package com.sun.portal.kssl;

import com.iplanet.xslui.ui.Logging;
import com.sun.portal.ksecurity.CertStore;
import com.sun.portal.ksecurity.CryptoException;
import com.sun.portal.ksecurity.MessageDigest;
import com.sun.portal.ksecurity.RSAPublicKey;
import com.sun.portal.ksecurity.RandomData;
import com.sun.portal.microedition.pki.CertificateException;
import java.io.IOException;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:118264-11/SUNWpsks/reloc/SUNWps/web-src/netlet/kssl.jar:com/sun/portal/kssl/Handshake.class
 */
/* loaded from: input_file:118264-11/SUNWpsplt/reloc/SUNWps/web-src/proxylet/kssl.jar:com/sun/portal/kssl/Handshake.class */
public class Handshake {
    private static final byte HDR_SIZE = 4;
    private static final byte HELLO_REQ = 0;
    private static final byte C_HELLO = 1;
    private static final byte S_HELLO = 2;
    private static final byte CERT = 11;
    private static final byte S_KEYEXCH = 12;
    private static final byte CERT_REQ = 13;
    private static final byte S_DONE = 14;
    private static final byte CERT_VRFY = 15;
    private static final byte C_KEYEXCH = 16;
    private static final byte FINISH = 20;
    private static final byte MD5_SIZE = 16;
    private static final byte SHA_SIZE = 20;
    private Record rec;
    private String peerHost;
    private int peerPort;
    private RandomData rnd;
    private byte ver;
    private byte role;
    byte negSuite;
    String negSuiteName;
    private byte gotCertReq;
    private RSAPublicKey sKey;
    private RSAPublicKey eKey;
    private MessageDigest ourMD5;
    private MessageDigest ourSHA;
    private int start;
    private int cnt;
    private static String[] suiteNames = {"", "", "", "SSL3_RSA_EXPORT_WITH_RC4_40_MD5", "SSL3_RSA_WITH_RC4_128_MD5", "SSL3_RSA_WITH_RC4_128_SHA", "", "", "", "SSL3_RSA_WITH_DES_CBC_SHA", "SSL3_RSA_WITH_3DES_EDE_CBC_SHA"};
    private static final byte[] FINISH_PREFIX = {20, 0, 0, 36};
    private byte[] SUITES_AND_COMP = {0, 10, 0, 5, 0, 4, 0, 3, 0, 9, 0, 10, 1, 0};
    private Session cSession = null;
    private byte[] sSessionId = null;
    private byte[] crand = null;
    private byte[] srand = null;
    private byte[] preMaster = null;
    private byte[] master = null;
    private int sKeyUsage = 0;
    private byte certCnt = 0;
    X509Certificate sCert = null;
    private int nextMsgStart = 0;

