package by.avest.net.tls;

import by.avest.crypto.avcryptj.BelPRDBelT;
import by.avest.crypto.pkcs11.provider.SecretKeyAbstr;
import by.avest.crypto.pkcs11.provider.bign.SecretKeyAvTLSKeyMaterial;
import by.avest.crypto.provider.AvTLSKeyMaterial;
import by.avest.crypto.provider.AvTLSKeyMaterialParameterSpec;
import by.avest.crypto.provider.Destroyable;
import by.avest.crypto.provider.SecretKeyBelTSpec;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SSLHandshakeException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:by/avest/net/tls/KeyMaterialCalculator.class */
public class KeyMaterialCalculator {
    private SecretKeyAbstr serverKey;
    private SecretKeyAbstr clientKey;
    private SecretKeyAbstr serverMACKey;
    private SecretKeyAbstr clientMACKey;
    private IvParameterSpec serverIV;
    private IvParameterSpec clientIV;

    public void calculate(SSLSession sSLSession, Random random, Random random2) throws SSLHandshakeException {
        try {
            CipherSuite cipherSuiteInt = sSLSession.getCipherSuiteInt();
            if (cipherSuiteInt == CipherSuite.TLS_BDH_BDS_WITH_GOST28147_CFB_BHF) {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AvTLSKeyMaterial");
                keyGenerator.init(new AvTLSKeyMaterialParameterSpec(sSLSession.getMasterSecret(), ((OldAvTLSFirstTimeGeneratedParamC0Container) sSLSession.getPreMasterSecret()).getParamC0(), cipherSuiteInt.getSBlock()));
                SecretKeyAvTLSKeyMaterial secretKeyAvTLSKeyMaterial = (SecretKeyAvTLSKeyMaterial) keyGenerator.generateKey();
                AvTLSKeyMaterial serverKeyMaterial = secretKeyAvTLSKeyMaterial.getServerKeyMaterial();
                AvTLSKeyMaterial clientKeyMaterial = secretKeyAvTLSKeyMaterial.getClientKeyMaterial();
                this.serverKey = (SecretKeyAbstr) serverKeyMaterial.getCipherKey();
                this.clientKey = (SecretKeyAbstr) clientKeyMaterial.getCipherKey();
                this.serverMACKey = (SecretKeyAbstr) serverKeyMaterial.getMacKey();
                this.clientMACKey = (SecretKeyAbstr) clientKeyMaterial.getMacKey();
                this.serverIV = serverKeyMaterial.getIvSpec();
                this.clientIV = clientKeyMaterial.getIvSpec();
            } else if (cipherSuiteInt == CipherSuite.TLS_DHT_BIGN_WITH_BELT_CTR_MAC_HBELT) {
                byte[] encoded = random.getEncoded();
                byte[] encoded2 = random2.getEncoded();
                if (Util.isDebug()) {
                    Util.log("Calculating keyExpansion start, session id: " + Util.toHexString(sSLSession.getId(), ' '));
                }
                byte[] bArr = new byte[encoded.length + encoded2.length];
                System.arraycopy(encoded2, 0, bArr, 0, 32);
                System.arraycopy(encoded, 0, bArr, 32, 32);
                if (Util.isDebug()) {
                    Util.log("Calculating keyExpansion random data: " + Util.toHexString(bArr, ' ', 16));
                    Util.log("Calculating keyExpansion master secret: " + Util.getSecretKeyValue(sSLSession.getMasterSecret()));
                }
                byte[] next = new BelPRDBelT(sSLSession.getMasterSecret(), "key expansion", bArr).next(256);
                if (Util.isDebug()) {
                    Util.log("KeyMaterialCalculator, keyExpansion=" + Util.toHexString(next, ' ', 16));
                }
                SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("BelT");
                byte[] bArr2 = new byte[cipherSuiteInt.getMacKeySize()];
                System.arraycopy(next, 0, bArr2, 0, bArr2.length);
                int length = 0 + bArr2.length;
                this.clientMACKey = (SecretKeyAbstr) secretKeyFactory.generateSecret(new SecretKeyBelTSpec(bArr2, null));
                byte[] bArr3 = new byte[cipherSuiteInt.getMacKeySize()];
                System.arraycopy(next, length, bArr3, 0, bArr3.length);
                int length2 = length + bArr3.length;
                this.serverMACKey = (SecretKeyAbstr) secretKeyFactory.generateSecret(new SecretKeyBelTSpec(bArr3, null));
                byte[] bArr4 = new byte[cipherSuiteInt.getKeySize()];
                System.arraycopy(next, length2, bArr4, 0, bArr4.length);
                int length3 = length2 + bArr4.length;
                this.clientKey = (SecretKeyAbstr) secretKeyFactory.generateSecret(new SecretKeyBelTSpec(bArr4, null));
                byte[] bArr5 = new byte[cipherSuiteInt.getKeySize()];
                System.arraycopy(next, length3, bArr5, 0, bArr5.length);
                int length4 = length3 + bArr5.length;
                this.serverKey = (SecretKeyAbstr) secretKeyFactory.generateSecret(new SecretKeyBelTSpec(bArr5, null));
            }
            dumpKeys();
        } catch (Exception e) {
            SSLHandshakeException sSLHandshakeException = new SSLHandshakeException(e.getMessage());
            sSLHandshakeException.initCause(e);
            throw sSLHandshakeException;
        }
    }

