package sun.security.ssl;

import java.io.IOException;
import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.spec.DHParameterSpec;
import javax.net.ssl.SSLProtocolException;
import sun.security.action.GetPropertyAction;
import sun.security.rsa.RSAKeyFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/java.base-2018-04-10.jar:META-INF/modules/java.base/classes/sun/security/ssl/SupportedGroupsExtension.class */
public final class SupportedGroupsExtension extends HelloExtension {
    private static final int ARBITRARY_PRIME = 65281;
    private static final int ARBITRARY_CHAR2 = 65282;
    private static final NamedGroup[] supportedNamedGroups;
    private final int[] requestedNamedGroupIds;
    private static final Debug debug = Debug.getInstance("ssl");
    private static final Map<NamedGroup, AlgorithmParameters> namedGroupParams = new HashMap();

    private static boolean isAvailableGroup(NamedGroup namedGroup) {
        AlgorithmParameters algorithmParameters = null;
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if ("EC".equals(namedGroup.algorithm)) {
            if (namedGroup.oid != null) {
                try {
                    algorithmParameters = JsseJce.getAlgorithmParameters("EC");
                    algorithmParameterSpec = new ECGenParameterSpec(namedGroup.oid);
                } catch (Exception e) {
                    return false;
                }
            }
        } else if ("DiffieHellman".equals(namedGroup.algorithm)) {
            try {
                algorithmParameters = JsseJce.getAlgorithmParameters("DiffieHellman");
                algorithmParameterSpec = getFFDHEDHParameterSpec(namedGroup);
            } catch (Exception e2) {
                return false;
            }
        }
        if (algorithmParameters == null || algorithmParameterSpec == null) {
            return false;
        }
        try {
            algorithmParameters.init(algorithmParameterSpec);
            namedGroupParams.put(namedGroup, algorithmParameters);
            return true;
        } catch (Exception e3) {
            return false;
        }
    }

    private static DHParameterSpec getFFDHEDHParameterSpec(NamedGroup namedGroup) {
        DHParameterSpec dHParameterSpec = null;
        switch (namedGroup) {
            case FFDHE_2048:
                dHParameterSpec = PredefinedDHParameterSpecs.ffdheParams.get(2048);
                break;
            case FFDHE_3072:
                dHParameterSpec = PredefinedDHParameterSpecs.ffdheParams.get(Integer.valueOf(RSAKeyFactory.MAX_MODLEN_RESTRICT_EXP));
                break;
            case FFDHE_4096:
                dHParameterSpec = PredefinedDHParameterSpecs.ffdheParams.get(4096);
                break;
            case FFDHE_6144:
                dHParameterSpec = PredefinedDHParameterSpecs.ffdheParams.get(6144);
                break;
            case FFDHE_8192:
                dHParameterSpec = PredefinedDHParameterSpecs.ffdheParams.get(8192);
                break;
        }
        return dHParameterSpec;
    }

    private static DHParameterSpec getPredefinedDHParameterSpec(NamedGroup namedGroup) {
        DHParameterSpec dHParameterSpec = null;
        switch (namedGroup) {
            case FFDHE_2048:
                dHParameterSpec = PredefinedDHParameterSpecs.definedParams.get(2048);
                break;
            case FFDHE_3072:
                dHParameterSpec = PredefinedDHParameterSpecs.definedParams.get(Integer.valueOf(RSAKeyFactory.MAX_MODLEN_RESTRICT_EXP));
                break;
            case FFDHE_4096:
                dHParameterSpec = PredefinedDHParameterSpecs.definedParams.get(4096);
                break;
            case FFDHE_6144:
                dHParameterSpec = PredefinedDHParameterSpecs.definedParams.get(6144);
                break;
            case FFDHE_8192:
                dHParameterSpec = PredefinedDHParameterSpecs.definedParams.get(8192);
                break;
        }
        return dHParameterSpec;
    }

