package sun.security.ssl;

import java.io.IOException;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPublicKeySpec;
import java.util.EnumSet;
import java.util.Iterator;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLHandshakeException;
import sun.security.ssl.CipherSuite;
import sun.security.ssl.SupportedGroupsExtension;
import sun.security.ssl.X509Authentication;
import sun.security.util.ECUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange.class
 */
/* loaded from: input_file:WEB-INF/lib/java.base-2019-06-13.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange.class */
final class ECDHKeyExchange {
    static final SSLPossessionGenerator poGenerator = new ECDHEPossessionGenerator();
    static final SSLKeyAgreementGenerator ecdheKAGenerator = new ECDHEKAGenerator();
    static final SSLKeyAgreementGenerator ecdhKAGenerator = new ECDHKAGenerator();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHECredentials.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2019-06-13.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHECredentials.class */
    public static final class ECDHECredentials implements SSLCredentials {
        final ECPublicKey popPublicKey;
        final SupportedGroupsExtension.NamedGroup namedGroup;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECDHECredentials(ECPublicKey eCPublicKey, SupportedGroupsExtension.NamedGroup namedGroup) {
            this.popPublicKey = eCPublicKey;
            this.namedGroup = namedGroup;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static ECDHECredentials valueOf(SupportedGroupsExtension.NamedGroup namedGroup, byte[] bArr) throws IOException, GeneralSecurityException {
            ECParameterSpec eCParameterSpec;
            if (namedGroup.type != SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE) {
                throw new RuntimeException("Credentials decoding:  Not ECDHE named group");
            }
            if (bArr == null || bArr.length == 0 || (eCParameterSpec = JsseJce.getECParameterSpec(namedGroup.oid)) == null) {
                return null;
            }
            return new ECDHECredentials((ECPublicKey) JsseJce.getKeyFactory("EC").generatePublic(new ECPublicKeySpec(JsseJce.decodePoint(bArr, eCParameterSpec.getCurve()), eCParameterSpec)), namedGroup);
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHEKAGenerator.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2019-06-13.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHEKAGenerator.class */
    private static final class ECDHEKAGenerator implements SSLKeyAgreementGenerator {
        private ECDHEKAGenerator() {
        }

        @Override // sun.security.ssl.SSLKeyAgreementGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext) throws IOException {
            ECDHEPossession eCDHEPossession = null;
            ECDHECredentials eCDHECredentials = null;
            Iterator<SSLPossession> iterator2 = handshakeContext.handshakePossessions.iterator2();
            while (true) {
                if (!iterator2.hasNext()) {
                    break;
                }
                SSLPossession next = iterator2.next();
                if (next instanceof ECDHEPossession) {
                    SupportedGroupsExtension.NamedGroup namedGroup = ((ECDHEPossession) next).namedGroup;
                    Iterator<SSLCredentials> iterator22 = handshakeContext.handshakeCredentials.iterator2();
                    while (true) {
                        if (!iterator22.hasNext()) {
                            break;
                        }
                        SSLCredentials next2 = iterator22.next();
                        if ((next2 instanceof ECDHECredentials) && namedGroup.equals(((ECDHECredentials) next2).namedGroup)) {
                            eCDHECredentials = (ECDHECredentials) next2;
                            break;
                        }
                    }
                    if (eCDHECredentials != null) {
                        eCDHEPossession = (ECDHEPossession) next;
                        break;
                    }
                }
            }
            if (eCDHEPossession == null || eCDHECredentials == null) {
                throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient ECDHE key agreement parameters negotiated");
            }
            return new ECDHEKAKeyDerivation(handshakeContext, eCDHEPossession.privateKey, eCDHECredentials.popPublicKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHEKAKeyDerivation.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2019-06-13.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHEKAKeyDerivation.class */
    public static final class ECDHEKAKeyDerivation implements SSLKeyDerivation {
        private final HandshakeContext context;
        private final PrivateKey localPrivateKey;
        private final PublicKey peerPublicKey;

        ECDHEKAKeyDerivation(HandshakeContext handshakeContext, PrivateKey privateKey, PublicKey publicKey) {
            this.context = handshakeContext;
            this.localPrivateKey = privateKey;
            this.peerPublicKey = publicKey;
        }

