package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.interfaces.ECPublicKey;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLException;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.openeuler.SM2KeyExchangeParameterSpec;
import org.openeuler.SM2KeyExchangeUtil;
import org.openeuler.sun.misc.HexDumpEncoder;
import org.openeuler.sun.security.ssl.GMX509Authentication;
import org.openeuler.sun.security.ssl.SM2KeyExchange;
import org.openeuler.sun.security.ssl.SSLHandshake;
import org.openeuler.sun.security.ssl.SupportedGroupsExtension;

/* loaded from: classes6.dex */
final class SM2ClientKeyExchange {
    static final SSLConsumer sm2HandshakeConsumer;
    static final HandshakeProducer sm2HandshakeProducer;

    /* loaded from: classes6.dex */
    private static final class SM2ClientKeyExchangeConsumer implements SSLConsumer {
        private SM2ClientKeyExchangeConsumer() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            GMX509Authentication.GMX509Credentials gMX509Credentials;
            SM2KeyExchange.SM2Possession sM2Possession;
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            Iterator<SSLPossession> it = serverHandshakeContext.handshakePossessions.iterator();
            while (true) {
                gMX509Credentials = null;
                if (!it.hasNext()) {
                    sM2Possession = null;
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof SM2KeyExchange.SM2Possession) {
                    sM2Possession = (SM2KeyExchange.SM2Possession) next;
                    break;
                }
            }
            if (sM2Possession == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "No expected SM2 possessions for client key exchange");
            }
            SupportedGroupsExtension.NamedGroup valueOf = SupportedGroupsExtension.NamedGroup.valueOf(sM2Possession.publicKey.getParams());
            if (valueOf == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Unsupported EC server cert for SM2 client key exchange");
            }
            SSLKeyExchange valueOf2 = SSLKeyExchange.valueOf(serverHandshakeContext.negotiatedCipherSuite.keyExchange, serverHandshakeContext.negotiatedProtocol);
            if (valueOf2 == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SM2ClientKeyExchangeMessage sM2ClientKeyExchangeMessage = new SM2ClientKeyExchangeMessage(serverHandshakeContext, byteBuffer);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming SM2 ClientKeyExchange handshake message", sM2ClientKeyExchangeMessage);
            }
            Iterator<SSLCredentials> it2 = serverHandshakeContext.handshakeCredentials.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                SSLCredentials next2 = it2.next();
                if (next2 instanceof GMX509Authentication.GMX509Credentials) {
                    gMX509Credentials = (GMX509Authentication.GMX509Credentials) next2;
                    break;
                }
            }
            serverHandshakeContext.handshakeCredentials.add(new SM2KeyExchange.SM2Credentials((ECPublicKey) gMX509Credentials.popEncPublicKey, valueOf, sM2ClientKeyExchangeMessage.encodedPoint));
            SecretKey deriveKey = valueOf2.createKeyDerivation(serverHandshakeContext).deriveKey("MasterSecret", new SM2KeyExchangeParameterSpec(sM2Possession.publicKey, "1234567812345678".getBytes(), sM2Possession.randomNum, sM2ClientKeyExchangeMessage.encodedPoint, "1234567812345678".getBytes(), 48, true));
            serverHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf3 = SSLTrafficKeyDerivation.valueOf(serverHandshakeContext.negotiatedProtocol);
            if (valueOf3 != null) {
                serverHandshakeContext.handshakeKeyDerivation = valueOf3.createKeyDerivation(serverHandshakeContext, deriveKey);
                return;
            }
            throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + serverHandshakeContext.negotiatedProtocol);
        }
    }

    /* loaded from: classes6.dex */
    private static final class SM2ClientKeyExchangeMessage extends SSLHandshake.HandshakeMessage {
        private static final byte CURVE_NAMED_CURVE = 3;
        private final byte[] encodedPoint;

        SM2ClientKeyExchangeMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer) throws IOException {
            super(handshakeContext);
            C10343.m80848(byteBuffer);
            C10343.m80849(byteBuffer);
            if (byteBuffer.remaining() != 0) {
                this.encodedPoint = C10343.m80851(byteBuffer);
            } else {
                this.encodedPoint = new byte[0];
            }
        }

