package com.netflix.msl.keyx;

import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslException;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.MslKeyExchangeException;
import com.netflix.msl.MslMasterTokenException;
import com.netflix.msl.crypto.CryptoCache;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.JcaAlgorithm;
import com.netflix.msl.crypto.SessionCryptoContext;
import com.netflix.msl.entityauth.EntityAuthenticationData;
import com.netflix.msl.io.MslEncoderException;
import com.netflix.msl.io.MslEncoderFactory;
import com.netflix.msl.io.MslEncoderFormat;
import com.netflix.msl.io.MslObject;
import com.netflix.msl.keyx.KeyExchangeFactory;
import com.netflix.msl.tokens.MasterToken;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.MslContext;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/msl-core-1.2226.0.jar:com/netflix/msl/keyx/DiffieHellmanExchange.class */
public class DiffieHellmanExchange extends KeyExchangeFactory {
    private static final String KEY_PARAMETERS_ID = "parametersid";
    private static final String KEY_PUBLIC_KEY = "publickey";
    private final DiffieHellmanParameters params;
    private final AuthenticationUtils authutils;

    /* loaded from: input_file:WEB-INF/lib/msl-core-1.2226.0.jar:com/netflix/msl/keyx/DiffieHellmanExchange$RequestData.class */
    public static class RequestData extends KeyRequestData {
        private final String parametersId;
        private final BigInteger publicKey;
        private final DHPrivateKey privateKey;

        public RequestData(String str, BigInteger bigInteger, DHPrivateKey dHPrivateKey) {
            super(KeyExchangeScheme.DIFFIE_HELLMAN);
            this.parametersId = str;
            this.publicKey = bigInteger;
            this.privateKey = dHPrivateKey;
        }

        public RequestData(MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
            super(KeyExchangeScheme.DIFFIE_HELLMAN);
            try {
                this.parametersId = mslObject.getString(DiffieHellmanExchange.KEY_PARAMETERS_ID);
                byte[] bytes = mslObject.getBytes(DiffieHellmanExchange.KEY_PUBLIC_KEY);
                if (bytes.length == 0) {
                    throw new MslKeyExchangeException(MslError.KEYX_INVALID_PUBLIC_KEY, "keydata " + mslObject.toString());
                }
                this.publicKey = new BigInteger(DiffieHellmanExchange.correctNullBytes(bytes));
                this.privateKey = null;
            } catch (MslEncoderException e) {
                throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "keydata " + mslObject.toString(), e);
            } catch (NumberFormatException e2) {
                throw new MslKeyExchangeException(MslError.KEYX_INVALID_PUBLIC_KEY, "keydata " + mslObject.toString(), e2);
            }
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        protected MslObject getKeydata(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) throws MslEncoderException {
            MslObject createObject = mslEncoderFactory.createObject();
            createObject.put(DiffieHellmanExchange.KEY_PARAMETERS_ID, this.parametersId);
            createObject.put(DiffieHellmanExchange.KEY_PUBLIC_KEY, DiffieHellmanExchange.correctNullBytes(this.publicKey.toByteArray()));
            return createObject;
        }

        public String getParametersId() {
            return this.parametersId;
        }

        public BigInteger getPublicKey() {
            return this.publicKey;
        }

        public DHPrivateKey getPrivateKey() {
            return this.privateKey;
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof RequestData)) {
                return false;
            }
            RequestData requestData = (RequestData) obj;
            return super.equals(obj) && this.parametersId.equals(requestData.parametersId) && this.publicKey.equals(requestData.publicKey) && (this.privateKey == requestData.privateKey || (this.privateKey != null && requestData.privateKey != null && Arrays.equals(this.privateKey.getEncoded(), requestData.privateKey.getEncoded())));
        }

