package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Iterator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import sun.security.ssl.Krb5Authentication;
import sun.security.ssl.Krb5KeyExchange;
import sun.security.ssl.SSLHandshake;

/* loaded from: input_file:sun/security/ssl/Krb5ClientKeyExchange.class */
final class Krb5ClientKeyExchange {
    static final SSLConsumer krb5HandshakeConsumer = new Krb5ClientKeyExchangeConsumer();
    static final HandshakeProducer krb5HandshakeProducer = new Krb5ClientKeyExchangeProducer();

    /* loaded from: input_file:sun/security/ssl/Krb5ClientKeyExchange$Krb5ClientKeyExchangeConsumer.class */
    private static final class Krb5ClientKeyExchangeConsumer implements SSLConsumer {
        private Krb5ClientKeyExchangeConsumer() {
        }

        @Override // sun.security.ssl.SSLConsumer
        public void consume(ConnectionContext connectionContext, ByteBuffer byteBuffer) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            Krb5Authentication.Krb5Possession krb5Possession = null;
            Iterator<SSLPossession> it = serverHandshakeContext.handshakePossessions.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SSLPossession next = it.next();
                if (next instanceof Krb5Authentication.Krb5Possession) {
                    krb5Possession = (Krb5Authentication.Krb5Possession) next;
                    break;
                }
            }
            if (krb5Possession == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "No Kerberos possessions negotiated for client key exchange");
            }
            KerberosClientKeyExchange kerberosClientKeyExchange = new KerberosClientKeyExchange(serverHandshakeContext.negotiatedProtocol, ProtocolVersion.valueOf(serverHandshakeContext.clientHelloVersion), serverHandshakeContext.sslContext.getSecureRandom(), byteBuffer, serverHandshakeContext.conContext.acc, krb5Possession.serviceCreds);
            Krb5ClientKeyExchangeMessage krb5ClientKeyExchangeMessage = new Krb5ClientKeyExchangeMessage(serverHandshakeContext, kerberosClientKeyExchange);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Consuming KRB5 ClientKeyExchange handshake message", krb5ClientKeyExchangeMessage);
            }
            serverHandshakeContext.handshakeSession.setPeerPrincipal(kerberosClientKeyExchange.mo165getPeerPrincipal());
            serverHandshakeContext.handshakeSession.setLocalPrincipal(kerberosClientKeyExchange.mo164getLocalPrincipal());
            serverHandshakeContext.handshakeCredentials.add(new Krb5KeyExchange.Krb5PremasterSecret(new SecretKeySpec(kerberosClientKeyExchange.getUnencryptedPreMasterSecret(), "TlsPremasterSecret")));
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(serverHandshakeContext.negotiatedCipherSuite.keyExchange, serverHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SecretKey deriveKey = valueOf.createKeyDerivation(serverHandshakeContext).deriveKey("MasterSecret", null);
            serverHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(serverHandshakeContext.negotiatedProtocol);
            if (valueOf2 == null) {
                throw serverHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + serverHandshakeContext.negotiatedProtocol);
            }
            serverHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(serverHandshakeContext, deriveKey);
        }
    }

    /* loaded from: input_file:sun/security/ssl/Krb5ClientKeyExchange$Krb5ClientKeyExchangeMessage.class */
    private static final class Krb5ClientKeyExchangeMessage extends SSLHandshake.HandshakeMessage {
        KerberosClientKeyExchange legacy;

        Krb5ClientKeyExchangeMessage(HandshakeContext handshakeContext, KerberosClientKeyExchange kerberosClientKeyExchange) {
            super(handshakeContext);
            this.legacy = kerberosClientKeyExchange;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public SSLHandshake handshakeType() {
            return SSLHandshake.CLIENT_KEY_EXCHANGE;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public int messageLength() {
            if (this.legacy != null) {
                return this.legacy.messageLength();
            }
            return 0;
        }

