package iaik.security.ssl;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: iaik/security/ssl/ServerHandshaker */
/* loaded from: input_file:iaik/security/ssl/ServerHandshaker.class */
public class ServerHandshaker extends Handshaker {

    /* renamed from: ı, reason: contains not printable characters */
    CipherSuite[] f187;

    /* renamed from: Ĳ, reason: contains not printable characters */
    CompressionMethod[] f188;

    /* renamed from: Ý, reason: contains not printable characters */
    PrivateKey f189;

    /* renamed from: ĳ, reason: contains not printable characters */
    boolean f190;

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerHandshaker(SSLSocket sSLSocket) {
        super(sSLSocket, true);
        this.f190 = false;
        this.f109 = (SSLServerContext) sSLSocket.getContext();
        if (((SSLServerContext) this.f109).getRequireClientCertificate()) {
            this.clientAuthenticationState = 2;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0004. Please report as an issue. */
    protected void sendHandshakeMessages() throws IOException {
        switch (this.handshakeState) {
            case 1:
                this.f96.debug("send ServerHello...");
                if (!this.f105) {
                    CipherSuite[] enabledCipherSuites = this.f109.getEnabledCipherSuites();
                    this.f96.f176 = this.f187;
                    boolean z = false;
                    for (int i = 0; i < enabledCipherSuites.length && !z; i++) {
                        for (int i2 = 0; i2 < this.f187.length && !z; i2++) {
                            if (enabledCipherSuites[i].equals(this.f187[i2])) {
                                this.f98.f209 = this.f187[i2];
                                z = true;
                            }
                        }
                    }
                    if (!z) {
                        this.f100.sendAlert(2, 40);
                        throw new SSLException("No common cipher suites.");
                    }
                    CompressionMethod[] enabledCompressionMethods = this.f109.getEnabledCompressionMethods();
                    this.f96.f177 = enabledCompressionMethods;
                    boolean z2 = false;
                    for (int i3 = 0; i3 < enabledCompressionMethods.length && !z2; i3++) {
                        for (int i4 = 0; i4 < this.f188.length && !z2; i4++) {
                            if (enabledCompressionMethods[i3].equals(this.f188[i4])) {
                                this.f98.f210 = this.f188[i4];
                                z2 = true;
                            }
                        }
                    }
                    if (!z2) {
                        this.f98.f210 = CompressionMethod.NULL;
                    }
                }
                this.f96.debug("Selected CipherSuite:");
                this.f96.debug(this.f98.getCipherSuite().getName());
                this.f96.debug("Selected CompressionMethod:");
                this.f96.debug(this.f98.getCompressionMethod().getName());
                this.f96.f174 = this.f98.getCipherSuite();
                this.f96.f175 = this.f98.getCompressionMethod();
                this.f106 = this.f98.getCipherSuite();
                this.f107 = this.f106.getKeyExchangeAlgorithm();
                this.f108 = this.f98.getCompressionMethod();
                ServerHello serverHello = new ServerHello(this.f98, this.f109);
                this.f117 = serverHello.getHelloRandom();
                addHandshakeMessage(serverHello);
                if (this.f105) {
                    this.f118 = this.f98.getMasterSecret();
                    m10();
                    this.f96.f173 = this.f98.getPeerCertificate();
                    sendMessage(22);
                    this.handshakeState = 3;
                } else {
                    if (!this.f107.equals("NULL")) {
                        this.handshakeState = 2;
                        SSLCertificate sSLCertificate = null;
                        ServerKeyExchange serverKeyExchange = null;
                        this.sendServerKeyExchange = true;
                        if (this.f107.startsWith("RSA")) {
                            sSLCertificate = ((SSLServerContext) this.f109).getRSACertificate();
                            int keySizeLimit = this.f98.getCipherSuite().getKeySizeLimit();
                            int bitLength = ((RSAPublicKey) sSLCertificate.getPublicKey()).getModulus().bitLength();
                            if (keySizeLimit == -1 || bitLength <= keySizeLimit) {
                                this.sendServerKeyExchange = false;
                            } else {
                                serverKeyExchange = new ServerRSAKeyExchange(this.f106, this.f116, this.f117);
                                serverKeyExchange.createSignature((SSLServerContext) this.f109);
                            }
                        } else if (this.f107.startsWith("DHE")) {
                            if (this.f107.startsWith("DHE_RSA")) {
