package sun.security.ssl;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.nio.ByteBuffer;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.net.ssl.SNIHostName;
import sun.misc.HexDumpEncoder;
import sun.security.pkcs11.wrapper.Constants;
import sun.security.ssl.KrbKeyExchange;
import sun.security.ssl.SSLHandshake;

/* loaded from: input_file:win/1.8.0_412/lib/jsse.jar:sun/security/ssl/KrbClientKeyExchange.class */
final class KrbClientKeyExchange {
    static final SSLConsumer krbHandshakeConsumer = new KrbClientKeyExchangeConsumer();
    static final HandshakeProducer krbHandshakeProducer = new KrbClientKeyExchangeProducer();

    /* loaded from: input_file:win/1.8.0_412/lib/jsse.jar:sun/security/ssl/KrbClientKeyExchange$KrbClientKeyExchangeConsumer.class */
    private static final class KrbClientKeyExchangeConsumer implements SSLConsumer {
        private KrbClientKeyExchangeConsumer() {
        }

        @Override // sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            Object obj = null;
            Iterator<SSLPossession> it = serverHandshakeContext.handshakePossessions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof KrbKeyExchange.KrbServiceCreds) {
                    obj = ((KrbKeyExchange.KrbServiceCreds) next).serviceCreds;
                    break;
                }
            }
            if (obj == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "No Kerberos service credentials for KRB Client Key Exchange");
            }
            KrbClientKeyExchangeMessage krbClientKeyExchangeMessage = new KrbClientKeyExchangeMessage(serverHandshakeContext, byteBuffer, obj, serverHandshakeContext.conContext.acc);
            KrbKeyExchange.KrbPremasterSecret decode = KrbKeyExchange.KrbPremasterSecret.decode(serverHandshakeContext.negotiatedProtocol, ProtocolVersion.valueOf(serverHandshakeContext.clientHelloVersion), krbClientKeyExchangeMessage.getPlainPreMasterSecret(), serverHandshakeContext.sslContext.getSecureRandom());
            serverHandshakeContext.handshakeSession.setPeerPrincipal(krbClientKeyExchangeMessage.getPeerPrincipal());
            serverHandshakeContext.handshakeSession.setLocalPrincipal(krbClientKeyExchangeMessage.getLocalPrincipal());
            serverHandshakeContext.handshakeCredentials.add(decode);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming KRB5 ClientKeyExchange handshake message", krbClientKeyExchangeMessage);
            }
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(serverHandshakeContext.negotiatedCipherSuite.keyExchange, serverHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SecretKey deriveKey = valueOf.createKeyDerivation(serverHandshakeContext).deriveKey("MasterSecret", null);
            serverHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(serverHandshakeContext.negotiatedProtocol);
            if (valueOf2 == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + ((Object) serverHandshakeContext.negotiatedProtocol));
            }
            serverHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(serverHandshakeContext, deriveKey);
        }
    }

    /* loaded from: input_file:win/1.8.0_412/lib/jsse.jar:sun/security/ssl/KrbClientKeyExchange$KrbClientKeyExchangeMessage.class */
    private static final class KrbClientKeyExchangeMessage extends SSLHandshake.HandshakeMessage {
        private static final String KRB5_CLASS_NAME = "sun.security.ssl.krb5.KrbClientKeyExchangeHelperImpl";
        private static final Class<?> krb5Class = (Class) AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { // from class: sun.security.ssl.KrbClientKeyExchange.KrbClientKeyExchangeMessage.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            /* renamed from: run */
            public Class<?> run2() {
                try {
                    return Class.forName(KrbClientKeyExchangeMessage.KRB5_CLASS_NAME, true, null);
                } catch (ClassNotFoundException e) {
                    return null;
                }
            }
        });
        private final KrbClientKeyExchangeHelper krb5Helper;

        private static KrbClientKeyExchangeHelper newKrb5Instance() {
            if (krb5Class == null) {
                return null;
            }
            try {
                return (KrbClientKeyExchangeHelper) krb5Class.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
                throw new AssertionError(e);
            }
        }

        private KrbClientKeyExchangeMessage(HandshakeContext handshakeContext) {
            super(handshakeContext);
            KrbClientKeyExchangeHelper newKrb5Instance = newKrb5Instance();
            this.krb5Helper = newKrb5Instance;
            if (newKrb5Instance == null) {
                throw new IllegalStateException("Kerberos is unavailable");
            }
        }

        KrbClientKeyExchangeMessage(HandshakeContext handshakeContext, byte[] bArr, String str, AccessControlContext accessControlContext) throws IOException {
            this(handshakeContext);
            this.krb5Helper.init(bArr, str, accessControlContext);
        }