    private SupportedGroupsExtension(int[] iArr) {
        super(ExtensionType.EXT_SUPPORTED_GROUPS);
        this.requestedNamedGroupIds = iArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SupportedGroupsExtension(HandshakeInStream handshakeInStream, int i) throws IOException {
        super(ExtensionType.EXT_SUPPORTED_GROUPS);
        int int16 = handshakeInStream.getInt16();
        if ((i & 1) != 0 || int16 == 0 || int16 + 2 != i) {
            throw new SSLProtocolException("Invalid " + ((Object) this.type) + " extension");
        }
        this.requestedNamedGroupIds = new int[int16 >> 1];
        for (int i2 = 0; i2 < this.requestedNamedGroupIds.length; i2++) {
            this.requestedNamedGroupIds[i2] = handshakeInStream.getInt16();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static NamedGroup getPreferredECGroup(AlgorithmConstraints algorithmConstraints) {
        for (NamedGroup namedGroup : supportedNamedGroups) {
            if (namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE && algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), namedGroup.algorithm, namedGroupParams.get(namedGroup))) {
                return namedGroup;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isActivatable(AlgorithmConstraints algorithmConstraints, NamedGroupType namedGroupType) {
        boolean z = false;
        for (NamedGroup namedGroup : supportedNamedGroups) {
            if (namedGroup.type == namedGroupType) {
                if (algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), namedGroup.algorithm, namedGroupParams.get(namedGroup))) {
                    return true;
                }
                if (!z && namedGroupType == NamedGroupType.NAMED_GROUP_FFDHE) {
                    z = true;
                }
            }
        }
        return !z && namedGroupType == NamedGroupType.NAMED_GROUP_FFDHE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SupportedGroupsExtension createExtension(AlgorithmConstraints algorithmConstraints, CipherSuiteList cipherSuiteList, boolean z) {
        ArrayList arrayList = new ArrayList(supportedNamedGroups.length);
        for (NamedGroup namedGroup : supportedNamedGroups) {
            if ((z || namedGroup.type != NamedGroupType.NAMED_GROUP_FFDHE) && cipherSuiteList.contains(namedGroup.type) && algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), namedGroup.algorithm, namedGroupParams.get(namedGroup))) {
                arrayList.add(Integer.valueOf(namedGroup.id));
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        int[] iArr = new int[arrayList.size()];
        int i = 0;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            iArr[i2] = ((Integer) it.next()).intValue();
        }
        return new SupportedGroupsExtension(iArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NamedGroup getPreferredGroup(AlgorithmConstraints algorithmConstraints, NamedGroupType namedGroupType) {
        for (int i : this.requestedNamedGroupIds) {
            NamedGroup valueOf = NamedGroup.valueOf(i);
            if (valueOf != null && valueOf.type == namedGroupType && supports(valueOf) && algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), valueOf.algorithm, namedGroupParams.get(valueOf))) {
                return valueOf;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasFFDHEGroup() {
        for (int i : this.requestedNamedGroupIds) {
            if (i >= 256 && i <= 511) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean contains(int i) {
        for (int i2 : this.requestedNamedGroupIds) {
            if (i == i2) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.ssl.HelloExtension
    public int length() {
        return 6 + (this.requestedNamedGroupIds.length << 1);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.ssl.HelloExtension
    public void send(HandshakeOutStream handshakeOutStream) throws IOException {
        handshakeOutStream.putInt16(this.type.id);
        int length = this.requestedNamedGroupIds.length << 1;
        handshakeOutStream.putInt16(length + 2);
        handshakeOutStream.putInt16(length);
        for (int i : this.requestedNamedGroupIds) {
            handshakeOutStream.putInt16(i);
        }
    }