    private RSAPublicKey parseChain(String str, byte[] bArr, int i, int i2, CertStore certStore) throws IOException {
        RSAPublicKey rSAPublicKey = null;
        X509Certificate x509Certificate = null;
        byte b = 8;
        int i3 = -1;
        if (certStore == null) {
            throw new IllegalArgumentException("no trusted certificate store given");
        }
        this.certCnt = (byte) 0;
        while (i < i2 - 3) {
            int i4 = i;
            int i5 = i + 1;
            int i6 = i5 + 1;
            int i7 = ((bArr[i4] & Logging.PACKAGE_ALL) << 16) + ((bArr[i5] & Logging.PACKAGE_ALL) << 8);
            int i8 = i6 + 1;
            int i9 = i7 + (bArr[i6] & Logging.PACKAGE_ALL);
            if (i9 < 0 || i9 + i8 > bArr.length) {
                throw new IOException("SSL certificate length too long");
            }
            X509Certificate generateCertificate = X509Certificate.generateCertificate(bArr, i8, i9);
            generateCertificate.checkExtensions();
            generateCertificate.checkValidity();
            if (this.certCnt == 0) {
                this.sCert = generateCertificate;
                rSAPublicKey = (RSAPublicKey) generateCertificate.getPublicKey();
                this.sKeyUsage = generateCertificate.getKeyUsage();
            } else {
                if (x509Certificate.getIssuer().compareTo(generateCertificate.getSubject()) != 0) {
                    throw new CertificateException(x509Certificate, (byte) 11);
                }
                x509Certificate.verify(generateCertificate.getPublicKey());
                int i10 = i3;
                i3 = generateCertificate.getBasicConstraints();
                if (i3 != 65535 && i3 <= i10) {
                    if (generateCertificate.getSubject().equals(generateCertificate.getIssuer())) {
                        throw new CertificateException(x509Certificate, b);
                    }
                    if (i3 == -1) {
                        throw new CertificateException(x509Certificate, (byte) 4);
                    }
                    throw new CertificateException(x509Certificate, (byte) 2);
                }
            }
            this.certCnt = (byte) (this.certCnt + 1);
            X509Certificate[] certificates = certStore.getCertificates(generateCertificate.getIssuer());
            if (certificates == null) {
                Utils.logln((byte) 1, "Netlet found self signed certificate. ");
                return rSAPublicKey;
            }
            if (certificates != null) {
                for (int length = certificates.length - 1; length >= 0; length--) {
                    if (certificates[length].getType().equals("X.509")) {
                        X509Certificate x509Certificate2 = certificates[length];
                        try {
                            generateCertificate.verify(x509Certificate2.getPublicKey());
                            try {
                                x509Certificate2.checkValidity();
                                return rSAPublicKey;
                            } catch (CertificateException e) {
                                throw new CertificateException(x509Certificate2, (byte) 12);
                            }
                        } catch (CertificateException e2) {
                            System.out.println("Cerificate verification exception");
                            e2.printStackTrace();
                            b = e2.getReason();
                        }
                    }
                }
            }
            i = i8 + i9;
            x509Certificate = generateCertificate;
        }
        throw new CertificateException(x509Certificate, b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshake(String str, int i, Record record) {
        this.rnd = null;
        this.gotCertReq = (byte) 0;
        this.sKey = null;
        this.eKey = null;
        this.ourMD5 = null;
        this.ourSHA = null;
        this.start = 0;
        this.cnt = 0;
        this.peerHost = new String(str);
        this.peerPort = i;
        this.rec = record;
        this.eKey = null;
        this.sKey = null;
        this.gotCertReq = (byte) 0;
        this.start = 0;
        this.cnt = 0;
        try {
            this.ourMD5 = MessageDigest.getInstance((byte) 1, false);
            this.ourSHA = MessageDigest.getInstance((byte) 2, false);
            this.rnd = RandomData.getInstance((byte) 2);
        } catch (CryptoException e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public void destroy() {
        this.rec = null;
        this.peerHost = null;
        this.rnd = null;
        this.cSession = null;
        this.sSessionId = null;
        this.srand = null;
        this.crand = null;
        this.preMaster = null;
        this.master = null;
        this.sKey = null;
        this.eKey = null;
        this.ourMD5 = null;
        this.ourSHA = null;
    }

    private int getNextMsg(byte b) throws IOException {
        if (this.cnt == 0) {
            this.rec.rdRec((byte) 22);
            if (this.rec.plainTextLength < 4) {
                throw new IOException("getNextMsg refill failed");
            }
            this.cnt = this.rec.plainTextLength;
            this.nextMsgStart = this.rec.plainTextOffset;
        }
        if (this.rec.inputData[this.nextMsgStart] != b) {
            return -1;
        }
        int i = ((this.rec.inputData[this.nextMsgStart + 1] & 255) << 16) + ((this.rec.inputData[this.nextMsgStart + 2] & 255) << 8) + (this.rec.inputData[this.nextMsgStart + 3] & 255) + 4;
        if (this.cnt < i) {
            throw new IOException(new StringBuffer().append("Refill got short msg c=").append(this.cnt).append(" l=").append(i).toString());
        }
        this.start = this.nextMsgStart;
        this.nextMsgStart += i;
        this.cnt -= i;
        return i;
    }

    private void sndHello3() throws IOException {
        this.cSession = Session.get(this.peerHost, this.peerPort);
        int length = this.cSession == null ? 0 : this.cSession.id.length;
        byte[] bArr = new byte[39 + length + this.SUITES_AND_COMP.length];
        int i = 0 + 1;
        bArr[0] = 1;
        int length2 = bArr.length - 4;
        int i2 = i + 1;
        bArr[i] = (byte) (length2 >>> 16);
        int i3 = i2 + 1;
        bArr[i2] = (byte) (length2 >>> 8);
        int i4 = i3 + 1;
        bArr[i3] = (byte) (length2 & Logging.PACKAGE_ALL);
        int i5 = i4 + 1;
        bArr[i4] = (byte) (this.ver >>> 4);
        int i6 = i5 + 1;
        bArr[i5] = (byte) (this.ver & 15);
        this.crand = new byte[32];
        this.rnd.generateData(this.crand, (short) 0, (short) 32);
        System.arraycopy(this.crand, 0, bArr, i6, this.crand.length);
        int length3 = i6 + this.crand.length;
        int i7 = length3 + 1;
        bArr[length3] = (byte) (length & Logging.PACKAGE_ALL);
        if (this.cSession != null) {
            System.arraycopy(this.cSession.id, 0, bArr, i7, this.cSession.id.length);
            i7 += this.cSession.id.length;
        }
        System.arraycopy(this.SUITES_AND_COMP, 0, bArr, i7, this.SUITES_AND_COMP.length);
        this.ourMD5.update(bArr, 0, bArr.length);
        this.ourSHA.update(bArr, 0, bArr.length);
        this.rec.wrRec((byte) 22, bArr, 0, bArr.length);
    }

