package sun.security.ssl;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLProtocolException;
import sun.security.AuthContext;
import sun.security.jsafe.Provider;
import sun.security.jsafe.RSAPublicKey;
import sun.security.ssl.HandshakeMessage;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:sun/security/ssl/ClientHandshaker.class */
public final class ClientHandshaker extends Handshaker {
    private PublicKey serverKey;
    private byte[] preMasterSecret;
    private BigInteger serverDH;
    private DHKeyExchange dh;
    private HandshakeMessage.CertificateRequest certRequest;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientHandshaker(SSLSocketImpl sSLSocketImpl, AuthContext authContext) throws NoSuchAlgorithmException {
        super(sSLSocketImpl, authContext, true);
    }

    ClientHandshaker(SSLSocketImpl sSLSocketImpl) throws NoSuchAlgorithmException {
        this(sSLSocketImpl, null);
    }

    @Override // sun.security.ssl.Handshaker
    protected void processMessage(byte b, int i) throws IOException, NoSuchAlgorithmException {
        if (this.state > b && b != 0 && this.state != 1) {
            throw new SSLProtocolException(new StringBuffer("Handshake message sequence violation, ").append((int) b).toString());
        }
        switch (b) {
            case 0:
                serverHelloRequest(new HandshakeMessage.HelloRequest(this.input));
                break;
            case 2:
                serverHello(new HandshakeMessage.ServerHello(this.input));
                break;
            case 11:
                if (this.key_exchange_algorithm == 7) {
                    this.conn.fatal((byte) 10, "unexpected server cert chain");
                }
                peerCertificate(new HandshakeMessage.CertificateMsg(this.input));
                this.serverKey = this.session.getPeerCertificateChain()[0].getPublicKey();
                break;
            case 12:
                switch (this.key_exchange_algorithm) {
                    case 1:
                    case 2:
                        try {
                            serverKeyExchange(new HandshakeMessage.RSA_ServerKeyExchange(this.input, i));
                            break;
                        } catch (InvalidKeyException e) {
                            throw new SSLException(new StringBuffer("Server key, ").append(e).toString());
                        }
                    case 3:
                    case 4:
                    default:
                        throw new SSLProtocolException(new StringBuffer("unsupported key exchange algorithm = ").append(this.key_exchange_algorithm).toString());
                    case Record.headerSize /* 5 */:
                    case 6:
                        try {
                            serverKeyExchange(new HandshakeMessage.DH_ServerKeyExchange(this.input, this.serverKey, this.clnt_random.random_bytes, this.svr_random.random_bytes, i));
                            break;
                        } catch (InvalidKeyException e2) {
                            throw new SSLException(new StringBuffer("Server key, ").append(e2).toString());
                        } catch (SignatureException e3) {
                            throw new SSLException(new StringBuffer("Server key, ").append(e3).toString());
                        }
                    case 7:
                        serverKeyExchange(new HandshakeMessage.DH_ServerKeyExchange(this.input));
                        break;
                }
            case 13:
                this.certRequest = new HandshakeMessage.CertificateRequest(this.input);
                break;
            case 14:
                serverHelloDone(new HandshakeMessage.ServerHelloDone(this.input));
                break;
            case 20:
                serverFinished(new HandshakeMessage.Finished(this.input));
                break;
            default:
                throw new SSLProtocolException(new StringBuffer("Illegal client handshake msg, ").append((int) b).toString());
        }
        if (this.state < b) {
            this.state = b;
        }
    }

    @Override // sun.security.ssl.Handshaker
    protected boolean canExchange(int i, boolean z) {
        switch (i) {
            case 1:
            case 2:
            case Record.headerSize /* 5 */:
                return Provider.isAvailable();
            case 3:
            case 4:
            default:
                return false;
            case 6:
                return true;
            case 7:
                return true;
        }
    }

