package cfca.sadk.tls.sun.security.ssl.message;

import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.org.bouncycastle.jce.interfaces.ECPublicKey;
import cfca.sadk.org.bouncycastle.jce.spec.ECParameterSpec;
import cfca.sadk.tls.pure.CryptoException;
import cfca.sadk.tls.pure.impl.SM2Encrypt;
import cfca.sadk.tls.pure.impl.SM2Helper;
import cfca.sadk.tls.sun.security.ssl.Debugger;
import cfca.sadk.tls.sun.security.ssl.HandshakeInStream;
import cfca.sadk.tls.sun.security.ssl.HandshakeOutStream;
import cfca.sadk.tls.sun.security.ssl.ProtocolVersion;
import cfca.sadk.tls.sun.security.ssl.prf.TlsPremasterSecretParameters;
import cfca.sadk.tls.sun.security.ssl.sec.ECDHCrypt;
import cfca.sadk.tls.sun.security.ssl.sec.ECDHParams;
import cfca.sadk.tls.sun.security.ssl.sec.ECNamedCurve;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLKeyException;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/ClientKeyExchange.class */
public abstract class ClientKeyExchange extends HandshakeMessage {

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/ClientKeyExchange$CKEPKEA.class */
    public static final class CKEPKEA extends ClientKeyExchange {
        private ProtocolVersion protocolVersion;
        public SecretKey preMasterKey;
        private byte[] encryptedData;

        public CKEPKEA(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, PublicKey publicKey) throws IOException {
            String checkKeyAlgorithm = checkKeyAlgorithm(publicKey);
            this.protocolVersion = protocolVersion;
            try {
                try {
                    this.preMasterKey = new TlsPremasterSecretParameters(protocolVersion.major, protocolVersion.minor).generatePremasterkey(secureRandom);
                    if (!SM2Helper.isSM2Type(checkKeyAlgorithm)) {
                        Debugger.handshaker.debug("Error encrypting premaster secret: Unknown algorithm =>" + checkKeyAlgorithm);
                        throw new CryptoException("Unknown algorithm: " + checkKeyAlgorithm);
                    }
                    try {
                        this.encryptedData = SM2Encrypt.INSTANCE.encrypt(publicKey, this.preMasterKey.getEncoded());
                    } catch (CryptoException e) {
                        Debugger.handshaker.debug("Error encrypting premaster secret: " + e.getMessage(), e);
                        throw e;
                    }
                } catch (Exception e2) {
                    Debugger.handshaker.debug("Error encrypting premaster secret: generatePremasterkey failed", e2);
                    throw new CryptoException("SM2 premaster secret generate error", e2);
                }
            } finally {
            }
        }

        public CKEPKEA(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, HandshakeInStream handshakeInStream, int i, PrivateKey privateKey) throws IOException {
            String checkKeyAlgorithm = checkKeyAlgorithm(privateKey);
            this.encryptedData = handshakeInStream.getBytes16();
            if (!SM2Helper.isSM2Type(checkKeyAlgorithm)) {
                Debugger.handshaker.debug("Error decrypting premaster secret: Unknown algorithm =>" + checkKeyAlgorithm);
                throw new CryptoException("Unknown algorithm: " + checkKeyAlgorithm);
            }
            try {
                this.preMasterKey = polishPreMasterSecretKey(protocolVersion, protocolVersion2, secureRandom, SM2Encrypt.INSTANCE.decrypt(privateKey, this.encryptedData), null);
            } catch (CryptoException e) {
                Debugger.handshaker.debug("Error decrypting premaster secret: " + e.getMessage(), e);
                throw e;
            }
        }

        private SecretKey polishPreMasterSecretKey(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, byte[] bArr, Exception exc) {
            this.protocolVersion = protocolVersion2;
            if (secureRandom == null) {
                secureRandom = new SecureRandom();
            }
            byte[] bArr2 = new byte[48];
            secureRandom.nextBytes(bArr2);
            if (exc != null || bArr == null) {
                if (Debugger.handshaker.isDebugEnabled()) {
                    Debugger.handshaker.debug("Error decrypting premaster secret:", exc);
                }
                return generatePreMasterSecret(protocolVersion2, bArr2, secureRandom);
            }
            if (bArr.length != 48) {
                Debugger.handshaker.debug("incorrect length of premaster secret: {}", Integer.valueOf(bArr.length));
                return generatePreMasterSecret(protocolVersion2, bArr2, secureRandom);
            }
            if (protocolVersion2.major != bArr[0] || protocolVersion2.minor != bArr[1]) {
                if (Debugger.handshaker.isDebugEnabled()) {
                    Debugger.handshaker.debug("Mismatching Protocol Versions,  ClientHello.client_version is {}, while PreMasterSecret.client_version is {}", protocolVersion2, ProtocolVersion.valueOf(bArr[0], bArr[1]));
                }
                bArr = bArr2;
            }
            return generatePreMasterSecret(protocolVersion2, bArr, secureRandom);
        }

