package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLHandshakeException;
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialSpec;
import sun.security.ssl.CipherSuite;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/java.base-2021-01-26.jar:META-INF/modules/java.base/classes/sun/security/ssl/SSLTrafficKeyDerivation.class */
public enum SSLTrafficKeyDerivation implements SSLKeyDerivationGenerator {
    SSL30("kdf_ssl30", new SSLKeyDerivationGenerator() { // from class: sun.security.ssl.SSLTrafficKeyDerivation.S30TrafficKeyDerivationGenerator
        @Override // sun.security.ssl.SSLKeyDerivationGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) throws IOException {
            return new LegacyTrafficKeyDerivation(handshakeContext, secretKey);
        }
    }),
    TLS10("kdf_tls10", new SSLKeyDerivationGenerator() { // from class: sun.security.ssl.SSLTrafficKeyDerivation.T10TrafficKeyDerivationGenerator
        @Override // sun.security.ssl.SSLKeyDerivationGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) throws IOException {
            return new LegacyTrafficKeyDerivation(handshakeContext, secretKey);
        }
    }),
    TLS12("kdf_tls12", new SSLKeyDerivationGenerator() { // from class: sun.security.ssl.SSLTrafficKeyDerivation.T12TrafficKeyDerivationGenerator
        @Override // sun.security.ssl.SSLKeyDerivationGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) throws IOException {
            return new LegacyTrafficKeyDerivation(handshakeContext, secretKey);
        }
    }),
    TLS13("kdf_tls13", new SSLKeyDerivationGenerator() { // from class: sun.security.ssl.SSLTrafficKeyDerivation.T13TrafficKeyDerivationGenerator
        @Override // sun.security.ssl.SSLKeyDerivationGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) throws IOException {
            return new T13TrafficKeyDerivation(handshakeContext, secretKey);
        }
    });

    final String name;
    final SSLKeyDerivationGenerator keyDerivationGenerator;

    /* loaded from: input_file:BOOT-INF/lib/java.base-2021-01-26.jar:META-INF/modules/java.base/classes/sun/security/ssl/SSLTrafficKeyDerivation$KeySchedule.class */
    private enum KeySchedule {
        TlsKey("key", false),
        TlsIv("iv", true),
        TlsUpdateNplus1("traffic upd", false);

        private final byte[] label;
        private final boolean isIv;

        KeySchedule(String str, boolean z) {
            this.label = ("tls13 " + str).getBytes();
            this.isIv = z;
        }

        int getKeyLength(CipherSuite cipherSuite) {
            return this == TlsUpdateNplus1 ? cipherSuite.hashAlg.hashLength : this.isIv ? cipherSuite.bulkCipher.ivSize : cipherSuite.bulkCipher.keySize;
        }

        String getAlgorithm(CipherSuite cipherSuite, String str) {
            return this.isIv ? str : cipherSuite.bulkCipher.algorithm;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java.base-2021-01-26.jar:META-INF/modules/java.base/classes/sun/security/ssl/SSLTrafficKeyDerivation$LegacyTrafficKeyDerivation.class */
    static final class LegacyTrafficKeyDerivation implements SSLKeyDerivation {
        private final HandshakeContext context;
        private final SecretKey masterSecret;
        private final TlsKeyMaterialSpec keyMaterialSpec;

        LegacyTrafficKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) {
            String str;
            CipherSuite.HashAlg hashAlg;
            this.context = handshakeContext;
            this.masterSecret = secretKey;
            CipherSuite cipherSuite = handshakeContext.negotiatedCipherSuite;
            ProtocolVersion protocolVersion = handshakeContext.negotiatedProtocol;
            int i = cipherSuite.macAlg.size;
            boolean z = cipherSuite.exportable;
            SSLCipher sSLCipher = cipherSuite.bulkCipher;
            int i2 = z ? sSLCipher.expandedKeySize : 0;
            byte b = protocolVersion.major;
            byte b2 = protocolVersion.minor;
            if (protocolVersion.isDTLS) {
                if (protocolVersion.id == ProtocolVersion.DTLS10.id) {
                    b = ProtocolVersion.TLS11.major;
                    b2 = ProtocolVersion.TLS11.minor;
                    str = "SunTlsKeyMaterial";
                    hashAlg = CipherSuite.HashAlg.H_NONE;
                } else {
                    b = ProtocolVersion.TLS12.major;
                    b2 = ProtocolVersion.TLS12.minor;
                    str = "SunTls12KeyMaterial";
                    hashAlg = cipherSuite.hashAlg;
                }
            } else if (protocolVersion.id >= ProtocolVersion.TLS12.id) {
                str = "SunTls12KeyMaterial";
                hashAlg = cipherSuite.hashAlg;
            } else {
                str = "SunTlsKeyMaterial";
                hashAlg = CipherSuite.HashAlg.H_NONE;
            }
            int i3 = sSLCipher.ivSize;
            if (sSLCipher.cipherType == CipherType.AEAD_CIPHER) {
                i3 = sSLCipher.fixedIvSize;
            } else if (sSLCipher.cipherType == CipherType.BLOCK_CIPHER && protocolVersion.useTLS11PlusSpec()) {
                i3 = 0;
            }
            TlsKeyMaterialParameterSpec tlsKeyMaterialParameterSpec = new TlsKeyMaterialParameterSpec(secretKey, b & 255, b2 & 255, handshakeContext.clientHelloRandom.randomBytes, handshakeContext.serverHelloRandom.randomBytes, sSLCipher.algorithm, sSLCipher.keySize, i2, i3, i, hashAlg.name, hashAlg.hashLength, hashAlg.blockSize);
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
                keyGenerator.init(tlsKeyMaterialParameterSpec);
                this.keyMaterialSpec = (TlsKeyMaterialSpec) keyGenerator.generateKey();
            } catch (GeneralSecurityException e) {
                throw new ProviderException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SecretKey getTrafficKey(String str) {
            boolean z = -1;
            switch (str.hashCode()) {
                case -1716638551:
                    if (str.equals("serverWriteIv")) {
                        z = 5;
                        break;
                    }
                    break;
                case -1702941973:
                    if (str.equals("clientWriteKey")) {
                        z = 2;
                        break;
                    }
                    break;
                case -1676186013:
                    if (str.equals("serverWriteKey")) {
                        z = 3;
                        break;
                    }
                    break;
                case -1622415813:
                    if (str.equals("clientMacKey")) {
                        z = false;
                        break;
                    }
                    break;
                case 1720625075:
                    if (str.equals("serverMacKey")) {
                        z = true;
                        break;
                    }
                    break;
                case 2023276321:
                    if (str.equals("clientWriteIv")) {
                        z = 4;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return this.keyMaterialSpec.getClientMacKey();
                case true:
                    return this.keyMaterialSpec.getServerMacKey();
                case true:
                    return this.keyMaterialSpec.getClientCipherKey();
                case true:
                    return this.keyMaterialSpec.getServerCipherKey();
                case true:
                    IvParameterSpec clientIv = this.keyMaterialSpec.getClientIv();
                    if (clientIv == null) {
                        return null;
                    }
                    return new SecretKeySpec(clientIv.getIV(), "TlsIv");
                case true:
                    IvParameterSpec serverIv = this.keyMaterialSpec.getServerIv();
                    if (serverIv == null) {
                        return null;
                    }
                    return new SecretKeySpec(serverIv.getIV(), "TlsIv");
                default:
                    return null;
            }
        }

        @Override // sun.security.ssl.SSLKeyDerivation
        public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            return getTrafficKey(str);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java.base-2021-01-26.jar:META-INF/modules/java.base/classes/sun/security/ssl/SSLTrafficKeyDerivation$T13TrafficKeyDerivation.class */
    static final class T13TrafficKeyDerivation implements SSLKeyDerivation {
        private final CipherSuite cs;
        private final SecretKey secret;

        T13TrafficKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) {
            this.secret = secretKey;
            this.cs = handshakeContext.negotiatedCipherSuite;
        }

        @Override // sun.security.ssl.SSLKeyDerivation
        public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            KeySchedule valueOf = KeySchedule.valueOf(str);
            try {
                return new HKDF(this.cs.hashAlg.name).expand(this.secret, createHkdfInfo(valueOf.label, valueOf.getKeyLength(this.cs)), valueOf.getKeyLength(this.cs), valueOf.getAlgorithm(this.cs, str));
            } catch (GeneralSecurityException e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
            }
        }

        private static byte[] createHkdfInfo(byte[] bArr, int i) throws IOException {
            byte[] bArr2 = new byte[4 + bArr.length];
            ByteBuffer wrap = ByteBuffer.wrap(bArr2);
            try {
                Record.putInt16(wrap, i);
                Record.putBytes8(wrap, bArr);
                Record.putInt8(wrap, 0);
                return bArr2;
            } catch (IOException e) {
                throw new RuntimeException("Unexpected exception", e);
            }
        }
    }

    SSLTrafficKeyDerivation(String str, SSLKeyDerivationGenerator sSLKeyDerivationGenerator) {
        this.name = str;
        this.keyDerivationGenerator = sSLKeyDerivationGenerator;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLTrafficKeyDerivation valueOf(ProtocolVersion protocolVersion) {
        switch (protocolVersion) {
            case SSL30:
                return SSL30;
            case TLS10:
            case TLS11:
            case DTLS10:
                return TLS10;
            case TLS12:
            case DTLS12:
                return TLS12;
            case TLS13:
                return TLS13;
            default:
                return null;
        }
    }

    @Override // sun.security.ssl.SSLKeyDerivationGenerator
    public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) throws IOException {
        return this.keyDerivationGenerator.createKeyDerivation(handshakeContext, secretKey);
    }
}
