package org.openjsse.sun.security.ssl;

import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
import java.util.Locale;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.openjsse.sun.security.ssl.SSLCipher;
import org.openjsse.sun.security.ssl.SSLHandshake;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class KeyUpdate {
    public static final SSLConsumer handshakeConsumer;
    public static final HandshakeProducer handshakeProducer;
    public static final SSLProducer kickstartProducer;

    /* loaded from: classes.dex */
    public static final class KeyUpdateConsumer implements SSLConsumer {
        private KeyUpdateConsumer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) {
            PostHandshakeContext postHandshakeContext = (PostHandshakeContext) connectionContext;
            KeyUpdateMessage keyUpdateMessage = new KeyUpdateMessage(postHandshakeContext, byteBuffer);
            boolean z5 = SSLLogger.isOn;
            if (z5 && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming KeyUpdate post-handshake message", keyUpdateMessage);
            }
            SSLTrafficKeyDerivation valueOf = SSLTrafficKeyDerivation.valueOf(postHandshakeContext.conContext.protocolVersion);
            if (valueOf == null) {
                TransportContext transportContext = postHandshakeContext.conContext;
                Alert alert = Alert.INTERNAL_ERROR;
                StringBuilder y5 = androidx.activity.b.y("Not supported key derivation: ");
                y5.append(postHandshakeContext.conContext.protocolVersion);
                throw transportContext.fatal(alert, y5.toString());
            }
            SSLKeyDerivation createKeyDerivation = valueOf.createKeyDerivation(postHandshakeContext, postHandshakeContext.conContext.inputRecord.readCipher.baseSecret);
            if (createKeyDerivation == null) {
                throw postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "no key derivation");
            }
            SecretKey deriveKey = createKeyDerivation.deriveKey("TlsUpdateNplus1", null);
            SSLKeyDerivation createKeyDerivation2 = valueOf.createKeyDerivation(postHandshakeContext, deriveKey);
            try {
                SSLCipher.SSLReadCipher createReadCipher = postHandshakeContext.negotiatedCipherSuite.bulkCipher.createReadCipher(Authenticator.valueOf(postHandshakeContext.conContext.protocolVersion), postHandshakeContext.conContext.protocolVersion, createKeyDerivation2.deriveKey("TlsKey", null), new IvParameterSpec(createKeyDerivation2.deriveKey("TlsIv", null).getEncoded()), postHandshakeContext.sslContext.getSecureRandom());
                if (createReadCipher == null) {
                    throw postHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Illegal cipher suite (" + postHandshakeContext.negotiatedCipherSuite + ") and protocol version (" + postHandshakeContext.negotiatedProtocol + ")");
                }
                createReadCipher.baseSecret = deriveKey;
                postHandshakeContext.conContext.inputRecord.changeReadCiphers(createReadCipher);
                if (z5 && SSLLogger.isOn("ssl")) {
                    SSLLogger.fine("KeyUpdate: read key updated", new Object[0]);
                }
                if (keyUpdateMessage.status == KeyUpdateRequest.REQUESTED) {
                    KeyUpdate.handshakeProducer.produce(postHandshakeContext, new KeyUpdateMessage(postHandshakeContext, KeyUpdateRequest.NOTREQUESTED));
                } else {
                    postHandshakeContext.conContext.finishPostHandshake();
                }
            } catch (GeneralSecurityException e5) {
                throw postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Failure to derive read secrets", e5);
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class KeyUpdateKickstartProducer implements SSLProducer {
        private KeyUpdateKickstartProducer() {
        }

        @Override // org.openjsse.sun.security.ssl.SSLProducer
        public byte[] produce(ConnectionContext connectionContext) {
            return KeyUpdate.handshakeProducer.produce(connectionContext, new KeyUpdateMessage((PostHandshakeContext) connectionContext, KeyUpdateRequest.REQUESTED));
        }
    }

    /* loaded from: classes.dex */
    public static final class KeyUpdateMessage extends SSLHandshake.HandshakeMessage {
        private final KeyUpdateRequest status;

        public KeyUpdateMessage(PostHandshakeContext postHandshakeContext, ByteBuffer byteBuffer) {
            super(postHandshakeContext);
            if (byteBuffer.remaining() != 1) {
                TransportContext transportContext = postHandshakeContext.conContext;
                Alert alert = Alert.ILLEGAL_PARAMETER;
                StringBuilder y5 = androidx.activity.b.y("KeyUpdate has an unexpected length of ");
                y5.append(byteBuffer.remaining());
                throw transportContext.fatal(alert, y5.toString());
            }
            byte b6 = byteBuffer.get();
            KeyUpdateRequest valueOf = KeyUpdateRequest.valueOf(b6);
            this.status = valueOf;
            if (valueOf != null) {
                return;
            }
            TransportContext transportContext2 = postHandshakeContext.conContext;
            Alert alert2 = Alert.ILLEGAL_PARAMETER;
            StringBuilder y6 = androidx.activity.b.y("Invalid KeyUpdate message value: ");
            y6.append(KeyUpdateRequest.nameOf(b6));
            throw transportContext2.fatal(alert2, y6.toString());
        }

        public KeyUpdateMessage(PostHandshakeContext postHandshakeContext, KeyUpdateRequest keyUpdateRequest) {
            super(postHandshakeContext);
            this.status = keyUpdateRequest;
        }

