package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import sun.security.ssl.SSLCipher;
import sun.security.ssl.SSLHandshake;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/java.base-2018-11-06.jar:META-INF/modules/java.base/classes/sun/security/ssl/KeyUpdate.class */
public final class KeyUpdate {
    static final SSLProducer kickstartProducer = new KeyUpdateKickstartProducer();
    static final SSLConsumer handshakeConsumer = new KeyUpdateConsumer();
    static final HandshakeProducer handshakeProducer = new KeyUpdateProducer();

    /* loaded from: input_file:WEB-INF/lib/java.base-2018-11-06.jar:META-INF/modules/java.base/classes/sun/security/ssl/KeyUpdate$KeyUpdateConsumer.class */
    private static final class KeyUpdateConsumer implements SSLConsumer {
        private KeyUpdateConsumer() {
        }

        @Override // sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            PostHandshakeContext postHandshakeContext = (PostHandshakeContext) connectionContext;
            KeyUpdateMessage keyUpdateMessage = new KeyUpdateMessage(postHandshakeContext, byteBuffer);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming KeyUpdate post-handshake message", keyUpdateMessage);
            }
            SSLTrafficKeyDerivation valueOf = SSLTrafficKeyDerivation.valueOf(postHandshakeContext.conContext.protocolVersion);
            if (valueOf == null) {
                postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + ((Object) postHandshakeContext.conContext.protocolVersion));
                return;
            }
            SSLKeyDerivation createKeyDerivation = valueOf.createKeyDerivation(postHandshakeContext, postHandshakeContext.conContext.inputRecord.readCipher.baseSecret);
            if (createKeyDerivation == null) {
                postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "no key derivation");
                return;
            }
            SecretKey deriveKey = createKeyDerivation.deriveKey("TlsUpdateNplus1", null);
            SSLKeyDerivation createKeyDerivation2 = valueOf.createKeyDerivation(postHandshakeContext, deriveKey);
            try {
                SSLCipher.SSLReadCipher createReadCipher = postHandshakeContext.negotiatedCipherSuite.bulkCipher.createReadCipher(Authenticator.valueOf(postHandshakeContext.conContext.protocolVersion), postHandshakeContext.conContext.protocolVersion, createKeyDerivation2.deriveKey("TlsKey", null), new IvParameterSpec(createKeyDerivation2.deriveKey("TlsIv", null).getEncoded()), postHandshakeContext.sslContext.getSecureRandom());
                createReadCipher.baseSecret = deriveKey;
                postHandshakeContext.conContext.inputRecord.changeReadCiphers(createReadCipher);
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.fine("KeyUpdate: read key updated", new Object[0]);
                }
                if (keyUpdateMessage.status == KeyUpdateRequest.REQUESTED) {
                    KeyUpdate.handshakeProducer.produce(postHandshakeContext, new KeyUpdateMessage(postHandshakeContext, KeyUpdateRequest.NOTREQUESTED));
                } else {
                    postHandshakeContext.conContext.finishPostHandshake();
                }
            } catch (GeneralSecurityException e) {
                postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Failure to derive read secrets", e);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/java.base-2018-11-06.jar:META-INF/modules/java.base/classes/sun/security/ssl/KeyUpdate$KeyUpdateKickstartProducer.class */
    private static final class KeyUpdateKickstartProducer implements SSLProducer {
        private KeyUpdateKickstartProducer() {
        }

        @Override // sun.security.ssl.SSLProducer
        public byte[] produce(ConnectionContext connectionContext) throws IOException {
            return KeyUpdate.handshakeProducer.produce(connectionContext, new KeyUpdateMessage((PostHandshakeContext) connectionContext, KeyUpdateRequest.REQUESTED));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/java.base-2018-11-06.jar:META-INF/modules/java.base/classes/sun/security/ssl/KeyUpdate$KeyUpdateMessage.class */
    static final class KeyUpdateMessage extends SSLHandshake.HandshakeMessage {
        private final KeyUpdateRequest status;

        KeyUpdateMessage(PostHandshakeContext postHandshakeContext, KeyUpdateRequest keyUpdateRequest) {
            super(postHandshakeContext);
            this.status = keyUpdateRequest;
        }

