package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import java.util.List;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.openeuler.SM2KeyExchangeUtil;
import org.openeuler.gm.GMConstants;
import org.openeuler.sun.security.ssl.GMX509Authentication;
import org.openeuler.sun.security.ssl.SupportedGroupsExtension;
import sun.security.util.ECUtil;

/* loaded from: classes5.dex */
final class SM2KeyExchange {
    static final SSLPossessionGenerator poGenerator;
    static final SSLKeyAgreementGenerator sm2KAGenerator;

    /* loaded from: classes5.dex */
    static final class SM2Credentials implements SSLCredentials {
        final SupportedGroupsExtension.NamedGroup namedGroup;
        final byte[] peerEncodePoint;
        final ECPublicKey popPublicKey;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SM2Credentials(ECPublicKey eCPublicKey, SupportedGroupsExtension.NamedGroup namedGroup, byte[] bArr) {
            this.popPublicKey = eCPublicKey;
            this.namedGroup = namedGroup;
            this.peerEncodePoint = bArr;
        }
    }

    /* loaded from: classes5.dex */
    private static final class SM2KAGenerator implements SSLKeyAgreementGenerator {
        private SM2KAGenerator() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLKeyAgreementGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext) throws IOException {
            Iterator<SSLPossession> it = handshakeContext.handshakePossessions.iterator();
            SM2Possession sM2Possession = null;
            SM2Credentials sM2Credentials = null;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof SM2Possession) {
                    SM2Possession sM2Possession2 = (SM2Possession) next;
                    SupportedGroupsExtension.NamedGroup namedGroup = sM2Possession2.namedGroup;
                    Iterator<SSLCredentials> it2 = handshakeContext.handshakeCredentials.iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        SSLCredentials next2 = it2.next();
                        if (next2 instanceof SM2Credentials) {
                            SM2Credentials sM2Credentials2 = (SM2Credentials) next2;
                            if (namedGroup.equals(sM2Credentials2.namedGroup)) {
                                sM2Credentials = sM2Credentials2;
                                break;
                            }
                        }
                    }
                    if (sM2Credentials != null) {
                        sM2Possession = sM2Possession2;
                        break;
                    }
                }
            }
            if (sM2Possession == null || sM2Credentials == null) {
                throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient sm2 key agreement parameters negotiated");
            }
            return new SM2KAKeyDerivation(handshakeContext, sM2Possession.privateKey, sM2Credentials.popPublicKey);
        }
    }

    /* loaded from: classes5.dex */
    private static final class SM2KAKeyDerivation implements SSLKeyDerivation {
        private final HandshakeContext context;
        private final PrivateKey localPrivateKey;
        private final PublicKey peerPublicKey;

        SM2KAKeyDerivation(HandshakeContext handshakeContext, PrivateKey privateKey, PublicKey publicKey) {
            this.context = handshakeContext;
            this.localPrivateKey = privateKey;
            this.peerPublicKey = publicKey;
        }

        private SecretKey gmtlsDeriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            try {
                KeyAgreement keyAgreement = JsseJce.getKeyAgreement(GMConstants.SM2);
                keyAgreement.init(this.localPrivateKey, algorithmParameterSpec, null);
                keyAgreement.doPhase(this.peerPublicKey, true);
                SecretKey generateSecret = keyAgreement.generateSecret("TlsPremasterSecret");
                SSLMasterKeyDerivation valueOf = SSLMasterKeyDerivation.valueOf(this.context.negotiatedProtocol);
                if (valueOf != null) {
                    return valueOf.createKeyDerivation(this.context, generateSecret).deriveKey("MasterSecret", algorithmParameterSpec);
                }
                throw new SSLHandshakeException("No expected master key derivation for protocol: " + this.context.negotiatedProtocol.name);
            } catch (GeneralSecurityException e) {
                throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
            }
        }