        @Override // sun.security.ssl.SSLKeyDerivation
        public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            return !this.context.negotiatedProtocol.useTLS13PlusSpec() ? t12DeriveKey(str, algorithmParameterSpec) : t13DeriveKey(str, algorithmParameterSpec);
        }

        private SecretKey t12DeriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            try {
                KeyAgreement keyAgreement = JsseJce.getKeyAgreement("ECDH");
                keyAgreement.init(this.localPrivateKey);
                keyAgreement.doPhase(this.peerPublicKey, true);
                SecretKey generateSecret = keyAgreement.generateSecret("TlsPremasterSecret");
                SSLMasterKeyDerivation valueOf = SSLMasterKeyDerivation.valueOf(this.context.negotiatedProtocol);
                if (valueOf == null) {
                    throw new SSLHandshakeException("No expected master key derivation for protocol: " + this.context.negotiatedProtocol.name);
                }
                return valueOf.createKeyDerivation(this.context, generateSecret).deriveKey("MasterSecret", algorithmParameterSpec);
            } catch (GeneralSecurityException e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
            }
        }

        private SecretKey t13DeriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            try {
                KeyAgreement keyAgreement = JsseJce.getKeyAgreement("ECDH");
                keyAgreement.init(this.localPrivateKey);
                keyAgreement.doPhase(this.peerPublicKey, true);
                SecretKey generateSecret = keyAgreement.generateSecret("TlsPremasterSecret");
                CipherSuite.HashAlg hashAlg = this.context.negotiatedCipherSuite.hashAlg;
                SSLKeyDerivation sSLKeyDerivation = this.context.handshakeKeyDerivation;
                HKDF hkdf = new HKDF(hashAlg.name);
                if (sSLKeyDerivation == null) {
                    byte[] bArr = new byte[hashAlg.hashLength];
                    sSLKeyDerivation = new SSLSecretDerivation(this.context, hkdf.extract(bArr, new SecretKeySpec(bArr, "TlsPreSharedSecret"), "TlsEarlySecret"));
                }
                return hkdf.extract(sSLKeyDerivation.deriveKey("TlsSaltSecret", null), generateSecret, str);
            } catch (GeneralSecurityException e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHEPossession.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2019-06-13.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHEPossession.class */
    public static final class ECDHEPossession implements SSLPossession {
        final PrivateKey privateKey;
        final ECPublicKey publicKey;
        final SupportedGroupsExtension.NamedGroup namedGroup;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECDHEPossession(SupportedGroupsExtension.NamedGroup namedGroup, SecureRandom secureRandom) {
            try {
                KeyPairGenerator keyPairGenerator = JsseJce.getKeyPairGenerator("EC");
                keyPairGenerator.initialize((ECGenParameterSpec) namedGroup.getParameterSpec(), secureRandom);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                this.privateKey = generateKeyPair.getPrivate();
                this.publicKey = (ECPublicKey) generateKeyPair.getPublic();
                this.namedGroup = namedGroup;
            } catch (GeneralSecurityException e) {
                throw new RuntimeException("Could not generate ECDH keypair", e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECDHEPossession(ECDHECredentials eCDHECredentials, SecureRandom secureRandom) {
            ECParameterSpec params = eCDHECredentials.popPublicKey.getParams();
            try {
                KeyPairGenerator keyPairGenerator = JsseJce.getKeyPairGenerator("EC");
                keyPairGenerator.initialize(params, secureRandom);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                this.privateKey = generateKeyPair.getPrivate();
                this.publicKey = (ECPublicKey) generateKeyPair.getPublic();
                this.namedGroup = eCDHECredentials.namedGroup;
            } catch (GeneralSecurityException e) {
                throw new RuntimeException("Could not generate ECDH keypair", e);
            }
        }

        @Override // sun.security.ssl.SSLPossession
        public byte[] encode() {
            return ECUtil.encodePoint(this.publicKey.getW(), this.publicKey.getParams().getCurve());
        }

        SecretKey getAgreedSecret(PublicKey publicKey) throws SSLHandshakeException {
            try {
                KeyAgreement keyAgreement = JsseJce.getKeyAgreement("ECDH");
                keyAgreement.init(this.privateKey);
                keyAgreement.doPhase(publicKey, true);
                return keyAgreement.generateSecret("TlsPremasterSecret");
            } catch (GeneralSecurityException e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
            }
        }

        SecretKey getAgreedSecret(byte[] bArr) throws SSLHandshakeException {
            try {
                ECParameterSpec params = this.publicKey.getParams();
                return getAgreedSecret(JsseJce.getKeyFactory("EC").generatePublic(new ECPublicKeySpec(JsseJce.decodePoint(bArr, params.getCurve()), params)));
            } catch (IOException | GeneralSecurityException e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
            }
        }

        void checkConstraints(AlgorithmConstraints algorithmConstraints, byte[] bArr) throws SSLHandshakeException {
            try {
                ECParameterSpec params = this.publicKey.getParams();
                if (algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), (ECPublicKey) JsseJce.getKeyFactory("EC").generatePublic(new ECPublicKeySpec(JsseJce.decodePoint(bArr, params.getCurve()), params)))) {
                } else {
                    throw new SSLHandshakeException("ECPublicKey does not comply to algorithm constraints");
                }
            } catch (IOException | GeneralSecurityException e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate ECPublicKey").initCause(e));
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHEPossessionGenerator.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2019-06-13.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHEPossessionGenerator.class */
    private static final class ECDHEPossessionGenerator implements SSLPossessionGenerator {
        private ECDHEPossessionGenerator() {
        }

