package com.ibm.crypto.provider;

import ibm.security.internal.spec.TlsKeyMaterialParameterSpec;
import ibm.security.internal.spec.TlsKeyMaterialSpec;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:wlp/lib/com.ibm.crypto.ibmkeycert_1.0.15.jar:com/ibm/crypto/provider/TlsKeyMaterialGenerator.class */
public final class TlsKeyMaterialGenerator extends KeyGeneratorSpi {
    private static final String a = null;
    private TlsKeyMaterialParameterSpec b;
    private int c;
    private static String[] z;

    public TlsKeyMaterialGenerator() {
        if (!IBMJCE.a(getClass())) {
            throw new SecurityException(z[9]);
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(java.security.SecureRandom secureRandom) {
        throw new InvalidParameterException(a);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof TlsKeyMaterialParameterSpec)) {
            throw new InvalidAlgorithmParameterException(a);
        }
        this.b = (TlsKeyMaterialParameterSpec) algorithmParameterSpec;
        if (!z[3].equals(this.b.getMasterSecret().getFormat())) {
            throw new InvalidAlgorithmParameterException(z[2]);
        }
        this.c = (this.b.getMajorVersion() << 8) | this.b.getMinorVersion();
        if (this.c < 768 || this.c > 770) {
            throw new InvalidAlgorithmParameterException(z[1]);
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, java.security.SecureRandom secureRandom) {
        throw new InvalidParameterException(a);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        if (this.b == null) {
            throw new IllegalStateException(z[0]);
        }
        try {
            return a();
        } catch (GeneralSecurityException e) {
            throw new ProviderException(e);
        }
    }