                                sSLCertificate = ((SSLServerContext) this.f109).getRSACertificate();
                            } else if (this.f107.startsWith("DHE_DSS")) {
                                sSLCertificate = ((SSLServerContext) this.f109).getDSACertificate();
                            }
                            serverKeyExchange = new ServerDHEKeyExchange(this.f106, this.f116, this.f117);
                            serverKeyExchange.createSignature((SSLServerContext) this.f109);
                            this.f189 = (PrivateKey) serverKeyExchange.getTemporaryKey();
                        } else if (this.f107.startsWith("DH_anon")) {
                            serverKeyExchange = new ServerDHEKeyExchange(this.f106, this.f116, this.f117);
                            serverKeyExchange.createSignature((SSLServerContext) this.f109);
                            this.f189 = (PrivateKey) serverKeyExchange.getTemporaryKey();
                        } else {
                            if (!this.f107.startsWith("DH")) {
                                if (this.f107.startsWith("FORTEZZA")) {
                                    this.f100.sendAlert(2, 40);
                                    throw new SSLException("Diffie-Hellman key exchange not implemented.");
                                }
                                this.f100.sendAlert(2, 40);
                                throw new SSLException("Unknown key exchange algorithm.");
                            }
                            sSLCertificate = ((SSLServerContext) this.f109).getDHCertificate();
                            this.sendServerKeyExchange = false;
                            this.f189 = ((SSLServerContext) this.f109).getDHPrivateKey();
                        }
                        if (sSLCertificate != null) {
                            this.f96.debug("send SSLCertificate...");
                            addHandshakeMessage(sSLCertificate);
                        } else if (!this.f107.startsWith("DH_anon")) {
                            this.f100.sendAlert(2, 40);
                            throw new SSLException("No certificate for this cipher suite found!");
                        }
                        if (this.sendServerKeyExchange) {
                            this.f96.debug("send ServerKeyExchange...");
                            addHandshakeMessage(serverKeyExchange);
                        }
                        if (this.clientAuthenticationState == 2) {
                            this.f96.debug("send CertificateRequest...");
                            if (this.f107.startsWith("DH_anon")) {
                                this.f100.sendAlert(2, 40);
                                throw new RuntimeException("An anonymouse server can't request a client certificate.");
                            }
                            byte[] bArr = ((SSLServerContext) this.f109).f163;
                            Principal[] principalArr = ((SSLServerContext) this.f109).f164;
                            if (bArr == null || principalArr == null) {
                                this.f100.sendAlert(2, 40);
                                throw new SSLException("CertificateRequest information missing.");
                            }
                            addHandshakeMessage(new CertificateRequest(bArr, principalArr));
                        }
                        this.f96.debug("send ServerHelloDone...");
                        addHandshakeMessage(new ServerHelloDone());
                        sendMessage(22);
                        return;
                    }
                    this.f110 = null;
                    this.f111 = null;
                    this.f112 = null;
                    this.f113 = null;
                    this.f96.f173 = null;
                    sendMessage(22);
                    this.handshakeState = 3;
                }
                this.f96.debug("send change_cipher_spec...");
                this.f100.writeUInt8(1);
                sendMessage(20);
                this.f100.changeCipherSpec(this.f111, this.f113, this.f106.getCipherType());
                this.handshakeState = 4;
                this.f96.debug("send finished...");
                addHandshakeMessage(new Finished(getCurrentHash(1)));
                this.handshakeState = 3;
                sendMessage(22);
                return;
            case ClientTrustDecider.rsa_fixed_dh /* 3 */:
                this.f96.debug("send change_cipher_spec...");
                this.f100.writeUInt8(1);
                sendMessage(20);
                this.f100.changeCipherSpec(this.f111, this.f113, this.f106.getCipherType());
                this.handshakeState = 4;
                this.f96.debug("send finished...");
                addHandshakeMessage(new Finished(getCurrentHash(1)));
                this.handshakeState = 3;
            case 2:
            default:
                sendMessage(22);
                return;
        }
    }

