package com.sun.crypto.provider;

import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import kotlin.UByte;
import sun.security.internal.interfaces.TlsMasterSecret;
import sun.security.internal.spec.TlsMasterSecretParameterSpec;

/* loaded from: classes2.dex */
public final class TlsMasterSecretGenerator extends KeyGeneratorSpi {
    private static final String MSG = "TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec";
    private int protocolVersion;
    private TlsMasterSecretParameterSpec spec;

    /* loaded from: classes2.dex */
    private static final class TlsMasterSecretKey implements TlsMasterSecret {
        private static final long serialVersionUID = 1019571680375368880L;
        private byte[] key;
        private final int majorVersion;
        private final int minorVersion;

        TlsMasterSecretKey(byte[] bArr, int i, int i2) {
            this.key = bArr;
            this.majorVersion = i;
            this.minorVersion = i2;
        }

        public String getAlgorithm() {
            return "TlsMasterSecret";
        }

        public byte[] getEncoded() {
            return (byte[]) this.key.clone();
        }

        public String getFormat() {
            return "RAW";
        }

        public int getMajorVersion() {
            return this.majorVersion;
        }

        public int getMinorVersion() {
            return this.minorVersion;
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        int i;
        int i2;
        byte[] bArr;
        byte[] concat;
        byte[] bArr2;
        TlsMasterSecretParameterSpec tlsMasterSecretParameterSpec = this.spec;
        if (tlsMasterSecretParameterSpec == null) {
            throw new IllegalStateException("TlsMasterSecretGenerator must be initialized");
        }
        SecretKey premasterSecret = tlsMasterSecretParameterSpec.getPremasterSecret();
        byte[] encoded = premasterSecret.getEncoded();
        if (premasterSecret.getAlgorithm().equals("TlsRsaPremasterSecret")) {
            int i3 = encoded[0] & UByte.MAX_VALUE;
            i2 = encoded[1] & UByte.MAX_VALUE;
            i = i3;
        } else {
            i = -1;
            i2 = -1;
        }
        try {
            if (this.protocolVersion >= 769) {
                byte[] extendedMasterSecretSessionHash = this.spec.getExtendedMasterSecretSessionHash();
                if (extendedMasterSecretSessionHash.length != 0) {
                    concat = extendedMasterSecretSessionHash;
                    bArr2 = TlsPrfGenerator.LABEL_EXTENDED_MASTER_SECRET;
                } else {
                    byte[] clientRandom = this.spec.getClientRandom();
                    byte[] serverRandom = this.spec.getServerRandom();
                    byte[] bArr3 = TlsPrfGenerator.LABEL_MASTER_SECRET;
                    concat = TlsPrfGenerator.concat(clientRandom, serverRandom);
                    bArr2 = bArr3;
                }
                bArr = this.protocolVersion >= 771 ? TlsPrfGenerator.doTLS12PRF(encoded, bArr2, concat, 48, this.spec.getPRFHashAlg(), this.spec.getPRFHashLength(), this.spec.getPRFBlockSize()) : TlsPrfGenerator.doTLS10PRF(encoded, bArr2, concat, 48);
            } else {
                byte[] bArr4 = new byte[48];
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                MessageDigest messageDigest2 = MessageDigest.getInstance("SHA");
                byte[] clientRandom2 = this.spec.getClientRandom();
                byte[] serverRandom2 = this.spec.getServerRandom();
                byte[] bArr5 = new byte[20];
                for (int i4 = 0; i4 < 3; i4++) {
                    messageDigest2.update(TlsPrfGenerator.SSL3_CONST[i4]);
                    messageDigest2.update(encoded);
                    messageDigest2.update(clientRandom2);
                    messageDigest2.update(serverRandom2);
                    messageDigest2.digest(bArr5, 0, 20);
                    messageDigest.update(encoded);
                    messageDigest.update(bArr5);
                    messageDigest.digest(bArr4, i4 << 4, 16);
                }
                bArr = bArr4;
            }
            return new TlsMasterSecretKey(bArr, i, i2);
        } catch (DigestException e) {
            throw new ProviderException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException(e2);
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof TlsMasterSecretParameterSpec)) {
            throw new InvalidAlgorithmParameterException(MSG);
        }
        TlsMasterSecretParameterSpec tlsMasterSecretParameterSpec = (TlsMasterSecretParameterSpec) algorithmParameterSpec;
        this.spec = tlsMasterSecretParameterSpec;
        if (!"RAW".equals(tlsMasterSecretParameterSpec.getPremasterSecret().getFormat())) {
            throw new InvalidAlgorithmParameterException("Key format must be RAW");
        }
        int majorVersion = (this.spec.getMajorVersion() << 8) | this.spec.getMinorVersion();
        this.protocolVersion = majorVersion;
        if (majorVersion < 768 || majorVersion > 771) {
            throw new InvalidAlgorithmParameterException("Only SSL 3.0, TLS 1.0/1.1/1.2 supported");
        }
    }
}
