package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;
import org.openeuler.gm.GMConstants;
import org.openeuler.spec.SM2KeyExchangeParameterSpec;
import org.openeuler.sun.security.ssl.GMX509Authentication;
import org.openeuler.sun.security.ssl.SupportedGroupsExtension;
import sun.security.util.ECUtil;

/* loaded from: input_file:org/openeuler/sun/security/ssl/SM2KeyExchange.class */
final class SM2KeyExchange {
    static final SSLPossessionGenerator poGenerator = new SM2PossessionGenerator();
    static final SSLKeyAgreementGenerator sm2KAGenerator = new SM2KAGenerator();

    /* loaded from: input_file:org/openeuler/sun/security/ssl/SM2KeyExchange$SM2Credentials.class */
    static final class SM2Credentials implements SSLCredentials {
        final ECPublicKey popPublicKey;
        final SupportedGroupsExtension.NamedGroup namedGroup;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SM2Credentials(ECPublicKey eCPublicKey, SupportedGroupsExtension.NamedGroup namedGroup) {
            this.popPublicKey = eCPublicKey;
            this.namedGroup = namedGroup;
        }
    }

    /* loaded from: input_file:org/openeuler/sun/security/ssl/SM2KeyExchange$SM2KAGenerator.class */
    private static final class SM2KAGenerator implements SSLKeyAgreementGenerator {
        private SM2KAGenerator() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLKeyAgreementGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext) throws IOException {
            SM2Possession sM2Possession = null;
            GMX509Authentication.GMX509Possession gMX509Possession = null;
            for (SSLPossession sSLPossession : handshakeContext.handshakePossessions) {
                if (sSLPossession instanceof SM2Possession) {
                    sM2Possession = (SM2Possession) sSLPossession;
                } else if (sSLPossession instanceof GMX509Authentication.GMX509Possession) {
                    gMX509Possession = (GMX509Authentication.GMX509Possession) sSLPossession;
                }
                if (sM2Possession != null && gMX509Possession != null) {
                    break;
                }
            }
            if (sM2Possession == null || gMX509Possession == null) {
                throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient sm2 key agreement parameters negotiated");
            }
            SM2Credentials sM2Credentials = null;
            GMX509Authentication.GMX509Credentials gMX509Credentials = null;
            for (SSLCredentials sSLCredentials : handshakeContext.handshakeCredentials) {
                if (sSLCredentials instanceof SM2Credentials) {
                    sM2Credentials = (SM2Credentials) sSLCredentials;
                } else if (sSLCredentials instanceof GMX509Authentication.GMX509Credentials) {
                    gMX509Credentials = (GMX509Authentication.GMX509Credentials) sSLCredentials;
                }
                if (sM2Credentials != null && gMX509Credentials != null) {
                    break;
                }
            }
            if (sM2Credentials == null || gMX509Credentials == null) {
                throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient sm2 key agreement parameters negotiated");
            }
            return new SM2KAKeyDerivation(handshakeContext, (ECPrivateKey) gMX509Possession.popEncPrivateKey, (ECPublicKey) gMX509Possession.popEncPublicKey, sM2Possession.privateKey, sM2Possession.publicKey, (ECPublicKey) gMX509Credentials.popEncPublicKey, sM2Credentials.popPublicKey);
        }
    }

    /* loaded from: input_file:org/openeuler/sun/security/ssl/SM2KeyExchange$SM2KAKeyDerivation.class */
    private static final class SM2KAKeyDerivation implements SSLKeyDerivation {
        private final HandshakeContext context;
        private final ECPrivateKey localPrivateKey;
        private final ECPublicKey localPublicKey;
        private final ECPrivateKey localTempPrivateKey;
        private final ECPublicKey localTempPublicKey;
        private final ECPublicKey peerPublicKey;
        private final ECPublicKey peerTempPublicKey;

        SM2KAKeyDerivation(HandshakeContext handshakeContext, ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey2, ECPublicKey eCPublicKey2, ECPublicKey eCPublicKey3, ECPublicKey eCPublicKey4) {
            this.context = handshakeContext;
            this.localPrivateKey = eCPrivateKey;
            this.localPublicKey = eCPublicKey;
            this.localTempPrivateKey = eCPrivateKey2;
            this.localTempPublicKey = eCPublicKey2;
            this.peerPublicKey = eCPublicKey3;
            this.peerTempPublicKey = eCPublicKey4;
        }

