package com.wizarpos.crypto.provider;

import com.wizarpos.security.internal.interfaces.TlsMasterSecret;
import com.wizarpos.security.internal.spec.TlsMasterSecretParameterSpec;
import io.fabric.sdk.android.services.common.CommonUtils;
import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.SecretKey;
import org.java_websocket.drafts.Draft_75;

/* loaded from: classes2.dex */
public final class TlsMasterSecretGenerator extends TlsPrfGenerator {
    private TlsMasterSecretParameterSpec g;
    private int h;

    /* loaded from: classes2.dex */
    static final class a implements TlsMasterSecret {
        private byte[] a;
        private final int b;
        private final int c;

        a(byte[] bArr, int i, int i2) {
            this.a = bArr;
            this.b = i;
            this.c = i2;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return "TlsMasterSecret";
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return (byte[]) this.a.clone();
        }

        @Override // java.security.Key
        public String getFormat() {
            return "RAW";
        }

        @Override // com.wizarpos.security.internal.interfaces.TlsMasterSecret
        public int getMajorVersion() {
            return this.b;
        }

        @Override // com.wizarpos.security.internal.interfaces.TlsMasterSecret
        public int getMinorVersion() {
            return this.c;
        }
    }

    public TlsMasterSecretGenerator() {
        WizarJCE.a(getClass());
    }

    @Override // com.wizarpos.crypto.provider.TlsPrfGenerator, javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        int i;
        int i2;
        byte[] bArr;
        if (this.g == null) {
            throw new IllegalStateException("TlsMasterSecretGenerator must be initialized");
        }
        SecretKey premasterSecret = this.g.getPremasterSecret();
        byte[] encoded = premasterSecret.getEncoded();
        if (premasterSecret.getAlgorithm().equals("TlsRsaPremasterSecret")) {
            i2 = encoded[0] & Draft_75.END_OF_FRAME;
            i = encoded[1] & Draft_75.END_OF_FRAME;
        } else {
            i = -1;
            i2 = -1;
        }
        try {
            byte[] clientRandom = this.g.getClientRandom();
            byte[] serverRandom = this.g.getServerRandom();
            if (this.h >= 769) {
                bArr = a(encoded, a, a(clientRandom, serverRandom), 48);
            } else {
                bArr = new byte[48];
                MessageDigest messageDigest = MessageDigest.getInstance(CommonUtils.MD5_INSTANCE);
                MessageDigest messageDigest2 = MessageDigest.getInstance("SHA");
                byte[] bArr2 = new byte[20];
                for (int i3 = 0; i3 < 3; i3++) {
                    messageDigest2.update(f[i3]);
                    messageDigest2.update(encoded);
                    messageDigest2.update(clientRandom);
                    messageDigest2.update(serverRandom);
                    messageDigest2.digest(bArr2, 0, 20);
                    messageDigest.update(encoded);
                    messageDigest.update(bArr2);
                    messageDigest.digest(bArr, i3 << 4, 16);
                }
            }
            return new a(bArr, i2, i);
        } catch (DigestException e) {
            throw new ProviderException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException(e2);
        }
    }

    @Override // com.wizarpos.crypto.provider.TlsPrfGenerator, javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, SecureRandom secureRandom) {
        throw new InvalidParameterException("TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec");
    }

    @Override // com.wizarpos.crypto.provider.TlsPrfGenerator, javax.crypto.KeyGeneratorSpi
    protected void engineInit(SecureRandom secureRandom) {
        throw new InvalidParameterException("TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec");
    }

    @Override // com.wizarpos.crypto.provider.TlsPrfGenerator, javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof TlsMasterSecretParameterSpec)) {
            throw new InvalidAlgorithmParameterException("TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec");
        }
        this.g = (TlsMasterSecretParameterSpec) algorithmParameterSpec;
        if (!"RAW".equals(this.g.getPremasterSecret().getFormat())) {
            throw new InvalidAlgorithmParameterException("Key format must be RAW");
        }
        this.h = (this.g.getMajorVersion() << 8) | this.g.getMinorVersion();
        if (this.h < 768 || this.h > 770) {
            throw new InvalidAlgorithmParameterException("Only SSL 3.0, TLS 1.0, and TLS 1.1 supported");
        }
    }
}
