package sun.security.pkcs11;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
import sun.security.pkcs11.wrapper.CK_MECHANISM;
import sun.security.pkcs11.wrapper.CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
import sun.security.pkcs11.wrapper.CK_SSL3_RANDOM_DATA;
import sun.security.pkcs11.wrapper.CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
import sun.security.pkcs11.wrapper.CK_VERSION;
import sun.security.pkcs11.wrapper.Functions;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* JADX WARN: Classes with same name are omitted:
  input_file:uab-bootstrap-1.2.10/bin/java/unix/1.8.0_265/lib/ext/sunpkcs11.jar:sun/security/pkcs11/P11TlsMasterSecretGenerator.class
 */
/* loaded from: input_file:uab-bootstrap-1.2.10/bin/java/win/1.8.0_265/lib/ext/sunpkcs11.jar:sun/security/pkcs11/P11TlsMasterSecretGenerator.class */
public final class P11TlsMasterSecretGenerator extends KeyGeneratorSpi {
    private static final String MSG = "TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec";
    private final Token token;
    private final String algorithm;
    private long mechanism;
    private TlsMasterSecretParameterSpec spec;
    private P11Key p11Key;
    int version;

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11TlsMasterSecretGenerator(Token token, String str, long j) throws PKCS11Exception {
        this.token = token;
        this.algorithm = str;
        this.mechanism = j;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof TlsMasterSecretParameterSpec)) {
            throw new InvalidAlgorithmParameterException(MSG);
        }
        this.spec = (TlsMasterSecretParameterSpec) algorithmParameterSpec;
        try {
            this.p11Key = P11SecretKeyFactory.convertKey(this.token, this.spec.getPremasterSecret(), null);
            this.version = (this.spec.getMajorVersion() << 8) | this.spec.getMinorVersion();
            if (this.version < 768 && this.version > 771) {
                throw new InvalidAlgorithmParameterException("Only SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 are supported");
            }
        } catch (InvalidKeyException e) {
            throw new InvalidAlgorithmParameterException("init() failed", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(int i, SecureRandom secureRandom) {
        throw new InvalidParameterException(MSG);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public SecretKey engineGenerateKey() {
        byte b;
        byte b2;
        if (this.spec == null) {
            throw new IllegalStateException("TlsMasterSecretGenerator must be initialized");
        }
        boolean equals = this.p11Key.getAlgorithm().equals("TlsRsaPremasterSecret");
        if (this.version == 768) {
            this.mechanism = equals ? 881L : 883L;
        } else if (this.version == 769 || this.version == 770) {
            this.mechanism = equals ? 885L : 887L;
        } else if (this.version == 771) {
            this.mechanism = equals ? 992L : 994L;
        }
        CK_VERSION ck_version = equals ? new CK_VERSION(0, 0) : null;
        CK_SSL3_RANDOM_DATA ck_ssl3_random_data = new CK_SSL3_RANDOM_DATA(this.spec.getClientRandom(), this.spec.getServerRandom());
        CK_MECHANISM ck_mechanism = null;
        if (this.version < 771) {
            ck_mechanism = new CK_MECHANISM(this.mechanism, new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(ck_ssl3_random_data, ck_version));
        } else if (this.version == 771) {
            ck_mechanism = new CK_MECHANISM(this.mechanism, new CK_TLS12_MASTER_KEY_DERIVE_PARAMS(ck_ssl3_random_data, ck_version, Functions.getHashMechId(this.spec.getPRFHashAlg())));
        }
        Session session = null;
        long keyID = this.p11Key.getKeyID();
        try {
            try {
                session = this.token.getObjSession();
                CK_ATTRIBUTE[] attributes = this.token.getAttributes("generate", 4L, 16L, new CK_ATTRIBUTE[0]);
                long C_DeriveKey = this.token.p11.C_DeriveKey(session.id(), ck_mechanism, keyID, attributes);
                if (ck_version == null) {
                    b = -1;
                    b2 = -1;
                } else {
                    b = ck_version.major;
                    b2 = ck_version.minor;
                }
                SecretKey masterSecretKey = P11Key.masterSecretKey(session, C_DeriveKey, "TlsMasterSecret", 384, attributes, b, b2);
                this.p11Key.releaseKeyID();
                this.token.releaseSession(session);
                return masterSecretKey;
            } catch (Exception e) {
                throw new ProviderException("Could not generate key", e);
            }
        } catch (Throwable th) {
            this.p11Key.releaseKeyID();
            this.token.releaseSession(session);
            throw th;
        }
    }
}
