package org.openeuler.gm;

import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import org.openeuler.sun.security.internal.interfaces.TlsMasterSecret;
import org.openeuler.sun.security.internal.spec.TlsMasterSecretParameterSpec;

/* loaded from: input_file:org/openeuler/gm/GMTlsMasterSecretGenerator.class */
public class GMTlsMasterSecretGenerator extends KeyGeneratorSpi {
    private static final String MSG = "GMTlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec";
    private TlsMasterSecretParameterSpec spec;
    private int protocolVersion;

    /* loaded from: input_file:org/openeuler/gm/GMTlsMasterSecretGenerator$GMTlsMasterSecretKey.class */
    private static final class GMTlsMasterSecretKey implements TlsMasterSecret {
        private byte[] key;
        private final int majorVersion;
        private final int minorVersion;

        GMTlsMasterSecretKey(byte[] bArr, int i, int i2) {
            this.key = bArr;
            this.majorVersion = i;
            this.minorVersion = i2;
        }

        public int getMajorVersion() {
            return this.majorVersion;
        }

        public int getMinorVersion() {
            return this.minorVersion;
        }

        public String getAlgorithm() {
            return "TlsMasterSecret";
        }

        public String getFormat() {
            return "RAW";
        }

        public byte[] getEncoded() {
            return (byte[]) this.key.clone();
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof TlsMasterSecretParameterSpec)) {
            throw new InvalidAlgorithmParameterException(MSG);
        }
        this.spec = (TlsMasterSecretParameterSpec) algorithmParameterSpec;
        if (!"RAW".equals(this.spec.getPremasterSecret().getFormat())) {
            throw new InvalidAlgorithmParameterException("Key format must be RAW");
        }
        this.protocolVersion = (this.spec.getMajorVersion() << 8) | this.spec.getMinorVersion();
        if (this.protocolVersion != 257 && this.protocolVersion != 771) {
            throw new InvalidAlgorithmParameterException("Only GM TLS 1.1 supported");
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        int i;
        int i2;
        byte[] bArr;
        byte[] concat;
        if (this.spec == null) {
            throw new IllegalStateException("GMTlsMasterSecretGenerator must be initialized");
        }
        SecretKey premasterSecret = this.spec.getPremasterSecret();
        byte[] encoded = premasterSecret.getEncoded();
        if (premasterSecret.getAlgorithm().equals("TlsRsaPremasterSecret")) {
            i = encoded[0] & 255;
            i2 = encoded[1] & 255;
        } else {
            i = -1;
            i2 = -1;
        }
        try {
            byte[] extendedMasterSecretSessionHash = this.spec.getExtendedMasterSecretSessionHash();
            if (extendedMasterSecretSessionHash.length != 0) {
                bArr = GMTlsUtil.LABEL_EXTENDED_MASTER_SECRET;
                concat = extendedMasterSecretSessionHash;
            } else {
                byte[] clientRandom = this.spec.getClientRandom();
                byte[] serverRandom = this.spec.getServerRandom();
                bArr = GMTlsUtil.LABEL_MASTER_SECRET;
                concat = GMTlsUtil.concat(clientRandom, serverRandom);
            }
            return new GMTlsMasterSecretKey(GMTlsUtil.doGMTLS11PRF(encoded, bArr, concat, 48, this.spec.getPRFHashAlg(), this.spec.getPRFHashLength(), this.spec.getPRFBlockSize()), i, i2);
        } catch (DigestException | NoSuchAlgorithmException e) {
            throw new ProviderException(e);
        }
    }
}
