package com.sun.net.ssl.internal.ssl;

import COM.rsa.asn1.SunJSSE_b3;
import com.sun.net.ssl.internal.ssl.CipherSuite;
import com.sun.net.ssl.internal.ssl.HandshakeMessage;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Iterator;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sun/net/ssl/internal/ssl/SunJSSE_aw.class */
public final class SunJSSE_aw extends SunJSSE_ax {
    private byte a;
    private X509Certificate[] b;
    private PrivateKey c;
    private boolean d;
    private PrivateKey e;
    private PublicKey f;
    private SunJSSE_bd g;
    private ProtocolVersion h;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(byte b) {
        this.a = b;
    }

    @Override // com.sun.net.ssl.internal.ssl.SunJSSE_ax
    void b(byte b) throws SSLProtocolException {
        String b2 = BaseSSLSocketImpl.b(b);
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            System.out.println(new StringBuffer().append("SSL -- handshake alert:  ").append(b2).toString());
        }
        if (b != 41 || this.a != 1) {
            throw new SSLProtocolException(new StringBuffer().append("handshake alert: ").append(b2).toString());
        }
    }

    @Override // com.sun.net.ssl.internal.ssl.SunJSSE_ax
    void a(byte b, int i) throws IOException {
        if (super.h > b && super.h != 16 && b != 15) {
            throw new SSLProtocolException(new StringBuffer().append("Handshake message sequence violation, state = ").append(super.h).append(", type = ").append((int) b).toString());
        }
        switch (b) {
            case 1:
                super.f.mark(i);
                SunJSSE_a4 sunJSSE_a4 = new SunJSSE_a4(super.f);
                super.f.reset();
                super.f.skip(i);
                a(sunJSSE_a4);
                break;
            case 11:
                if (this.a == 0) {
                    super.d.a((byte) 10, "client sent unsolicited cert chain");
                }
                a(new HandshakeMessage.CertificateMsg(super.f));
                break;
            case 15:
                a(new SunJSSE_bb(super.f));
                break;
            case 16:
                byte[] a = (this.q == SunJSSE_g.K_RSA || this.q == SunJSSE_g.K_RSA_EXPORT) ? a(new SunJSSE_be(super.a, this.h, this.i.a(), super.f, i, this.c)) : a(new ClientDiffieHellmanPublic(super.f));
                a(a);
                Arrays.fill(a, (byte) 0);
                break;
            case 20:
                b(new SunJSSE_bc(super.a, super.f));
                break;
            default:
                throw new SSLProtocolException(new StringBuffer().append("Illegal server handshake msg, ").append((int) b).toString());
        }
        if (super.h >= b || b == 15) {
            return;
        }
        super.h = b;
    }

    private void c(boolean z) {
        boolean z2 = !z;
        this.g = new SunJSSE_bd(z2);
        this.g.a(this.i.a(), z2 ? SunJSSE_b3.p : SunJSSE_b3.n);
    }

    private void d(boolean z) throws IOException {
        super.g.flush();
        a(new SunJSSE_bc(super.a, super.e, 2, this.l.a()));
        if (z && this.r) {
            return;
        }
        super.h = 20;
    }

    private boolean b(boolean z) {
        KeyPair a = this.i.d().a(z, this.i.a());
        if (a == null) {
            return false;
        }
        this.f = (RSAPublicKey) a.getPublic();
        this.e = a.getPrivate();
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(CipherSuite cipherSuite) {
        if (this.r) {
            return true;
        }
        if (!cipherSuite.a()) {
            return false;
        }
        CipherSuite.KeyExchange keyExchange = cipherSuite.i;
        this.c = null;
        this.b = null;
        this.g = null;
        this.e = null;
        this.f = null;
        if (keyExchange == SunJSSE_g.K_RSA || keyExchange == SunJSSE_g.K_RSA_EXPORT || keyExchange == SunJSSE_g.K_DHE_RSA) {
            if (!a("RSA")) {
                return false;
            }
            if (keyExchange == SunJSSE_g.K_RSA_EXPORT) {
                PublicKey publicKey = this.b[0].getPublicKey();
                if (!(publicKey instanceof RSAPublicKey)) {
                    return false;
                }
                if (((RSAPublicKey) publicKey).getModulus().bitLength() > 512 && !b(cipherSuite.l)) {
                    return false;
                }
            } else if (keyExchange == SunJSSE_g.K_DHE_RSA) {
                c(cipherSuite.l);
            }
        } else if (keyExchange == SunJSSE_g.K_DHE_DSS) {
            if (!a("DSA")) {
                return false;
            }
            c(cipherSuite.l);
        } else {
            if (keyExchange != SunJSSE_g.K_DH_ANON) {
                throw new RuntimeException(new StringBuffer().append("CipherSuite: ").append(cipherSuite).toString());
            }
            c(cipherSuite.l);
        }
        b(cipherSuite);
        return true;
    }

    private byte[] a(ClientDiffieHellmanPublic clientDiffieHellmanPublic) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            clientDiffieHellmanPublic.a(System.out);
        }
        return this.g.a(clientDiffieHellmanPublic.getClientPublicKey());
    }

