package sun.security.ssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLHandshakeException;
import sun.security.ssl.CipherSuite;

/* loaded from: input_file:BOOT-INF/lib/java.base-2021-07-23.jar:META-INF/modules/java.base/classes/sun/security/ssl/KAKeyDerivation.class */
public class KAKeyDerivation implements SSLKeyDerivation {
    private final String algorithmName;
    private final HandshakeContext context;
    private final PrivateKey localPrivateKey;
    private final PublicKey peerPublicKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KAKeyDerivation(String str, HandshakeContext handshakeContext, PrivateKey privateKey, PublicKey publicKey) {
        this.algorithmName = str;
        this.context = handshakeContext;
        this.localPrivateKey = privateKey;
        this.peerPublicKey = publicKey;
    }

    @Override // sun.security.ssl.SSLKeyDerivation
    public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
        return !this.context.negotiatedProtocol.useTLS13PlusSpec() ? t12DeriveKey(str, algorithmParameterSpec) : t13DeriveKey(str, algorithmParameterSpec);
    }

    private SecretKey t12DeriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(this.algorithmName);
            keyAgreement.init(this.localPrivateKey);
            keyAgreement.doPhase(this.peerPublicKey, true);
            SecretKey generateSecret = keyAgreement.generateSecret("TlsPremasterSecret");
            SSLMasterKeyDerivation valueOf = SSLMasterKeyDerivation.valueOf(this.context.negotiatedProtocol);
            if (valueOf == null) {
                throw new SSLHandshakeException("No expected master key derivation for protocol: " + this.context.negotiatedProtocol.name);
            }
            return valueOf.createKeyDerivation(this.context, generateSecret).deriveKey("MasterSecret", algorithmParameterSpec);
        } catch (GeneralSecurityException e) {
            throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
        }
    }

    private SecretKey t13DeriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
        try {
            KeyAgreement keyAgreement = KeyAgreement.getInstance(this.algorithmName);
            keyAgreement.init(this.localPrivateKey);
            keyAgreement.doPhase(this.peerPublicKey, true);
            SecretKey generateSecret = keyAgreement.generateSecret("TlsPremasterSecret");
            CipherSuite.HashAlg hashAlg = this.context.negotiatedCipherSuite.hashAlg;
            SSLKeyDerivation sSLKeyDerivation = this.context.handshakeKeyDerivation;
            HKDF hkdf = new HKDF(hashAlg.name);
            if (sSLKeyDerivation == null) {
                byte[] bArr = new byte[hashAlg.hashLength];
                sSLKeyDerivation = new SSLSecretDerivation(this.context, hkdf.extract(bArr, new SecretKeySpec(bArr, "TlsPreSharedSecret"), "TlsEarlySecret"));
            }
            return hkdf.extract(sSLKeyDerivation.deriveKey("TlsSaltSecret", null), generateSecret, str);
        } catch (GeneralSecurityException e) {
            throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
        }
    }
}
