package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.CryptoPrimitive;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.net.ssl.SSLHandshakeException;
import org.openeuler.sun.misc.HexDumpEncoder;
import org.openeuler.sun.security.ssl.DHKeyExchange;
import org.openeuler.sun.security.ssl.SSLHandshake;
import org.openeuler.sun.security.ssl.SupportedGroupsExtension;

/* loaded from: classes6.dex */
final class DHClientKeyExchange {
    static final DHClientKeyExchangeConsumer dhHandshakeConsumer;
    static final DHClientKeyExchangeProducer dhHandshakeProducer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes6.dex */
    public static final class DHClientKeyExchangeConsumer implements SSLConsumer {
        private DHClientKeyExchangeConsumer() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            DHKeyExchange.DHEPossession dHEPossession;
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            Iterator<SSLPossession> it = serverHandshakeContext.handshakePossessions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    dHEPossession = null;
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof DHKeyExchange.DHEPossession) {
                    dHEPossession = (DHKeyExchange.DHEPossession) next;
                    break;
                }
            }
            if (dHEPossession == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No expected DHE possessions for client key exchange");
            }
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(serverHandshakeContext.negotiatedCipherSuite.keyExchange, serverHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            DHClientKeyExchangeMessage dHClientKeyExchangeMessage = new DHClientKeyExchangeMessage(serverHandshakeContext, byteBuffer);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming DH ClientKeyExchange handshake message", dHClientKeyExchangeMessage);
            }
            try {
                DHParameterSpec params = dHEPossession.publicKey.getParams();
                DHPublicKey dHPublicKey = (DHPublicKey) JsseJce.getKeyFactory("DiffieHellman").generatePublic(new DHPublicKeySpec(new BigInteger(1, dHClientKeyExchangeMessage.y), params.getP(), params.getG()));
                if (!serverHandshakeContext.algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), dHPublicKey)) {
                    throw new SSLHandshakeException("DHPublicKey does not comply to algorithm constraints");
                }
                serverHandshakeContext.handshakeCredentials.add(new DHKeyExchange.DHECredentials(dHPublicKey, SupportedGroupsExtension.NamedGroup.valueOf(params)));
                SecretKey deriveKey = valueOf.createKeyDerivation(serverHandshakeContext).deriveKey("MasterSecret", null);
                serverHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
                SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(serverHandshakeContext.negotiatedProtocol);
                if (valueOf2 != null) {
                    serverHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(serverHandshakeContext, deriveKey);
                    return;
                }
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + serverHandshakeContext.negotiatedProtocol);
            } catch (IOException | GeneralSecurityException e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate DHPublicKey").initCause(e));
            }
        }
    }

    /* loaded from: classes6.dex */
    private static final class DHClientKeyExchangeMessage extends SSLHandshake.HandshakeMessage {
        private byte[] y;

        DHClientKeyExchangeMessage(HandshakeContext handshakeContext) throws IOException {
            super(handshakeContext);
            DHKeyExchange.DHEPossession dHEPossession;
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) handshakeContext;
            Iterator<SSLPossession> it = clientHandshakeContext.handshakePossessions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    dHEPossession = null;
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof DHKeyExchange.DHEPossession) {
                    dHEPossession = (DHKeyExchange.DHEPossession) next;
                    break;
                }
            }
            if (dHEPossession == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No DHE credentials negotiated for client key exchange");
            }
            DHPublicKey dHPublicKey = dHEPossession.publicKey;
            dHPublicKey.getParams();
            this.y = Utilities.toByteArray(dHPublicKey.getY());
        }

        DHClientKeyExchangeMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer) throws IOException {
            super(handshakeContext);
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) handshakeContext;
            if (byteBuffer.remaining() < 3) {
                throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Invalid DH ClientKeyExchange message: insufficient data");
            }
            this.y = C10343.m80858(byteBuffer);
            if (byteBuffer.hasRemaining()) {
                throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Invalid DH ClientKeyExchange message: unknown extra data");
            }
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_KEY_EXCHANGE;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            return this.y.length + 2;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.y);
        }

        public String toString() {
            return new MessageFormat("\"DH ClientKeyExchange\": '{'\n  \"parameters\": '{'\n    \"dh_Yc\": '{'\n{0}\n    '}',\n  '}'\n'}'", Locale.ENGLISH).format(new Object[]{Utilities.indent(new HexDumpEncoder().encodeBuffer(this.y), "      ")});
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes6.dex */
    public static final class DHClientKeyExchangeProducer implements HandshakeProducer {
        private DHClientKeyExchangeProducer() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            DHKeyExchange.DHECredentials dHECredentials;
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            Iterator<SSLCredentials> it = clientHandshakeContext.handshakeCredentials.iterator();
            while (true) {
                if (!it.hasNext()) {
                    dHECredentials = null;
                    break;
                }
                SSLCredentials next = it.next();
                if (next instanceof DHKeyExchange.DHECredentials) {
                    dHECredentials = (DHKeyExchange.DHECredentials) next;
                    break;
                }
            }
            if (dHECredentials == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No DHE credentials negotiated for client key exchange");
            }
            clientHandshakeContext.handshakePossessions.add(new DHKeyExchange.DHEPossession(dHECredentials, clientHandshakeContext.sslContext.getSecureRandom()));
            DHClientKeyExchangeMessage dHClientKeyExchangeMessage = new DHClientKeyExchangeMessage(clientHandshakeContext);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced DH ClientKeyExchange handshake message", dHClientKeyExchangeMessage);
            }
            dHClientKeyExchangeMessage.write(clientHandshakeContext.handshakeOutput);
            clientHandshakeContext.handshakeOutput.flush();
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(clientHandshakeContext.negotiatedCipherSuite.keyExchange, clientHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SecretKey deriveKey = valueOf.createKeyDerivation(clientHandshakeContext).deriveKey("MasterSecret", null);
            clientHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(clientHandshakeContext.negotiatedProtocol);
            if (valueOf2 != null) {
                clientHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(clientHandshakeContext, deriveKey);
                return null;
            }
            throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + clientHandshakeContext.negotiatedProtocol);
        }
    }

    static {
        dhHandshakeConsumer = new DHClientKeyExchangeConsumer();
        dhHandshakeProducer = new DHClientKeyExchangeProducer();
    }

    DHClientKeyExchange() {
    }
}
