package sun.security.ssl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Iterator;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import sun.security.action.GetPropertyAction;
import sun.security.ssl.NamedGroup;
import sun.security.ssl.SupportedGroupsExtension;
import sun.security.ssl.X509Authentication;
import sun.security.util.KeyUtil;

/* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/sun/security/ssl/DHKeyExchange.class */
final class DHKeyExchange {
    static final SSLPossessionGenerator poGenerator = new DHEPossessionGenerator(false);
    static final SSLPossessionGenerator poExportableGenerator = new DHEPossessionGenerator(true);
    static final SSLKeyAgreementGenerator kaGenerator = new DHEKAGenerator();

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/sun/security/ssl/DHKeyExchange$DHECredentials.class */
    static final class DHECredentials implements NamedGroupCredentials {
        final DHPublicKey popPublicKey;
        final NamedGroup namedGroup;

        /* JADX INFO: Access modifiers changed from: package-private */
        public DHECredentials(DHPublicKey dHPublicKey, NamedGroup namedGroup) {
            this.popPublicKey = dHPublicKey;
            this.namedGroup = namedGroup;
        }

        @Override // sun.security.ssl.NamedGroupCredentials
        public PublicKey getPublicKey() {
            return this.popPublicKey;
        }

        @Override // sun.security.ssl.NamedGroupCredentials
        public NamedGroup getNamedGroup() {
            return this.namedGroup;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static DHECredentials valueOf(NamedGroup namedGroup, byte[] bArr) throws IOException, GeneralSecurityException {
            if (namedGroup.spec != NamedGroup.NamedGroupSpec.NAMED_GROUP_FFDHE) {
                throw new RuntimeException("Credentials decoding:  Not FFDHE named group");
            }
            if (bArr == null || bArr.length == 0) {
                return null;
            }
            DHParameterSpec dHParameterSpec = (DHParameterSpec) namedGroup.keAlgParamSpec;
            return new DHECredentials((DHPublicKey) JsseJce.getKeyFactory("DiffieHellman").generatePublic(new DHPublicKeySpec(new BigInteger(1, bArr), dHParameterSpec.getP(), dHParameterSpec.getG())), namedGroup);
        }
    }

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/sun/security/ssl/DHKeyExchange$DHEKAGenerator.class */
    private static final class DHEKAGenerator implements SSLKeyAgreementGenerator {
        private static final DHEKAGenerator instance = new DHEKAGenerator();

        private DHEKAGenerator() {
        }

        @Override // sun.security.ssl.SSLKeyAgreementGenerator
        public SSLKeyDerivation createKeyDerivation(HandshakeContext handshakeContext) throws IOException {
            DHEPossession dHEPossession = null;
            DHECredentials dHECredentials = null;
            Iterator<SSLPossession> iterator2 = handshakeContext.handshakePossessions.iterator2();
            while (true) {
                if (!iterator2.hasNext()) {
                    break;
                }
                SSLPossession next = iterator2.next();
                if (next instanceof DHEPossession) {
                    DHEPossession dHEPossession2 = (DHEPossession) next;
                    Iterator<SSLCredentials> iterator22 = handshakeContext.handshakeCredentials.iterator2();
                    while (true) {
                        if (!iterator22.hasNext()) {
                            break;
                        }
                        SSLCredentials next2 = iterator22.next();
                        if (next2 instanceof DHECredentials) {
                            DHECredentials dHECredentials2 = (DHECredentials) next2;
                            if (dHEPossession2.namedGroup == null || dHECredentials2.namedGroup == null) {
                                DHParameterSpec params = dHEPossession2.publicKey.getParams();
                                DHParameterSpec params2 = dHECredentials2.popPublicKey.getParams();
                                if (params.getP().equals(params2.getP()) && params.getG().equals(params2.getG())) {
                                    dHECredentials = (DHECredentials) next2;
                                    break;
                                }
                            } else if (dHEPossession2.namedGroup.equals(dHECredentials2.namedGroup)) {
                                dHECredentials = (DHECredentials) next2;
                                break;
                            }
                        }
                    }
                    if (dHECredentials != null) {
                        dHEPossession = (DHEPossession) next;
                        break;
                    }
                }
            }
            if (dHEPossession == null || dHECredentials == null) {
                throw handshakeContext.conContext.fatal(Alert.HANDSHAKE_FAILURE, "No sufficient DHE key agreement parameters negotiated");
            }
            return new KAKeyDerivation("DiffieHellman", handshakeContext, dHEPossession.privateKey, dHECredentials.popPublicKey);
        }
    }

