package iaik.security.ssl;

import java.io.IOException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:119465-01/SUNWamsci/reloc/SUNWam/lib/iaik_ssl.jar:iaik/security/ssl/l.class */
public class l extends x {
    private static final int j = 9;
    private static final int k = 8;
    private static final int f = 7;
    private static final int m = 6;
    private static final int g = 5;
    private static final int e = 4;
    private static final int l = 3;
    private static final int h = 2;
    private static final int i = 1;
    private byte[] b;
    private byte[] a;
    private byte[] d;
    private int c;
    private static final int n = 1;
    private static final int o = 1;

    private void p() throws IOException {
        SecureRandom randomGenerator = this.w.getRandomGenerator();
        int expandedKeyLength = this.cb.getExpandedKeyLength();
        int keyLength = this.cb.getKeyLength();
        int i2 = expandedKeyLength - keyLength;
        this.r = new byte[expandedKeyLength];
        randomGenerator.nextBytes(this.r);
        this.g.e = this.r;
        byte[] bArr = new byte[i2];
        System.arraycopy(this.r, 0, bArr, 0, i2);
        byte[] bArr2 = new byte[keyLength];
        System.arraycopy(this.r, i2, bArr2, 0, keyLength);
        try {
            byte[] doFinal = SecurityProvider.getSecurityProvider().getCipher(this.w.getAllowedProtocolVersions()[1] > 2 ? SecurityProvider.ALG_CIPHER_RSA_ENCRYPT_SSL2 : SecurityProvider.ALG_CIPHER_RSA_ENCRYPT, SecurityProvider.CIPHER_ENCRYPT, ((x) this).a, null, randomGenerator).doFinal(bArr2);
            byte[] bArr3 = new byte[this.cb.getIVSize()];
            randomGenerator.nextBytes(bArr3);
            this.g.a = bArr3;
            super.d.a("Sending client master key message...");
            this.o.write(2);
            this.cb.b(this.o);
            this.o.e(i2);
            this.o.e(doFinal.length);
            this.o.e(bArr3.length);
            this.o.write(bArr);
            this.o.write(doFinal);
            this.o.write(bArr3);
            this.o.b(SSLContext.CERTTYPE_RSA_ENCRYPT);
            this.v = 3;
        } catch (Exception unused) {
            this.o.b(2, 0);
            throw new SSLException("Could not encrypt key data");
        }
    }

    private void o() throws IOException {
        String cipherAlgorithm = this.cb.getCipherAlgorithm();
        String macAlgorithm = this.cb.getMacAlgorithm();
        String substring = cipherAlgorithm.substring(0, cipherAlgorithm.indexOf(47));
        int expandedKeyLength = this.cb.getExpandedKeyLength();
        this.a = e(expandedKeyLength + expandedKeyLength);
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.a, 0, expandedKeyLength, substring);
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(this.a, expandedKeyLength, expandedKeyLength, substring);
        IvParameterSpec ivParameterSpec = null;
        IvParameterSpec ivParameterSpec2 = null;
        int a = this.cb.a();
        if (a == 2) {
            ivParameterSpec = new IvParameterSpec(this.g.a);
            ivParameterSpec2 = ivParameterSpec;
        }
        SecurityProvider securityProvider = SecurityProvider.getSecurityProvider();
        try {
            this.n = new n(securityProvider.getMessageDigest(macAlgorithm), this.u.a());
            ((r) this).b = new n(securityProvider.getMessageDigest(macAlgorithm), this.o.b());
            this.m = securityProvider.getCipher(cipherAlgorithm, SecurityProvider.CIPHER_DECRYPT, secretKeySpec, ivParameterSpec, null);
            ((r) this).a = securityProvider.getCipher(cipherAlgorithm, SecurityProvider.CIPHER_ENCRYPT, secretKeySpec2, ivParameterSpec2, null);
            this.n.a(secretKeySpec.getEncoded());
            ((r) this).b.a(secretKeySpec2.getEncoded());
            this.o.a(((r) this).a, ((r) this).b, a, this.x);
            this.u.a(this.m, this.n, a, this.x);
            super.d.a("Sending client finish message...");
            this.o.write(3);
            this.o.write(this.h);
            this.o.b(SSLContext.CERTTYPE_RSA_ENCRYPT);
            this.v = 4;
        } catch (Exception e2) {
            this.o.b(2, 0);
            throw new SSLException(new StringBuffer("Exception during cipher init: ").append(e2).toString());
        }
    }