        @Override // org.openeuler.sun.security.ssl.SSLKeyDerivation
        public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            return gmtlsDeriveKey(str, algorithmParameterSpec);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static final class SM2Possession implements SSLPossession {
        final SupportedGroupsExtension.NamedGroup namedGroup;
        final PrivateKey privateKey;
        final BCECPublicKey publicKey;
        final BigInteger randomNum;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SM2Possession(SM2Credentials sM2Credentials, SecureRandom secureRandom, ConnectionContext connectionContext) {
            GMX509Authentication.GMX509Possession gMX509Possession;
            Iterator<SSLPossession> it = ((ClientHandshakeContext) connectionContext).handshakePossessions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    gMX509Possession = null;
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof GMX509Authentication.GMX509Possession) {
                    gMX509Possession = (GMX509Authentication.GMX509Possession) next;
                    break;
                }
            }
            if (gMX509Possession != null) {
                BCECPublicKey publicKey = gMX509Possession.popEncCerts[0].getPublicKey();
                this.publicKey = publicKey;
                this.privateKey = gMX509Possession.popEncPrivateKey;
                this.randomNum = SM2KeyExchangeUtil.generateRandom(publicKey.getParameters().getN(), secureRandom);
            } else {
                this.publicKey = null;
                this.privateKey = null;
                this.randomNum = null;
            }
            this.namedGroup = sM2Credentials.namedGroup;
        }

        SM2Possession(SupportedGroupsExtension.NamedGroup namedGroup, SecureRandom secureRandom, ConnectionContext connectionContext) {
            SSLPossession sSLPossession = ((ServerHandshakeContext) connectionContext).interimAuthn;
            GMX509Authentication.GMX509Possession gMX509Possession = sSLPossession instanceof GMX509Authentication.GMX509Possession ? (GMX509Authentication.GMX509Possession) sSLPossession : null;
            if (gMX509Possession != null) {
                BCECPublicKey publicKey = gMX509Possession.popEncCerts[0].getPublicKey();
                this.publicKey = publicKey;
                this.privateKey = gMX509Possession.popEncPrivateKey;
                this.randomNum = SM2KeyExchangeUtil.generateRandom(publicKey.getParameters().getN(), secureRandom);
            } else {
                this.publicKey = null;
                this.privateKey = null;
                this.randomNum = null;
            }
            this.namedGroup = namedGroup;
        }

        @Override // org.openeuler.sun.security.ssl.SSLPossession
        public byte[] encode() {
            return ECUtil.encodePoint(this.publicKey.getW(), this.publicKey.getParams().getCurve());
        }
    }

    /* loaded from: classes5.dex */
    private static final class SM2PossessionGenerator implements SSLPossessionGenerator {
        private SM2PossessionGenerator() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            ProtocolVersion protocolVersion = handshakeContext.t12WithGMCipherSuite ? ProtocolVersion.GMTLS : handshakeContext.negotiatedProtocol;
            List<SupportedGroupsExtension.NamedGroup> list = handshakeContext.clientRequestedNamedGroups;
            SupportedGroupsExtension.NamedGroup preferredGroup = (list == null || list.isEmpty()) ? SupportedGroupsExtension.SupportedGroups.getPreferredGroup(protocolVersion, handshakeContext.algorithmConstraints, SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE) : SupportedGroupsExtension.SupportedGroups.getPreferredGroup(protocolVersion, handshakeContext.algorithmConstraints, SupportedGroupsExtension.NamedGroupType.NAMED_GROUP_ECDHE, handshakeContext.clientRequestedNamedGroups);
            if (preferredGroup != null) {
                return new SM2Possession(preferredGroup, handshakeContext.sslContext.getSecureRandom(), handshakeContext);
            }
            return null;
        }
    }

    static {
        poGenerator = new SM2PossessionGenerator();
        sm2KAGenerator = new SM2KAGenerator();
    }

    SM2KeyExchange() {
    }
}
