package org.openeuler.sun.security.ssl;

import com.alicom.tools.networking.RSA;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;

/* loaded from: classes6.dex */
final class RSAKeyExchange {
    static final SSLKeyAgreementGenerator kaGenerator;
    static final SSLPossessionGenerator poGenerator;

    /* loaded from: classes6.dex */
    static final class EphemeralRSACredentials implements SSLCredentials {
        final RSAPublicKey popPublicKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        public EphemeralRSACredentials(RSAPublicKey rSAPublicKey) {
            this.popPublicKey = rSAPublicKey;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes6.dex */
    public static final class EphemeralRSAPossession implements SSLPossession {
        final PrivateKey popPrivateKey;
        final RSAPublicKey popPublicKey;

        EphemeralRSAPossession(PrivateKey privateKey, RSAPublicKey rSAPublicKey) {
            this.popPublicKey = rSAPublicKey;
            this.popPrivateKey = privateKey;
        }
    }

    /* loaded from: classes6.dex */
    private static final class EphemeralRSAPossessionGenerator implements SSLPossessionGenerator {
        private EphemeralRSAPossessionGenerator() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            try {
                KeyPair rSAKeyPair = handshakeContext.sslContext.getEphemeralKeyManager().getRSAKeyPair(true, handshakeContext.sslContext.getSecureRandom());
                if (rSAKeyPair != null) {
                    return new EphemeralRSAPossession(rSAKeyPair.getPrivate(), (RSAPublicKey) rSAKeyPair.getPublic());
                }
            } catch (RuntimeException unused) {
            }
            return null;
        }
    }

    /* loaded from: classes6.dex */
    private static final class RSAKAGenerator implements SSLKeyAgreementGenerator {

        /* loaded from: classes6.dex */
        private static final class RSAKAKeyDerivation implements SSLKeyDerivation {
            private final HandshakeContext context;
            private final SecretKey preMasterSecret;

            RSAKAKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) {
                this.context = handshakeContext;
                this.preMasterSecret = secretKey;
            }

            @Override // org.openeuler.sun.security.ssl.SSLKeyDerivation
            public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                SSLMasterKeyDerivation valueOf = SSLMasterKeyDerivation.valueOf(this.context.negotiatedProtocol);
                if (valueOf != null) {
                    return valueOf.createKeyDerivation(this.context, this.preMasterSecret).deriveKey("MasterSecret", algorithmParameterSpec);
                }
                throw new SSLHandshakeException("No expected master key derivation for protocol: " + this.context.negotiatedProtocol.name);
            }
        }

        private RSAKAGenerator() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLKeyAgreementGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext) throws IOException {
            RSAPremasterSecret rSAPremasterSecret = null;
            if (!(handshakeContext instanceof ClientHandshakeContext)) {
                Iterator<SSLCredentials> it = handshakeContext.handshakeCredentials.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    SSLCredentials next = it.next();
                    if (next instanceof RSAPremasterSecret) {
                        rSAPremasterSecret = (RSAPremasterSecret) next;
                        break;
                    }
                }
            } else {
                Iterator<SSLPossession> it2 = handshakeContext.handshakePossessions.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    SSLPossession next2 = it2.next();
                    if (next2 instanceof RSAPremasterSecret) {
                        rSAPremasterSecret = (RSAPremasterSecret) next2;
                        break;
                    }
                }
            }
            if (rSAPremasterSecret != null) {
                return new RSAKAKeyDerivation(handshakeContext, rSAPremasterSecret.premasterSecret);
            }
            throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient RSA key agreement parameters negotiated");
        }
    }

    /* loaded from: classes6.dex */
    static final class RSAPremasterSecret implements SSLPossession, SSLCredentials {
        final SecretKey premasterSecret;

        RSAPremasterSecret(SecretKey secretKey) {
            this.premasterSecret = secretKey;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static RSAPremasterSecret createPremasterSecret(ClientHandshakeContext clientHandshakeContext) throws GeneralSecurityException {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(clientHandshakeContext.negotiatedProtocol.useTLS12PlusSpec() ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
            keyGenerator.init((AlgorithmParameterSpec) new TlsRsaPremasterSecretParameterSpec(clientHandshakeContext.clientHelloVersion, clientHandshakeContext.negotiatedProtocol.f36078id), clientHandshakeContext.sslContext.getSecureRandom());
            return new RSAPremasterSecret(keyGenerator.generateKey());
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* JADX WARN: Can't wrap try/catch for region: R(9:1|(3:2|3|4)|(3:6|7|8)|10|11|12|13|7|8) */
        /* JADX WARN: Code restructure failed: missing block: B:15:0x0079, code lost:
        