    @Override // sun.security.ssl.Handshaker
    protected boolean canUseCipherSuite(String str) {
        return isEnabled(str);
    }

    private void serverHelloRequest(HandshakeMessage.HelloRequest helloRequest) throws IOException {
        if (this.state < 1) {
            kickstart();
        }
    }

    private void serverHello(HandshakeMessage.ServerHello serverHello) throws IOException {
        if (serverHello.v_major != 3 || serverHello.v_minor > 0) {
            throw new SSLProtocolException(new StringBuffer("version mismatch, server is v").append((int) serverHello.v_major).append(".").append((int) serverHello.v_minor).toString());
        }
        this.v_major = serverHello.v_major;
        this.v_minor = serverHello.v_minor;
        this.svr_random = serverHello.svr_random;
        if (this.session != null) {
            if (this.session.getSessionId().equals(serverHello.sessionId)) {
                CipherSpec cipherSpec = this.session.getCipherSpec();
                byte[] cipherSuite = cipherSpec.getCipherSuite();
                if (serverHello.cipher_suite[0] != cipherSuite[0] || serverHello.cipher_suite[1] != cipherSuite[1] || serverHello.v_major != cipherSpec.v_major || serverHello.v_minor != cipherSpec.v_minor) {
                    throw new SSLProtocolException("Server returned wrong cipher suite for session");
                }
                this.resumingSession = true;
                this.state = 19;
            } else {
                this.session = null;
                if (!this.enableNewSession) {
                    throw new SSLException("New session creation was disabled");
                }
            }
        }
        if (!maybeSetCipherSuite(serverHello.cipher_suite[0], serverHello.cipher_suite[1])) {
            this.conn.fatal((byte) 47, new StringBuffer("Can't support cipher suite [").append((int) serverHello.cipher_suite[0]).append(", ").append((int) serverHello.cipher_suite[1]).append("]").toString());
        } else if (serverHello.compression_method != 0) {
            this.conn.fatal((byte) 47, new StringBuffer("compression type not supported, ").append((int) serverHello.compression_method).toString());
        }
        if (this.session == null) {
            this.session = new SSLSessionImpl(this, serverHello.sessionId, this.conn.getHost(), this.conn.getPort());
            return;
        }
        try {
            calculateConnectionKeys(this.session.getMasterSecret());
        } catch (NoSuchAlgorithmException e) {
            throw new SSLException(new StringBuffer("Missing algorithm: ").append(e.getMessage()).toString());
        }
    }

    private void serverKeyExchange(HandshakeMessage.RSA_ServerKeyExchange rSA_ServerKeyExchange) throws IOException, NoSuchAlgorithmException, InvalidKeyException {
        if (!(this.serverKey instanceof RSAPublicKey)) {
            throw new InvalidKeyException("server key not an RSA key");
        }
        if (!rSA_ServerKeyExchange.verify((RSAPublicKey) this.serverKey, this.clnt_random, this.svr_random)) {
            this.conn.fatal((byte) 40, "server key exchange invalid");
        }
        this.serverKey = rSA_ServerKeyExchange.getPublicKey();
    }

    private void getDHephemeral(BigInteger bigInteger, BigInteger bigInteger2) {
        this.dh = new DHKeyExchange(bigInteger, bigInteger2);
        this.dh.generateKeyPair(CipherSpec.generator, 768);
    }

    private void serverKeyExchange(HandshakeMessage.DH_ServerKeyExchange dH_ServerKeyExchange) throws IOException, NoSuchAlgorithmException {
        if (this.key_exchange_algorithm == 4 || this.key_exchange_algorithm == 3) {
            this.conn.fatal((byte) 10, "not supporting DH certs for key exchange now");
        }
        getDHephemeral(dH_ServerKeyExchange.getModulus(), dH_ServerKeyExchange.getBase());
        this.serverDH = dH_ServerKeyExchange.getServerPublicKey();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:16:0x0086 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0104 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void serverHelloDone(sun.security.ssl.HandshakeMessage.ServerHelloDone r8) throws java.io.IOException, java.security.NoSuchAlgorithmException {
        /*
            Method dump skipped, instructions count: 889
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.ssl.ClientHandshaker.serverHelloDone(sun.security.ssl.HandshakeMessage$ServerHelloDone):void");
    }

    private void serverFinished(HandshakeMessage.Finished finished) throws IOException {
        try {
            if (!finished.verify((MessageDigest) this.md5[0].clone(), (MessageDigest) this.sha1[0].clone(), HandshakeMessage.Finished.server, this.session.getMasterSecret())) {
                this.conn.fatal((byte) 47, "server 'finished' message doesn't verify");
            }
        } catch (CloneNotSupportedException unused) {
            if (!finished.verify(this.md5[0], this.sha1[0], HandshakeMessage.Finished.server, this.session.getMasterSecret())) {
                this.conn.fatal((byte) 47, "server 'finished' message doesn't verify");
            }
            this.md5[0] = null;
            this.sha1[0] = null;
        }
        if (this.resumingSession) {
            this.input.digestNow();
            sendChangeCipherAndFinish();
        }
        if (this.conn.getEnableSessionCaching()) {
            SSLSessionImpl.cacheClientSession(this.session, this.authContext);
        }
    }

