package cn.gmssl.sun.crypto.provider;

import cn.gmssl.sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import cn.gmssl.sun.security.internal.spec.TlsKeyMaterialSpec;
import defpackage.OOOO0oOOo0ooO0oO;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cn/gmssl/sun/crypto/provider/TlsKeyMaterialGenerator.class */
public final class TlsKeyMaterialGenerator extends KeyGeneratorSpi {
    static final OOOO0oOOo0ooO0oO debug = OOOO0oOOo0ooO0oO.getInstance("ssl");
    private static final String MSG = "TlsKeyMaterialGenerator must be initialized using a TlsKeyMaterialParameterSpec";
    private TlsKeyMaterialParameterSpec spec;
    private int protocolVersion;

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
        if (!(algorithmParameterSpec instanceof TlsKeyMaterialParameterSpec)) {
            throw new InvalidAlgorithmParameterException(MSG);
        }
        this.spec = (TlsKeyMaterialParameterSpec) algorithmParameterSpec;
        if (!"RAW".equals(this.spec.getMasterSecret().getFormat())) {
            throw new InvalidAlgorithmParameterException("Key format must be RAW");
        }
        this.protocolVersion = (this.spec.getMajorVersion() << 8) | this.spec.getMinorVersion();
        if (this.protocolVersion < 768 || this.protocolVersion > 771) {
            throw new InvalidAlgorithmParameterException("Only SSL 3.0, TLS 1.0/1.1/1.2 supported");
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        if (this.spec == null) {
            throw new IllegalStateException("TlsKeyMaterialGenerator must be initialized");
        }
        try {
            return engineGenerateKey0();
        } catch (GeneralSecurityException e) {
            throw new ProviderException(e);
        }
    }