    private void n() throws IOException {
        if (this.c != 1) {
            super.d.a(new StringBuffer("Sending unsupported certificate type (").append(this.c).append(") warning...").toString());
            this.o.b(1, 6);
            this.v = 7;
            return;
        }
        KeyAndCert a = a(new ab(new byte[]{1}, new Principal[0]), (PublicKey) null);
        if (a == null) {
            super.d.a("Sending no certificate warning...");
            this.o.b(1, 2);
            this.v = 7;
            return;
        }
        super.d.a("Sending client certificate...");
        try {
            byte[] encoded = a.getCertificateChain()[0].getEncoded();
            Signature signature = SecurityProvider.getSecurityProvider().getSignature(SecurityProvider.ALG_SIGNATURE_MD5RSA, SecurityProvider.SIGNATURE_SIGN, a.getPrivateKey(), this.w.getRandomGenerator());
            signature.update(this.a);
            signature.update(this.d);
            signature.update(this.b);
            byte[] sign = signature.sign();
            this.o.h(8);
            this.o.h(1);
            this.o.e(encoded.length);
            this.o.e(sign.length);
            this.o.write(encoded);
            this.o.write(sign);
            this.o.b(SSLContext.CERTTYPE_RSA_ENCRYPT);
            this.v = 7;
        } catch (Exception e2) {
            this.o.b(2, 0);
            throw new SSLException(new StringBuffer("Error creating client certificate message: ").append(e2).toString());
        }
    }

    private void m() throws IOException {
        super.d.a("Received server verify message.");
        byte[] bArr = new byte[this.u.available()];
        this.u.a(bArr);
        if (!Utils.equalsBlock(this.y, bArr)) {
            throw new IOException("server verify error");
        }
        this.v = 5;
    }

    private void l() throws IOException {
        super.d.a("Received v2 server hello, entering SSL 2.0 mode.");
        d(2);
        this.g.b = 2;
        int i2 = this.u.i();
        int i3 = this.u.i();
        int d = this.u.d();
        if (d != 2) {
            this.o.b(2, 0);
            throw new SSLException(new StringBuffer("Invalid server selected SSL version ").append(Utils.b(d)).toString());
        }
        int d2 = this.u.d();
        int d3 = this.u.d();
        int d4 = this.u.d();
        if (i2 != 0) {
            super.d.a("Resuming previous session...");
            if (this.g.a().b()) {
                this.o.b(2, 0);
                throw new SSLException("Server tried to resume a new session!");
            }
            if (d2 != 0 || d3 != 0) {
                this.o.b(2, 0);
                throw new SSLException("Invalid parameters for resume session!");
            }
            this.cb = this.g.i;
            this.s = this.cb.getKeyExchangeAlgorithm();
            this.x = this.g.h;
            this.r = this.g.e;
            this.h = new byte[d4];
            this.u.a(this.h);
            this.v = 3;
            return;
        }
        if (i3 != 1) {
            this.o.b(2, 0);
            throw new SSLException(new StringBuffer("Invalid server certificate type: ").append(i3).toString());
        }
        if (d3 == 0) {
            this.o.b(2, 0);
            throw new SSLException("No common ciphersuites");
        }
        this.b = new byte[d2];
        this.u.a(this.b);
        try {
            X509Certificate x509Certificate = SecurityProvider.getSecurityProvider().getX509Certificate(this.b);
            ((x) this).a = x509Certificate.getPublicKey();
            X509Certificate[] x509CertificateArr = {x509Certificate};
            if (!a(x509CertificateArr)) {
                super.d.g = x509CertificateArr;
                this.o.b(2, 0);
                throw new SSLException("Server certificate rejected by ChainVerifier");
            }
            this.g.d = x509CertificateArr;
            super.d.g = x509CertificateArr;
            CipherSuiteList cipherSuiteList = new CipherSuiteList(this.u, d3, true);
            super.d.h = cipherSuiteList;
            this.cb = cipherSuiteList.elementAt(0);
            this.g.i = this.cb;
            this.x = CompressionMethod.NULL_COMPRESSION;
            this.g.h = this.x;
            this.s = this.cb.getKeyExchangeAlgorithm();
            super.d.a("Common ciphersuites:");
            Enumeration elements = cipherSuiteList.elements();
            while (elements.hasMoreElements()) {
                super.d.a(elements.nextElement().toString());
            }
            super.d.a(new StringBuffer("Selecting CipherSuite: ").append(this.cb).toString());
            if (!this.w.getEnabledCipherSuiteList().a().contains(this.cb)) {
                this.o.b(2, 0);
                throw new SSLException("Server returned a not enabled cipher suite?!");
            }
            this.h = new byte[d4];
            this.u.a(this.h);
            this.v = 2;
        } catch (Exception e2) {
            this.o.b(2, 0);
            throw new SSLException(new StringBuffer("Error decoding server certificate: ").append(e2).toString());
        }
    }