    private void dumpKeys() {
        if (Util.isDebug()) {
            Util.log("KeyMaterialCalculator, serverKey=" + Util.getSecretKeyValue(this.serverKey));
            Util.log("KeyMaterialCalculator, clientKey=" + Util.getSecretKeyValue(this.clientKey));
            Util.log("KeyMaterialCalculator, serverMACKey=" + Util.getSecretKeyValue(this.serverMACKey));
            Util.log("KeyMaterialCalculator, clientMACKey=" + Util.getSecretKeyValue(this.clientMACKey));
            if (this.serverIV != null) {
                Util.log("KeyMaterialCalculator, serverIV=" + Util.toHexString(this.serverIV.getIV(), ' '));
            }
            if (this.clientIV != null) {
                Util.log("KeyMaterialCalculator, clientIV=" + Util.toHexString(this.clientIV.getIV(), ' '));
            }
        }
    }

    public SecretKey getServerKey() {
        return this.serverKey;
    }

    public SecretKey getClientKey() {
        return this.clientKey;
    }

    public SecretKey getServerMACKey() {
        return this.serverMACKey;
    }

    public SecretKey getClientMACKey() {
        return this.clientMACKey;
    }

    public IvParameterSpec getServerIV() {
        return this.serverIV;
    }

    public IvParameterSpec getClientIV() {
        return this.clientIV;
    }

    public void destroy() {
        if (this.serverKey instanceof Destroyable) {
            if (Util.isDebug()) {
                Util.log("Destroying server secret key, id: " + Util.toHexString(this.serverKey.getId(), ' '));
            }
            ((Destroyable) this.serverKey).destroy();
        }
        this.serverKey = null;
        if (this.clientKey instanceof Destroyable) {
            if (Util.isDebug()) {
                Util.log("Destroying client secret key, id: " + Util.toHexString(this.clientKey.getId(), ' '));
            }
            ((Destroyable) this.clientKey).destroy();
        }
        this.clientKey = null;
        if (this.serverMACKey instanceof Destroyable) {
            if (Util.isDebug()) {
                Util.log("Destroying server MAC secret key, id: " + Util.toHexString(this.serverMACKey.getId(), ' '));
            }
            ((Destroyable) this.serverMACKey).destroy();
        }
        this.serverMACKey = null;
        if (this.clientMACKey instanceof Destroyable) {
            if (Util.isDebug()) {
                Util.log("Destroying client MAC secret key, id: " + Util.toHexString(this.clientMACKey.getId(), ' '));
            }
            ((Destroyable) this.clientMACKey).destroy();
        }
        this.clientMACKey = null;
    }
}
