package cfca.sadk.tls.sun.security.ssl.prf;

import cfca.sadk.tls.i18n.JSSEMessage;
import cfca.sadk.tls.i18n.JSSEMessageConstants;
import cfca.sadk.tls.sun.security.ssl.SSLProtocolVersionConstants;
import cfca.sadk.tls.sun.security.ssl.sec.JSSEJCE;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.SecretKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/prf/TlsMasterSecretGenerator.class */
public final class TlsMasterSecretGenerator implements TlsKeyMaterialsConstants, SSLProtocolVersionConstants {
    static final int[] versions = {SSLProtocolVersionConstants.SSL_0x0101, SSLProtocolVersionConstants.SSL_0x0102, SSLProtocolVersionConstants.SSL_0x0300, SSLProtocolVersionConstants.SSL_0x0301, SSLProtocolVersionConstants.SSL_0x0302, SSLProtocolVersionConstants.SSL_0x0303};

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final boolean hasVersion(int i) {
        return Arrays.binarySearch(versions, i) >= 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final TlsMasterSecretKey generateMasterKey(TlsMasterSecretParameters tlsMasterSecretParameters) throws GeneralSecurityException {
        int i;
        int i2;
        byte[] doTLS10PRF;
        int checkParameters = checkParameters(tlsMasterSecretParameters);
        SecretKey premasterSecret = tlsMasterSecretParameters.getPremasterSecret();
        byte[] encoded = premasterSecret.getEncoded();
        if (premasterSecret.getAlgorithm().equals("TlsRsaPremasterSecret")) {
            i = encoded[0] & 255;
            i2 = encoded[1] & 255;
        } else {
            i = -1;
            i2 = -1;
        }
        try {
            byte[] clientRandom = tlsMasterSecretParameters.getClientRandom();
            byte[] serverRandom = tlsMasterSecretParameters.getServerRandom();
            byte[] concat = TlsKeyMaterialsTools.concat(clientRandom, serverRandom);
            switch (checkParameters) {
                case SSLProtocolVersionConstants.SSL_0x0101 /* 257 */:
                case SSLProtocolVersionConstants.SSL_0x0102 /* 258 */:
                    doTLS10PRF = TlsPrfGenerator.doTLS12PRF(encoded, LABEL_MASTER_SECRET, concat, 48, tlsMasterSecretParameters.getPrfHashParameters());
                    break;
                case SSLProtocolVersionConstants.SSL_0x0300 /* 768 */:
                    doTLS10PRF = doSSL30PRF(encoded, clientRandom, serverRandom, 48);
                    break;
                case SSLProtocolVersionConstants.SSL_0x0301 /* 769 */:
                case SSLProtocolVersionConstants.SSL_0x0302 /* 770 */:
                    doTLS10PRF = TlsPrfGenerator.doTLS10PRF(encoded, LABEL_MASTER_SECRET, concat, 48);
                    break;
                case SSLProtocolVersionConstants.SSL_0x0303 /* 771 */:
                    doTLS10PRF = TlsPrfGenerator.doTLS12PRF(encoded, LABEL_MASTER_SECRET, concat, 48, tlsMasterSecretParameters.getPrfHashParameters());
                    break;
                default:
                    throw new InvalidAlgorithmParameterException(JSSEMessage.getMessage(JSSEMessageConstants.runfailure_SSLVersionLimited));
            }
            return new TlsMasterSecretKey(doTLS10PRF, i, i2);
        } catch (DigestException e) {
            throw new ProviderException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new ProviderException(e2);
        }
    }

    private int checkParameters(TlsMasterSecretParameters tlsMasterSecretParameters) throws InvalidAlgorithmParameterException {
        if (tlsMasterSecretParameters == null) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_notInitialized, "TlsMasterSecretParameters"));
        }
        if (tlsMasterSecretParameters.getPremasterSecret() == null) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_notInitialized, "TlsMasterSecretParameters#PremasterSecret"));
        }
        if (!"RAW".equals(tlsMasterSecretParameters.getPremasterSecret().getFormat())) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_mustBeRAW, "TlsMasterSecretParameters#PremasterSecret"));
        }
        int majorVersion = (tlsMasterSecretParameters.getMajorVersion() << 8) | tlsMasterSecretParameters.getMinorVersion();
        if (hasVersion(majorVersion)) {
            return majorVersion;
        }
        throw new InvalidAlgorithmParameterException(JSSEMessage.getMessage(JSSEMessageConstants.runfailure_SSLVersionLimited));
    }

    private static byte[] doSSL30PRF(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) throws NoSuchAlgorithmException, DigestException {
        byte[] bArr4 = new byte[i];
        MessageDigest messageDigest = JSSEJCE.getMessageDigest("MD5");
        MessageDigest messageDigest2 = JSSEJCE.getMessageDigest("SHA1");
        byte[] bArr5 = new byte[20];
        for (int i2 = 0; i2 < 3; i2++) {
            messageDigest2.update(SSL3_CONST[i2]);
            messageDigest2.update(bArr);
            messageDigest2.update(bArr2);
            messageDigest2.update(bArr3);
            messageDigest2.digest(bArr5, 0, 20);
            messageDigest.update(bArr);
            messageDigest.update(bArr5);
            messageDigest.digest(bArr4, i2 << 4, 16);
        }
        return bArr4;
    }
}
