package sun.security.ssl;

import java.io.IOException;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLProtocolException;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:libs/Autorizador.jar:sun/security/ssl/RSAClientKeyExchange.class */
public final class RSAClientKeyExchange extends HandshakeMessage {
    private static final String PROP_NAME = "com.sun.net.ssl.rsaPreMasterSecretFix";
    private static final boolean rsaPreMasterSecretFix = Debug.getBooleanProperty(PROP_NAME, false);
    private ProtocolVersion protocolVersion;
    SecretKey preMaster;
    private byte[] encrypted;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RSAClientKeyExchange(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, PublicKey publicKey) throws IOException {
        byte b;
        byte b2;
        if (!publicKey.getAlgorithm().equals("RSA")) {
            throw new SSLKeyException("Public key not of type RSA");
        }
        this.protocolVersion = protocolVersion;
        if (rsaPreMasterSecretFix || protocolVersion2.v >= ProtocolVersion.TLS11.v) {
            b = protocolVersion2.major;
            b2 = protocolVersion2.minor;
        } else {
            b = protocolVersion.major;
            b2 = protocolVersion.minor;
        }
        try {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(protocolVersion.v >= ProtocolVersion.TLS12.v ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
            keyGenerator.init((AlgorithmParameterSpec) new TlsRsaPremasterSecretParameterSpec(b, b2), secureRandom);
            this.preMaster = keyGenerator.generateKey();
            Cipher cipher = JsseJce.getCipher("RSA/ECB/PKCS1Padding");
            cipher.init(3, publicKey, secureRandom);
            this.encrypted = cipher.wrap(this.preMaster);
        } catch (GeneralSecurityException e) {
            throw ((SSLKeyException) new SSLKeyException("RSA premaster secret error").initCause(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RSAClientKeyExchange(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, HandshakeInStream handshakeInStream, int i, PrivateKey privateKey) throws IOException {
        if (!privateKey.getAlgorithm().equals("RSA")) {
            throw new SSLKeyException("Private key not of type RSA");
        }
        if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
            this.encrypted = handshakeInStream.getBytes16();
        } else {
            this.encrypted = new byte[i];
            if (handshakeInStream.read(this.encrypted) != i) {
                throw new SSLProtocolException("SSL: read PreMasterSecret: short read");
            }
        }
        try {
            Cipher cipher = JsseJce.getCipher("RSA/ECB/PKCS1Padding");
            cipher.init(4, privateKey);
            this.preMaster = (SecretKey) cipher.unwrap(this.encrypted, "TlsRsaPremasterSecret", 3);
            this.preMaster = polishPreMasterSecretKey(protocolVersion, protocolVersion2, secureRandom, this.preMaster, null);
        } catch (Exception e) {
            this.preMaster = polishPreMasterSecretKey(protocolVersion, protocolVersion2, secureRandom, null, e);
        }
    }

    private SecretKey polishPreMasterSecretKey(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, SecretKey secretKey, Exception exc) {
        this.protocolVersion = protocolVersion2;
        if (exc == null && secretKey != null) {
            byte[] encoded = secretKey.getEncoded();
            if (encoded == null) {
                if (debug != null && Debug.isOn("handshake")) {
                    System.out.println("unable to get the plaintext of the premaster secret");
                }
                return secretKey;
            }
            if (encoded.length == 48) {
                if (protocolVersion2.major == encoded[0] && protocolVersion2.minor == encoded[1]) {
                    return secretKey;
                }
                if (protocolVersion2.v <= ProtocolVersion.TLS10.v && protocolVersion.major == encoded[0] && protocolVersion.minor == encoded[1]) {
                    this.protocolVersion = protocolVersion;
                    return secretKey;
                }
                if (debug != null && Debug.isOn("handshake")) {
                    System.out.println("Mismatching Protocol Versions, ClientHello.client_version is " + protocolVersion2 + ", while PreMasterSecret.client_version is " + ProtocolVersion.valueOf(encoded[0], encoded[1]));
                }
            } else if (debug != null && Debug.isOn("handshake")) {
                System.out.println("incorrect length of premaster secret: " + encoded.length);
            }
        }
        if (debug != null && Debug.isOn("handshake")) {
            if (exc != null) {
                System.out.println("Error decrypting premaster secret:");
                exc.printStackTrace(System.out);
            }
            System.out.println("Generating random secret");
        }
        return generateDummySecret(protocolVersion2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey generateDummySecret(ProtocolVersion protocolVersion) {
        try {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(protocolVersion.v >= ProtocolVersion.TLS12.v ? "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
            keyGenerator.init((AlgorithmParameterSpec) new TlsRsaPremasterSecretParameterSpec(protocolVersion.major, protocolVersion.minor));
            return keyGenerator.generateKey();
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Could not generate dummy secret", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.ssl.HandshakeMessage
    public int messageType() {
        return 16;
    }

    @Override // sun.security.ssl.HandshakeMessage
    int messageLength() {
        return this.protocolVersion.v >= ProtocolVersion.TLS10.v ? this.encrypted.length + 2 : this.encrypted.length;
    }

    @Override // sun.security.ssl.HandshakeMessage
    void send(HandshakeOutStream handshakeOutStream) throws IOException {
        if (this.protocolVersion.v >= ProtocolVersion.TLS10.v) {
            handshakeOutStream.putBytes16(this.encrypted);
        } else {
            handshakeOutStream.write(this.encrypted);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // sun.security.ssl.HandshakeMessage
    public void print(PrintStream printStream) throws IOException {
        printStream.println("*** ClientKeyExchange, RSA PreMasterSecret, " + this.protocolVersion);
    }
}