    private int rcvSrvrHello() throws IOException {
        int nextMsg = getNextMsg((byte) 2);
        int i = this.start + 4;
        int i2 = this.start + nextMsg;
        if (nextMsg < 42) {
            return -1;
        }
        int i3 = i + 1;
        if (this.rec.inputData[this.start + i] != (this.ver >>> 4)) {
            return -1;
        }
        int i4 = i3 + 1;
        if (this.rec.inputData[this.start + i3] != (this.ver & 15)) {
            return -1;
        }
        this.srand = new byte[32];
        System.arraycopy(this.rec.inputData, i4, this.srand, 0, 32);
        int i5 = i4 + 32;
        int i6 = i5 + 1;
        int i7 = this.rec.inputData[i5] & 255;
        if (i7 != 0) {
            if (i2 < i6 + i7) {
                return -1;
            }
            this.sSessionId = new byte[i7];
            System.arraycopy(this.rec.inputData, i6, this.sSessionId, 0, i7);
            i6 += i7;
        }
        int i8 = i6 + 1;
        int i9 = i8 + 1;
        this.negSuite = this.rec.inputData[i8];
        if (this.negSuite != 5 && this.negSuite != 4 && this.negSuite != 3 && this.negSuite != 9 && this.negSuite != 10) {
            int i10 = i9 + 1;
            if (this.rec.inputData[i9] != 0) {
                return -1;
            }
        }
        this.ourMD5.update(this.rec.inputData, this.start, nextMsg);
        this.ourSHA.update(this.rec.inputData, this.start, nextMsg);
        this.negSuiteName = suiteNames[this.negSuite];
        Utils.logln((byte) 1, new StringBuffer().append("Negotiated ").append(this.negSuiteName).toString());
        return 0;
    }

    private int rcvCert() throws IOException {
        int nextMsg = getNextMsg((byte) 11);
        int i = this.start + nextMsg;
        if (nextMsg < 7) {
            return -1;
        }
        int i2 = this.start + 4;
        int i3 = i2 + 1;
        int i4 = i3 + 1;
        int i5 = ((this.rec.inputData[i2] & 255) << 16) + ((this.rec.inputData[i3] & 255) << 8);
        int i6 = i4 + 1;
        if (i6 + i5 + (this.rec.inputData[i4] & 255) > i) {
            return -1;
        }
        this.certCnt = (byte) 0;
        this.sKeyUsage = 0;
        this.sKey = parseChain(this.peerHost, this.rec.inputData, i6, i, SSLStreamConnection.getTrustedCertStore());
        this.ourMD5.update(this.rec.inputData, this.start, nextMsg);
        this.ourSHA.update(this.rec.inputData, this.start, nextMsg);
        this.certCnt = (byte) 0;
        return 0;
    }

    /* JADX WARN: Removed duplicated region for block: B:34:0x0157 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:35:0x0159 A[Catch: CryptoException -> 0x0171, TRY_ENTER, TRY_LEAVE, TryCatch #2 {CryptoException -> 0x0171, blocks: (B:64:0x00ca, B:66:0x00d6, B:32:0x0124, B:35:0x0159, B:31:0x00fe), top: B:63:0x00ca }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int rcvSrvrKeyExch() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 746
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.portal.kssl.Handshake.rcvSrvrKeyExch():int");
    }

    private int rcvCertReq() throws IOException {
        int nextMsg = getNextMsg((byte) 13);
        if (nextMsg == -1) {
            return 0;
        }
        this.gotCertReq = (byte) 1;
        this.ourMD5.update(this.rec.inputData, this.start, nextMsg);
        this.ourSHA.update(this.rec.inputData, this.start, nextMsg);
        return 0;
    }