        @Override // com.netflix.msl.keyx.KeyRequestData
        public int hashCode() {
            return ((super.hashCode() ^ this.parametersId.hashCode()) ^ this.publicKey.hashCode()) ^ (this.privateKey != null ? Arrays.hashCode(this.privateKey.getEncoded()) : 0);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/msl-core-1.2226.0.jar:com/netflix/msl/keyx/DiffieHellmanExchange$ResponseData.class */
    public static class ResponseData extends KeyResponseData {
        private final String parametersId;
        private final BigInteger publicKey;

        public ResponseData(MasterToken masterToken, String str, BigInteger bigInteger) {
            super(masterToken, KeyExchangeScheme.DIFFIE_HELLMAN);
            this.parametersId = str;
            this.publicKey = bigInteger;
        }

        public ResponseData(MasterToken masterToken, MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
            super(masterToken, KeyExchangeScheme.DIFFIE_HELLMAN);
            try {
                this.parametersId = mslObject.getString(DiffieHellmanExchange.KEY_PARAMETERS_ID);
                byte[] bytes = mslObject.getBytes(DiffieHellmanExchange.KEY_PUBLIC_KEY);
                if (bytes.length == 0) {
                    throw new MslKeyExchangeException(MslError.KEYX_INVALID_PUBLIC_KEY, "keydata " + mslObject);
                }
                this.publicKey = new BigInteger(DiffieHellmanExchange.correctNullBytes(bytes));
            } catch (MslEncoderException e) {
                throw new MslEncodingException(MslError.MSL_PARSE_ERROR, "keydata " + mslObject, e);
            } catch (NumberFormatException e2) {
                throw new MslKeyExchangeException(MslError.KEYX_INVALID_PUBLIC_KEY, "keydata " + mslObject, e2);
            }
        }

        public String getParametersId() {
            return this.parametersId;
        }

        public BigInteger getPublicKey() {
            return this.publicKey;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        protected MslObject getKeydata(MslEncoderFactory mslEncoderFactory, MslEncoderFormat mslEncoderFormat) throws MslEncoderException {
            MslObject createObject = mslEncoderFactory.createObject();
            createObject.put(DiffieHellmanExchange.KEY_PARAMETERS_ID, this.parametersId);
            createObject.put(DiffieHellmanExchange.KEY_PUBLIC_KEY, DiffieHellmanExchange.correctNullBytes(this.publicKey.toByteArray()));
            return createObject;
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ResponseData)) {
                return false;
            }
            ResponseData responseData = (ResponseData) obj;
            return super.equals(obj) && this.parametersId.equals(responseData.parametersId) && this.publicKey.equals(responseData.publicKey);
        }

        @Override // com.netflix.msl.keyx.KeyResponseData
        public int hashCode() {
            return (super.hashCode() ^ this.parametersId.hashCode()) ^ this.publicKey.hashCode();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/msl-core-1.2226.0.jar:com/netflix/msl/keyx/DiffieHellmanExchange$SessionKeys.class */
    public static class SessionKeys {
        public final SecretKey encryptionKey;
        public final SecretKey hmacKey;

        public SessionKeys(SecretKey secretKey, SecretKey secretKey2) {
            this.encryptionKey = secretKey;
            this.hmacKey = secretKey2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] correctNullBytes(byte[] bArr) {
        int i = 0;
        for (int i2 = 0; i2 < bArr.length && bArr[i2] == 0; i2++) {
            i++;
        }
        if (i == 1) {
            return bArr;
        }
        int length = bArr.length - i;
        byte[] bArr2 = new byte[length + 1];
        bArr2[0] = 0;
        System.arraycopy(bArr, i, bArr2, 1, length);
        return bArr2;
    }

    private static SessionKeys deriveSessionKeys(PublicKey publicKey, PrivateKey privateKey, DHParameterSpec dHParameterSpec) {
        try {
            KeyAgreement keyAgreement = CryptoCache.getKeyAgreement("DiffieHellman");
            keyAgreement.init(privateKey, dHParameterSpec);
            keyAgreement.doPhase(publicKey, true);
            try {
                byte[] digest = CryptoCache.getMessageDigest("SHA-384").digest(correctNullBytes(keyAgreement.generateSecret()));
                byte[] bArr = new byte[16];
                System.arraycopy(digest, 0, bArr, 0, bArr.length);
                byte[] bArr2 = new byte[32];
                System.arraycopy(digest, bArr.length, bArr2, 0, bArr2.length);
                return new SessionKeys(new SecretKeySpec(bArr, "AES"), new SecretKeySpec(bArr2, JcaAlgorithm.HMAC_SHA256));
            } catch (NoSuchAlgorithmException e) {
                throw new MslInternalException("SHA-384 algorithm not found.", e);
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new MslInternalException("Diffie-Hellman algorithm parameters rejected by Diffie-Hellman key agreement.", e2);
        } catch (InvalidKeyException e3) {
            throw new MslInternalException("Diffie-Hellman private key or generated public key rejected by Diffie-Hellman key agreement.", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new MslInternalException("DiffieHellman algorithm not found.", e4);
        }
    }