    @Override // com.sun.net.ssl.internal.ssl.SunJSSE_ax
    HandshakeMessage a() {
        return new SunJSSE_a3();
    }

    private void a(HandshakeMessage.CertificateMsg certificateMsg) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            certificateMsg.a(System.out);
        }
        X509Certificate[] certificateChain = certificateMsg.getCertificateChain();
        if (certificateChain.length == 0) {
            if (this.a == 1) {
                return;
            } else {
                super.d.a((byte) 42, "null cert chain");
            }
        }
        X509TrustManager c = this.i.c();
        try {
            PublicKey publicKey = certificateChain[0].getPublicKey();
            c.checkClientTrusted(certificateChain, publicKey instanceof RSAPublicKey ? "RSA" : publicKey instanceof DSAPublicKey ? "DSA" : "UNKNOWN");
        } catch (CertificateException e) {
            super.d.a((byte) 46, e);
        }
        this.d = true;
        this.l.a(certificateChain);
    }

    private void a(SunJSSE_a4 sunJSSE_a4) throws IOException {
        SunJSSE_a6 sunJSSE_a6;
        SSLSessionImpl a;
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_a4.a(System.out);
        }
        super.f.a();
        SunJSSE_a5 sunJSSE_a5 = new SunJSSE_a5();
        this.h = sunJSSE_a4.a;
        if (this.h.i < super.b.d.i) {
            throw new SSLHandshakeException(new StringBuffer().append("Client requested protocol ").append(this.h).append(" not enabled or not supported").toString());
        }
        a(this.h.i <= super.b.e.i ? this.h : super.b.e);
        sunJSSE_a5.a = super.a;
        this.j = sunJSSE_a4.b;
        this.k = new SunJSSE_a2(this.i.a());
        sunJSSE_a5.b = this.k;
        this.l = null;
        if (sunJSSE_a4.c.a() != 0 && (a = ((SSLSessionContextImpl) this.i.engineGetServerSessionContext()).a(sunJSSE_a4.c.b())) != null) {
            this.r = a.b();
            if (this.r && a.f() != super.a) {
                this.r = false;
            }
            if (this.r && this.a != 0) {
                try {
                    a.getPeerCertificates();
                } catch (SSLPeerUnverifiedException e) {
                    this.r = false;
                }
            }
            if (this.r) {
                CipherSuite e2 = a.e();
                if (c(e2) && sunJSSE_a4.d.a(e2)) {
                    b(e2);
                } else {
                    this.r = false;
                }
            }
            if (this.r) {
                this.l = a;
                if (SunJSSE_ax.z != null && (Debug.isOn("handshake") || Debug.isOn("session"))) {
                    System.out.println(new StringBuffer().append("%% Resuming ").append(this.l).toString());
                }
            }
        }
        if (this.l == null) {
            if (!this.s) {
                throw new SSLException("Client did not resume a session");
            }
            b(sunJSSE_a4);
            this.l = new SSLSessionImpl(super.a, this.p, this.i.a(), super.d.getInetAddress().getHostAddress(), super.d.getPort());
        }
        sunJSSE_a5.d = this.p;
        sunJSSE_a5.c = this.l.d();
        sunJSSE_a5.e = this.l.g();
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_a5.a(System.out);
            System.out.println(new StringBuffer().append("Cipher suite:  ").append(this.l.e()).toString());
        }
        sunJSSE_a5.write(super.g);
        if (this.r) {
            b(this.l.a());
            d(true);
            return;
        }
        if (this.q != SunJSSE_g.K_DH_ANON) {
            if (this.b == null) {
                throw new RuntimeException("no certificates");
            }
            HandshakeMessage.CertificateMsg certificateMsg = new HandshakeMessage.CertificateMsg(this.b);
            this.l.b(this.b);
            if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
                certificateMsg.a(System.out);
            }
            certificateMsg.write(super.g);
        } else if (this.b != null) {
            throw new RuntimeException("anonymous keyexchange with certs");
        }
        if (this.q == SunJSSE_g.K_RSA) {
            sunJSSE_a6 = null;
        } else if (this.q == SunJSSE_g.K_RSA_EXPORT) {
            if (((RSAPrivateKey) this.c).getModulus().bitLength() > 512) {
                try {
                    sunJSSE_a6 = new SunJSSE_a7(this.f, this.c, this.j, this.k, this.i.a());
                    this.c = this.e;
                } catch (GeneralSecurityException e3) {
                    SunJSSE_ax.a("Error generating RSA server key exchange", e3);
                    sunJSSE_a6 = null;
                }
            } else {
                sunJSSE_a6 = null;
            }
        } else if (this.q == SunJSSE_g.K_DHE_DSS || this.q == SunJSSE_g.K_DHE_RSA) {
            try {
                sunJSSE_a6 = new HandshakeMessage.DH_ServerKeyExchange(this.g, this.c, this.j.a, this.k.a, this.i.a());
            } catch (GeneralSecurityException e4) {
                SunJSSE_ax.a("Error generating DH server key exchange", e4);
                sunJSSE_a6 = null;
            }
        } else {
            if (this.q != SunJSSE_g.K_DH_ANON) {
                throw new RuntimeException(new StringBuffer().append("internal error: ").append(this.q).toString());
            }
            sunJSSE_a6 = new HandshakeMessage.DH_ServerKeyExchange(this.g);
        }
        if (sunJSSE_a6 != null) {
            if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
                sunJSSE_a6.a(System.out);
            }
            sunJSSE_a6.write(super.g);
        }
        if (this.a != 0 && this.q != SunJSSE_g.K_DH_ANON) {
            SunJSSE_a9 sunJSSE_a9 = new SunJSSE_a9(this.i.c().getAcceptedIssuers(), this.q);
            if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
                sunJSSE_a9.a(System.out);
            }
            sunJSSE_a9.write(super.g);
        }
        SunJSSE_ba sunJSSE_ba = new SunJSSE_ba();
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_ba.a(System.out);
        }
        sunJSSE_ba.write(super.g);
        super.g.flush();
    }