        @Override // sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            SupportedGroupsExtension.NamedGroup preferredGroup = (handshakeContext.clientRequestedNamedGroups == null || handshakeContext.clientRequestedNamedGroups.isEmpty()) ? SupportedGroupsExtension.SupportedGroups.getPreferredGroup(handshakeContext.negotiatedProtocol, handshakeContext.algorithmConstraints, SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE) : SupportedGroupsExtension.SupportedGroups.getPreferredGroup(handshakeContext.negotiatedProtocol, handshakeContext.algorithmConstraints, SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE, handshakeContext.clientRequestedNamedGroups);
            if (preferredGroup != null) {
                return new ECDHEPossession(preferredGroup, handshakeContext.sslContext.getSecureRandom());
            }
            return null;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHKAGenerator.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2019-06-13.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHKeyExchange$ECDHKAGenerator.class */
    private static final class ECDHKAGenerator implements SSLKeyAgreementGenerator {
        private ECDHKAGenerator() {
        }

        @Override // sun.security.ssl.SSLKeyAgreementGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext) throws IOException {
            return handshakeContext instanceof ServerHandshakeContext ? createServerKeyDerivation((ServerHandshakeContext) handshakeContext) : createClientKeyDerivation((ClientHandshakeContext) handshakeContext);
        }

        private SSLKeyDerivation createServerKeyDerivation(ServerHandshakeContext serverHandshakeContext) throws IOException {
            X509Authentication.X509Possession x509Possession = null;
            ECDHECredentials eCDHECredentials = null;
            Iterator<SSLPossession> iterator2 = serverHandshakeContext.handshakePossessions.iterator2();
            while (true) {
                if (!iterator2.hasNext()) {
                    break;
                }
                SSLPossession next = iterator2.next();
                if (next instanceof X509Authentication.X509Possession) {
                    PrivateKey privateKey = ((X509Authentication.X509Possession) next).popPrivateKey;
                    if (privateKey.getAlgorithm().equals("EC")) {
                        SupportedGroupsExtension.NamedGroup valueOf = SupportedGroupsExtension.NamedGroup.valueOf(((ECPrivateKey) privateKey).getParams());
                        if (valueOf == null) {
                            throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Unsupported EC server cert for ECDH key exchange");
                        }
                        Iterator<SSLCredentials> iterator22 = serverHandshakeContext.handshakeCredentials.iterator2();
                        while (true) {
                            if (!iterator22.hasNext()) {
                                break;
                            }
                            SSLCredentials next2 = iterator22.next();
                            if ((next2 instanceof ECDHECredentials) && valueOf.equals(((ECDHECredentials) next2).namedGroup)) {
                                eCDHECredentials = (ECDHECredentials) next2;
                                break;
                            }
                        }
                        if (eCDHECredentials != null) {
                            x509Possession = (X509Authentication.X509Possession) next;
                            break;
                        }
                    } else {
                        continue;
                    }
                }
            }
            if (x509Possession == null || eCDHECredentials == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient ECDHE key agreement parameters negotiated");
            }
            return new ECDHEKAKeyDerivation(serverHandshakeContext, x509Possession.popPrivateKey, eCDHECredentials.popPublicKey);
        }

        /* JADX WARN: Code restructure failed: missing block: B:23:0x00be, code lost:
        
            if (r9 == null) goto L43;
         */
        /* JADX WARN: Code restructure failed: missing block: B:25:0x00c1, code lost:
        