        SM2ClientKeyExchangeMessage(HandshakeContext handshakeContext, ECPublicKey eCPublicKey) throws SSLException {
            super(handshakeContext);
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) handshakeContext;
            SM2KeyExchange.SM2Possession sM2Possession = null;
            for (SSLPossession sSLPossession : clientHandshakeContext.handshakePossessions) {
                if (sSLPossession instanceof SM2KeyExchange.SM2Possession) {
                    sM2Possession = (SM2KeyExchange.SM2Possession) sSLPossession;
                }
            }
            if (sM2Possession == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "No SM2 credentials negotiated for client key exchange");
            }
            this.encodedPoint = SM2KeyExchangeUtil.generateR((BCECPublicKey) eCPublicKey, sM2Possession.randomNum).getEncoded(false);
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_KEY_EXCHANGE;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            byte[] bArr = this.encodedPoint;
            if (bArr == null || bArr.length == 0) {
                return 0;
            }
            return bArr.length + 1 + 3;
        }

        @Override // org.openeuler.sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(3);
            handshakeOutStream.putInt16(SupportedGroupsExtension.NamedGroup.SM2P256V1.id);
            byte[] bArr = this.encodedPoint;
            if (bArr == null || bArr.length == 0) {
                return;
            }
            handshakeOutStream.putBytes8(bArr);
        }

        public String toString() {
            MessageFormat messageFormat = new MessageFormat("\"SM2 ClientKeyExchange\": '{'\n  \"sm2 public\": '{'\n{0}\n  '}',\n'}'", Locale.ENGLISH);
            byte[] bArr = this.encodedPoint;
            return (bArr == null || bArr.length == 0) ? messageFormat.format(new Object[]{"    <implicit>"}) : messageFormat.format(new Object[]{Utilities.indent(new HexDumpEncoder().encodeBuffer(this.encodedPoint), "    ")});
        }
    }

    /* loaded from: classes6.dex */
    private static final class SM2ClientKeyExchangeProducer implements HandshakeProducer {
        private SM2ClientKeyExchangeProducer() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            SM2KeyExchange.SM2Credentials sM2Credentials;
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            Iterator<SSLCredentials> it = clientHandshakeContext.handshakeCredentials.iterator();
            while (true) {
                if (!it.hasNext()) {
                    sM2Credentials = null;
                    break;
                }
                SSLCredentials next = it.next();
                if (next instanceof SM2KeyExchange.SM2Credentials) {
                    sM2Credentials = (SM2KeyExchange.SM2Credentials) next;
                    break;
                }
            }
            if (sM2Credentials == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "No SM2 credentials negotiated for client key exchange");
            }
            SM2KeyExchange.SM2Possession sM2Possession = new SM2KeyExchange.SM2Possession(sM2Credentials, clientHandshakeContext.sslContext.getSecureRandom(), connectionContext);
            clientHandshakeContext.handshakePossessions.add(sM2Possession);
            SM2ClientKeyExchangeMessage sM2ClientKeyExchangeMessage = new SM2ClientKeyExchangeMessage((HandshakeContext) clientHandshakeContext, (ECPublicKey) sM2Possession.publicKey);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced SM2 ClientKeyExchange handshake message", sM2ClientKeyExchangeMessage);
            }
            sM2ClientKeyExchangeMessage.write(clientHandshakeContext.handshakeOutput);
            clientHandshakeContext.handshakeOutput.flush();
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(clientHandshakeContext.negotiatedCipherSuite.keyExchange, clientHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SecretKey deriveKey = valueOf.createKeyDerivation(clientHandshakeContext).deriveKey("MasterSecret", new SM2KeyExchangeParameterSpec(sM2Possession.publicKey, "1234567812345678".getBytes(), sM2Possession.randomNum, sM2Credentials.peerEncodePoint, "1234567812345678".getBytes(), 48, false));
            clientHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(clientHandshakeContext.negotiatedProtocol);
            if (valueOf2 != null) {
                clientHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(clientHandshakeContext, deriveKey);
                return null;
            }
            throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + clientHandshakeContext.negotiatedProtocol);
        }
    }

    static {
        sm2HandshakeConsumer = new SM2ClientKeyExchangeConsumer();
        sm2HandshakeProducer = new SM2ClientKeyExchangeProducer();
    }

    SM2ClientKeyExchange() {
    }
}
