package sun.security.ssl;

import java.io.IOException;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLProtocolException;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.util.KeyUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:sun/security/ssl/RSAClientKeyExchange.class */
public final class RSAClientKeyExchange extends HandshakeMessage {
    private ProtocolVersion protocolVersion;
    SecretKey preMaster;
    private byte[] encrypted;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RSAClientKeyExchange(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, PublicKey publicKey) throws IOException {
        if (!publicKey.getAlgorithm().equals("RSA")) {
            throw new SSLKeyException("Public key not of type RSA");
        }
        this.protocolVersion = protocolVersion;
        try {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(protocolVersion.v >= ProtocolVersion.TLS12.v ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
            keyGenerator.init((AlgorithmParameterSpec) new TlsRsaPremasterSecretParameterSpec(protocolVersion2.v, protocolVersion.v), secureRandom);
            this.preMaster = keyGenerator.generateKey();
            Cipher cipher = JsseJce.getCipher("RSA/ECB/PKCS1Padding");
            cipher.init(3, publicKey, secureRandom);
            this.encrypted = cipher.wrap(this.preMaster);
        } catch (GeneralSecurityException e) {
            throw ((SSLKeyException) new SSLKeyException("RSA premaster secret error").initCause(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RSAClientKeyExchange(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, HandshakeInStream handshakeInStream, int i, PrivateKey privateKey) throws IOException {
        boolean z;
        if (!privateKey.getAlgorithm().equals("RSA")) {
            throw new SSLKeyException("Private key not of type RSA");
        }
        if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
            this.encrypted = handshakeInStream.getBytes16();
        } else {
            this.encrypted = new byte[i];
            if (handshakeInStream.read(this.encrypted) != i) {
                throw new SSLProtocolException("SSL: read PreMasterSecret: short read");
            }
        }
        byte[] bArr = null;
        try {
            Cipher cipher = JsseJce.getCipher("RSA/ECB/PKCS1Padding");
            try {
                cipher.init(4, (Key) privateKey, (AlgorithmParameterSpec) new TlsRsaPremasterSecretParameterSpec(protocolVersion2.v, protocolVersion.v), secureRandom);
                z = !KeyUtil.isOracleJCEProvider(cipher.getProvider().getName());
            } catch (UnsupportedOperationException | InvalidKeyException e) {
                if (debug != null && Debug.isOn("handshake")) {
                    System.out.println("The Cipher provider " + cipher.getProvider().getName() + " caused exception: " + e.getMessage());
                }
                z = true;
            }
            if (z) {
                cipher.init(2, privateKey);
                boolean z2 = false;
                try {
                    bArr = cipher.doFinal(this.encrypted);
                } catch (BadPaddingException e2) {
                    z2 = true;
                }
                this.preMaster = generatePreMasterSecret(protocolVersion2.v, protocolVersion.v, KeyUtil.checkTlsPreMasterSecretKey(protocolVersion2.v, protocolVersion.v, secureRandom, bArr, z2), secureRandom);
            } else {
                this.preMaster = (SecretKey) cipher.unwrap(this.encrypted, "TlsRsaPremasterSecret", 3);
            }
        } catch (InvalidKeyException e3) {
            throw new SSLProtocolException("Unable to process PreMasterSecret, may be too big");
        } catch (Exception e4) {
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("RSA premaster secret decryption error:");
                e4.printStackTrace(System.out);
            }
            throw new RuntimeException("Could not generate dummy secret", e4);
        }
    }

    private static SecretKey generatePreMasterSecret(int i, int i2, byte[] bArr, SecureRandom secureRandom) {
        if (debug != null && Debug.isOn("handshake")) {
            System.out.println("Generating a premaster secret");
        }
        try {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(i >= ProtocolVersion.TLS12.v ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
            keyGenerator.init((AlgorithmParameterSpec) new TlsRsaPremasterSecretParameterSpec(i, i2, bArr), secureRandom);
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("RSA premaster secret generation error:");
                e.printStackTrace(System.out);
            }
            throw new RuntimeException("Could not generate premaster secret", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.ssl.HandshakeMessage
    public int messageType() {
        return 16;
    }

    @Override // sun.security.ssl.HandshakeMessage
    int messageLength() {
        return this.protocolVersion.v >= ProtocolVersion.TLS10.v ? this.encrypted.length + 2 : this.encrypted.length;
    }

    @Override // sun.security.ssl.HandshakeMessage
    void send(HandshakeOutStream handshakeOutStream) throws IOException {
        if (this.protocolVersion.v >= ProtocolVersion.TLS10.v) {
            handshakeOutStream.putBytes16(this.encrypted);
        } else {
            handshakeOutStream.write(this.encrypted);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.ssl.HandshakeMessage
    public void print(PrintStream printStream) throws IOException {
        printStream.println("*** ClientKeyExchange, RSA PreMasterSecret, " + this.protocolVersion);
    }
}