    private SecretKey a() throws GeneralSecurityException {
        byte[] a2;
        SecretKeySpec secretKeySpec;
        SecretKeySpec secretKeySpec2;
        byte[] encoded = this.b.getMasterSecret().getEncoded();
        byte[] clientRandom = this.b.getClientRandom();
        byte[] serverRandom = this.b.getServerRandom();
        IvParameterSpec ivParameterSpec = null;
        IvParameterSpec ivParameterSpec2 = null;
        int macKeyLength = this.b.getMacKeyLength();
        int expandedCipherKeyLength = this.b.getExpandedCipherKeyLength();
        boolean z2 = expandedCipherKeyLength != 0;
        int cipherKeyLength = this.b.getCipherKeyLength();
        int ivLength = this.b.getIvLength();
        int i = ((macKeyLength + cipherKeyLength) + (z2 ? 0 : ivLength)) << 1;
        byte[] bArr = new byte[i];
        MessageDigest messageDigest = MessageDigest.getInstance(z[7]);
        MessageDigest messageDigest2 = MessageDigest.getInstance(z[6]);
        String cipherName = this.b.getCipherName();
        if (this.c >= 769 || cipherName.toString().equals(z[5]) || cipherName.toString().equals(z[4])) {
            a2 = TlsPrfGenerator.a(encoded, TlsPrfGenerator.c, TlsPrfGenerator.a(serverRandom, clientRandom), i, messageDigest, messageDigest2);
        } else {
            a2 = new byte[i];
            byte[] bArr2 = new byte[20];
            int i2 = 0;
            for (int i3 = i; i3 > 0; i3 -= 16) {
                messageDigest2.update(TlsPrfGenerator.i[i2]);
                messageDigest2.update(encoded);
                messageDigest2.update(serverRandom);
                messageDigest2.update(clientRandom);
                messageDigest2.digest(bArr2, 0, 20);
                messageDigest.update(encoded);
                messageDigest.update(bArr2);
                if (i3 >= 16) {
                    messageDigest.digest(a2, i2 << 4, 16);
                } else {
                    messageDigest.digest(bArr2, 0, 16);
                    System.arraycopy(bArr2, 0, a2, i2 << 4, i3);
                }
                i2++;
            }
        }
        byte[] bArr3 = new byte[macKeyLength];
        System.arraycopy(a2, 0, bArr3, 0, macKeyLength);
        int i4 = 0 + macKeyLength;
        SecretKeySpec secretKeySpec3 = new SecretKeySpec(bArr3, z[8]);
        System.arraycopy(a2, i4, bArr3, 0, macKeyLength);
        int i5 = i4 + macKeyLength;
        SecretKeySpec secretKeySpec4 = new SecretKeySpec(bArr3, z[8]);
        if (cipherKeyLength == 0) {
            return new TlsKeyMaterialSpec(secretKeySpec3, secretKeySpec4);
        }
        String cipherAlgorithm = this.b.getCipherAlgorithm();
        byte[] bArr4 = new byte[cipherKeyLength];
        System.arraycopy(a2, i5, bArr4, 0, cipherKeyLength);
        int i6 = i5 + cipherKeyLength;
        byte[] bArr5 = new byte[cipherKeyLength];
        System.arraycopy(a2, i6, bArr5, 0, cipherKeyLength);
        int i7 = i6 + cipherKeyLength;
        if (!z2) {
            secretKeySpec = new SecretKeySpec(bArr4, cipherAlgorithm);
            secretKeySpec2 = new SecretKeySpec(bArr5, cipherAlgorithm);
            if (ivLength != 0) {
                byte[] bArr6 = new byte[ivLength];
                System.arraycopy(a2, i7, bArr6, 0, ivLength);
                int i8 = i7 + ivLength;
                ivParameterSpec = new IvParameterSpec(bArr6);
                System.arraycopy(a2, i8, bArr6, 0, ivLength);
                int i9 = i8 + ivLength;
                ivParameterSpec2 = new IvParameterSpec(bArr6);
            }
        } else if (this.c >= 769) {
            byte[] a3 = TlsPrfGenerator.a(clientRandom, serverRandom);
            secretKeySpec = new SecretKeySpec(TlsPrfGenerator.a(bArr4, TlsPrfGenerator.d, a3, expandedCipherKeyLength, messageDigest, messageDigest2), cipherAlgorithm);
            secretKeySpec2 = new SecretKeySpec(TlsPrfGenerator.a(bArr5, TlsPrfGenerator.e, a3, expandedCipherKeyLength, messageDigest, messageDigest2), cipherAlgorithm);
            if (ivLength != 0) {
                byte[] bArr7 = new byte[ivLength];
                byte[] a4 = TlsPrfGenerator.a(null, TlsPrfGenerator.f, a3, ivLength << 1, messageDigest, messageDigest2);
                System.arraycopy(a4, 0, bArr7, 0, ivLength);
                ivParameterSpec = new IvParameterSpec(bArr7);
                System.arraycopy(a4, ivLength, bArr7, 0, ivLength);
                ivParameterSpec2 = new IvParameterSpec(bArr7);
            }
        } else {
            byte[] bArr8 = new byte[expandedCipherKeyLength];
            messageDigest.update(bArr4);
            messageDigest.update(clientRandom);
            messageDigest.update(serverRandom);
            System.arraycopy(messageDigest.digest(), 0, bArr8, 0, expandedCipherKeyLength);
            secretKeySpec = new SecretKeySpec(bArr8, cipherAlgorithm);
            messageDigest.update(bArr5);
            messageDigest.update(serverRandom);
            messageDigest.update(clientRandom);
            System.arraycopy(messageDigest.digest(), 0, bArr8, 0, expandedCipherKeyLength);
            secretKeySpec2 = new SecretKeySpec(bArr8, cipherAlgorithm);
            if (ivLength != 0) {
                byte[] bArr9 = new byte[ivLength];
                messageDigest.update(clientRandom);
                messageDigest.update(serverRandom);
                System.arraycopy(messageDigest.digest(), 0, bArr9, 0, ivLength);
                ivParameterSpec = new IvParameterSpec(bArr9);
                messageDigest.update(serverRandom);
                messageDigest.update(clientRandom);
                System.arraycopy(messageDigest.digest(), 0, bArr9, 0, ivLength);
                ivParameterSpec2 = new IvParameterSpec(bArr9);
            }
        }
        return new TlsKeyMaterialSpec(secretKeySpec3, secretKeySpec4, secretKeySpec, ivParameterSpec, secretKeySpec2, ivParameterSpec2);
    }
}
