package cn.gmssl.sun.crypto.provider;

import cn.gmssl.sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import cn.gmssl.sun.security.internal.spec.TlsKeyMaterialSpec;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import oO0o0O.O0o0o00OO0.Oo00oO0OOo;

/* loaded from: classes.dex */
public final class TlsKeyMaterialGenerator extends KeyGeneratorSpi {
    private static final String MSG = "TlsKeyMaterialGenerator must be initialized using a TlsKeyMaterialParameterSpec";
    static final Oo00oO0OOo debug = Oo00oO0OOo.getInstance("ssl");
    private int protocolVersion;
    private TlsKeyMaterialParameterSpec spec;

    private SecretKey engineGenerateKey0() {
        int i;
        int i2;
        MessageDigest messageDigest;
        MessageDigest messageDigest2;
        byte[] bArr;
        int i3;
        int i4;
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        SecretKeySpec secretKeySpec3;
        IvParameterSpec ivParameterSpec;
        SecretKeySpec secretKeySpec4;
        SecretKeySpec secretKeySpec5;
        IvParameterSpec ivParameterSpec2;
        Oo00oO0OOo oo00oO0OOo = debug;
        if (oo00oO0OOo != null && Oo00oO0OOo.isOn("handshake")) {
            System.out.println("engineGenerateKey0...");
        }
        byte[] encoded = this.spec.getMasterSecret().getEncoded();
        byte[] clientRandom = this.spec.getClientRandom();
        byte[] serverRandom = this.spec.getServerRandom();
        int macKeyLength = this.spec.getMacKeyLength();
        int expandedCipherKeyLength = this.spec.getExpandedCipherKeyLength();
        boolean z = expandedCipherKeyLength != 0;
        int cipherKeyLength = this.spec.getCipherKeyLength();
        int ivLength = this.spec.getIvLength();
        int i5 = ((macKeyLength + cipherKeyLength) + (z ? 0 : ivLength)) << 1;
        byte[] bArr2 = new byte[i5];
        if (oo00oO0OOo != null && Oo00oO0OOo.isOn("handshake")) {
            System.out.println("engineGenerateKey0 protocolVersion=" + this.protocolVersion);
            System.out.println("engineGenerateKey0 spec=" + this.spec);
        }
        int i6 = this.protocolVersion;
        if (i6 >= 771) {
            i = cipherKeyLength;
            bArr = TlsPrfGenerator.doTLS12PRF(encoded, TlsPrfGenerator.LABEL_KEY_EXPANSION, TlsPrfGenerator.concat(serverRandom, clientRandom), i5, this.spec.getPRFHashAlg(), this.spec.getPRFHashLength(), this.spec.getPRFBlockSize());
            i2 = ivLength;
            messageDigest = null;
            messageDigest2 = null;
        } else {
            i = cipherKeyLength;
            i2 = ivLength;
            if (i6 >= 769) {
                messageDigest = MessageDigest.getInstance("MD5");
                MessageDigest messageDigest3 = MessageDigest.getInstance("SHA1");
                bArr = TlsPrfGenerator.doTLS10PRF(encoded, TlsPrfGenerator.LABEL_KEY_EXPANSION, TlsPrfGenerator.concat(serverRandom, clientRandom), i5, messageDigest, messageDigest3);
                messageDigest2 = messageDigest3;
            } else {
                messageDigest = MessageDigest.getInstance("MD5");
                MessageDigest messageDigest4 = MessageDigest.getInstance("SHA1");
                byte[] bArr3 = new byte[i5];
                byte[] bArr4 = new byte[20];
                int i7 = 0;
                while (i5 > 0) {
                    int i8 = i;
                    messageDigest4.update(TlsPrfGenerator.SSL3_CONST[i7]);
                    messageDigest4.update(encoded);
                    messageDigest4.update(serverRandom);
                    messageDigest4.update(clientRandom);
                    messageDigest4.digest(bArr4, 0, 20);
                    messageDigest.update(encoded);
                    messageDigest.update(bArr4);
                    if (i5 >= 16) {
                        messageDigest.digest(bArr3, i7 << 4, 16);
                    } else {
                        messageDigest.digest(bArr4, 0, 16);
                        System.arraycopy(bArr4, 0, bArr3, i7 << 4, i5);