    private int rcvSrvrHelloDone() throws IOException {
        int nextMsg = getNextMsg((byte) 14);
        if (nextMsg != 4) {
            return -1;
        }
        this.ourMD5.update(this.rec.inputData, this.start, nextMsg);
        this.ourSHA.update(this.rec.inputData, this.start, nextMsg);
        return 0;
    }

    private void sndKeyExch() throws IOException {
        if (this.gotCertReq == 1) {
            this.rec.alert((byte) 2, (byte) 41);
            throw new IOException("No client cert");
        }
        this.preMaster = new byte[48];
        this.rnd.generateData(this.preMaster, (short) 0, (short) 48);
        this.preMaster[0] = (byte) (this.ver >>> 4);
        this.preMaster[1] = (byte) (this.ver & 15);
        int size = this.eKey.getSize() >>> 3;
        byte[] bArr = new byte[4 + size];
        int i = 0 + 1;
        bArr[0] = 16;
        int i2 = i + 1;
        bArr[i] = (byte) (size >>> 16);
        int i3 = i2 + 1;
        bArr[i2] = (byte) (size >>> 8);
        int i4 = i3 + 1;
        bArr[i3] = (byte) (size & Logging.PACKAGE_ALL);
        try {
            Cipher cipher = Cipher.getInstance((byte) 2, false);
            cipher.init(this.eKey, (byte) 1);
            if (cipher.doFinal(this.preMaster, 0, 48, bArr, i4) != size) {
                throw new IOException("RSA result too short");
            }
            this.ourMD5.update(bArr, 0, bArr.length);
            this.ourSHA.update(bArr, 0, bArr.length);
            this.rec.wrRec((byte) 22, bArr, 0, bArr.length);
        } catch (Exception e) {
            e.printStackTrace();
            throw new IOException(new StringBuffer().append("premaster encryption caught ").append(e).toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void mkMaster() throws IOException {
        byte[] bArr = {new byte[]{65}, new byte[]{66, 66}, new byte[]{67, 67, 67}};
        byte[] bArr2 = new byte[this.preMaster.length + this.crand.length + this.srand.length];
        System.arraycopy(this.preMaster, 0, bArr2, 0, this.preMaster.length);
        System.arraycopy(this.crand, 0, bArr2, this.preMaster.length, this.crand.length);
        System.arraycopy(this.srand, 0, bArr2, this.preMaster.length + this.crand.length, this.srand.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance((byte) 1, false);
            MessageDigest messageDigest2 = MessageDigest.getInstance((byte) 2, false);
            this.master = new byte[48];
            for (int i = 0; i < 3; i++) {
                messageDigest.update(this.preMaster, 0, this.preMaster.length);
                messageDigest2.update(bArr[i], 0, bArr[i].length);
                byte[] bArr3 = new byte[20];
                messageDigest2.doFinal(bArr2, 0, bArr2.length, bArr3, 0);
                messageDigest.doFinal(bArr3, 0, bArr3.length, this.master, i << 4);
            }
        } catch (Exception e) {
            throw new IOException("No MD5 or SHA");
        }
    }

    private void sndChangeCipher() throws IOException {
        this.rec.wrRec((byte) 20, new byte[]{1}, 0, 1);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private byte[] computeFinished(byte b) throws IOException {
        byte[] bArr = {new byte[]{83, 82, 86, 82}, new byte[]{67, 76, 78, 84}};
        byte[] bArr2 = new byte[36];
        try {
            MessageDigest messageDigest = (MessageDigest) this.ourMD5.clone();
            messageDigest.update(bArr[b], 0, 4);
            messageDigest.update(this.master, 0, this.master.length);
            byte[] bArr3 = new byte[16];
            messageDigest.doFinal(Record.PAD1, 0, 48, bArr3, 0);
            messageDigest.update(this.master, 0, this.master.length);
            messageDigest.update(Record.PAD2, 0, 48);
            messageDigest.doFinal(bArr3, 0, 16, bArr2, 0);
            MessageDigest messageDigest2 = (MessageDigest) this.ourSHA.clone();
            messageDigest2.update(bArr[b], 0, 4);
            messageDigest2.update(this.master, 0, this.master.length);
            byte[] bArr4 = new byte[20];
            Record record = this.rec;
            messageDigest2.doFinal(Record.PAD1, 0, 40, bArr4, 0);
            messageDigest2.update(this.master, 0, this.master.length);
            messageDigest2.update(Record.PAD2, 0, 40);
            messageDigest2.doFinal(bArr4, 0, 20, bArr2, 16);
            return bArr2;
        } catch (Exception e) {
            throw new IOException("MessageDigest not cloneable");
        }
    }

