package com.tencent.kona.sun.security.ssl;

import com.tencent.kona.crypto.CryptoInsts;
import com.tencent.kona.ssl.SSLInsts;
import com.tencent.kona.sun.security.internal.spec.TlcpSM2PremasterSecretParameterSpec;
import com.tencent.kona.sun.security.util.KeyUtil;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;

/* loaded from: input_file:com/tencent/kona/sun/security/ssl/SM2KeyExchange.class */
final class SM2KeyExchange {
    static final SSLPossessionGenerator sm2PoGenerator = new SM2PossessionGenerator();
    static final SSLKeyAgreementGenerator sm2KAGenerator = new SM2KAGenerator();

    /* loaded from: input_file:com/tencent/kona/sun/security/ssl/SM2KeyExchange$SM2KAGenerator.class */
    private static final class SM2KAGenerator implements SSLKeyAgreementGenerator {

        /* loaded from: input_file:com/tencent/kona/sun/security/ssl/SM2KeyExchange$SM2KAGenerator$SM2KAKeyDerivation.class */
        private static final class SM2KAKeyDerivation implements SSLKeyDerivation {
            private final HandshakeContext context;
            private final SecretKey preMasterSecret;

            SM2KAKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) {
                this.context = handshakeContext;
                this.preMasterSecret = secretKey;
            }

            @Override // com.tencent.kona.sun.security.ssl.SSLKeyDerivation
            public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                SSLMasterKeyDerivation valueOf = SSLMasterKeyDerivation.valueOf(this.context.negotiatedProtocol);
                if (valueOf == null) {
                    throw new SSLHandshakeException("No expected master key derivation for protocol: " + this.context.negotiatedProtocol.name);
                }
                return valueOf.createKeyDerivation(this.context, this.preMasterSecret).deriveKey("MasterSecret", algorithmParameterSpec);
            }
        }

        private SM2KAGenerator() {
        }

        @Override // com.tencent.kona.sun.security.ssl.SSLKeyAgreementGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext) throws IOException {
            SM2PremasterSecret sM2PremasterSecret = null;
            if (!(handshakeContext instanceof ClientHandshakeContext)) {
                Iterator<SSLCredentials> it = handshakeContext.handshakeCredentials.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    SSLCredentials next = it.next();
                    if (next instanceof SM2PremasterSecret) {
                        sM2PremasterSecret = (SM2PremasterSecret) next;
                        break;
                    }
                }
            } else {
                Iterator<SSLPossession> it2 = handshakeContext.handshakePossessions.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    SSLPossession next2 = it2.next();
                    if (next2 instanceof SM2PremasterSecret) {
                        sM2PremasterSecret = (SM2PremasterSecret) next2;
                        break;
                    }
                }
            }
            if (sM2PremasterSecret == null) {
                throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient SM2 key agreement parameters negotiated");
            }
            return new SM2KAKeyDerivation(handshakeContext, sM2PremasterSecret.premasterSecret);
        }
    }

    /* loaded from: input_file:com/tencent/kona/sun/security/ssl/SM2KeyExchange$SM2PossessionGenerator.class */
    private static final class SM2PossessionGenerator implements SSLPossessionGenerator {
        private SM2PossessionGenerator() {
        }

        @Override // com.tencent.kona.sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            return null;
        }
    }

    /* loaded from: input_file:com/tencent/kona/sun/security/ssl/SM2KeyExchange$SM2PremasterSecret.class */
    static final class SM2PremasterSecret implements SSLPossession, SSLCredentials {
        final SecretKey premasterSecret;

        SM2PremasterSecret(SecretKey secretKey) {
            this.premasterSecret = secretKey;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getEncoded(PublicKey publicKey, SecureRandom secureRandom) throws GeneralSecurityException {
            Cipher cipher = CryptoInsts.getCipher("SM2");
            cipher.init(3, publicKey, secureRandom);
            return cipher.wrap(this.premasterSecret);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static SM2PremasterSecret createPremasterSecret(ClientHandshakeContext clientHandshakeContext) throws GeneralSecurityException {
            KeyGenerator keyGenerator = SSLInsts.getKeyGenerator("TlcpSM2PremasterSecret");
            keyGenerator.init(new TlcpSM2PremasterSecretParameterSpec(clientHandshakeContext.clientHelloVersion, clientHandshakeContext.negotiatedProtocol.id), clientHandshakeContext.sslContext.getSecureRandom());
            return new SM2PremasterSecret(keyGenerator.generateKey());
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static SM2PremasterSecret decode(ServerHandshakeContext serverHandshakeContext, PrivateKey privateKey, byte[] bArr) throws GeneralSecurityException {
            SecretKey secretKey;
            byte[] bArr2 = null;
            boolean z = false;
            Cipher cipher = CryptoInsts.getCipher("SM2");
            try {
                cipher.init(4, privateKey, new TlcpSM2PremasterSecretParameterSpec(serverHandshakeContext.clientHelloVersion, serverHandshakeContext.negotiatedProtocol.id), serverHandshakeContext.sslContext.getSecureRandom());
            } catch (UnsupportedOperationException | InvalidKeyException e) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("The Cipher provider " + safeProviderName(cipher) + " caused exception: " + e.getMessage(), new Object[0]);
                }
                z = true;
            }
            if (z) {
                Cipher cipher2 = CryptoInsts.getCipher("SM2");
                cipher2.init(2, privateKey);
                boolean z2 = false;
                try {
                    bArr2 = cipher2.doFinal(bArr);
                } catch (BadPaddingException e2) {
                    z2 = true;
                }
                secretKey = generatePremasterSecret(serverHandshakeContext.clientHelloVersion, serverHandshakeContext.negotiatedProtocol.id, KeyUtil.checkTlsPreMasterSecretKey(serverHandshakeContext.clientHelloVersion, serverHandshakeContext.negotiatedProtocol.id, serverHandshakeContext.sslContext.getSecureRandom(), bArr2, z2), serverHandshakeContext.sslContext.getSecureRandom());
            } else {
                secretKey = (SecretKey) cipher.unwrap(bArr, "TlcpSM2PremasterSecret", 3);
            }
            return new SM2PremasterSecret(secretKey);
        }

        private static String safeProviderName(Cipher cipher) {
            try {
                return cipher.getProvider().toString();
            } catch (Exception e) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Retrieving The Cipher provider name caused exception ", new Object[]{e});
                }
                try {
                    return cipher.toString() + " (provider name not available)";
                } catch (Exception e2) {
                    if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                        return "(cipher/provider names not available)";
                    }
                    SSLLogger.fine("Retrieving The Cipher name caused exception ", new Object[]{e2});
                    return "(cipher/provider names not available)";
                }
            }
        }

        private static SecretKey generatePremasterSecret(int i, int i2, byte[] bArr, SecureRandom secureRandom) throws GeneralSecurityException {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Generating a premaster secret", new Object[0]);
            }
            try {
                KeyGenerator keyGenerator = CryptoInsts.getKeyGenerator(i == ProtocolVersion.TLCP11.id ? "Tlcp11PremasterSecret" : i >= ProtocolVersion.TLS12.id ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
                keyGenerator.init(new TlcpSM2PremasterSecretParameterSpec(i, i2, bArr), secureRandom);
                return keyGenerator.generateKey();
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("ECC premaster secret generation error:", new Object[0]);
                    e.printStackTrace(System.out);
                }
                throw new GeneralSecurityException("Could not generate premaster secret", e);
            }
        }
    }

    SM2KeyExchange() {
    }
}
