package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.CryptoPrimitive;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.text.MessageFormat;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Locale;
import javax.crypto.SecretKey;
import sun.security.ssl.SSLHandshake;
import sun.security.ssl.X509Authentication;
import sun.security.util.HexDumpEncoder;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange.class
 */
/* loaded from: input_file:WEB-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange.class */
final class ECDHClientKeyExchange {
    static final SSLConsumer ecdhHandshakeConsumer = new ECDHClientKeyExchangeConsumer();
    static final HandshakeProducer ecdhHandshakeProducer = new ECDHClientKeyExchangeProducer();
    static final SSLConsumer ecdheHandshakeConsumer = new ECDHEClientKeyExchangeConsumer();
    static final HandshakeProducer ecdheHandshakeProducer = new ECDHEClientKeyExchangeProducer();

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHClientKeyExchangeConsumer.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHClientKeyExchangeConsumer.class */
    private static final class ECDHClientKeyExchangeConsumer implements SSLConsumer {
        private ECDHClientKeyExchangeConsumer() {
        }

        @Override // sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            NamedGroup nameOf;
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            X509Authentication.X509Possession x509Possession = null;
            Iterator<SSLPossession> iterator2 = serverHandshakeContext.handshakePossessions.iterator2();
            while (true) {
                if (!iterator2.hasNext()) {
                    break;
                }
                SSLPossession next = iterator2.next();
                if (next instanceof X509Authentication.X509Possession) {
                    x509Possession = (X509Authentication.X509Possession) next;
                    break;
                }
            }
            if (x509Possession == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "No expected EC server cert for ECDH client key exchange");
            }
            ECParameterSpec eCParameterSpec = x509Possession.getECParameterSpec();
            if (eCParameterSpec != null) {
                nameOf = NamedGroup.valueOf(eCParameterSpec);
            } else {
                NamedParameterSpec xECParameterSpec = x509Possession.getXECParameterSpec();
                if (xECParameterSpec == null) {
                    throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Unknown named parameters in server cert for ECDH client key exchange");
                }
                nameOf = NamedGroup.nameOf(xECParameterSpec.getName());
            }
            if (nameOf == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Unknown named group in server cert for ECDH client key exchange");
            }
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(serverHandshakeContext.negotiatedCipherSuite.keyExchange, serverHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            ECDHClientKeyExchangeMessage eCDHClientKeyExchangeMessage = new ECDHClientKeyExchangeMessage(serverHandshakeContext, byteBuffer);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming ECDH ClientKeyExchange handshake message", eCDHClientKeyExchangeMessage);
            }
            try {
                SSLCredentials decodeCredentials = nameOf.decodeCredentials(eCDHClientKeyExchangeMessage.encodedPoint);
                if (serverHandshakeContext.algorithmConstraints != null && (decodeCredentials instanceof NamedGroupCredentials) && !serverHandshakeContext.algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ((NamedGroupCredentials) decodeCredentials).getPublicKey())) {
                    serverHandshakeContext.conContext.fatal(Alert.INSUFFICIENT_SECURITY, "ClientKeyExchange for " + ((Object) nameOf) + " does not comply with algorithm constraints");
                }
                serverHandshakeContext.handshakeCredentials.add(decodeCredentials);
                SecretKey deriveKey = valueOf.createKeyDerivation(serverHandshakeContext).deriveKey("MasterSecret", null);
                serverHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
                SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(serverHandshakeContext.negotiatedProtocol);
                if (valueOf2 == null) {
                    throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + ((Object) serverHandshakeContext.negotiatedProtocol));
                }
                serverHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(serverHandshakeContext, deriveKey);
            } catch (GeneralSecurityException e) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Cannot decode ECDH PublicKey: " + ((Object) nameOf));
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHClientKeyExchangeMessage.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHClientKeyExchangeMessage.class */
    private static final class ECDHClientKeyExchangeMessage extends SSLHandshake.HandshakeMessage {
        private final byte[] encodedPoint;

        ECDHClientKeyExchangeMessage(HandshakeContext handshakeContext, byte[] bArr) {
            super(handshakeContext);
            this.encodedPoint = bArr;
        }

        ECDHClientKeyExchangeMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer) throws IOException {
            super(handshakeContext);
            if (byteBuffer.remaining() != 0) {
                this.encodedPoint = Record.getBytes8(byteBuffer);
            } else {
                this.encodedPoint = new byte[0];
            }
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_KEY_EXCHANGE;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            if (this.encodedPoint == null || this.encodedPoint.length == 0) {
                return 0;
            }
            return 1 + this.encodedPoint.length;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            if (this.encodedPoint == null || this.encodedPoint.length == 0) {
                return;
            }
            handshakeOutStream.putBytes8(this.encodedPoint);
        }

        public String toString() {
            MessageFormat messageFormat = new MessageFormat("\"ECDH ClientKeyExchange\": '{'\n  \"ecdh public\": '{'\n{0}\n  '}',\n'}'", Locale.ENGLISH);
            return (this.encodedPoint == null || this.encodedPoint.length == 0) ? messageFormat.format(new Object[]{"    <implicit>"}) : messageFormat.format(new Object[]{Utilities.indent(new HexDumpEncoder().encodeBuffer(this.encodedPoint), "    ")});
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHClientKeyExchangeProducer.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHClientKeyExchangeProducer.class */
    private static final class ECDHClientKeyExchangeProducer implements HandshakeProducer {
        private ECDHClientKeyExchangeProducer() {
        }

        @Override // sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            X509Authentication.X509Credentials x509Credentials = null;
            Iterator<SSLCredentials> iterator2 = clientHandshakeContext.handshakeCredentials.iterator2();
            while (true) {
                if (!iterator2.hasNext()) {
                    break;
                }
                SSLCredentials next = iterator2.next();
                if (next instanceof X509Authentication.X509Credentials) {
                    x509Credentials = (X509Authentication.X509Credentials) next;
                    break;
                }
            }
            if (x509Credentials == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "No server certificate for ECDH client key exchange");
            }
            PublicKey publicKey = x509Credentials.popPublicKey;
            NamedGroup namedGroup = null;
            String algorithm = publicKey.getAlgorithm();
            if (algorithm.equals("EC")) {
                namedGroup = NamedGroup.valueOf(((ECPublicKey) publicKey).getParams());
            } else {
                if (!algorithm.equals("XDH")) {
                    throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Not EC/XDH server certificate for ECDH client key exchange");
                }
                AlgorithmParameterSpec params = ((XECPublicKey) publicKey).getParams();
                if (params instanceof NamedParameterSpec) {
                    namedGroup = NamedGroup.nameOf(((NamedParameterSpec) params).getName());
                }
            }
            if (namedGroup == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Unsupported EC/XDH server cert for ECDH client key exchange");
            }
            SSLPossession createPossession = namedGroup.createPossession(clientHandshakeContext.sslContext.getSecureRandom());
            clientHandshakeContext.handshakePossessions.add(createPossession);
            ECDHClientKeyExchangeMessage eCDHClientKeyExchangeMessage = new ECDHClientKeyExchangeMessage(clientHandshakeContext, createPossession.encode());
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced ECDH ClientKeyExchange handshake message", eCDHClientKeyExchangeMessage);
            }
            eCDHClientKeyExchangeMessage.write(clientHandshakeContext.handshakeOutput);
            clientHandshakeContext.handshakeOutput.flush();
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(clientHandshakeContext.negotiatedCipherSuite.keyExchange, clientHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SecretKey deriveKey = valueOf.createKeyDerivation(clientHandshakeContext).deriveKey("MasterSecret", null);
            clientHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(clientHandshakeContext.negotiatedProtocol);
            if (valueOf2 == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + ((Object) clientHandshakeContext.negotiatedProtocol));
            }
            clientHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(clientHandshakeContext, deriveKey);
            return null;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHEClientKeyExchangeConsumer.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHEClientKeyExchangeConsumer.class */
    private static final class ECDHEClientKeyExchangeConsumer implements SSLConsumer {
        private ECDHEClientKeyExchangeConsumer() {
        }