            r8 = null;
            r2 = true;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public static org.openeuler.sun.security.ssl.RSAKeyExchange.RSAPremasterSecret decode(org.openeuler.sun.security.ssl.ServerHandshakeContext r7, java.security.PrivateKey r8, byte[] r9) throws java.security.GeneralSecurityException {
            /*
                java.lang.String r0 = "RSA/ECB/PKCS1Padding"
                javax.crypto.Cipher r1 = org.openeuler.sun.security.ssl.JsseJce.getCipher(r0)
                r2 = 0
                r3 = 1
                sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec r4 = new sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                int r5 = r7.clientHelloVersion     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                org.openeuler.sun.security.ssl.ProtocolVersion r6 = r7.negotiatedProtocol     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                int r6 = r6.f36078id     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                r4.<init>(r5, r6)     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                org.openeuler.sun.security.ssl.SSLContextImpl r5 = r7.sslContext     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                java.security.SecureRandom r5 = r5.getSecureRandom()     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                r6 = 4
                r1.init(r6, r8, r4, r5)     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                java.security.Provider r4 = r1.getProvider()     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                java.lang.String r4 = r4.getName()     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                boolean r4 = sun.security.util.KeyUtil.isOracleJCEProvider(r4)     // Catch: java.lang.UnsupportedOperationException -> L37 java.security.InvalidKeyException -> L39
                r4 = r4 ^ r3
                if (r4 == 0) goto L2d
                goto L6c
            L2d:
                java.lang.String r7 = "TlsRsaPremasterSecret"
                r8 = 3
                java.security.Key r7 = r1.unwrap(r9, r7, r8)
                javax.crypto.SecretKey r7 = (javax.crypto.SecretKey) r7
                goto L9b
            L37:
                r4 = move-exception
                goto L3a
            L39:
                r4 = move-exception
            L3a:
                boolean r5 = org.openeuler.sun.security.ssl.SSLLogger.isOn
                if (r5 == 0) goto L6c
                java.lang.String r5 = "ssl,handshake"
                boolean r5 = org.openeuler.sun.security.ssl.SSLLogger.isOn(r5)
                if (r5 == 0) goto L6c
                java.lang.StringBuilder r5 = new java.lang.StringBuilder
                r5.<init>()
                java.lang.String r6 = "The Cipher provider "
                r5.append(r6)
                java.lang.String r1 = safeProviderName(r1)
                r5.append(r1)
                java.lang.String r1 = " caused exception: "
                r5.append(r1)
                java.lang.String r1 = r4.getMessage()
                r5.append(r1)
                java.lang.String r1 = r5.toString()
                java.lang.Object[] r4 = new java.lang.Object[r2]
                org.openeuler.sun.security.ssl.SSLLogger.warning(r1, r4)
            L6c:
                javax.crypto.Cipher r0 = org.openeuler.sun.security.ssl.JsseJce.getCipher(r0)
                r1 = 2
                r0.init(r1, r8)
                byte[] r8 = r0.doFinal(r9)     // Catch: javax.crypto.BadPaddingException -> L79
                goto L7b
            L79:
                r8 = 0
                r2 = r3
            L7b:
                int r9 = r7.clientHelloVersion
                org.openeuler.sun.security.ssl.ProtocolVersion r0 = r7.negotiatedProtocol
                int r0 = r0.f36078id
                org.openeuler.sun.security.ssl.SSLContextImpl r1 = r7.sslContext
                java.security.SecureRandom r1 = r1.getSecureRandom()
                byte[] r8 = sun.security.util.KeyUtil.checkTlsPreMasterSecretKey(r9, r0, r1, r8, r2)
                int r9 = r7.clientHelloVersion
                org.openeuler.sun.security.ssl.ProtocolVersion r0 = r7.negotiatedProtocol
                int r0 = r0.f36078id
                org.openeuler.sun.security.ssl.SSLContextImpl r7 = r7.sslContext
                java.security.SecureRandom r7 = r7.getSecureRandom()
                javax.crypto.SecretKey r7 = generatePremasterSecret(r9, r0, r8, r7)
            L9b:
                org.openeuler.sun.security.ssl.RSAKeyExchange$RSAPremasterSecret r8 = new org.openeuler.sun.security.ssl.RSAKeyExchange$RSAPremasterSecret
                r8.<init>(r7)
                return r8
            */
            throw new UnsupportedOperationException("Method not decompiled: org.openeuler.sun.security.ssl.RSAKeyExchange.RSAPremasterSecret.decode(org.openeuler.sun.security.ssl.ServerHandshakeContext, java.security.PrivateKey, byte[]):org.openeuler.sun.security.ssl.RSAKeyExchange$RSAPremasterSecret");
        }

        private static SecretKey generatePremasterSecret(int i, int i2, byte[] bArr, SecureRandom secureRandom) throws GeneralSecurityException {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Generating a premaster secret", new Object[0]);
            }
            try {
                KeyGenerator keyGenerator = JsseJce.getKeyGenerator(i >= ProtocolVersion.TLS12.f36078id ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
                keyGenerator.init((AlgorithmParameterSpec) new TlsRsaPremasterSecretParameterSpec(i, i2, bArr), secureRandom);
                return keyGenerator.generateKey();
            } catch (InvalidAlgorithmParameterException e) {
                e = e;
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("RSA premaster secret generation error:", new Object[0]);
                    e.printStackTrace(System.out);
                }
                throw new GeneralSecurityException("Could not generate premaster secret", e);
            } catch (NoSuchAlgorithmException e2) {
                e = e2;
                if (SSLLogger.isOn) {
                    SSLLogger.fine("RSA premaster secret generation error:", new Object[0]);
                    e.printStackTrace(System.out);
                }
                throw new GeneralSecurityException("Could not generate premaster secret", e);
            }
        }

        private static String safeProviderName(Cipher cipher) {
            try {
                return cipher.getProvider().toString();
            } catch (Exception e) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Retrieving The Cipher provider name caused exception ", e);
                }
                try {
                    return cipher.toString() + " (provider name not available)";
                } catch (Exception e2) {
                    if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                        return "(cipher/provider names not available)";
                    }
                    SSLLogger.fine("Retrieving The Cipher name caused exception ", e2);
                    return "(cipher/provider names not available)";
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getEncoded(PublicKey publicKey, SecureRandom secureRandom) throws GeneralSecurityException {
            Cipher cipher = JsseJce.getCipher(RSA.RSA_ALGORITHM);
            cipher.init(3, publicKey, secureRandom);
            return cipher.wrap(this.premasterSecret);
        }
    }

    static {
        poGenerator = new EphemeralRSAPossessionGenerator();
        kaGenerator = new RSAKAGenerator();
    }

    RSAKeyExchange() {
    }
}
