package ru.CryptoPro.ssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLProtocolException;
import ru.CryptoPro.JCP.Util.GetProperty;

/* loaded from: classes4.dex */
final class cl_80 extends cl_43 {
    private static final boolean f = GetProperty.getBooleanProperty("com.sun.net.ssl.rsaPreMasterSecretFix", false);
    SecretKey e;
    private cl_79 g;
    private byte[] h;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_80(cl_79 cl_79Var, cl_79 cl_79Var2, SecureRandom secureRandom, PublicKey publicKey) throws IOException {
        byte b;
        byte b2;
        if (!publicKey.getAlgorithm().equals("RSA")) {
            throw new SSLKeyException("Public key not of type RSA");
        }
        this.g = cl_79Var;
        if (f || cl_79Var2.k >= cl_79.e.k) {
            byte b3 = cl_79Var2.l;
            b = cl_79Var2.m;
            b2 = b3;
        } else {
            b2 = cl_79Var.l;
            b = cl_79Var.m;
        }
        try {
            KeyGenerator c = cl_68.c(cl_79Var.k >= cl_79.f.k ? "JavaTls12RsaPremasterSecret" : "JavaTlsRsaPremasterSecret");
            c.init(new ru.CryptoPro.ssl.pc_3.pc_0.cl_4(b2, b), secureRandom);
            this.e = c.generateKey();
            Cipher a2 = cl_68.a("RSA/ECB/PKCS1Padding");
            a2.init(3, publicKey, secureRandom);
            this.h = a2.wrap(this.e);
        } catch (GeneralSecurityException e) {
            throw ((SSLKeyException) new SSLKeyException("RSA premaster secret error").initCause(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_80(cl_79 cl_79Var, cl_79 cl_79Var2, SecureRandom secureRandom, cl_42 cl_42Var, int i, PrivateKey privateKey) throws IOException {
        byte[] bArr;
        BadPaddingException badPaddingException;
        if (!privateKey.getAlgorithm().equals("RSA")) {
            throw new SSLKeyException("Private key not of type RSA");
        }
        if (cl_79Var.k >= cl_79.d.k) {
            this.h = cl_42Var.f();
        } else {
            byte[] bArr2 = new byte[i];
            this.h = bArr2;
            if (cl_42Var.read(bArr2) != i) {
                throw new SSLProtocolException("SSL: read PreMasterSecret: short read");
            }
        }
        try {
            Cipher a2 = cl_68.a("RSA/ECB/PKCS1Padding");
            a2.init(2, privateKey);
            badPaddingException = null;
            bArr = a2.doFinal(this.h);
        } catch (BadPaddingException e) {
            bArr = null;
            badPaddingException = e;
        } catch (IllegalBlockSizeException unused) {
            throw new SSLProtocolException("Unable to process PreMasterSecret, may be too big");
        } catch (Exception e2) {
            SSLLogger.error("RSA premaster secret decryption error:");
            SSLLogger.thrown(e2);
            throw new RuntimeException("Could not generate dummy secret", e2);
        }
        this.e = a(cl_79Var, cl_79Var2, secureRandom, bArr, badPaddingException);
    }

    private SecretKey a(cl_79 cl_79Var, cl_79 cl_79Var2, SecureRandom secureRandom, byte[] bArr, Exception exc) {
        this.g = cl_79Var2;
        if (secureRandom == null) {
            secureRandom = new SecureRandom();
        }
        byte[] bArr2 = new byte[48];
        secureRandom.nextBytes(bArr2);
        if (exc != null || bArr == null) {
            if (exc != null) {
                SSLLogger.error("Error decrypting premaster secret:");
                SSLLogger.thrown(exc);
            }
            return a(cl_79Var2, bArr2, secureRandom);
        }
        if (bArr.length != 48) {
            SSLLogger.subTrace("incorrect length of premaster secret: ", Integer.valueOf(bArr.length));
            return a(cl_79Var2, bArr2, secureRandom);
        }
        if (cl_79Var2.l != bArr[0] || cl_79Var2.m != bArr[1]) {
            if (cl_79Var2.k <= cl_79.d.k && cl_79Var.l == bArr[0] && cl_79Var.m == bArr[1]) {
                this.g = cl_79Var;
            } else {
                SSLLogger.subSubTraceFormat("Mismatching Protocol Versions, ClientHello.client_version is {0}, while PreMasterSecret.client_version is {1}", cl_79Var2, cl_79.a(bArr[0], bArr[1]));
                bArr = bArr2;
            }
        }
        return a(cl_79Var2, bArr, secureRandom);
    }

    private static SecretKey a(cl_79 cl_79Var, byte[] bArr, SecureRandom secureRandom) {
        SSLLogger.subTrace("Generating a random fake premaster secret");
        try {
            KeyGenerator c = cl_68.c(cl_79Var.k >= cl_79.f.k ? "JavaTls12RsaPremasterSecret" : "JavaTlsRsaPremasterSecret");
            c.init(new ru.CryptoPro.ssl.pc_3.pc_0.cl_4(cl_79Var.l, cl_79Var.m, bArr), secureRandom);
            return c.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            SSLLogger.error("RSA premaster secret generation error:");
            SSLLogger.thrown(e);
            throw new RuntimeException("Could not generate dummy secret", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // ru.CryptoPro.ssl.cl_43
    public int a() {
        return 16;
    }

    @Override // ru.CryptoPro.ssl.cl_43
    void a(cl_58 cl_58Var) throws IOException {
        if (this.g.k >= cl_79.d.k) {
            cl_58Var.b(this.h);
        } else {
            cl_58Var.write(this.h);
        }
    }

    @Override // ru.CryptoPro.ssl.cl_43
    int c() {
        return this.g.k >= cl_79.d.k ? this.h.length + 2 : this.h.length;
    }

    @Override // ru.CryptoPro.ssl.cl_43
    String d() {
        return "*** ClientKeyExchange, RSA PreMasterSecret, " + this.g;
    }
}