            r8 = (sun.security.ssl.ECDHKeyExchange.ECDHEPossession) r0;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private sun.security.ssl.SSLKeyDerivation createClientKeyDerivation(sun.security.ssl.ClientHandshakeContext r7) throws java.io.IOException {
            /*
                r6 = this;
                r0 = 0
                r8 = r0
                r0 = 0
                r9 = r0
                r0 = r7
                java.util.List<sun.security.ssl.SSLPossession> r0 = r0.handshakePossessions
                java.util.Iterator r0 = r0.iterator2()
                r10 = r0
            Lf:
                r0 = r10
                boolean r0 = r0.hasNext()
                if (r0 == 0) goto Lcd
                r0 = r10
                java.lang.Object r0 = r0.next()
                sun.security.ssl.SSLPossession r0 = (sun.security.ssl.SSLPossession) r0
                r11 = r0
                r0 = r11
                boolean r0 = r0 instanceof sun.security.ssl.ECDHKeyExchange.ECDHEPossession
                if (r0 != 0) goto L30
                goto Lf
            L30:
                r0 = r11
                sun.security.ssl.ECDHKeyExchange$ECDHEPossession r0 = (sun.security.ssl.ECDHKeyExchange.ECDHEPossession) r0
                sun.security.ssl.SupportedGroupsExtension$NamedGroup r0 = r0.namedGroup
                r12 = r0
                r0 = r7
                java.util.List<sun.security.ssl.SSLCredentials> r0 = r0.handshakeCredentials
                java.util.Iterator r0 = r0.iterator2()
                r13 = r0
            L45:
                r0 = r13
                boolean r0 = r0.hasNext()
                if (r0 == 0) goto Lbd
                r0 = r13
                java.lang.Object r0 = r0.next()
                sun.security.ssl.SSLCredentials r0 = (sun.security.ssl.SSLCredentials) r0
                r14 = r0
                r0 = r14
                boolean r0 = r0 instanceof sun.security.ssl.X509Authentication.X509Credentials
                if (r0 != 0) goto L66
                goto L45
            L66:
                r0 = r14
                sun.security.ssl.X509Authentication$X509Credentials r0 = (sun.security.ssl.X509Authentication.X509Credentials) r0
                java.security.PublicKey r0 = r0.popPublicKey
                r15 = r0
                r0 = r15
                java.lang.String r0 = r0.getAlgorithm()
                java.lang.String r1 = "EC"
                boolean r0 = r0.equals(r1)
                if (r0 != 0) goto L82
                goto L45
            L82:
                r0 = r15
                java.security.interfaces.ECPublicKey r0 = (java.security.interfaces.ECPublicKey) r0
                java.security.spec.ECParameterSpec r0 = r0.getParams()
                r16 = r0
                r0 = r16
                sun.security.ssl.SupportedGroupsExtension$NamedGroup r0 = sun.security.ssl.SupportedGroupsExtension.NamedGroup.valueOf(r0)
                r17 = r0
                r0 = r17
                if (r0 != 0) goto La7
                r0 = r7
                sun.security.ssl.TransportContext r0 = r0.conContext
                sun.security.ssl.Alert r1 = sun.security.ssl.Alert.ILLEGAL_PARAMETER
                java.lang.String r2 = "Unsupported EC server cert for ECDH key exchange"
                javax.net.ssl.SSLException r0 = r0.fatal(r1, r2)
                throw r0
            La7:
                r0 = r12
                r1 = r17
                boolean r0 = r0.equals(r1)
                if (r0 == 0) goto Lba
                r0 = r14
                sun.security.ssl.X509Authentication$X509Credentials r0 = (sun.security.ssl.X509Authentication.X509Credentials) r0
                r9 = r0
                goto Lbd
            Lba:
                goto L45
            Lbd:
                r0 = r9
                if (r0 == 0) goto Lca
                r0 = r11
                sun.security.ssl.ECDHKeyExchange$ECDHEPossession r0 = (sun.security.ssl.ECDHKeyExchange.ECDHEPossession) r0
                r8 = r0
                goto Lcd
            Lca:
                goto Lf
            Lcd:
                r0 = r8
                if (r0 == 0) goto Ld5
                r0 = r9
                if (r0 != 0) goto Le2
            Ld5:
                r0 = r7
                sun.security.ssl.TransportContext r0 = r0.conContext
                sun.security.ssl.Alert r1 = sun.security.ssl.Alert.HANDSHAKE_FAILURE
                java.lang.String r2 = "No sufficient ECDH key agreement parameters negotiated"
                javax.net.ssl.SSLException r0 = r0.fatal(r1, r2)
                throw r0
            Le2:
                sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation r0 = new sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation
                r1 = r0
                r2 = r7
                r3 = r8
                java.security.PrivateKey r3 = r3.privateKey
                r4 = r9
                java.security.PublicKey r4 = r4.popPublicKey
                r1.<init>(r2, r3, r4)
                return r0
            */
            throw new UnsupportedOperationException("Method not decompiled: sun.security.ssl.ECDHKeyExchange.ECDHKAGenerator.createClientKeyDerivation(sun.security.ssl.ClientHandshakeContext):sun.security.ssl.SSLKeyDerivation");
        }
    }

    ECDHKeyExchange() {
    }
}