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/sun/security/ssl/DHKeyExchange$DHEPossession.class */
    static final class DHEPossession implements NamedGroupPossession {
        final PrivateKey privateKey;
        final DHPublicKey publicKey;
        final NamedGroup namedGroup;

        /* JADX INFO: Access modifiers changed from: package-private */
        public DHEPossession(NamedGroup namedGroup, SecureRandom secureRandom) {
            try {
                KeyPairGenerator keyPairGenerator = JsseJce.getKeyPairGenerator("DiffieHellman");
                keyPairGenerator.initialize(namedGroup.keAlgParamSpec, secureRandom);
                KeyPair generateDHKeyPair = generateDHKeyPair(keyPairGenerator);
                if (generateDHKeyPair == null) {
                    throw new RuntimeException("Could not generate DH keypair");
                }
                this.privateKey = generateDHKeyPair.getPrivate();
                this.publicKey = (DHPublicKey) generateDHKeyPair.getPublic();
                this.namedGroup = namedGroup;
            } catch (GeneralSecurityException e) {
                throw new RuntimeException("Could not generate DH keypair", e);
            }
        }

        DHEPossession(int i, SecureRandom secureRandom) {
            DHParameterSpec dHParameterSpec = PredefinedDHParameterSpecs.definedParams.get(Integer.valueOf(i));
            try {
                KeyPairGenerator keyPairGenerator = JsseJce.getKeyPairGenerator("DiffieHellman");
                if (dHParameterSpec != null) {
                    keyPairGenerator.initialize(dHParameterSpec, secureRandom);
                } else {
                    keyPairGenerator.initialize(i, secureRandom);
                }
                KeyPair generateDHKeyPair = generateDHKeyPair(keyPairGenerator);
                if (generateDHKeyPair == null) {
                    throw new RuntimeException("Could not generate DH keypair of " + i + " bits");
                }
                this.privateKey = generateDHKeyPair.getPrivate();
                this.publicKey = (DHPublicKey) generateDHKeyPair.getPublic();
                this.namedGroup = NamedGroup.valueOf(this.publicKey.getParams());
            } catch (GeneralSecurityException e) {
                throw new RuntimeException("Could not generate DH keypair", e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public DHEPossession(DHECredentials dHECredentials, SecureRandom secureRandom) {
            try {
                KeyPairGenerator keyPairGenerator = JsseJce.getKeyPairGenerator("DiffieHellman");
                keyPairGenerator.initialize(dHECredentials.popPublicKey.getParams(), secureRandom);
                KeyPair generateDHKeyPair = generateDHKeyPair(keyPairGenerator);
                if (generateDHKeyPair == null) {
                    throw new RuntimeException("Could not generate DH keypair");
                }
                this.privateKey = generateDHKeyPair.getPrivate();
                this.publicKey = (DHPublicKey) generateDHKeyPair.getPublic();
                this.namedGroup = dHECredentials.namedGroup;
            } catch (GeneralSecurityException e) {
                throw new RuntimeException("Could not generate DH keypair", e);
            }
        }

        private KeyPair generateDHKeyPair(KeyPairGenerator keyPairGenerator) throws GeneralSecurityException {
            boolean z = !KeyUtil.isOracleJCEProvider(keyPairGenerator.getProvider().getName());
            boolean z2 = false;
            for (int i = 0; i <= 2; i++) {
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                if (z) {
                    try {
                        KeyUtil.validate(getDHPublicKeySpec(generateKeyPair.getPublic()));
                    } catch (InvalidKeyException e) {
                        if (z2) {
                            throw e;
                        }
                        z2 = true;
                    }
                }
                return generateKeyPair;
            }
            return null;
        }

        private static DHPublicKeySpec getDHPublicKeySpec(PublicKey publicKey) {
            if (publicKey instanceof DHPublicKey) {
                DHPublicKey dHPublicKey = (DHPublicKey) publicKey;
                DHParameterSpec params = dHPublicKey.getParams();
                return new DHPublicKeySpec(dHPublicKey.getY(), params.getP(), params.getG());
            }
            try {
                return (DHPublicKeySpec) JsseJce.getKeyFactory("DiffieHellman").getKeySpec(publicKey, DHPublicKeySpec.class);
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new RuntimeException("Unable to get DHPublicKeySpec", e);
            }
        }

