package sun.security.ssl.krb5;

import com.secneo.apkwrapper.Helper;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.net.ssl.SSLKeyException;
import sun.security.krb5.EncryptedData;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException;
import sun.security.ssl.Debug;
import sun.security.ssl.HandshakeInStream;
import sun.security.ssl.HandshakeMessage;
import sun.security.ssl.ProtocolVersion;

/* loaded from: classes2.dex */
final class KerberosPreMasterSecret {
    private byte[] encrypted;
    private byte[] preMaster;
    private ProtocolVersion protocolVersion;

    KerberosPreMasterSecret(ProtocolVersion protocolVersion, SecureRandom secureRandom) {
        Helper.stub();
        this.protocolVersion = protocolVersion;
        this.preMaster = generatePreMaster(secureRandom, protocolVersion);
    }

    KerberosPreMasterSecret(ProtocolVersion protocolVersion, SecureRandom secureRandom, EncryptionKey encryptionKey) throws IOException {
        if (encryptionKey.getEType() == 16) {
            throw new IOException("session keys with des3-cbc-hmac-sha1-kd encryption type are not supported for TLS Kerberos cipher suites");
        }
        this.protocolVersion = protocolVersion;
        this.preMaster = generatePreMaster(secureRandom, protocolVersion);
        try {
            this.encrypted = new EncryptedData(encryptionKey, this.preMaster, 0).getBytes();
        } catch (KrbException e) {
            throw ((SSLKeyException) new SSLKeyException("Kerberos premaster secret error").initCause(e));
        }
    }

    KerberosPreMasterSecret(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, HandshakeInStream handshakeInStream, EncryptionKey encryptionKey) throws IOException {
        boolean z = true;
        this.encrypted = handshakeInStream.getBytes16();
        if (HandshakeMessage.debug != null && Debug.isOn("handshake") && this.encrypted != null) {
            Debug.println(System.out, "encrypted premaster secret", this.encrypted);
        }
        if (encryptionKey.getEType() == 16) {
            throw new IOException("session keys with des3-cbc-hmac-sha1-kd encryption type are not supported for TLS Kerberos cipher suites");
        }
        try {
            EncryptedData encryptedData = new EncryptedData(encryptionKey.getEType(), (Integer) null, this.encrypted);
            byte[] decrypt = encryptedData.decrypt(encryptionKey, 0);
            if (HandshakeMessage.debug != null && Debug.isOn("handshake") && this.encrypted != null) {
                Debug.println(System.out, "decrypted premaster secret", decrypt);
            }
            if (decrypt.length == 52 && encryptedData.getEType() == 1) {
                if (paddingByteIs(decrypt, 52, (byte) 4) || paddingByteIs(decrypt, 52, (byte) 0)) {
                    decrypt = Arrays.copyOf(decrypt, 48);
                }
            } else if (decrypt.length == 56 && encryptedData.getEType() == 3 && paddingByteIs(decrypt, 56, (byte) 8)) {
                decrypt = Arrays.copyOf(decrypt, 48);
            }
            this.preMaster = decrypt;
            this.protocolVersion = ProtocolVersion.valueOf(this.preMaster[0], this.preMaster[1]);
            if (HandshakeMessage.debug != null && Debug.isOn("handshake")) {
                System.out.println("Kerberos PreMasterSecret version: " + this.protocolVersion);
            }
        } catch (Exception e) {
            this.preMaster = null;
            this.protocolVersion = protocolVersion;
        }
        boolean z2 = this.protocolVersion.v != protocolVersion2.v;
        if (!z2 || protocolVersion2.v > 769) {
            z = z2;
        } else if (this.protocolVersion.v == protocolVersion.v) {
            z = false;
        }
        if (this.preMaster == null || this.preMaster.length != 48 || z) {
            if (HandshakeMessage.debug != null && Debug.isOn("handshake")) {
                System.out.println("Kerberos PreMasterSecret error, generating random secret");
                if (this.preMaster != null) {
                    Debug.println(System.out, "Invalid secret", this.preMaster);
                }
            }
            this.preMaster = generatePreMaster(secureRandom, protocolVersion2);
            this.protocolVersion = protocolVersion2;
        }
    }

    private static byte[] generatePreMaster(SecureRandom secureRandom, ProtocolVersion protocolVersion) {
        byte[] bArr = new byte[48];
        secureRandom.nextBytes(bArr);
        bArr[0] = protocolVersion.major;
        bArr[1] = protocolVersion.minor;
        return bArr;
    }

    private static boolean paddingByteIs(byte[] bArr, int i, byte b) {
        for (int i2 = 48; i2 < i; i2++) {
            if (bArr[i2] != b) {
                return false;
            }
        }
        return true;
    }

    byte[] getEncrypted() {
        return this.encrypted;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getUnencrypted() {
        return this.preMaster;
    }
}