                    }
                    i7++;
                    i5 -= 16;
                    i = i8;
                }
                messageDigest2 = messageDigest4;
                bArr = bArr3;
            }
        }
        Oo00oO0OOo oo00oO0OOo2 = debug;
        if (oo00oO0OOo2 != null && Oo00oO0OOo.isOn("handshake")) {
            System.out.println("engineGenerateKey0 macLength=" + macKeyLength);
        }
        byte[] bArr5 = new byte[macKeyLength];
        System.arraycopy(bArr, 0, bArr5, 0, macKeyLength);
        int i9 = macKeyLength + 0;
        SecretKeySpec secretKeySpec6 = macKeyLength > 0 ? new SecretKeySpec(bArr5, "Mac") : null;
        System.arraycopy(bArr, i9, bArr5, 0, macKeyLength);
        int i10 = i9 + macKeyLength;
        SecretKeySpec secretKeySpec7 = macKeyLength > 0 ? new SecretKeySpec(bArr5, "Mac") : null;
        if (oo00oO0OOo2 == null || !Oo00oO0OOo.isOn("handshake")) {
            i3 = i;
        } else {
            PrintStream printStream = System.out;
            StringBuilder sb = new StringBuilder("engineGenerateKey0 keyLength=");
            i3 = i;
            sb.append(i3);
            printStream.println(sb.toString());
        }
        if (i3 == 0) {
            return new TlsKeyMaterialSpec(secretKeySpec6, secretKeySpec7);
        }
        String cipherAlgorithm = this.spec.getCipherAlgorithm();
        byte[] bArr6 = new byte[i3];
        SecretKeySpec secretKeySpec8 = secretKeySpec6;
        System.arraycopy(bArr, i10, bArr6, 0, i3);
        int i11 = i10 + i3;
        SecretKeySpec secretKeySpec9 = secretKeySpec7;
        byte[] bArr7 = new byte[i3];
        System.arraycopy(bArr, i11, bArr7, 0, i3);
        int i12 = i11 + i3;
        if (oo00oO0OOo2 == null || !Oo00oO0OOo.isOn("handshake")) {
            i4 = expandedCipherKeyLength;
        } else {
            i4 = expandedCipherKeyLength;
            System.out.println("engineGenerateKey0 isExportable=" + z);
            System.out.println("engineGenerateKey0 ivLength=" + i2);
        }
        if (z) {
            int i13 = this.protocolVersion;
            if (i13 >= 770) {
                throw new RuntimeException("Internal Error:  TLS 1.1+ should not be negotiatingexportable ciphersuites");
            }
            if (i13 == 769) {
                byte[] concat = TlsPrfGenerator.concat(clientRandom, serverRandom);
                secretKeySpec = secretKeySpec8;
                int i14 = i4;
                MessageDigest messageDigest5 = messageDigest;
                MessageDigest messageDigest6 = messageDigest2;
                secretKeySpec2 = new SecretKeySpec(TlsPrfGenerator.doTLS10PRF(bArr6, TlsPrfGenerator.LABEL_CLIENT_WRITE_KEY, concat, i14, messageDigest5, messageDigest6), cipherAlgorithm);
                secretKeySpec3 = new SecretKeySpec(TlsPrfGenerator.doTLS10PRF(bArr7, TlsPrfGenerator.LABEL_SERVER_WRITE_KEY, concat, i14, messageDigest5, messageDigest6), cipherAlgorithm);
                if (i2 != 0) {
                    byte[] bArr8 = new byte[i2];
                    byte[] doTLS10PRF = TlsPrfGenerator.doTLS10PRF(null, TlsPrfGenerator.LABEL_IV_BLOCK, concat, i2 << 1, messageDigest, messageDigest2);
                    System.arraycopy(doTLS10PRF, 0, bArr8, 0, i2);
                    ivParameterSpec2 = new IvParameterSpec(bArr8);
                    System.arraycopy(doTLS10PRF, i2, bArr8, 0, i2);
                    ivParameterSpec = new IvParameterSpec(bArr8);
                    secretKeySpec4 = secretKeySpec3;
                    secretKeySpec5 = secretKeySpec2;
                }
                secretKeySpec4 = secretKeySpec3;
                secretKeySpec5 = secretKeySpec2;
            } else {
                secretKeySpec = secretKeySpec8;
                int i15 = i4;
                byte[] bArr9 = new byte[i15];
                messageDigest.update(bArr6);
                messageDigest.update(clientRandom);
                messageDigest.update(serverRandom);
                System.arraycopy(messageDigest.digest(), 0, bArr9, 0, i15);