    @Override // sun.security.ssl.HelloExtension
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("Extension " + ((Object) this.type) + ", group names: {");
        boolean z = true;
        for (int i : this.requestedNamedGroupIds) {
            if (z) {
                z = false;
            } else {
                sb.append(", ");
            }
            NamedGroup valueOf = NamedGroup.valueOf(i);
            if (valueOf != null) {
                sb.append(valueOf.name);
            } else if (i == 65281) {
                sb.append("arbitrary_explicit_prime_curves");
            } else if (i == ARBITRARY_CHAR2) {
                sb.append("arbitrary_explicit_char2_curves");
            } else {
                sb.append("unknown named group " + i);
            }
        }
        sb.append("}");
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean supports(NamedGroup namedGroup) {
        for (NamedGroup namedGroup2 : supportedNamedGroups) {
            if (namedGroup.id == namedGroup2.id) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ECGenParameterSpec getECGenParamSpec(NamedGroup namedGroup) {
        if (namedGroup.type != NamedGroupType.NAMED_GROUP_ECDHE) {
            throw new RuntimeException("Not a named EC group: " + ((Object) namedGroup));
        }
        try {
            return (ECGenParameterSpec) namedGroupParams.get(namedGroup).getParameterSpec(ECGenParameterSpec.class);
        } catch (InvalidParameterSpecException e) {
            return new ECGenParameterSpec(namedGroup.oid);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DHParameterSpec getDHParameterSpec(NamedGroup namedGroup) {
        if (namedGroup.type != NamedGroupType.NAMED_GROUP_FFDHE) {
            throw new RuntimeException("Not a named DH group: " + ((Object) namedGroup));
        }
        try {
            return (DHParameterSpec) namedGroupParams.get(namedGroup).getParameterSpec(DHParameterSpec.class);
        } catch (InvalidParameterSpecException e) {
            return getPredefinedDHParameterSpec(namedGroup);
        }
    }

    static {
        ArrayList arrayList;
        NamedGroup nameOf;
        boolean isFIPS = SunJSSE.isFIPS();
        String str = (String) AccessController.doPrivileged(new GetPropertyAction("jdk.tls.namedGroups"));
        if (str != null && str.length() != 0 && str.length() > 1 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') {
            str = str.substring(1, str.length() - 1);
        }
        if (str == null || str.length() == 0) {
            NamedGroup[] namedGroupArr = isFIPS ? new NamedGroup[]{NamedGroup.SECP256_R1, NamedGroup.SECP384_R1, NamedGroup.SECP521_R1, NamedGroup.SECT283_K1, NamedGroup.SECT283_R1, NamedGroup.SECT409_K1, NamedGroup.SECT409_R1, NamedGroup.SECT571_K1, NamedGroup.SECT571_R1, NamedGroup.FFDHE_2048, NamedGroup.FFDHE_3072, NamedGroup.FFDHE_4096, NamedGroup.FFDHE_6144, NamedGroup.FFDHE_8192} : new NamedGroup[]{NamedGroup.SECP256_R1, NamedGroup.SECP384_R1, NamedGroup.SECP521_R1, NamedGroup.SECT283_K1, NamedGroup.SECT283_R1, NamedGroup.SECT409_K1, NamedGroup.SECT409_R1, NamedGroup.SECT571_K1, NamedGroup.SECT571_R1, NamedGroup.SECP256_K1, NamedGroup.FFDHE_2048, NamedGroup.FFDHE_3072, NamedGroup.FFDHE_4096, NamedGroup.FFDHE_6144, NamedGroup.FFDHE_8192};
            arrayList = new ArrayList(namedGroupArr.length);
            for (NamedGroup namedGroup : namedGroupArr) {
                if (isAvailableGroup(namedGroup)) {
                    arrayList.add(namedGroup);
                }
            }
        } else {
            String[] split = str.split(",");
            arrayList = new ArrayList(split.length);
            for (String str2 : split) {
                String trim = str2.trim();
                if (!trim.isEmpty() && (nameOf = NamedGroup.nameOf(trim)) != null && ((!isFIPS || nameOf.isFips) && isAvailableGroup(nameOf))) {
                    arrayList.add(nameOf);
                }
            }
            if (arrayList.isEmpty() && JsseJce.isEcAvailable()) {
                throw new IllegalArgumentException("System property jdk.tls.namedGroups(" + str + ") contains no supported elliptic curves");
            }
        }
        if (debug != null && arrayList.isEmpty()) {
            Debug.log("Initialized [jdk.tls.namedGroups|default] list contains no available elliptic curves. " + (str != null ? "(" + str + ")" : "[Default]"));
        }
        supportedNamedGroups = new NamedGroup[arrayList.size()];
        int i = 0;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            supportedNamedGroups[i2] = (NamedGroup) it.next();
        }
    }
}