        @Override // org.openeuler.sun.security.ssl.SSLKeyDerivation
        public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            return gmtlsDeriveKey(str, algorithmParameterSpec);
        }

        private SecretKey gmtlsDeriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            if (algorithmParameterSpec == null) {
                try {
                    algorithmParameterSpec = new SM2KeyExchangeParameterSpec(this.localPublicKey, this.localTempPrivateKey, this.localTempPublicKey, this.peerTempPublicKey, 48, this.context.sslConfig.isClientMode);
                } catch (GeneralSecurityException e) {
                    throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
                }
            }
            KeyAgreement keyAgreement = JsseJce.getKeyAgreement(GMConstants.SM2);
            keyAgreement.init(this.localPrivateKey, algorithmParameterSpec, null);
            keyAgreement.doPhase(this.peerPublicKey, true);
            SecretKey generateSecret = keyAgreement.generateSecret("TlsPremasterSecret");
            SSLMasterKeyDerivation valueOf = SSLMasterKeyDerivation.valueOf(this.context.negotiatedProtocol);
            if (valueOf == null) {
                throw new SSLHandshakeException("No expected master key derivation for protocol: " + this.context.negotiatedProtocol.name);
            }
            return valueOf.createKeyDerivation(this.context, generateSecret).deriveKey("MasterSecret", algorithmParameterSpec);
        }
    }

    /* loaded from: input_file:org/openeuler/sun/security/ssl/SM2KeyExchange$SM2Possession.class */
    static final class SM2Possession implements SSLPossession {
        final ECPrivateKey privateKey;
        final ECPublicKey publicKey;
        final SupportedGroupsExtension.NamedGroup namedGroup;

        SM2Possession(SupportedGroupsExtension.NamedGroup namedGroup, SecureRandom secureRandom) {
            try {
                KeyPairGenerator keyPairGenerator = JsseJce.getKeyPairGenerator(GMConstants.SM2);
                keyPairGenerator.initialize((ECGenParameterSpec) namedGroup.getParameterSpec(), secureRandom);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                this.privateKey = (ECPrivateKey) generateKeyPair.getPrivate();
                this.publicKey = (ECPublicKey) generateKeyPair.getPublic();
                this.namedGroup = namedGroup;
            } catch (GeneralSecurityException e) {
                throw new RuntimeException("Could not generate SM2 keypair", e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SM2Possession(SM2Credentials sM2Credentials, SecureRandom secureRandom) {
            ECParameterSpec params = sM2Credentials.popPublicKey.getParams();
            try {
                KeyPairGenerator keyPairGenerator = JsseJce.getKeyPairGenerator(GMConstants.SM2);
                keyPairGenerator.initialize(params, secureRandom);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                this.privateKey = (ECPrivateKey) generateKeyPair.getPrivate();
                this.publicKey = (ECPublicKey) generateKeyPair.getPublic();
                this.namedGroup = sM2Credentials.namedGroup;
            } catch (GeneralSecurityException e) {
                throw new RuntimeException("Could not generate SM2 keypair", e);
            }
        }

        @Override // org.openeuler.sun.security.ssl.SSLPossession
        public byte[] encode() {
            return ECUtil.encodePoint(this.publicKey.getW(), this.publicKey.getParams().getCurve());
        }
    }

    /* loaded from: input_file:org/openeuler/sun/security/ssl/SM2KeyExchange$SM2PossessionGenerator.class */
    private static final class SM2PossessionGenerator implements SSLPossessionGenerator {
        private SM2PossessionGenerator() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            ProtocolVersion protocolVersion = handshakeContext.t12WithGMCipherSuite ? ProtocolVersion.GMTLS : handshakeContext.negotiatedProtocol;
            SupportedGroupsExtension.NamedGroup preferredGroup = (handshakeContext.clientRequestedNamedGroups == null || handshakeContext.clientRequestedNamedGroups.isEmpty()) ? SupportedGroupsExtension.SupportedGroups.getPreferredGroup(protocolVersion, handshakeContext.algorithmConstraints, SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE) : SupportedGroupsExtension.SupportedGroups.getPreferredGroup(protocolVersion, handshakeContext.algorithmConstraints, SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE, handshakeContext.clientRequestedNamedGroups);
            if (preferredGroup != null) {
                return new SM2Possession(preferredGroup, handshakeContext.sslContext.getSecureRandom());
            }
            return null;
        }
    }

    SM2KeyExchange() {
    }
}