    private SecretKey engineGenerateKey0() {
        byte[] bArr;
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        if (debug != null && OOOO0oOOo0ooO0oO.isOn("handshake")) {
            System.out.println("engineGenerateKey0...");
        }
        byte[] encoded = this.spec.getMasterSecret().getEncoded();
        byte[] clientRandom = this.spec.getClientRandom();
        byte[] serverRandom = this.spec.getServerRandom();
        IvParameterSpec ivParameterSpec = null;
        IvParameterSpec ivParameterSpec2 = null;
        int macKeyLength = this.spec.getMacKeyLength();
        int expandedCipherKeyLength = this.spec.getExpandedCipherKeyLength();
        boolean z = expandedCipherKeyLength != 0;
        int cipherKeyLength = this.spec.getCipherKeyLength();
        int ivLength = this.spec.getIvLength();
        int i = ((macKeyLength + cipherKeyLength) + (z ? 0 : ivLength)) << 1;
        byte[] bArr2 = new byte[i];
        MessageDigest messageDigest = null;
        MessageDigest messageDigest2 = null;
        if (debug != null && OOOO0oOOo0ooO0oO.isOn("handshake")) {
            System.out.println("engineGenerateKey0 protocolVersion=" + this.protocolVersion);
            System.out.println("engineGenerateKey0 spec=" + this.spec);
        }
        if (this.protocolVersion >= 771) {
            bArr = TlsPrfGenerator.doTLS12PRF(encoded, TlsPrfGenerator.LABEL_KEY_EXPANSION, TlsPrfGenerator.concat(serverRandom, clientRandom), i, this.spec.getPRFHashAlg(), this.spec.getPRFHashLength(), this.spec.getPRFBlockSize());
        } else if (this.protocolVersion >= 769) {
            messageDigest = MessageDigest.getInstance("MD5");
            messageDigest2 = MessageDigest.getInstance("SHA1");
            bArr = TlsPrfGenerator.doTLS10PRF(encoded, TlsPrfGenerator.LABEL_KEY_EXPANSION, TlsPrfGenerator.concat(serverRandom, clientRandom), i, messageDigest, messageDigest2);
        } else {
            messageDigest = MessageDigest.getInstance("MD5");
            messageDigest2 = MessageDigest.getInstance("SHA1");
            bArr = new byte[i];
            byte[] bArr3 = new byte[20];
            int i2 = 0;
            for (int i3 = i; i3 > 0; i3 -= 16) {
                messageDigest2.update(TlsPrfGenerator.SSL3_CONST[i2]);
                messageDigest2.update(encoded);
                messageDigest2.update(serverRandom);
                messageDigest2.update(clientRandom);
                messageDigest2.digest(bArr3, 0, 20);
                messageDigest.update(encoded);
                messageDigest.update(bArr3);
                if (i3 >= 16) {
                    messageDigest.digest(bArr, i2 << 4, 16);
                } else {
                    messageDigest.digest(bArr3, 0, 16);
                    System.arraycopy(bArr3, 0, bArr, i2 << 4, i3);
                }
                i2++;
            }
        }
        if (debug != null && OOOO0oOOo0ooO0oO.isOn("handshake")) {
            System.out.println("engineGenerateKey0 macLength=" + macKeyLength);
        }
        byte[] bArr4 = new byte[macKeyLength];
        System.arraycopy(bArr, 0, bArr4, 0, macKeyLength);
        int i4 = 0 + macKeyLength;
        SecretKeySpec secretKeySpec3 = macKeyLength > 0 ? new SecretKeySpec(bArr4, "Mac") : null;
        System.arraycopy(bArr, i4, bArr4, 0, macKeyLength);
        int i5 = i4 + macKeyLength;
        SecretKeySpec secretKeySpec4 = macKeyLength > 0 ? new SecretKeySpec(bArr4, "Mac") : null;
        if (debug != null && OOOO0oOOo0ooO0oO.isOn("handshake")) {
            System.out.println("engineGenerateKey0 keyLength=" + cipherKeyLength);
        }
        if (cipherKeyLength == 0) {
            return new TlsKeyMaterialSpec(secretKeySpec3, secretKeySpec4);
        }
        String cipherAlgorithm = this.spec.getCipherAlgorithm();
        byte[] bArr5 = new byte[cipherKeyLength];
        System.arraycopy(bArr, i5, bArr5, 0, cipherKeyLength);
        int i6 = i5 + cipherKeyLength;
        byte[] bArr6 = new byte[cipherKeyLength];
        System.arraycopy(bArr, i6, bArr6, 0, cipherKeyLength);
        int i7 = i6 + cipherKeyLength;
        if (debug != null && OOOO0oOOo0ooO0oO.isOn("handshake")) {
            System.out.println("engineGenerateKey0 isExportable=" + z);
            System.out.println("engineGenerateKey0 ivLength=" + ivLength);
        }
        if (!z) {
            secretKeySpec = new SecretKeySpec(bArr5, cipherAlgorithm);
            secretKeySpec2 = new SecretKeySpec(bArr6, cipherAlgorithm);
            if (ivLength != 0) {
                byte[] bArr7 = new byte[ivLength];
                System.arraycopy(bArr, i7, bArr7, 0, ivLength);
                int i8 = i7 + ivLength;
                ivParameterSpec = new IvParameterSpec(bArr7);
                System.arraycopy(bArr, i8, bArr7, 0, ivLength);
                int i9 = i8 + ivLength;
                ivParameterSpec2 = new IvParameterSpec(bArr7);
            }
        } else {
            if (this.protocolVersion >= 770) {
                throw new RuntimeException("Internal Error:  TLS 1.1+ should not be negotiatingexportable ciphersuites");
            }
            if (this.protocolVersion == 769) {
                byte[] concat = TlsPrfGenerator.concat(clientRandom, serverRandom);
                secretKeySpec = new SecretKeySpec(TlsPrfGenerator.doTLS10PRF(bArr5, TlsPrfGenerator.LABEL_CLIENT_WRITE_KEY, concat, expandedCipherKeyLength, messageDigest, messageDigest2), cipherAlgorithm);
                secretKeySpec2 = new SecretKeySpec(TlsPrfGenerator.doTLS10PRF(bArr6, TlsPrfGenerator.LABEL_SERVER_WRITE_KEY, concat, expandedCipherKeyLength, messageDigest, messageDigest2), cipherAlgorithm);
                if (ivLength != 0) {
                    byte[] bArr8 = new byte[ivLength];
                    byte[] doTLS10PRF = TlsPrfGenerator.doTLS10PRF(null, TlsPrfGenerator.LABEL_IV_BLOCK, concat, ivLength << 1, messageDigest, messageDigest2);
                    System.arraycopy(doTLS10PRF, 0, bArr8, 0, ivLength);
                    ivParameterSpec = new IvParameterSpec(bArr8);
                    System.arraycopy(doTLS10PRF, ivLength, bArr8, 0, ivLength);
                    ivParameterSpec2 = new IvParameterSpec(bArr8);
                }
            } else {
                byte[] bArr9 = new byte[expandedCipherKeyLength];
                messageDigest.update(bArr5);
                messageDigest.update(clientRandom);
                messageDigest.update(serverRandom);
                System.arraycopy(messageDigest.digest(), 0, bArr9, 0, expandedCipherKeyLength);
                secretKeySpec = new SecretKeySpec(bArr9, cipherAlgorithm);
                messageDigest.update(bArr6);
                messageDigest.update(serverRandom);
                messageDigest.update(clientRandom);
                System.arraycopy(messageDigest.digest(), 0, bArr9, 0, expandedCipherKeyLength);
                secretKeySpec2 = new SecretKeySpec(bArr9, cipherAlgorithm);
                if (ivLength != 0) {
                    byte[] bArr10 = new byte[ivLength];
                    messageDigest.update(clientRandom);
                    messageDigest.update(serverRandom);
                    System.arraycopy(messageDigest.digest(), 0, bArr10, 0, ivLength);
                    ivParameterSpec = new IvParameterSpec(bArr10);
                    messageDigest.update(serverRandom);
                    messageDigest.update(clientRandom);
                    System.arraycopy(messageDigest.digest(), 0, bArr10, 0, ivLength);
                    ivParameterSpec2 = new IvParameterSpec(bArr10);
                }
            }
        }
        if (debug != null && OOOO0oOOo0ooO0oO.isOn("handshake")) {
            System.out.println("engineGenerateKey0 clientIv=" + ivParameterSpec);
            System.out.println("engineGenerateKey0 serverIv=" + ivParameterSpec2);
            System.out.println("engineGenerateKey0 end1");
        }
        return new TlsKeyMaterialSpec(secretKeySpec3, secretKeySpec4, secretKeySpec, ivParameterSpec, secretKeySpec2, ivParameterSpec2);
    }
}
