package com.tencent.kona.sun.security.ssl;

import com.tencent.kona.crypto.CryptoInsts;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;

/* loaded from: input_file:com/tencent/kona/sun/security/ssl/SM2KAKeyDerivation.class */
final class SM2KAKeyDerivation implements SSLKeyDerivation {
    private final String algorithmName;
    private final HandshakeContext context;
    private final ECPrivateKey localEphemeralPrivateKey;
    private final ECPublicKey peerEphemeralPublicKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SM2KAKeyDerivation(String str, HandshakeContext handshakeContext, ECPrivateKey eCPrivateKey, ECPublicKey eCPublicKey) {
        this.algorithmName = str;
        this.context = handshakeContext;
        this.localEphemeralPrivateKey = eCPrivateKey;
        this.peerEphemeralPublicKey = eCPublicKey;
    }

    @Override // com.tencent.kona.sun.security.ssl.SSLKeyDerivation
    public SecretKey deriveKey(String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
        try {
            KeyAgreement keyAgreement = CryptoInsts.getKeyAgreement(this.algorithmName);
            keyAgreement.init(this.localEphemeralPrivateKey, algorithmParameterSpec, null);
            keyAgreement.doPhase(this.peerEphemeralPublicKey, true);
            SecretKey generateSecret = keyAgreement.generateSecret("TlsPremasterSecret");
            SSLMasterKeyDerivation valueOf = SSLMasterKeyDerivation.valueOf(this.context.negotiatedProtocol);
            if (valueOf == null) {
                throw new SSLHandshakeException("No expected master key derivation for protocol: " + this.context.negotiatedProtocol.name);
            }
            return valueOf.createKeyDerivation(this.context, generateSecret).deriveKey("MasterSecret", algorithmParameterSpec);
        } catch (GeneralSecurityException e) {
            throw ((SSLHandshakeException) new SSLHandshakeException("Could not generate secret").initCause(e));
        }
    }
}