    public DiffieHellmanExchange(DiffieHellmanParameters diffieHellmanParameters, AuthenticationUtils authenticationUtils) {
        super(KeyExchangeScheme.DIFFIE_HELLMAN);
        this.params = diffieHellmanParameters;
        this.authutils = authenticationUtils;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyRequestData createRequestData(MslContext mslContext, MslObject mslObject) throws MslEncodingException, MslKeyExchangeException, MslCryptoException {
        return new RequestData(mslObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyResponseData createResponseData(MslContext mslContext, MasterToken masterToken, MslObject mslObject) throws MslEncodingException, MslKeyExchangeException {
        return new ResponseData(masterToken, mslObject);
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, MslEncoderFormat mslEncoderFormat, KeyRequestData keyRequestData, MasterToken masterToken) throws MslException {
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!masterToken.isVerified()) {
            throw new MslMasterTokenException(MslError.MASTERTOKEN_UNTRUSTED, masterToken);
        }
        String identity = masterToken.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication scheme for entity not permitted " + identity + ":" + getScheme()).setMasterToken(masterToken);
        }
        String parametersId = requestData.getParametersId();
        DHParameterSpec parameterSpec = this.params.getParameterSpec(parametersId);
        if (parameterSpec == null) {
            throw new MslKeyExchangeException(MslError.UNKNOWN_KEYX_PARAMETERS_ID, parametersId);
        }
        try {
            PublicKey generatePublic = CryptoCache.getKeyFactory("DiffieHellman").generatePublic(new DHPublicKeySpec(requestData.getPublicKey(), parameterSpec.getP(), parameterSpec.getG()));
            try {
                KeyPairGenerator keyPairGenerator = CryptoCache.getKeyPairGenerator("DH");
                keyPairGenerator.initialize(parameterSpec);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                DHPublicKey dHPublicKey = (DHPublicKey) generateKeyPair.getPublic();
                SessionKeys deriveSessionKeys = deriveSessionKeys(generatePublic, (DHPrivateKey) generateKeyPair.getPrivate(), parameterSpec);
                MasterToken renewMasterToken = mslContext.getTokenFactory().renewMasterToken(mslContext, masterToken, deriveSessionKeys.encryptionKey, deriveSessionKeys.hmacKey, null);
                return new KeyExchangeFactory.KeyExchangeData(new ResponseData(renewMasterToken, parametersId, dHPublicKey.getY()), new SessionCryptoContext(mslContext, renewMasterToken));
            } catch (InvalidAlgorithmParameterException e) {
                throw new MslInternalException("Diffie-Hellman algorithm parameters rejected by Diffie-Hellman key agreement.", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new MslInternalException("DiffieHellman algorithm not found.", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new MslInternalException("DiffieHellman algorithm not found.", e3);
        } catch (InvalidKeySpecException e4) {
            throw new MslInternalException("Diffie-Hellman public key specification rejected by Diffie-Hellman key factory.", e4);
        }
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public KeyExchangeFactory.KeyExchangeData generateResponse(MslContext mslContext, MslEncoderFormat mslEncoderFormat, KeyRequestData keyRequestData, EntityAuthenticationData entityAuthenticationData) throws MslException {
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        String identity = entityAuthenticationData.getIdentity();
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslKeyExchangeException(MslError.KEYX_INCORRECT_DATA, "Authentication scheme for entity not permitted " + identity + ":" + getScheme()).setEntityAuthenticationData(entityAuthenticationData);
        }
        String parametersId = requestData.getParametersId();
        DHParameterSpec parameterSpec = this.params.getParameterSpec(parametersId);
        if (parameterSpec == null) {
            throw new MslKeyExchangeException(MslError.UNKNOWN_KEYX_PARAMETERS_ID, parametersId).setEntityAuthenticationData(entityAuthenticationData);
        }
        try {
            PublicKey generatePublic = CryptoCache.getKeyFactory("DiffieHellman").generatePublic(new DHPublicKeySpec(requestData.getPublicKey(), parameterSpec.getP(), parameterSpec.getG()));
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
                keyPairGenerator.initialize(parameterSpec);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                DHPublicKey dHPublicKey = (DHPublicKey) generateKeyPair.getPublic();
                SessionKeys deriveSessionKeys = deriveSessionKeys(generatePublic, (DHPrivateKey) generateKeyPair.getPrivate(), parameterSpec);
                MasterToken createMasterToken = mslContext.getTokenFactory().createMasterToken(mslContext, entityAuthenticationData, deriveSessionKeys.encryptionKey, deriveSessionKeys.hmacKey, null);
                try {
                    return new KeyExchangeFactory.KeyExchangeData(new ResponseData(createMasterToken, parametersId, dHPublicKey.getY()), new SessionCryptoContext(mslContext, createMasterToken));
                } catch (MslMasterTokenException e) {
                    throw new MslInternalException("Master token constructed by token factory is not trusted.", e);
                }
            } catch (InvalidAlgorithmParameterException e2) {
                throw new MslInternalException("Diffie-Hellman algorithm parameters rejected by Diffie-Hellman key agreement.", e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new MslInternalException("DiffieHellman algorithm not found.", e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new MslInternalException("DiffieHellman algorithm not found.", e4);
        } catch (InvalidKeySpecException e5) {
            throw new MslInternalException("Diffie-Hellman public key specification rejected by Diffie-Hellman key factory.", e5);
        }
    }

