package org.openjsse.sun.security.ssl;

import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SSLException;
import org.openjsse.sun.security.ssl.SSLCipher;
import org.openjsse.sun.security.ssl.SSLHandshake;
import org.openjsse.sun.security.ssl.SSLTrafficKeyDerivation;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class ChangeCipherSpec {
    public static final SSLConsumer t10Consumer;
    public static final HandshakeProducer t10Producer;
    public static final SSLConsumer t13Consumer;

    /* loaded from: classes.dex */
    public static final class T10ChangeCipherSpecConsumer implements SSLConsumer {
        private T10ChangeCipherSpecConsumer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) {
            Authenticator valueOf;
            TransportContext transportContext = (TransportContext) connectionContext;
            transportContext.consumers.remove(Byte.valueOf(ContentType.CHANGE_CIPHER_SPEC.id));
            if (byteBuffer.remaining() != 1 || byteBuffer.get() != 1) {
                throw transportContext.fatal(Alert.UNEXPECTED_MESSAGE, "Malformed or unexpected ChangeCipherSpec message");
            }
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming ChangeCipherSpec message", new Object[0]);
            }
            HandshakeContext handshakeContext = transportContext.handshakeContext;
            if (handshakeContext == null) {
                throw transportContext.fatal(Alert.HANDSHAKE_FAILURE, "Unexpected ChangeCipherSpec message");
            }
            SSLKeyDerivation sSLKeyDerivation = handshakeContext.handshakeKeyDerivation;
            if (sSLKeyDerivation == null) {
                throw transportContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unexpected ChangeCipherSpec message");
            }
            if (!(sSLKeyDerivation instanceof SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation)) {
                throw new UnsupportedOperationException("Not supported.");
            }
            SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation legacyTrafficKeyDerivation = (SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation) sSLKeyDerivation;
            CipherSuite cipherSuite = handshakeContext.negotiatedCipherSuite;
            if (cipherSuite.bulkCipher.cipherType == CipherType.AEAD_CIPHER) {
                valueOf = Authenticator.valueOf(handshakeContext.negotiatedProtocol);
            } else {
                try {
                    valueOf = Authenticator.valueOf(handshakeContext.negotiatedProtocol, cipherSuite.macAlg, legacyTrafficKeyDerivation.getTrafficKey(handshakeContext.sslConfig.isClientMode ? "serverMacKey" : "clientMacKey"));
                } catch (InvalidKeyException | NoSuchAlgorithmException e5) {
                    throw new SSLException("Algorithm missing:  ", e5);
                }
            }
            Authenticator authenticator = valueOf;
            SecretKey trafficKey = legacyTrafficKeyDerivation.getTrafficKey(handshakeContext.sslConfig.isClientMode ? "serverWriteKey" : "clientWriteKey");
            SecretKey trafficKey2 = legacyTrafficKeyDerivation.getTrafficKey(handshakeContext.sslConfig.isClientMode ? "serverWriteIv" : "clientWriteIv");
            try {
                SSLCipher.SSLReadCipher createReadCipher = cipherSuite.bulkCipher.createReadCipher(authenticator, handshakeContext.negotiatedProtocol, trafficKey, trafficKey2 == null ? null : new IvParameterSpec(trafficKey2.getEncoded()), handshakeContext.sslContext.getSecureRandom());
                if (createReadCipher != null) {
                    transportContext.inputRecord.changeReadCiphers(createReadCipher);
                    return;
                }
                TransportContext transportContext2 = handshakeContext.conContext;
                Alert alert = Alert.ILLEGAL_PARAMETER;
                StringBuilder y5 = androidx.activity.b.y("Illegal cipher suite (");
                y5.append(handshakeContext.negotiatedCipherSuite);
                y5.append(") and protocol version (");
                y5.append(handshakeContext.negotiatedProtocol);
                y5.append(")");
                throw transportContext2.fatal(alert, y5.toString());
            } catch (GeneralSecurityException e6) {
                throw new SSLException("Algorithm missing:  ", e6);
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class T10ChangeCipherSpecProducer implements HandshakeProducer {
        private T10ChangeCipherSpecProducer() {
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            Authenticator valueOf;
            HandshakeContext handshakeContext = (HandshakeContext) connectionContext;
            SSLKeyDerivation sSLKeyDerivation = handshakeContext.handshakeKeyDerivation;
            if (!(sSLKeyDerivation instanceof SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation)) {
                throw new UnsupportedOperationException("Not supported.");
            }
            SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation legacyTrafficKeyDerivation = (SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation) sSLKeyDerivation;
            CipherSuite cipherSuite = handshakeContext.negotiatedCipherSuite;
            if (cipherSuite.bulkCipher.cipherType == CipherType.AEAD_CIPHER) {
                valueOf = Authenticator.valueOf(handshakeContext.negotiatedProtocol);
            } else {
                try {
                    valueOf = Authenticator.valueOf(handshakeContext.negotiatedProtocol, cipherSuite.macAlg, legacyTrafficKeyDerivation.getTrafficKey(handshakeContext.sslConfig.isClientMode ? "clientMacKey" : "serverMacKey"));
                } catch (InvalidKeyException | NoSuchAlgorithmException e5) {
                    throw new SSLException("Algorithm missing:  ", e5);
                }
            }
            Authenticator authenticator = valueOf;
            SecretKey trafficKey = legacyTrafficKeyDerivation.getTrafficKey(handshakeContext.sslConfig.isClientMode ? "clientWriteKey" : "serverWriteKey");
            SecretKey trafficKey2 = legacyTrafficKeyDerivation.getTrafficKey(handshakeContext.sslConfig.isClientMode ? "clientWriteIv" : "serverWriteIv");
            try {
                SSLCipher.SSLWriteCipher createWriteCipher = cipherSuite.bulkCipher.createWriteCipher(authenticator, handshakeContext.negotiatedProtocol, trafficKey, trafficKey2 == null ? null : new IvParameterSpec(trafficKey2.getEncoded()), handshakeContext.sslContext.getSecureRandom());
                if (createWriteCipher != null) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.fine("Produced ChangeCipherSpec message", new Object[0]);
                    }
                    handshakeContext.conContext.outputRecord.changeWriteCiphers(createWriteCipher, true);
                    return null;
                }
                throw handshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Illegal cipher suite (" + cipherSuite + ") and protocol version (" + handshakeContext.negotiatedProtocol + ")");
            } catch (GeneralSecurityException e6) {
                throw new SSLException("Algorithm missing:  ", e6);
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class T13ChangeCipherSpecConsumer implements SSLConsumer {
        private T13ChangeCipherSpecConsumer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) {
            TransportContext transportContext = (TransportContext) connectionContext;
            transportContext.consumers.remove(Byte.valueOf(ContentType.CHANGE_CIPHER_SPEC.id));
            if (byteBuffer.remaining() != 1 || byteBuffer.get() != 1) {
                throw transportContext.fatal(Alert.UNEXPECTED_MESSAGE, "Malformed or unexpected ChangeCipherSpec message");
            }
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming ChangeCipherSpec message", new Object[0]);
            }
        }
    }

    static {
        t10Consumer = new T10ChangeCipherSpecConsumer();
        t10Producer = new T10ChangeCipherSpecProducer();
        t13Consumer = new T13ChangeCipherSpecConsumer();
    }
}
