package com.sun.crypto.provider;

import com.github.dockerjava.zerodep.shaded.org.apache.commons.codec.digest.MessageDigestAlgorithms;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialSpec;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/modules/java.base/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.class
 */
/* loaded from: input_file:WEB-INF/lib/java.base-2023-03-28.jar:META-INF/modules/java.base/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.class */
public final class TlsKeyMaterialGenerator extends KeyGeneratorSpi {
    private static final String MSG = "TlsKeyMaterialGenerator must be initialized using a TlsKeyMaterialParameterSpec";
    private TlsKeyMaterialParameterSpec spec;
    private int protocolVersion;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof TlsKeyMaterialParameterSpec)) {
            throw new InvalidAlgorithmParameterException(MSG);
        }
        this.spec = (TlsKeyMaterialParameterSpec) algorithmParameterSpec;
        if (!"RAW".equals(this.spec.getMasterSecret().getFormat())) {
            throw new InvalidAlgorithmParameterException("Key format must be RAW");
        }
        this.protocolVersion = (this.spec.getMajorVersion() << 8) | this.spec.getMinorVersion();
        if (this.protocolVersion < 768 || this.protocolVersion > 771) {
            throw new InvalidAlgorithmParameterException("Only SSL 3.0, TLS 1.0/1.1/1.2 supported");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(int i, SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public SecretKey engineGenerateKey() {
        if (this.spec == null) {
            throw new IllegalStateException("TlsKeyMaterialGenerator must be initialized");
        }
        byte[] encoded = this.spec.getMasterSecret().getEncoded();
        try {
            try {
                SecretKey engineGenerateKey0 = engineGenerateKey0(encoded);
                Arrays.fill(encoded, (byte) 0);
                return engineGenerateKey0;
            } catch (GeneralSecurityException e) {
                throw new ProviderException(e);
            }
        } catch (Throwable th) {
            Arrays.fill(encoded, (byte) 0);
            throw th;
        }
    }

    private SecretKey engineGenerateKey0(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2;
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        byte[] clientRandom = this.spec.getClientRandom();
        byte[] serverRandom = this.spec.getServerRandom();
        SecretKeySpec secretKeySpec3 = null;
        SecretKeySpec secretKeySpec4 = null;
        IvParameterSpec ivParameterSpec = null;
        IvParameterSpec ivParameterSpec2 = null;
        int macKeyLength = this.spec.getMacKeyLength();
        int expandedCipherKeyLength = this.spec.getExpandedCipherKeyLength();
        boolean z = expandedCipherKeyLength != 0;
        int cipherKeyLength = this.spec.getCipherKeyLength();
        int ivLength = this.spec.getIvLength();
        int i = ((macKeyLength + cipherKeyLength) + (z ? 0 : ivLength)) << 1;
        MessageDigest messageDigest = null;
        MessageDigest messageDigest2 = null;
        if (this.protocolVersion >= 771) {
            bArr2 = TlsPrfGenerator.doTLS12PRF(bArr, TlsPrfGenerator.LABEL_KEY_EXPANSION, TlsPrfGenerator.concat(serverRandom, clientRandom), i, this.spec.getPRFHashAlg(), this.spec.getPRFHashLength(), this.spec.getPRFBlockSize());
        } else if (this.protocolVersion >= 769) {
            messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.MD5);
            messageDigest2 = MessageDigest.getInstance("SHA1");
            bArr2 = TlsPrfGenerator.doTLS10PRF(bArr, TlsPrfGenerator.LABEL_KEY_EXPANSION, TlsPrfGenerator.concat(serverRandom, clientRandom), i, messageDigest, messageDigest2);
        } else {
            messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.MD5);
            messageDigest2 = MessageDigest.getInstance("SHA1");
            bArr2 = new byte[i];
            byte[] bArr3 = new byte[20];
            int i2 = 0;
            for (int i3 = i; i3 > 0; i3 -= 16) {
                messageDigest2.update(TlsPrfGenerator.SSL3_CONST[i2]);
                messageDigest2.update(bArr);
                messageDigest2.update(serverRandom);
                messageDigest2.update(clientRandom);
                messageDigest2.digest(bArr3, 0, 20);
                messageDigest.update(bArr);
                messageDigest.update(bArr3);
                if (i3 >= 16) {
                    messageDigest.digest(bArr2, i2 << 4, 16);
                } else {
                    messageDigest.digest(bArr3, 0, 16);
                    System.arraycopy(bArr3, 0, bArr2, i2 << 4, i3);
                }
                i2++;
            }