    protected void receiveHandshakeMessages(boolean z) throws IOException {
        byte[] preMasterSecret;
        SessionManager sessionManager;
        int i = 0;
        boolean z2 = false;
        SSLCertificate sSLCertificate = null;
        boolean z3 = false;
        do {
            if ((z ? receiveSSLMessage() : 22) != 20) {
                while (this.f99.available() > 0) {
                    int readUInt8 = this.f99.readUInt8();
                    switch (this.handshakeState) {
                        case 1:
                            if (readUInt8 != 1) {
                                this.f100.sendAlert(2, 10);
                                throw new SSLException("First message not ClientHello.");
                            }
                            this.f96.debug("received client_hello...");
                            ClientHello clientHello = new ClientHello(this.f99);
                            if (!clientHello.getSessionID().m23()) {
                                this.f96.debug("Client tries to resume a session!");
                            }
                            this.f98 = null;
                            if (!this.renegotiate && (sessionManager = this.f109.getSessionManager()) != null) {
                                this.f98 = sessionManager.getSession(this.f96, clientHello.getSessionID());
                            }
                            if (this.f98 == null) {
                                this.f98 = new Session(this.f109.getRandomGenerator());
                                this.f187 = clientHello.getCipherSuites();
                                this.f188 = clientHello.getCompressionMethods();
                                this.f105 = false;
                                this.f96.debug("CipherSuites supported by the client");
                                for (int i2 = 0; i2 < this.f187.length; i2++) {
                                    this.f96.debug(this.f187[i2].getName());
                                }
                                this.f96.debug("CompressionMethods supported by the client");
                                for (int i3 = 0; i3 < this.f188.length; i3++) {
                                    this.f96.debug(this.f188[i3].getName());
                                }
                            } else {
                                this.f105 = true;
                                this.f96.debug("Resume session OK!");
                            }
                            this.f116 = clientHello.getHelloRandom();
                            z3 = true;
                            i = 1;
                            break;
                            break;
                        case 2:
                            i = 2;
                            switch (readUInt8) {
                                case 11:
                                    this.f96.debug("received Certificate...");
                                    sSLCertificate = new SSLCertificate(this.f99);
                                    this.clientAuthenticationState = 3;
                                    if (this.f107.startsWith("DH_")) {
                                        checkClientCertificate(sSLCertificate);
                                        break;
                                    } else {
                                        break;
                                    }
                                case 15:
                                    this.f96.debug("received certificate_verify...");
                                    if (this.clientAuthenticationState != 3 || sSLCertificate == null) {
                                        this.f100.sendAlert(2, 40);
                                        throw new SSLException("Client sends certificate verify but no certificate.");
                                    }
                                    if (!new CertificateVerify(this.f99).verifySignature(sSLCertificate.getPublicKey(), getCurrentHash(3))) {
                                        this.f100.sendAlert(2, 42);
                                        throw new SSLException("Certificate verify error!");
                                    }
                                    checkClientCertificate(sSLCertificate);
                                    i = 3;
                                    break;
                                    break;
                                case 16:
                                    this.f96.debug("received client_key_exchange...");
                                    if (this.f107.startsWith("RSA")) {
                                        try {
                                            preMasterSecret = new ClientRSAKeyExchange(this.f99).getPreMasterSecret(this.sendServerKeyExchange ? (RSAPrivateKey) ((SSLServerContext) this.f109).getRSATempKeyPair().getPrivate() : (RSAPrivateKey) ((SSLServerContext) this.f109).getRSAPrivateKey());
                                        } catch (SSLException e) {
                                            this.f100.sendAlert(2, 40);
                                            throw e;
                                        }
                                    } else {
                                        if (!this.f107.startsWith("DH")) {
                                            if (this.f107.startsWith("FORTEZZA")) {
                                                this.f100.sendAlert(2, 40);
                                                throw new SSLException("Diffie-Hellman key exchange not implemented.");
                                            }
                                            this.f100.sendAlert(2, 40);
                                            throw new SSLException("Unknown key exchange algorithm.");
                                        }
                                        preMasterSecret = new ClientDHKeyExchange(this.f99).getPreMasterSecret(this.f189);
                                    }
                                    m9(preMasterSecret);
                                    m10();
                                    z2 = true;
                                    if (this.clientAuthenticationState != 3) {
                                        i = 3;
                                        break;
                                    } else {
                                        break;
                                    }
                                default:
                                    this.f100.sendAlert(2, 40);
                                    throw new SSLException(new StringBuffer("Unknown handshake type: ").append(readUInt8).toString());
                            }
                        case ClientTrustDecider.rsa_fixed_dh /* 3 */:
                        default:
                            this.f100.sendAlert(2, 40);
                            throw new SSLException("Internal state error.");
                        case ClientTrustDecider.dss_fixed_dh /* 4 */:
                            if (readUInt8 != 20) {
                                this.f100.sendAlert(2, 10);
                                throw new SSLException("Expected finished handshake message.");
                            }
                            this.f96.debug("received finished...");
                            i = 3;
                            z3 = true;
                            if (!new Finished(this.f99).verifyHash(getCurrentHash(2))) {
                                this.f100.sendAlert(2, 40);
                                throw new SSLException("Bad hash in Finished message.");
                            }
                            break;
                    }
                    this.f99.updateHashes(this.f102, this.f103);
                }
                this.handshakeState = i;
            } else if (!this.f105 && !this.f107.equals("NULL")) {
                if (this.clientAuthenticationState == 3) {
                    this.f100.sendAlert(2, 40);
                    throw new SSLException("Client didn't send a certificate verify.");
                }
                if (!z2) {
                    this.f100.sendAlert(2, 40);
                    throw new SSLException("Client didn't send client key exchange message.");
                }
            }
        } while (!z3);
    }

    protected void checkClientCertificate(SSLCertificate sSLCertificate) throws IOException {
        TrustDecider trustDecider = this.f109.getTrustDecider();
        if (trustDecider == null || trustDecider.isTrustedPeer(sSLCertificate)) {
            this.f96.f173 = sSLCertificate;
            this.f98.f212 = sSLCertificate;
            this.clientAuthenticationState = 4;
        } else {
            this.f96.f173 = null;
            this.clientAuthenticationState = 5;
            this.f100.sendAlert(2, 42);
            throw new SSLException("Untrusted Certificate!");
        }
    }

    @Override // iaik.security.ssl.Handshaker
    protected void handshake() throws IOException {
        receiveHandshakeMessages(!this.f190);
        sendHandshakeMessages();
        receiveHandshakeMessages(true);
        if (this.f105 || this.f107.equals("NULL")) {
            return;
        }
        sendHandshakeMessages();
    }

    @Override // iaik.security.ssl.Handshaker
    protected void renegotiate(boolean z) throws IOException {
        this.f190 = z;
        if (!z) {
            this.f96.debug("send HelloRequest...");
            addHandshakeMessage(new HelloRequest());
            sendMessage(22);
        }
        doHandshake();
    }
}