        @Override // org.openjsse.sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.KEY_UPDATE;
        }

        @Override // org.openjsse.sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            return 1;
        }

        @Override // org.openjsse.sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) {
            handshakeOutStream.putInt8(this.status.id);
        }

        public String toString() {
            return new MessageFormat("\"KeyUpdate\": '{'\n  \"request_update\": {0}\n'}'", Locale.ENGLISH).format(new Object[]{this.status.name});
        }
    }

    /* loaded from: classes.dex */
    public static final class KeyUpdateProducer implements HandshakeProducer {
        private KeyUpdateProducer() {
        }

        @Override // org.openjsse.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) {
            PostHandshakeContext postHandshakeContext = (PostHandshakeContext) connectionContext;
            KeyUpdateMessage keyUpdateMessage = (KeyUpdateMessage) handshakeMessage;
            boolean z5 = SSLLogger.isOn;
            if (z5 && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced KeyUpdate post-handshake message", keyUpdateMessage);
            }
            SSLTrafficKeyDerivation valueOf = SSLTrafficKeyDerivation.valueOf(postHandshakeContext.conContext.protocolVersion);
            if (valueOf == null) {
                TransportContext transportContext = postHandshakeContext.conContext;
                Alert alert = Alert.INTERNAL_ERROR;
                StringBuilder y5 = androidx.activity.b.y("Not supported key derivation: ");
                y5.append(postHandshakeContext.conContext.protocolVersion);
                throw transportContext.fatal(alert, y5.toString());
            }
            SSLKeyDerivation createKeyDerivation = valueOf.createKeyDerivation(postHandshakeContext, postHandshakeContext.conContext.outputRecord.writeCipher.baseSecret);
            if (createKeyDerivation == null) {
                throw postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "no key derivation");
            }
            SecretKey deriveKey = createKeyDerivation.deriveKey("TlsUpdateNplus1", null);
            SSLKeyDerivation createKeyDerivation2 = valueOf.createKeyDerivation(postHandshakeContext, deriveKey);
            try {
                SSLCipher.SSLWriteCipher createWriteCipher = postHandshakeContext.negotiatedCipherSuite.bulkCipher.createWriteCipher(Authenticator.valueOf(postHandshakeContext.conContext.protocolVersion), postHandshakeContext.conContext.protocolVersion, createKeyDerivation2.deriveKey("TlsKey", null), new IvParameterSpec(createKeyDerivation2.deriveKey("TlsIv", null).getEncoded()), postHandshakeContext.sslContext.getSecureRandom());
                if (createWriteCipher != null) {
                    createWriteCipher.baseSecret = deriveKey;
                    postHandshakeContext.conContext.outputRecord.changeWriteCiphers(createWriteCipher, keyUpdateMessage.status.id);
                    if (z5 && SSLLogger.isOn("ssl")) {
                        SSLLogger.fine("KeyUpdate: write key updated", new Object[0]);
                    }
                    postHandshakeContext.conContext.finishPostHandshake();
                    return null;
                }
                TransportContext transportContext2 = postHandshakeContext.conContext;
                Alert alert2 = Alert.ILLEGAL_PARAMETER;
                StringBuilder y6 = androidx.activity.b.y("Illegal cipher suite (");
                y6.append(postHandshakeContext.negotiatedCipherSuite);
                y6.append(") and protocol version (");
                y6.append(postHandshakeContext.negotiatedProtocol);
                y6.append(")");
                throw transportContext2.fatal(alert2, y6.toString());
            } catch (GeneralSecurityException e5) {
                throw postHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Failure to derive write secrets", e5);
            }
        }
    }

    /* loaded from: classes.dex */
    public enum KeyUpdateRequest {
        NOTREQUESTED((byte) 0, "update_not_requested"),
        REQUESTED((byte) 1, "update_requested");

        public final byte id;
        public final String name;

        KeyUpdateRequest(byte b6, String str) {
            this.id = b6;
            this.name = str;
        }

        public static String nameOf(byte b6) {
            for (KeyUpdateRequest keyUpdateRequest : values()) {
                if (keyUpdateRequest.id == b6) {
                    return keyUpdateRequest.name;
                }
            }
            return p.g.c(androidx.activity.b.y("<UNKNOWN KeyUpdateRequest TYPE: "), b6 & 255, ">");
        }

        public static KeyUpdateRequest valueOf(byte b6) {
            for (KeyUpdateRequest keyUpdateRequest : values()) {
                if (keyUpdateRequest.id == b6) {
                    return keyUpdateRequest;
                }
            }
            return null;
        }
    }

    static {
        kickstartProducer = new KeyUpdateKickstartProducer();
        handshakeConsumer = new KeyUpdateConsumer();
        handshakeProducer = new KeyUpdateProducer();
    }
}