        static SecretKey generatePreMasterSecret(ProtocolVersion protocolVersion, byte[] bArr, SecureRandom secureRandom) {
            Debugger.handshaker.debug("Generating a random fake premaster secret");
            try {
                try {
                    return new TlsPremasterSecretParameters(protocolVersion.major, protocolVersion.minor, bArr).generatePremasterkey(secureRandom);
                } catch (Exception e) {
                    if (Debugger.handshaker.isDebugEnabled()) {
                        Debugger.handshaker.debug("SM2 premaster secret generation error:", e);
                    }
                    throw new RuntimeException("Could not generate dummy secret", e);
                }
            } catch (Throwable th) {
                throw th;
            }
        }

        private final String checkKeyAlgorithm(Key key) throws SSLKeyException {
            String upperCase = key.getAlgorithm().toUpperCase();
            String[] strArr = {"SM2", "EC"};
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= strArr.length) {
                    break;
                }
                if (strArr[i].equals(upperCase)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (z) {
                return upperCase;
            }
            throw new SSLKeyException("EncryptionKey NOT SM2KEY/ECKEY");
        }

        @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
        int messageLength() {
            return 2 + this.encryptedData.length;
        }

        @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.encryptedData);
        }

        public String toString() {
            return "\n*** ClientKeyExchange, SM2 PreMasterSecret, " + this.protocolVersion;
        }
    }

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/ClientKeyExchange$CKESM2DH.class */
    public static final class CKESM2DH extends ClientKeyExchange {
        private int curveType;
        private byte[] ecParametersBytes;
        private byte[] pointBytes;
        private ECParameterSpec ecParameters;
        private ECPublicKey publicKey;
        boolean hasEcParameters;

        public ECPublicKey getPublicKey() {
            return this.publicKey;
        }

        public CKESM2DH(ECPublicKey eCPublicKey) {
            this.curveType = 3;
            this.hasEcParameters = true;
            ECParameterSpec parameters = eCPublicKey.getParameters();
            if (this.hasEcParameters) {
                this.publicKey = eCPublicKey;
                this.ecParameters = eCPublicKey.getParameters();
                this.ecParametersBytes = ECDHParams.getECParametersBytes(this.ecParameters, this.curveType);
            }
            this.pointBytes = ECNamedCurve.encodePoint(eCPublicKey.getQ(), parameters.getCurve());
        }

        public CKESM2DH(ECDHCrypt eCDHCrypt, HandshakeInStream handshakeInStream) throws IOException {
            this.curveType = 3;
            this.hasEcParameters = true;
            try {
                try {
                    if (this.hasEcParameters) {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        this.curveType = handshakeInStream.getInt8();
                        this.ecParameters = ECDHParams.readECParameters(byteArrayOutputStream, this.curveType, handshakeInStream);
                        this.ecParametersBytes = byteArrayOutputStream.toByteArray();
                    } else {
                        this.ecParameters = eCDHCrypt.getPublicKey().getParameters();
                    }
                    this.pointBytes = handshakeInStream.getBytes8();
                    this.publicKey = new SM2PublicKey(this.pointBytes);
                } catch (Exception e) {
                    throw new RuntimeException("Could not generate secret", e);
                }
            } finally {
            }
        }

        @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
        int messageLength() {
            int length = 1 + this.pointBytes.length;
            if (this.hasEcParameters) {
                length += this.ecParametersBytes.length;
            }
            return length;
        }

        @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            if (this.hasEcParameters) {
                handshakeOutStream.write(this.ecParametersBytes);
            }
            handshakeOutStream.putBytes8(this.pointBytes);
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append('\n');
            sb.append("*** ECDHClientKeyExchange");
            builderAppend(sb, " ECDH Public value:  ", this.pointBytes);
            sb.append("\n***");
            return sb.toString();
        }
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    public final int messageType() {
        return 16;
    }
}