        @Override // sun.security.ssl.SSLHandshake.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            if (this.legacy != null) {
                this.legacy.send(handshakeOutStream);
            }
        }

        public String toString() {
            return this.legacy != null ? this.legacy.toString() : "\"KRB5 ClientKeyExchange\": '{'\n  \"legacy implementation\": null\n'}'";
        }
    }

    /* loaded from: input_file:sun/security/ssl/Krb5ClientKeyExchange$Krb5ClientKeyExchangeProducer.class */
    private static final class Krb5ClientKeyExchangeProducer implements HandshakeProducer {
        private Krb5ClientKeyExchangeProducer() {
        }

        @Override // sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            String str = null;
            Iterator<SNIServerName> it = clientHandshakeContext.requestedServerNames.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SNIServerName next = it.next();
                if (next instanceof SNIHostName) {
                    str = ((SNIHostName) next).getAsciiName();
                    break;
                }
            }
            KerberosClientKeyExchange kerberosClientKeyExchange = null;
            if (str != null) {
                try {
                    kerberosClientKeyExchange = new KerberosClientKeyExchange(str, clientHandshakeContext.conContext.acc, clientHandshakeContext.negotiatedProtocol, clientHandshakeContext.sslContext.getSecureRandom());
                } catch (IOException e) {
                    if (clientHandshakeContext.serverNamesAccepted) {
                        throw e;
                    }
                    if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
                        SSLLogger.warning("Cannot use Server Name Indication: " + e.getMessage(), new Object[0]);
                    }
                }
            }
            if (kerberosClientKeyExchange == null) {
                String peerHost = clientHandshakeContext.handshakeSession.getPeerHost();
                if (peerHost == null) {
                    throw new IOException("Hostname is required to use Kerberos cipher suites");
                }
                kerberosClientKeyExchange = new KerberosClientKeyExchange(peerHost, clientHandshakeContext.conContext.acc, clientHandshakeContext.negotiatedProtocol, clientHandshakeContext.sslContext.getSecureRandom());
            }
            clientHandshakeContext.handshakeSession.setPeerPrincipal(kerberosClientKeyExchange.mo165getPeerPrincipal());
            clientHandshakeContext.handshakeSession.setLocalPrincipal(kerberosClientKeyExchange.mo164getLocalPrincipal());
            Krb5ClientKeyExchangeMessage krb5ClientKeyExchangeMessage = new Krb5ClientKeyExchangeMessage(clientHandshakeContext, kerberosClientKeyExchange);
            if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                SSLLogger.fine("Produced KRB5 ClientKeyExchange handshake message", krb5ClientKeyExchangeMessage);
            }
            krb5ClientKeyExchangeMessage.write(clientHandshakeContext.handshakeOutput);
            clientHandshakeContext.handshakeOutput.flush();
            clientHandshakeContext.handshakePossessions.add(new Krb5KeyExchange.Krb5PremasterSecret(new SecretKeySpec(kerberosClientKeyExchange.getUnencryptedPreMasterSecret(), "TlsPremasterSecret")));
            SSLKeyExchange valueOf = SSLKeyExchange.valueOf(clientHandshakeContext.negotiatedCipherSuite.keyExchange, clientHandshakeContext.negotiatedProtocol);
            if (valueOf == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key exchange type");
            }
            SecretKey deriveKey = valueOf.createKeyDerivation(clientHandshakeContext).deriveKey("MasterSecret", null);
            clientHandshakeContext.handshakeSession.setMasterSecret(deriveKey);
            SSLTrafficKeyDerivation valueOf2 = SSLTrafficKeyDerivation.valueOf(clientHandshakeContext.negotiatedProtocol);
            if (valueOf2 == null) {
                throw clientHandshakeContext.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + clientHandshakeContext.negotiatedProtocol);
            }
            clientHandshakeContext.handshakeKeyDerivation = valueOf2.createKeyDerivation(clientHandshakeContext, deriveKey);
            return null;
        }
    }

    Krb5ClientKeyExchange() {
    }
}