    private void k() throws IOException {
        super.d.a("Received server finish message.");
        byte[] bArr = new byte[this.u.available()];
        this.u.a(bArr);
        this.g.c = new SessionID(bArr);
        this.v = 8;
    }

    private void j() throws IOException {
        super.d.a("Received certificate request message.");
        this.c = this.u.i();
        this.d = new byte[this.u.available()];
        this.u.a(this.d);
        this.v = 6;
    }

    private void i() throws IOException {
        if (this.v != 1) {
            this.u.c();
        }
        int i2 = this.u.i();
        if (this.v == 1 && i2 == 4) {
            l();
            return;
        }
        if (this.v == 4 && i2 == 5) {
            m();
            return;
        }
        if (this.v == 5 && i2 == 6) {
            k();
            return;
        }
        if (this.v == 5 && i2 == 7) {
            j();
            return;
        }
        if (this.v == 7 && i2 == 6) {
            k();
        } else if (i2 == 0) {
            h();
        } else {
            this.v = 9;
            this.o.b(2, 0);
            throw new SSLException(new StringBuffer("Received unexpected V2 handshake message: ").append(j.c(i2)).toString());
        }
    }

    private void h() throws IOException {
        String stringBuffer;
        super.d.a("Received error message.");
        int d = this.u.d();
        switch (d) {
            case 0:
                stringBuffer = "undefined error";
                break;
            case 1:
                stringBuffer = "no cipher";
                break;
            case 2:
                stringBuffer = "no certificate";
                break;
            case 3:
            case 5:
            default:
                stringBuffer = new StringBuffer("unknown error type ").append(d).toString();
                break;
            case 4:
                stringBuffer = "bad certificate";
                break;
            case 6:
                stringBuffer = "unsupported certificate type";
                break;
        }
        this.v = 9;
        this.o.b(2, 0);
        throw new SSLException(new StringBuffer("Received error message: ").append(stringBuffer).toString());
    }

    private byte[] e(int i2) {
        byte[] bArr = new byte[i2];
        int i3 = 48;
        int i4 = 0;
        while (i4 < i2) {
            this.p.update(this.r);
            this.p.update((byte) i3);
            this.p.update(this.y);
            this.p.update(this.h);
            byte[] digest = this.p.digest();
            int b = Utils.b(digest.length, i2 - i4);
            System.arraycopy(digest, 0, bArr, i4, b);
            i4 += b;
            i3++;
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void g() throws IOException {
        this.v = 1;
        while (true) {
            switch (this.v) {
                case 1:
                case 4:
                case 5:
                case 7:
                    i();
                    break;
                case 2:
                    p();
                    break;
                case 3:
                    o();
                    break;
                case 6:
                    n();
                    break;
                case 8:
                case 9:
                    return;
                default:
                    this.o.b(2, 0);
                    throw new SSLException("Internal state error.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public l(SSLTransport sSLTransport) throws SSLException {
        super(sSLTransport);
    }
}