        KrbClientKeyExchangeMessage(HandshakeContext handshakeContext, ByteBuffer byteBuffer, Object obj, AccessControlContext accessControlContext) throws IOException {
            this(handshakeContext);
            byte[] bytes16 = Record.getBytes16(byteBuffer);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("encoded Kerberos service ticket", bytes16);
            }
            Record.getBytes16(byteBuffer);
            byte[] bytes162 = Record.getBytes16(byteBuffer);
            if (bytes162 != null && SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("encrypted Kerberos pre-master secret", bytes162);
            }
            this.krb5Helper.init(bytes16, bytes162, obj, accessControlContext);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_KEY_EXCHANGE;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        int messageLength() {
            return 6 + this.krb5Helper.getEncodedTicket().length + this.krb5Helper.getEncryptedPreMasterSecret().length;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.krb5Helper.getEncodedTicket());
            handshakeOutStream.putBytes16(null);
            handshakeOutStream.putBytes16(this.krb5Helper.getEncryptedPreMasterSecret());
        }

        byte[] getPlainPreMasterSecret() {
            return this.krb5Helper.getPlainPreMasterSecret();
        }

        Principal getPeerPrincipal() {
            return this.krb5Helper.getPeerPrincipal();
        }

        Principal getLocalPrincipal() {
            return this.krb5Helper.getLocalPrincipal();
        }

        public String toString() {
            MessageFormat messageFormat = new MessageFormat("\"KRB5 ClientKeyExchange\": '{'\n  \"ticket\": '{'\n{0}\n  '}'\n  \"pre-master\": '{'\n    \"plain\": '{'\n{1}\n    '}'\n    \"encrypted\": '{'\n{2}\n    '}'\n  '}'\n'}'", Locale.ENGLISH);
            HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
            return messageFormat.format(new Object[]{Utilities.indent(hexDumpEncoder.encodeBuffer(this.krb5Helper.getEncodedTicket()), Constants.INDENT), Utilities.indent(hexDumpEncoder.encodeBuffer(this.krb5Helper.getPlainPreMasterSecret()), "      "), Utilities.indent(hexDumpEncoder.encodeBuffer(this.krb5Helper.getEncryptedPreMasterSecret()), "      ")});
        }
    }

    /* loaded from: input_file:win/1.8.0_412/lib/jsse.jar:sun/security/ssl/KrbClientKeyExchange$KrbClientKeyExchangeProducer.class */
    private static final class KrbClientKeyExchangeProducer implements HandshakeProducer {
        private KrbClientKeyExchangeProducer() {
        }

        @Override // sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            String str = null;
            if (clientHandshakeContext.negotiatedServerName == null) {
                str = clientHandshakeContext.handshakeSession.getPeerHost();
            } else if (clientHandshakeContext.negotiatedServerName.getType() == 0) {
                SNIHostName sNIHostName = null;
                if (clientHandshakeContext.negotiatedServerName instanceof SNIHostName) {
                    sNIHostName = (SNIHostName) clientHandshakeContext.negotiatedServerName;
                } else {
                    try {
                        sNIHostName = new SNIHostName(clientHandshakeContext.negotiatedServerName.getEncoded());
                    } catch (IllegalArgumentException e) {
                    }
                }
                if (sNIHostName != null) {
                    str = sNIHostName.getAsciiName();
                }
            }
            try {
                KrbKeyExchange.KrbPremasterSecret createPremasterSecret = KrbKeyExchange.KrbPremasterSecret.createPremasterSecret(clientHandshakeContext.negotiatedProtocol, clientHandshakeContext.sslContext.getSecureRandom());
                KrbClientKeyExchangeMessage krbClientKeyExchangeMessage = new KrbClientKeyExchangeMessage(clientHandshakeContext, createPremasterSecret.preMaster, str, clientHandshakeContext.conContext.acc);
                clientHandshakeContext.handshakePossessions.add(createPremasterSecret);
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Produced KRB5 ClientKeyExchange handshake message", krbClientKeyExchangeMessage);
                }
                clientHandshakeContext.handshakeSession.setPeerPrincipal(krbClientKeyExchangeMessage.getPeerPrincipal());
                clientHandshakeContext.handshakeSession.setLocalPrincipal(krbClientKeyExchangeMessage.getLocalPrincipal());
                krbClientKeyExchangeMessage.write(clientHandshakeContext.handshakeOutput);
                clientHandshakeContext.handshakeOutput.flush();
                SSLKeyExchange valueOf = SSLKeyExchange.valueOf(clientHandshakeContext.negotiatedCipherSuite.keyExchange, clientHandshakeContext.negotiatedProtocol);
                if (valueOf == null) {
                    throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
                }
                SecretKey deriveKey = valueOf.createKeyDerivation(clientHandshakeContext).deriveKey("MasterSecret", null);
                clientHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
                SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(clientHandshakeContext.negotiatedProtocol);
                if (valueOf2 == null) {
                    throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + ((Object) clientHandshakeContext.negotiatedProtocol));
                }
                clientHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(clientHandshakeContext, deriveKey);
                return null;
            } catch (IOException e2) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Error generating KRB premaster secret. Hostname: " + str + " - Negotiated server name: " + ((Object) clientHandshakeContext.negotiatedServerName), new Object[0]);
                }
                throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Cannot generate KRB premaster secret", e2);
            }
        }
    }

    KrbClientKeyExchange() {
    }
}
