package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;
import org.openeuler.spec.ECCPremasterSecretKeySpec;
import org.openeuler.sun.security.internal.spec.TlsECCKeyAgreementParameterSpec;

/* loaded from: input_file:org/openeuler/sun/security/ssl/ECCKeyExchange.class */
final class ECCKeyExchange {
    static final SSLPossessionGenerator poGenerator = new ECCPossessionGenerator();
    static final SSLKeyAgreementGenerator kaGenerator = new ECCKAGenerator();

    /* loaded from: input_file:org/openeuler/sun/security/ssl/ECCKeyExchange$ECCKAGenerator.class */
    private static final class ECCKAGenerator implements SSLKeyAgreementGenerator {

        /* loaded from: input_file:org/openeuler/sun/security/ssl/ECCKeyExchange$ECCKAGenerator$ECCKAKeyDerivation.class */
        private static final class ECCKAKeyDerivation implements SSLKeyDerivation {
            private final HandshakeContext context;
            private final SecretKey preMasterSecret;

            ECCKAKeyDerivation(HandshakeContext handshakeContext, SecretKey secretKey) {
                this.context = handshakeContext;
                this.preMasterSecret = secretKey;
            }

            @Override // org.openeuler.sun.security.ssl.SSLKeyDerivation
            public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                SSLMasterKeyDerivation valueOf = SSLMasterKeyDerivation.valueOf(this.context.negotiatedProtocol);
                if (valueOf == null) {
                    throw new SSLHandshakeException("No expected master key derivation for protocol: " + this.context.negotiatedProtocol.name);
                }
                return valueOf.createKeyDerivation(this.context, this.preMasterSecret).deriveKey("MasterSecret", algorithmParameterSpec);
            }
        }

        private ECCKAGenerator() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLKeyAgreementGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext) throws IOException {
            ECCPremasterSecret eCCPremasterSecret = null;
            if (!(handshakeContext instanceof ClientHandshakeContext)) {
                Iterator<SSLCredentials> it = handshakeContext.handshakeCredentials.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    SSLCredentials next = it.next();
                    if (next instanceof ECCPremasterSecret) {
                        eCCPremasterSecret = (ECCPremasterSecret) next;
                        break;
                    }
                }
            } else {
                Iterator<SSLPossession> it2 = handshakeContext.handshakePossessions.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    SSLPossession next2 = it2.next();
                    if (next2 instanceof ECCPremasterSecret) {
                        eCCPremasterSecret = (ECCPremasterSecret) next2;
                        break;
                    }
                }
            }
            if (eCCPremasterSecret == null) {
                throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient ECC key agreement parameters negotiated");
            }
            return new ECCKAKeyDerivation(handshakeContext, eCCPremasterSecret.premasterSecret);
        }
    }

    /* loaded from: input_file:org/openeuler/sun/security/ssl/ECCKeyExchange$ECCPossessionGenerator.class */
    private static final class ECCPossessionGenerator implements SSLPossessionGenerator {
        private ECCPossessionGenerator() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            return null;
        }
    }

    /* loaded from: input_file:org/openeuler/sun/security/ssl/ECCKeyExchange$ECCPremasterSecret.class */
    static final class ECCPremasterSecret implements SSLPossession, SSLCredentials {
        final ECCPremasterSecretKeySpec premasterSecret;

        ECCPremasterSecret(ECCPremasterSecretKeySpec eCCPremasterSecretKeySpec) {
            this.premasterSecret = eCCPremasterSecretKeySpec;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getEncoded(PublicKey publicKey, SecureRandom secureRandom) throws GeneralSecurityException {
            return this.premasterSecret.getEncryptedKey();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static ECCPremasterSecret createPremasterSecret(PublicKey publicKey, ClientHandshakeContext clientHandshakeContext) throws GeneralSecurityException {
            KeyAgreement keyAgreement = JsseJce.getKeyAgreement("GmTlsEccPremasterSecret");
            keyAgreement.init(publicKey, new TlsECCKeyAgreementParameterSpec(clientHandshakeContext.clientHelloVersion, clientHandshakeContext.negotiatedProtocol.id), clientHandshakeContext.sslContext.getSecureRandom());
            return new ECCPremasterSecret((ECCPremasterSecretKeySpec) keyAgreement.generateSecret("TlsEccPremasterSecret"));
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static ECCPremasterSecret decode(ServerHandshakeContext serverHandshakeContext, PrivateKey privateKey, byte[] bArr) throws GeneralSecurityException {
            KeyAgreement keyAgreement = JsseJce.getKeyAgreement("GmTlsEccPremasterSecret");
            keyAgreement.init(privateKey, new TlsECCKeyAgreementParameterSpec(bArr, serverHandshakeContext.clientHelloVersion, serverHandshakeContext.negotiatedProtocol.id, false));
            return new ECCPremasterSecret((ECCPremasterSecretKeySpec) keyAgreement.generateSecret("TlsEccPremasterSecret"));
        }
    }

    ECCKeyExchange() {
    }
}