    private void b(SunJSSE_a4 sunJSSE_a4) throws IOException {
        Iterator a = sunJSSE_a4.d.a();
        while (a.hasNext()) {
            CipherSuite cipherSuite = (CipherSuite) a.next();
            if (c(cipherSuite) && (this.a != 2 || cipherSuite.i != SunJSSE_g.K_DH_ANON)) {
                if (a(cipherSuite)) {
                    return;
                }
            }
        }
        super.d.a((byte) 40, "no cipher suites in common");
    }

    private void a(SunJSSE_bb sunJSSE_bb) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_bb.a(System.out);
        }
        try {
            if (!sunJSSE_bb.a(super.a, super.e, this.l.getPeerCertificates()[0].getPublicKey(), this.l.a())) {
                super.d.a((byte) 42, "certificate verify message signature error");
            }
        } catch (GeneralSecurityException e) {
            super.d.a((byte) 42, "certificate verify format error", e);
        }
        this.d = false;
    }

    private void b(SunJSSE_bc sunJSSE_bc) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_bc.a(System.out);
        }
        if (this.a == 2) {
            this.l.getPeerCertificates();
        }
        if (this.d) {
            super.d.a((byte) 40, "client did not send certificate verify message");
        }
        if (!sunJSSE_bc.a(super.a, super.e, 1, this.l.a())) {
            super.d.a((byte) 40, "client 'finished' message doesn't verify");
        }
        if (!this.r) {
            super.f.a();
            d(false);
        }
        this.l.a(System.currentTimeMillis());
        if (this.r || !this.l.b()) {
            if (this.r || SunJSSE_ax.z == null || !Debug.isOn("session")) {
                return;
            }
            System.out.println(new StringBuffer().append("%% Didn't cache non-resumable server session: ").append(this.l).toString());
            return;
        }
        ((SSLSessionContextImpl) this.i.engineGetServerSessionContext()).a(this.l);
        if (SunJSSE_ax.z == null || !Debug.isOn("session")) {
            return;
        }
        System.out.println(new StringBuffer().append("%% Cached server session: ").append(this.l).toString());
    }

    private byte[] a(SunJSSE_be sunJSSE_be) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_be.a(System.out);
        }
        return sunJSSE_be.d;
    }

    private boolean a(String str) {
        PrivateKey privateKey;
        X509Certificate[] certificateChain;
        X509KeyManager b = this.i.b();
        String chooseServerAlias = b.chooseServerAlias(str, null, super.d);
        if (chooseServerAlias == null || (privateKey = b.getPrivateKey(chooseServerAlias)) == null || (certificateChain = b.getCertificateChain(chooseServerAlias)) == null || certificateChain.length == 0) {
            return false;
        }
        PublicKey publicKey = certificateChain[0].getPublicKey();
        if (!privateKey.getAlgorithm().equals(str) || !publicKey.getAlgorithm().equals(str)) {
            return false;
        }
        this.c = privateKey;
        this.b = certificateChain;
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SunJSSE_aw(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, byte b) {
        super(sSLSocketImpl, sSLContextImpl, protocolList, b != 0, false);
        this.d = false;
        this.a = b;
    }
}
