package org.openeuler.sun.security.ssl;

import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import org.openeuler.gm.GMConstants;
import org.openeuler.spec.ECCPremasterSecretKeySpec;
import org.openeuler.sun.security.internal.spec.TlsECCKeyAgreementParameterSpec;
import sun.security.util.KeyUtil;

/* loaded from: input_file:org/openeuler/sun/security/ssl/ECCKeyAgreement.class */
public class ECCKeyAgreement extends KeyAgreementSpi {
    private static final String MSG = "ECCKeyAgreement must be initialized using a TlsECCKeyAgreementParameterSpec";
    private TlsECCKeyAgreementParameterSpec spec;
    private SecureRandom random;
    private Key key;
    private static final int ECC_PREMASTER_KEY_LEN = 48;

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        throw new UnsupportedOperationException(MSG);
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof TlsECCKeyAgreementParameterSpec)) {
            throw new InvalidAlgorithmParameterException(MSG);
        }
        this.key = key;
        this.spec = (TlsECCKeyAgreementParameterSpec) algorithmParameterSpec;
        this.random = secureRandom;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws IllegalStateException {
        throw new UnsupportedOperationException("ECCKeyAgreement not support engineDoPhase.");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        throw new UnsupportedOperationException("ECCKeyAgreement.engineGenerateSecret not support the return byte[].");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException {
        throw new UnsupportedOperationException("ECCKeyAgreement.engineGenerateSecret not support the return int.");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        if (this.spec == null) {
            throw new IllegalStateException("ECCKeyAgreement.TlsECCKeyAgreementParameterSpec must be initialized");
        }
        try {
            if (!this.spec.isClient()) {
                return new ECCPremasterSecretKeySpec(decryptSecret(), "TlsEccPremasterSecret", this.spec.getEncryptedSecret());
            }
            byte[] generatePreMasterSecret = generatePreMasterSecret(this.spec.getMajorVersion(), this.spec.getMinorVersion(), null);
            return new ECCPremasterSecretKeySpec(generatePreMasterSecret, "TlsEccPremasterSecret", encryptSecret(generatePreMasterSecret));
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e.getMessage(), e.getCause());
        }
    }

    private byte[] encryptSecret(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        if (this.key == null) {
            throw new IllegalStateException("Key must be initialized");
        }
        if (!(this.key instanceof PublicKey)) {
            throw new IllegalStateException("decode need PublicKey");
        }
        Cipher cipher = JsseJce.getCipher(GMConstants.SM2);
        cipher.init(1, this.key, this.random);
        return cipher.doFinal(bArr);
    }

    private byte[] generatePreMasterSecret(int i, int i2, byte[] bArr) {
        if (bArr == null) {
            if (this.random == null) {
                this.random = new SecureRandom();
            }
            bArr = new byte[48];
            this.random.nextBytes(bArr);
        }
        bArr[0] = (byte) i;
        bArr[1] = (byte) i2;
        return bArr;
    }

    private byte[] decryptSecret() throws GeneralSecurityException {
        if (this.key == null) {
            throw new IllegalStateException("Key must be initialized");
        }
        if (!(this.key instanceof PrivateKey)) {
            throw new IllegalStateException("decode need PrivateKey");
        }
        if (this.spec.getEncryptedSecret() == null) {
            throw new IllegalStateException("TlsECCKeyAgreementParameterSpec.encryptedSecret must be initialized");
        }
        byte[] bArr = null;
        byte[] bArr2 = null;
        Cipher cipher = JsseJce.getCipher(GMConstants.SM2);
        try {
            cipher.init(2, this.key);
            boolean z = false;
            try {
                bArr = cipher.doFinal(this.spec.getEncryptedSecret());
            } catch (BadPaddingException e) {
                z = true;
            }
            bArr2 = generatePreMasterSecret(this.spec.getClientVersion(), this.spec.getServerVersion(), KeyUtil.checkTlsPreMasterSecretKey(this.spec.getClientVersion(), this.spec.getServerVersion(), this.random, bArr, z));
        } catch (UnsupportedOperationException | InvalidKeyException e2) {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.warning("The Cipher provider " + safeProviderName(cipher) + " caused exception: " + e2.getMessage(), new Object[0]);
            }
        }
        return bArr2;
    }

    private static String safeProviderName(Cipher cipher) {
        try {
            return cipher.getProvider().toString();
        } catch (Exception e) {
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Retrieving The Cipher provider name caused exception ", e);
            }
            try {
                return cipher.toString() + " (provider name not available)";
            } catch (Exception e2) {
                if (!SSLLogger.isOn || !SSLLogger.isOn("ssl,handshake")) {
                    return "(cipher/provider names not available)";
                }
                SSLLogger.fine("Retrieving The Cipher name caused exception ", e2);
                return "(cipher/provider names not available)";
            }
        }
    }
}
