypto.SecretKey;
import org.openeuler.gm.GMConstants;
import org.openeuler.sun.misc.HexDumpEncoder;
import org.openeuler.sun.security.ssl.ECCKeyExchange;
import org.openeuler.sun.security.ssl.GMX509Authentication;
import org.openeuler.sun.security.ssl.SSLHandshake;

/* loaded from: classes6.dex */
final class ECCClientKeyExchange {
    static final SSLConsumer eccHandshakeConsumer;
    static final HandshakeProducer eccHandshakeProducer;

    /* loaded from: classes6.dex */
    private static final class ECCClientKeyExchangeConsumer implements SSLConsumer {
        private ECCClientKeyExchangeConsumer() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            GMX509Authentication.GMX509Possession gMX509Possession;
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            Iterator<SSLPossession> it = serverHandshakeContext.handshakePossessions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    gMX509Possession = null;
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof GMX509Authentication.GMX509Possession) {
                    gMX509Possession = (GMX509Authentication.GMX509Possession) next;
                    break;
                }
            }
            if (gMX509Possession == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "No ECC possessions negotiated for client key exchange");
            }
            PrivateKey privateKey = gMX509Possession.popEncPrivateKey;
            if (!privateKey.getAlgorithm().equals(GMConstants.EC)) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Not ECC private key for client key exchange");
            }
            ECCClientKeyExchangeMessage eCCClientKeyExchangeMessage = new ECCClientKeyExchangeMessage(serverHandshakeContext, byteBuffer);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming ECC ClientKeyExchange handshake message", eCCClientKeyExchangeMessage);
            }
            try {
                serverHandshakeContext.handshakeCredentials.add(ECCKeyExchange.ECCPremasterSecret.decode(serverHandshakeContext, privateKey, eCCClientKeyExchangeMessage.encrypted));
                SSLKeyExchange valueOf = SSLKeyExchange.valueOf(serverHandshakeContext.negotiatedCipherSuite.keyExchange, serverHandshakeContext.negotiatedProtocol);
                if (valueOf == null) {
                    throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
                }
                SecretKey deriveKey = valueOf.createKeyDerivation(serverHandshakeContext).deriveKey("MasterSecret", null);
                serverHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
                SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(serverHandshakeContext.negotiatedProtocol);
                if (valueOf2 != null) {
                    serverHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(serverHandshakeContext, deriveKey);
                    return;
                }
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + serverHandshakeContext.negotiatedProtocol);
            } catch (GeneralSecurityException e) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Cannot decode ECC premaster secret", e);
            }
        }
    }

    /* loaded from: classes6.dex */
    private static final class ECCClientKeyExchangeMessage extends SSLHandshake.HandshakeMessage {
        final byte[] encrypted;
        final int protocolVersion;

        ECCClientKeyExchangeMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer) throws IOException {
            super(handshakeContext);
            if (byteBuffer.remaining() < 2) {
                throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Invalid ECC ClientKeyExchange message: insufficient data");
            }
            this.protocolVersion = handshakeContext.clientHelloVersion;
            this.encrypted = C10343.m80858(byteBuffer);
        }

        ECCClientKeyExchangeMessage(HandshakeContext handshakeContext, ECCKeyExchange.ECCPremasterSecret eCCPremasterSecret, PublicKey publicKey) throws GeneralSecurityException {
            super(handshakeContext);
            this.protocolVersion = handshakeContext.clientHelloVersion;
            this.encrypted = eCCPremasterSecret.getEncoded(publicKey, handshakeContext.sslContext.getSecureRandom());
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_KEY_EXCHANGE;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            return this.encrypted.length + 2;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.encrypted);
        }

        public String toString() {
            return new MessageFormat("\"ECC ClientKeyExchange\": '{'\n  \"client_version\":  {0}\n  \"encncrypted\": '{'\n{1}\n  '}'\n'}'", Locale.ENGLISH).format(new Object[]{ProtocolVersion.nameOf(this.protocolVersion), Utilities.indent(new HexDumpEncoder().encodeBuffer(this.encrypted), "    ")});
        }
    }

    /* loaded from: classes6.dex */
    private static final class ECCClientKeyExchangeProducer implements HandshakeProducer {
        private ECCClientKeyExchangeProducer() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            GMX509Authentication.GMX509Credentials gMX509Credentials;
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            Iterator<SSLCredentials> it = clientHandshakeContext.handshakeCredentials.iterator();
            while (true) {
                if (!it.hasNext()) {
                    gMX509Credentials = null;
                    break;
                }
                SSLCredentials next = it.next();
                if (next instanceof GMX509Authentication.GMX509Credentials) {
                    gMX509Credentials = (GMX509Authentication.GMX509Credentials) next;
                    break;
                }
            }
            if (gMX509Credentials == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "No ECC credentials negotiated for client key exchange");
            }
            PublicKey publicKey = gMX509Credentials.popEncPublicKey;
            if (!publicKey.getAlgorithm().equals(GMConstants.EC)) {
                throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Not ECC public key for client key exchange");
            }
            try {
                ECCKeyExchange.ECCPremasterSecret createPremasterSecret = ECCKeyExchange.ECCPremasterSecret.createPremasterSecret(clientHandshakeContext);
                clientHandshakeContext.handshakePossessions.add(createPremasterSecret);
                ECCClientKeyExchangeMessage eCCClientKeyExchangeMessage = new ECCClientKeyExchangeMessage(clientHandshakeContext, createPremasterSecret, publicKey);
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Produced ECC ClientKeyExchange handshake message", eCCClientKeyExchangeMessage);
                }
                eCCClientKeyExchangeMessage.write(clientHandshakeContext.handshakeOutput);
                clientHandshakeContext.handshakeOutput.flush();
                SSLKeyExchange valueOf = SSLKeyExchange.valueOf(clientHandshakeContext.negotiatedCipherSuite.keyExchange, clientHandshakeContext.negotiatedProtocol);
                if (valueOf == null) {
                    throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
                }
                SecretKey deriveKey = valueOf.createKeyDerivation(clientHandshakeContext).deriveKey("MasterSecret", null);
                clientHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
                SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(clientHandshakeContext.negotiatedProtocol);
                if (valueOf2 != null) {
                    clientHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(clientHandshakeContext, deriveKey);
                    return null;
                }
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + clientHandshakeContext.negotiatedProtocol);
            } catch (GeneralSecurityException e) {
                throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Cannot generate ECC premaster secret", e);
            }
        }
    }

    static {
        eccHandshakeConsumer = new ECCClientKeyExchangeConsumer();
        eccHandshakeProducer = new ECCClientKeyExchangeProducer();
    }

    ECCClientKeyExchange() {
    }
}
