package cfca.sadk.tls.sun.security.ssl.prf;

import cfca.sadk.tls.i18n.JSSEMessage;
import cfca.sadk.tls.i18n.JSSEMessageConstants;
import cfca.sadk.tls.pure.CryptoException;
import cfca.sadk.tls.sun.security.ssl.ProtocolVersion;
import java.security.DigestException;
import java.security.ProviderException;
import java.util.Arrays;
import javax.crypto.SecretKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/prf/TlsMasterSecretGenerator.class */
public class TlsMasterSecretGenerator implements TlsKeyMaterialsConstants {
    static final TlsMasterSecretGenerator INSTANCE = new TlsMasterSecretGenerator();
    private static final int[] versions = {ProtocolVersion.TLS11SM.version};

    private TlsMasterSecretGenerator() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean hasVersion(int i) {
        return Arrays.binarySearch(versions, i) >= 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsMasterSecretKey generateMasterKey(TlsMasterSecretParameters tlsMasterSecretParameters) throws CryptoException {
        int i;
        int i2;
        if (checkParameters(tlsMasterSecretParameters) != ProtocolVersion.TLS11SM.version) {
            throw new CryptoException(JSSEMessage.getMessage(JSSEMessageConstants.runfailure_SSLVersionLimited));
        }
        SecretKey premasterSecret = tlsMasterSecretParameters.getPremasterSecret();
        byte[] encoded = premasterSecret.getEncoded();
        if ("TlsPremasterSecret".equals(premasterSecret.getAlgorithm())) {
            i = encoded[0] & 255;
            i2 = encoded[1] & 255;
        } else {
            i = -1;
            i2 = -1;
        }
        try {
            return new TlsMasterSecretKey(TlsPrfGenerator.doTLS12PRF(encoded, LABEL_MASTER_SECRET, TlsKeyMaterialsTools.concat(tlsMasterSecretParameters.getClientRandom(), tlsMasterSecretParameters.getServerRandom()), 48, tlsMasterSecretParameters.getPrfHashParameters()), i, i2);
        } catch (DigestException e) {
            throw new ProviderException(e);
        }
    }

    private int checkParameters(TlsMasterSecretParameters tlsMasterSecretParameters) throws CryptoException {
        if (tlsMasterSecretParameters == null) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_notInitialized, "TlsMasterSecretParameters"));
        }
        if (tlsMasterSecretParameters.getPremasterSecret() == null) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_notInitialized, "TlsMasterSecretParameters#PremasterSecret"));
        }
        if (!"RAW".equals(tlsMasterSecretParameters.getPremasterSecret().getFormat())) {
            throw new IllegalArgumentException(JSSEMessage.getMessage(JSSEMessageConstants.parameters_mustBeRAW, "TlsMasterSecretParameters#PremasterSecret"));
        }
        int majorVersion = (tlsMasterSecretParameters.getMajorVersion() << 8) | tlsMasterSecretParameters.getMinorVersion();
        if (hasVersion(majorVersion)) {
            return majorVersion;
        }
        throw new CryptoException(JSSEMessage.getMessage(JSSEMessageConstants.runfailure_SSLVersionLimited));
    }
}