    @Override // com.netflix.msl.keyx.KeyExchangeFactory
    public ICryptoContext getCryptoContext(MslContext mslContext, KeyRequestData keyRequestData, KeyResponseData keyResponseData, MasterToken masterToken) throws MslKeyExchangeException, MslCryptoException, MslEncodingException, MslMasterTokenException {
        if (!(keyRequestData instanceof RequestData)) {
            throw new MslInternalException("Key request data " + keyRequestData.getClass().getName() + " was not created by this factory.");
        }
        RequestData requestData = (RequestData) keyRequestData;
        if (!(keyResponseData instanceof ResponseData)) {
            throw new MslInternalException("Key response data " + keyResponseData.getClass().getName() + " was not created by this factory.");
        }
        ResponseData responseData = (ResponseData) keyResponseData;
        String parametersId = requestData.getParametersId();
        String parametersId2 = responseData.getParametersId();
        if (!parametersId.equals(parametersId2)) {
            throw new MslKeyExchangeException(MslError.KEYX_RESPONSE_REQUEST_MISMATCH, "request " + parametersId + "; response " + parametersId2).setMasterToken(masterToken);
        }
        DHPrivateKey privateKey = requestData.getPrivateKey();
        if (privateKey == null) {
            throw new MslKeyExchangeException(MslError.KEYX_PRIVATE_KEY_MISSING, "request Diffie-Hellman private key").setMasterToken(masterToken);
        }
        DHParameterSpec params = privateKey.getParams();
        try {
            PublicKey generatePublic = CryptoCache.getKeyFactory("DiffieHellman").generatePublic(new DHPublicKeySpec(responseData.getPublicKey(), params.getP(), params.getG()));
            String identity = mslContext.getEntityAuthenticationData(null).getIdentity();
            SessionKeys deriveSessionKeys = deriveSessionKeys(generatePublic, privateKey, params);
            return new SessionCryptoContext(mslContext, responseData.getMasterToken(), identity, deriveSessionKeys.encryptionKey, deriveSessionKeys.hmacKey);
        } catch (NoSuchAlgorithmException e) {
            throw new MslInternalException("DiffieHellman algorithm not found.", e);
        } catch (InvalidKeySpecException e2) {
            throw new MslKeyExchangeException(MslError.KEYX_INVALID_PUBLIC_KEY, "Diffie-Hellman public key specification rejected by Diffie-Hellman key factory.", e2);
        }
    }
}