        }
        int i4 = 0;
        if (macKeyLength != 0) {
            secretKeySpec3 = new SecretKeySpec(bArr2, 0, macKeyLength, "Mac");
            int i5 = 0 + macKeyLength;
            secretKeySpec4 = new SecretKeySpec(bArr2, i5, macKeyLength, "Mac");
            i4 = i5 + macKeyLength;
        }
        if (cipherKeyLength == 0) {
            return new TlsKeyMaterialSpec(secretKeySpec3, secretKeySpec4);
        }
        String cipherAlgorithm = this.spec.getCipherAlgorithm();
        byte[] bArr4 = new byte[cipherKeyLength];
        System.arraycopy(bArr2, i4, bArr4, 0, cipherKeyLength);
        int i6 = i4 + cipherKeyLength;
        byte[] bArr5 = new byte[cipherKeyLength];
        System.arraycopy(bArr2, i6, bArr5, 0, cipherKeyLength);
        int i7 = i6 + cipherKeyLength;
        try {
            if (!z) {
                secretKeySpec = new SecretKeySpec(bArr4, cipherAlgorithm);
                secretKeySpec2 = new SecretKeySpec(bArr5, cipherAlgorithm);
                if (ivLength != 0) {
                    ivParameterSpec = new IvParameterSpec(bArr2, i7, ivLength);
                    int i8 = i7 + ivLength;
                    ivParameterSpec2 = new IvParameterSpec(bArr2, i8, ivLength);
                    int i9 = i8 + ivLength;
                }
            } else {
                if (this.protocolVersion >= 770) {
                    throw new RuntimeException("Internal Error:  TLS 1.1+ should not be negotiating exportable ciphersuites");
                }
                if (this.protocolVersion == 769) {
                    byte[] concat = TlsPrfGenerator.concat(clientRandom, serverRandom);
                    byte[] doTLS10PRF = TlsPrfGenerator.doTLS10PRF(bArr4, TlsPrfGenerator.LABEL_CLIENT_WRITE_KEY, concat, expandedCipherKeyLength, messageDigest, messageDigest2);
                    secretKeySpec = new SecretKeySpec(doTLS10PRF, cipherAlgorithm);
                    Arrays.fill(doTLS10PRF, (byte) 0);
                    byte[] doTLS10PRF2 = TlsPrfGenerator.doTLS10PRF(bArr5, TlsPrfGenerator.LABEL_SERVER_WRITE_KEY, concat, expandedCipherKeyLength, messageDigest, messageDigest2);
                    secretKeySpec2 = new SecretKeySpec(doTLS10PRF2, cipherAlgorithm);
                    Arrays.fill(doTLS10PRF2, (byte) 0);
                    if (ivLength != 0) {
                        byte[] doTLS10PRF3 = TlsPrfGenerator.doTLS10PRF(null, TlsPrfGenerator.LABEL_IV_BLOCK, concat, ivLength << 1, messageDigest, messageDigest2);
                        ivParameterSpec = new IvParameterSpec(doTLS10PRF3, 0, ivLength);
                        ivParameterSpec2 = new IvParameterSpec(doTLS10PRF3, ivLength, ivLength);
                    }
                } else {
                    byte[] bArr6 = new byte[expandedCipherKeyLength];
                    messageDigest.update(bArr4);
                    messageDigest.update(clientRandom);
                    messageDigest.update(serverRandom);
                    byte[] digest = messageDigest.digest();
                    System.arraycopy(digest, 0, bArr6, 0, expandedCipherKeyLength);
                    secretKeySpec = new SecretKeySpec(bArr6, cipherAlgorithm);
                    Arrays.fill(digest, (byte) 0);
                    messageDigest.update(bArr5);
                    messageDigest.update(serverRandom);
                    messageDigest.update(clientRandom);
                    byte[] digest2 = messageDigest.digest();
                    System.arraycopy(digest2, 0, bArr6, 0, expandedCipherKeyLength);
                    secretKeySpec2 = new SecretKeySpec(bArr6, cipherAlgorithm);
                    Arrays.fill(digest2, (byte) 0);
                    Arrays.fill(bArr6, (byte) 0);
                    if (ivLength != 0) {
                        byte[] bArr7 = new byte[ivLength];
                        messageDigest.update(clientRandom);
                        messageDigest.update(serverRandom);
                        System.arraycopy(messageDigest.digest(), 0, bArr7, 0, ivLength);
                        ivParameterSpec = new IvParameterSpec(bArr7);
                        messageDigest.update(serverRandom);
                        messageDigest.update(clientRandom);
                        System.arraycopy(messageDigest.digest(), 0, bArr7, 0, ivLength);
                        ivParameterSpec2 = new IvParameterSpec(bArr7);
                    }
                }
            }
            return new TlsKeyMaterialSpec(secretKeySpec3, secretKeySpec4, secretKeySpec, ivParameterSpec, secretKeySpec2, ivParameterSpec2);
        } finally {
            Arrays.fill(bArr5, (byte) 0);
            Arrays.fill(bArr4, (byte) 0);
            Arrays.fill(bArr2, (byte) 0);
        }
    }
}