        @Override // sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            NamedGroupPossession namedGroupPossession = null;
            NamedGroup namedGroup = null;
            Iterator<SSLPossession> iterator2 = serverHandshakeContext.handshakePossessions.iterator2();
            while (true) {
                if (!iterator2.hasNext()) {
                    break;
                }
                SSLPossession next = iterator2.next();
                if (next instanceof NamedGroupPossession) {
                    NamedGroupPossession namedGroupPossession2 = (NamedGroupPossession) next;
                    namedGroup = namedGroupPossession2.getNamedGroup();
                    namedGroupPossession = namedGroupPossession2;
                    break;
                }
            }
            if (namedGroupPossession == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "No expected ECDHE possessions for client key exchange");
            }
            if (namedGroup == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Unsupported EC server cert for ECDHE client key exchange");
            }
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(serverHandshakeContext.negotiatedCipherSuite.keyExchange, serverHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            ECDHClientKeyExchangeMessage eCDHClientKeyExchangeMessage = new ECDHClientKeyExchangeMessage(serverHandshakeContext, byteBuffer);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming ECDHE ClientKeyExchange handshake message", eCDHClientKeyExchangeMessage);
            }
            try {
                SSLCredentials decodeCredentials = namedGroup.decodeCredentials(eCDHClientKeyExchangeMessage.encodedPoint);
                if (serverHandshakeContext.algorithmConstraints != null && (decodeCredentials instanceof NamedGroupCredentials) && !serverHandshakeContext.algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ((NamedGroupCredentials) decodeCredentials).getPublicKey())) {
                    serverHandshakeContext.conContext.fatal(Alert.INSUFFICIENT_SECURITY, "ClientKeyExchange for " + ((Object) namedGroup) + " does not comply with algorithm constraints");
                }
                serverHandshakeContext.handshakeCredentials.add(decodeCredentials);
                SecretKey deriveKey = valueOf.createKeyDerivation(serverHandshakeContext).deriveKey("MasterSecret", null);
                serverHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
                SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(serverHandshakeContext.negotiatedProtocol);
                if (valueOf2 == null) {
                    throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + ((Object) serverHandshakeContext.negotiatedProtocol));
                }
                serverHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(serverHandshakeContext, deriveKey);
            } catch (GeneralSecurityException e) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Cannot decode named group: " + ((Object) namedGroup));
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.class
     */
    /* loaded from: input_file:WEB-INF/lib/java.base-2023-06-15.jar:META-INF/modules/java.base/classes/sun/security/ssl/ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.class */
    private static final class ECDHEClientKeyExchangeProducer implements HandshakeProducer {
        private ECDHEClientKeyExchangeProducer() {
        }

        @Override // sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            SSLCredentials sSLCredentials = null;
            NamedGroup namedGroup = null;
            Iterator<SSLCredentials> iterator2 = clientHandshakeContext.handshakeCredentials.iterator2();
            while (true) {
                if (!iterator2.hasNext()) {
                    break;
                }
                SSLCredentials next = iterator2.next();
                if (next instanceof NamedGroupCredentials) {
                    namedGroup = ((NamedGroupCredentials) next).getNamedGroup();
                    sSLCredentials = next;
                    break;
                }
            }
            if (sSLCredentials == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "No ECDHE credentials negotiated for client key exchange");
            }
            SSLPossession createPossession = namedGroup.createPossession(clientHandshakeContext.sslContext.getSecureRandom());
            clientHandshakeContext.handshakePossessions.add(createPossession);
            ECDHClientKeyExchangeMessage eCDHClientKeyExchangeMessage = new ECDHClientKeyExchangeMessage(clientHandshakeContext, createPossession.encode());
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced ECDHE ClientKeyExchange handshake message", eCDHClientKeyExchangeMessage);
            }
            eCDHClientKeyExchangeMessage.write(clientHandshakeContext.handshakeOutput);
            clientHandshakeContext.handshakeOutput.flush();
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(clientHandshakeContext.negotiatedCipherSuite.keyExchange, clientHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SecretKey deriveKey = valueOf.createKeyDerivation(clientHandshakeContext).deriveKey("MasterSecret", null);
            clientHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(clientHandshakeContext.negotiatedProtocol);
            if (valueOf2 == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + ((Object) clientHandshakeContext.negotiatedProtocol));
            }
            clientHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(clientHandshakeContext, deriveKey);
            return null;
        }
    }

    ECDHClientKeyExchange() {
    }
}
