package cfca.sadk.tls.sun.security.ssl.prf;

import cfca.sadk.tls.i18n.JSSEMessage;
import cfca.sadk.tls.i18n.JSSEMessageConstants;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/prf/TlsKeyMaterialGenerator.class */
public final class TlsKeyMaterialGenerator implements TlsKeyMaterialsConstants {
    /* JADX INFO: Access modifiers changed from: protected */
    public TlsKeyMaterials generateWorkKeys(TlsKeyMaterialParameters tlsKeyMaterialParameters) throws GeneralSecurityException {
        if (tlsKeyMaterialParameters == null || tlsKeyMaterialParameters.getMasterSecret() == null) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_notInitialized, "TlsKeyMaterialParameters"));
        }
        if (!"RAW".equals(tlsKeyMaterialParameters.getMasterSecret().getFormat())) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_mustBeRAW, "TlsKeyMaterialParameters#MasterSecret"));
        }
        int majorVersion = (tlsKeyMaterialParameters.getMajorVersion() << 8) | tlsKeyMaterialParameters.getMinorVersion();
        if (!TlsMasterSecretGenerator.hasVersion(majorVersion)) {
            throw new InvalidAlgorithmParameterException(JSSEMessage.getMessage(JSSEMessageConstants.runfailure_SSLVersionLimited));
        }
        byte[] encoded = tlsKeyMaterialParameters.getMasterSecret().getEncoded();
        if (encoded == null) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_notInitialized, "masterSecret"));
        }
        byte[] clientRandom = tlsKeyMaterialParameters.getClientRandom();
        if (clientRandom == null) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_notInitialized, "clientRandom"));
        }
        byte[] serverRandom = tlsKeyMaterialParameters.getServerRandom();
        if (serverRandom == null) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_notInitialized, "serverRandom"));
        }
        byte[] concat = TlsKeyMaterialsTools.concat(serverRandom, clientRandom);
        HashPRF hashPRF = tlsKeyMaterialParameters.hashPRF();
        int macKeyLength = tlsKeyMaterialParameters.getMacKeyLength();
        boolean z = tlsKeyMaterialParameters.getExpandedCipherKeyLength() != 0;
        int cipherKeyLength = tlsKeyMaterialParameters.getCipherKeyLength();
        int ivLength = tlsKeyMaterialParameters.getIvLength();
        byte[] generateKeyBlock = generateKeyBlock(majorVersion, encoded, concat, serverRandom, clientRandom, ((macKeyLength + cipherKeyLength) + (z ? 0 : ivLength)) << 1, hashPRF);
        TlsKeyMaterials tlsKeyMaterials = new TlsKeyMaterials();
        int i = 0;
        if (macKeyLength != 0) {
            tlsKeyMaterials.clientMacKey = buildSecretKey(generateKeyBlock, 0, macKeyLength, "Mac");
            int i2 = 0 + macKeyLength;
            tlsKeyMaterials.serverMacKey = buildSecretKey(generateKeyBlock, i2, macKeyLength, "Mac");
            i = i2 + macKeyLength;
        }
        if (cipherKeyLength != 0) {
            String cipherAlgorithm = tlsKeyMaterialParameters.getCipherAlgorithm();
            byte[] copyBytes = TlsKeyMaterialsTools.copyBytes(generateKeyBlock, i, cipherKeyLength);
            int i3 = i + cipherKeyLength;
            byte[] copyBytes2 = TlsKeyMaterialsTools.copyBytes(generateKeyBlock, i3, cipherKeyLength);
            int i4 = i3 + cipherKeyLength;
            if (z) {
                throw new RuntimeException(JSSEMessage.getMessage(JSSEMessageConstants.runfailure_mustNotNegotiating));
            }
            setKeyMaterials(tlsKeyMaterials, copyBytes, copyBytes2, cipherAlgorithm, generateKeyBlock, i4, ivLength);
        }
        return tlsKeyMaterials;
    }

    private final byte[] generateKeyBlock(int i, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i2, HashPRF hashPRF) throws DigestException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        return TlsPrfGenerator.doTLS12PRF(bArr, LABEL_KEY_EXPANSION, bArr2, i2, hashPRF);
    }

    private void setKeyMaterials(TlsKeyMaterials tlsKeyMaterials, byte[] bArr, byte[] bArr2, String str, byte[] bArr3, int i, int i2) {
        tlsKeyMaterials.clientCipherKey = new SecretKeySpec(bArr, str);
        tlsKeyMaterials.serverCipherKey = new SecretKeySpec(bArr2, str);
        if (i2 != 0) {
            tlsKeyMaterials.clientIv = new IvParameterSpec(bArr3, i, i2);
            tlsKeyMaterials.serverIv = new IvParameterSpec(bArr3, i + i2, i2);
        }
    }

    private static SecretKey buildSecretKey(byte[] bArr, int i, int i2, String str) {
        return new SecretKeySpec(TlsKeyMaterialsTools.copyBytes(bArr, i, i2), str);
    }
}