    private void sndFinished() throws IOException {
        byte[] bArr = new byte[40];
        System.arraycopy(FINISH_PREFIX, 0, bArr, 0, 4);
        System.arraycopy(computeFinished(this.role), 0, bArr, 4, 36);
        this.ourMD5.update(bArr, 0, bArr.length);
        this.ourSHA.update(bArr, 0, bArr.length);
        this.rec.wrRec((byte) 22, bArr, 0, bArr.length);
    }

    private int rcvChangeCipher() throws IOException {
        if (this.cnt != 0) {
            Utils.logln((byte) 4, "Unread handshake mesg in store");
            return -1;
        }
        this.rec.rdRec((byte) 20);
        return (this.rec.inputData != null && this.rec.inputData.length == 1 && this.rec.inputData[0] == 1) ? 0 : -1;
    }

    private int rcvFinished() throws IOException {
        int nextMsg = getNextMsg((byte) 20);
        if (nextMsg != 40) {
            return -1;
        }
        byte[] computeFinished = computeFinished((byte) (1 - this.role));
        if (!Utils.byteMatch(this.rec.inputData, this.start + 4, computeFinished, 0, computeFinished.length)) {
            return -1;
        }
        this.ourMD5.update(this.rec.inputData, this.start, nextMsg);
        this.ourSHA.update(this.rec.inputData, this.start, nextMsg);
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void doHandShake(byte b) throws IOException {
        System.currentTimeMillis();
        int i = 0;
        this.ver = (byte) 48;
        this.role = b;
        sndHello3();
        if (rcvSrvrHello() < 0) {
            complain("Bad ServerHello");
        }
        if (this.sSessionId == null || this.cSession == null || this.sSessionId.length != this.cSession.id.length || !Utils.byteMatch(this.sSessionId, 0, this.cSession.id, 0, this.sSessionId.length)) {
            try {
                i = rcvCert();
            } catch (CertificateException e) {
                complain(e);
            }
            if (i < 0) {
                complain("Corrupt server certificate message");
            }
            try {
                i = rcvSrvrKeyExch();
            } catch (CertificateException e2) {
                complain(e2);
            }
            if (i < 0) {
                complain("Bad ServerKeyExchange");
            }
            rcvCertReq();
            if (rcvSrvrHelloDone() < 0) {
                complain("Bad ServerHelloDone");
            }
            sndKeyExch();
            mkMaster();
            try {
                this.rec.init(this.crand, this.srand, this.negSuite, this.master);
            } catch (Exception e3) {
                complain(new StringBuffer().append("Record.init() caught ").append(e3).toString());
            }
            sndChangeCipher();
            sndFinished();
            if (rcvChangeCipher() < 0) {
                complain("Bad ChangeCipherSpec");
            }
            if (rcvFinished() < 0) {
                complain("Bad Finished");
            }
        } else {
            this.master = this.cSession.master;
            this.sCert = this.cSession.cert;
            try {
                this.rec.init(this.crand, this.srand, this.negSuite, this.master);
            } catch (Exception e4) {
                complain(new StringBuffer().append("Record.init() caught ").append(e4).toString());
            }
            if (rcvChangeCipher() < 0) {
                complain("Bad ChangeCipherSpec");
            }
            if (rcvFinished() < 0) {
                complain("Bad Finished");
            }
            sndChangeCipher();
            sndFinished();
        }
        Session.add(this.peerHost, this.peerPort, this.sSessionId, this.master, this.sCert);
        if (this.preMaster != null) {
            for (int i2 = 0; i2 < this.preMaster.length; i2++) {
                this.preMaster[i2] = 0;
            }
        }
        for (int i3 = 0; i3 < this.master.length; i3++) {
            this.master[i3] = 0;
        }
    }

    private void complain(String str) throws IOException {
        complain(new IOException(str));
    }

    private void complain(IOException iOException) throws IOException {
        this.rec.alert((byte) 2, (byte) 40);
        if (this.sSessionId != null) {
            Session.del(this.peerHost, this.peerPort, this.sSessionId);
        }
        throw iOException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCipherSuites(byte[] bArr) {
        this.SUITES_AND_COMP = bArr;
    }
}