                secretKeySpec2 = new SecretKeySpec(bArr9, cipherAlgorithm);
                messageDigest.update(bArr7);
                messageDigest.update(serverRandom);
                messageDigest.update(clientRandom);
                System.arraycopy(messageDigest.digest(), 0, bArr9, 0, i15);
                secretKeySpec3 = new SecretKeySpec(bArr9, cipherAlgorithm);
                if (i2 != 0) {
                    byte[] bArr10 = new byte[i2];
                    messageDigest.update(clientRandom);
                    messageDigest.update(serverRandom);
                    System.arraycopy(messageDigest.digest(), 0, bArr10, 0, i2);
                    IvParameterSpec ivParameterSpec3 = new IvParameterSpec(bArr10);
                    messageDigest.update(serverRandom);
                    messageDigest.update(clientRandom);
                    System.arraycopy(messageDigest.digest(), 0, bArr10, 0, i2);
                    ivParameterSpec = new IvParameterSpec(bArr10);
                    secretKeySpec4 = secretKeySpec3;
                    secretKeySpec5 = secretKeySpec2;
                    ivParameterSpec2 = ivParameterSpec3;
                }
                secretKeySpec4 = secretKeySpec3;
                secretKeySpec5 = secretKeySpec2;
            }
            ivParameterSpec = null;
            ivParameterSpec2 = null;
        } else {
            SecretKeySpec secretKeySpec10 = new SecretKeySpec(bArr6, cipherAlgorithm);
            SecretKeySpec secretKeySpec11 = new SecretKeySpec(bArr7, cipherAlgorithm);
            if (i2 != 0) {
                byte[] bArr11 = new byte[i2];
                System.arraycopy(bArr, i12, bArr11, 0, i2);
                IvParameterSpec ivParameterSpec4 = new IvParameterSpec(bArr11);
                System.arraycopy(bArr, i12 + i2, bArr11, 0, i2);
                secretKeySpec5 = secretKeySpec10;
                secretKeySpec4 = secretKeySpec11;
                ivParameterSpec = new IvParameterSpec(bArr11);
                ivParameterSpec2 = ivParameterSpec4;
                secretKeySpec = secretKeySpec8;
            } else {
                secretKeySpec5 = secretKeySpec10;
                secretKeySpec4 = secretKeySpec11;
                secretKeySpec = secretKeySpec8;
                ivParameterSpec = null;
                ivParameterSpec2 = null;
            }
        }
        if (oo00oO0OOo2 != null && Oo00oO0OOo.isOn("handshake")) {
            System.out.println("engineGenerateKey0 clientIv=" + ivParameterSpec2);
            System.out.println("engineGenerateKey0 serverIv=" + ivParameterSpec);
            System.out.println("engineGenerateKey0 end1");
        }
        return new TlsKeyMaterialSpec(secretKeySpec, secretKeySpec9, secretKeySpec5, ivParameterSpec2, secretKeySpec4, ivParameterSpec);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        if (this.spec == null) {
            throw new IllegalStateException("TlsKeyMaterialGenerator must be initialized");
        }
        try {
            return engineGenerateKey0();
        } catch (GeneralSecurityException e) {
            throw new ProviderException(e);
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) {
        if (!(algorithmParameterSpec instanceof TlsKeyMaterialParameterSpec)) {
            throw new InvalidAlgorithmParameterException(MSG);
        }
        TlsKeyMaterialParameterSpec tlsKeyMaterialParameterSpec = (TlsKeyMaterialParameterSpec) algorithmParameterSpec;
        this.spec = tlsKeyMaterialParameterSpec;
        if (!"RAW".equals(tlsKeyMaterialParameterSpec.getMasterSecret().getFormat())) {
            throw new InvalidAlgorithmParameterException("Key format must be RAW");
        }
        int majorVersion = (this.spec.getMajorVersion() << 8) | this.spec.getMinorVersion();
        this.protocolVersion = majorVersion;
        if (majorVersion < 768 || majorVersion > 771) {
            throw new InvalidAlgorithmParameterException("Only SSL 3.0, TLS 1.0/1.1/1.2 supported");
        }
    }
}