        KeyUpdateMessage(PostHandshakeContext postHandshakeContext, ByteBuffer byteBuffer) throws IOException {
            super(postHandshakeContext);
            if (byteBuffer.remaining() != 1) {
                postHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "KeyUpdate has an unexpected length of " + byteBuffer.remaining());
            }
            byte b = byteBuffer.get();
            this.status = KeyUpdateRequest.valueOf(b);
            if (this.status == null) {
                postHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Invalid KeyUpdate message value: " + KeyUpdateRequest.nameOf(b));
            }
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.KEY_UPDATE;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            return 1;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(this.status.id);
        }

        public String toString() {
            return new MessageFormat("\"KeyUpdate\": '{'\n  \"request_update\": {0}\n'}'", Locale.ENGLISH).format(new Object[]{this.status.name});
        }
    }

    /* loaded from: input_file:WEB-INF/lib/java.base-2018-11-06.jar:META-INF/modules/java.base/classes/sun/security/ssl/KeyUpdate$KeyUpdateProducer.class */
    private static final class KeyUpdateProducer implements HandshakeProducer {
        private KeyUpdateProducer() {
        }

        @Override // sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            PostHandshakeContext postHandshakeContext = (PostHandshakeContext) connectionContext;
            KeyUpdateMessage keyUpdateMessage = (KeyUpdateMessage) handshakeMessage;
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced KeyUpdate post-handshake message", keyUpdateMessage);
            }
            SSLTrafficKeyDerivation valueOf = SSLTrafficKeyDerivation.valueOf(postHandshakeContext.conContext.protocolVersion);
            if (valueOf == null) {
                postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + ((Object) postHandshakeContext.conContext.protocolVersion));
                return null;
            }
            SSLKeyDerivation createKeyDerivation = valueOf.createKeyDerivation(postHandshakeContext, postHandshakeContext.conContext.outputRecord.writeCipher.baseSecret);
            if (createKeyDerivation == null) {
                postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "no key derivation");
                return null;
            }
            SecretKey deriveKey = createKeyDerivation.deriveKey("TlsUpdateNplus1", null);
            SSLKeyDerivation createKeyDerivation2 = valueOf.createKeyDerivation(postHandshakeContext, deriveKey);
            try {
                SSLCipher.SSLWriteCipher createWriteCipher = postHandshakeContext.negotiatedCipherSuite.bulkCipher.createWriteCipher(Authenticator.valueOf(postHandshakeContext.conContext.protocolVersion), postHandshakeContext.conContext.protocolVersion, createKeyDerivation2.deriveKey("TlsKey", null), new IvParameterSpec(createKeyDerivation2.deriveKey("TlsIv", null).getEncoded()), postHandshakeContext.sslContext.getSecureRandom());
                createWriteCipher.baseSecret = deriveKey;
                postHandshakeContext.conContext.outputRecord.changeWriteCiphers(createWriteCipher, keyUpdateMessage.status.id);
                if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
                    SSLLogger.fine("KeyUpdate: write key updated", new Object[0]);
                }
                postHandshakeContext.conContext.finishPostHandshake();
                return null;
            } catch (GeneralSecurityException e) {
                postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Failure to derive write secrets", e);
                return null;
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/java.base-2018-11-06.jar:META-INF/modules/java.base/classes/sun/security/ssl/KeyUpdate$KeyUpdateRequest.class */
    enum KeyUpdateRequest {
        NOTREQUESTED((byte) 0, "update_not_requested"),
        REQUESTED((byte) 1, "update_requested");

        final byte id;
        final String name;

        KeyUpdateRequest(byte b, String str) {
            this.id = b;
            this.name = str;
        }

        static KeyUpdateRequest valueOf(byte b) {
            for (KeyUpdateRequest keyUpdateRequest : values()) {
                if (keyUpdateRequest.id == b) {
                    return keyUpdateRequest;
                }
            }
            return null;
        }

        static String nameOf(byte b) {
            for (KeyUpdateRequest keyUpdateRequest : values()) {
                if (keyUpdateRequest.id == b) {
                    return keyUpdateRequest.name;
                }
            }
            return "<UNKNOWN KeyUpdateRequest TYPE: " + (b & 255) + ">";
        }
    }

    KeyUpdate() {
    }
}