        @Override // sun.security.ssl.SSLPossession
        public byte[] encode() {
            byte[] byteArray = Utilities.toByteArray(this.publicKey.getY());
            int keySize = (KeyUtil.getKeySize(this.publicKey) + 7) >>> 3;
            if (keySize > 0 && byteArray.length < keySize) {
                byte[] bArr = new byte[keySize];
                System.arraycopy(byteArray, 0, bArr, keySize - byteArray.length, byteArray.length);
                byteArray = bArr;
            }
            return byteArray;
        }

        @Override // sun.security.ssl.NamedGroupPossession
        public PublicKey getPublicKey() {
            return this.publicKey;
        }

        @Override // sun.security.ssl.NamedGroupPossession
        public NamedGroup getNamedGroup() {
            return this.namedGroup;
        }

        @Override // sun.security.ssl.NamedGroupPossession
        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }
    }

    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.base/sun/security/ssl/DHKeyExchange$DHEPossessionGenerator.class */
    private static final class DHEPossessionGenerator implements SSLPossessionGenerator {
        private static final boolean useSmartEphemeralDHKeys;
        private static final boolean useLegacyEphemeralDHKeys;
        private static final int customizedDHKeySize;
        private final boolean exportable;

        private DHEPossessionGenerator(boolean z) {
            this.exportable = z;
        }

        @Override // sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            NamedGroup preferredGroup;
            if (!useLegacyEphemeralDHKeys && handshakeContext.clientRequestedNamedGroups != null && !handshakeContext.clientRequestedNamedGroups.isEmpty() && (preferredGroup = SupportedGroupsExtension.SupportedGroups.getPreferredGroup(handshakeContext.negotiatedProtocol, handshakeContext.algorithmConstraints, new NamedGroup.NamedGroupSpec[]{NamedGroup.NamedGroupSpec.NAMED_GROUP_FFDHE}, handshakeContext.clientRequestedNamedGroups)) != null) {
                return new DHEPossession(preferredGroup, handshakeContext.sslContext.getSecureRandom());
            }
            int i = this.exportable ? 512 : 1024;
            if (!this.exportable) {
                if (useLegacyEphemeralDHKeys) {
                    i = 768;
                } else if (useSmartEphemeralDHKeys) {
                    PrivateKey privateKey = null;
                    ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) handshakeContext;
                    if (serverHandshakeContext.interimAuthn instanceof X509Authentication.X509Possession) {
                        privateKey = ((X509Authentication.X509Possession) serverHandshakeContext.interimAuthn).popPrivateKey;
                    }
                    if (privateKey != null) {
                        i = KeyUtil.getKeySize(privateKey) <= 1024 ? 1024 : 2048;
                    }
                } else if (customizedDHKeySize > 0) {
                    i = customizedDHKeySize;
                }
            }
            return new DHEPossession(i, handshakeContext.sslContext.getSecureRandom());
        }

        static {
            String privilegedGetProperty = GetPropertyAction.privilegedGetProperty("jdk.tls.ephemeralDHKeySize");
            if (privilegedGetProperty == null || privilegedGetProperty.isEmpty()) {
                useLegacyEphemeralDHKeys = false;
                useSmartEphemeralDHKeys = false;
                customizedDHKeySize = -1;
                return;
            }
            if ("matched".equals(privilegedGetProperty)) {
                useLegacyEphemeralDHKeys = false;
                useSmartEphemeralDHKeys = true;
                customizedDHKeySize = -1;
            } else {
                if ("legacy".equals(privilegedGetProperty)) {
                    useLegacyEphemeralDHKeys = true;
                    useSmartEphemeralDHKeys = false;
                    customizedDHKeySize = -1;
                    return;
                }
                useLegacyEphemeralDHKeys = false;
                useSmartEphemeralDHKeys = false;
                try {
                    customizedDHKeySize = Integer.parseUnsignedInt(privilegedGetProperty);
                    if (customizedDHKeySize < 1024 || customizedDHKeySize > 8192 || (customizedDHKeySize & 63) != 0) {
                        throw new IllegalArgumentException("Unsupported customized DH key size: " + customizedDHKeySize + ". The key size must be multiple of 64, and range from 1024 to 8192 (inclusive)");
                    }
                } catch (NumberFormatException e) {
                    throw new IllegalArgumentException("Invalid system property jdk.tls.ephemeralDHKeySize");
                }
            }
        }
    }

    DHKeyExchange() {
    }
}