    private void sendChangeCipherAndFinish() throws IOException {
        HandshakeMessage.Finished finished;
        try {
        } catch (CloneNotSupportedException unused) {
            finished = new HandshakeMessage.Finished(this.md5[1], this.sha1[1], HandshakeMessage.Finished.client, this.session.getMasterSecret());
            this.md5[1] = null;
            this.sha1[1] = null;
        }
        if (this.md5[0] == null) {
            throw new CloneNotSupportedException("minor hack");
        }
        finished = new HandshakeMessage.Finished((MessageDigest) this.md5[0].clone(), (MessageDigest) this.sha1[0].clone(), HandshakeMessage.Finished.client, this.session.getMasterSecret());
        sendChangeCipherSpec(finished);
        this.state = 19;
    }

    @Override // sun.security.ssl.Handshaker
    protected HandshakeMessage getKickstartMessage() throws SSLException {
        HandshakeMessage.ClientHello clientHello = new HandshakeMessage.ClientHello(CipherSpec.generator);
        this.clnt_random = clientHello.clnt_random;
        this.session = SSLSessionImpl.getClientSession(this.conn.getHost(), this.conn.getPort(), this.authContext);
        if (this.session != null) {
            if (isEnabled(this.session.getCipherSuite())) {
                clientHello.sessionId = this.session.getSessionId();
            } else {
                this.session = null;
            }
            if (!this.enableNewSession) {
                if (this.session == null) {
                    throw new SSLException("Can't reuse existing SSL client session");
                }
                clientHello.cipher_suites = this.session.getCipherSpec().getCipherSuite();
                return clientHello;
            }
        }
        if (this.session == null) {
            if (!this.enableNewSession) {
                throw new SSLException("No existing session to resume.");
            }
            clientHello.sessionId = SSLSessionImpl.nullSession.getSessionId();
        }
        clientHello.cipher_suites = new byte[2 * this.enabledCipherSuites.length];
        cipherSuiteHelper(clientHello, 0, 25, cipherSuiteHelper(clientHello, 0, 23, cipherSuiteHelper(clientHello, 0, 27, cipherSuiteHelper(clientHello, 0, 26, cipherSuiteHelper(clientHello, 0, 24, cipherSuiteHelper(clientHello, 0, 1, cipherSuiteHelper(clientHello, 0, 2, cipherSuiteHelper(clientHello, 0, 17, cipherSuiteHelper(clientHello, 0, 3, cipherSuiteHelper(clientHello, 0, 19, cipherSuiteHelper(clientHello, 0, 18, cipherSuiteHelper(clientHello, 0, 10, cipherSuiteHelper(clientHello, 0, 9, cipherSuiteHelper(clientHello, 0, 4, cipherSuiteHelper(clientHello, 0, 5, 0, "SSL_RSA_WITH_RC4_128_SHA"), "SSL_RSA_WITH_RC4_128_MD5"), "SSL_RSA_WITH_DES_CBC_SHA"), "SSL_RSA_WITH_3DES_EDE_CBC_SHA"), "SSL_DHE_DSS_WITH_DES_CBC_SHA"), "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"), "SSL_RSA_EXPORT_WITH_RC4_40_MD5"), "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"), "SSL_RSA_WITH_NULL_SHA"), "SSL_RSA_WITH_NULL_MD5"), "SSL_DH_anon_WITH_RC4_128_MD5"), "SSL_DH_anon_WITH_DES_CBC_SHA"), "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"), "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"), "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA");
        return clientHello;
    }

    private int cipherSuiteHelper(HandshakeMessage.ClientHello clientHello, int i, int i2, int i3, String str) {
        if (isEnabled(str)) {
            int i4 = i3 + 1;
            clientHello.cipher_suites[i3] = (byte) i;
            i3 = i4 + 1;
            clientHello.cipher_suites[i4] = (byte) i2;
        }
        return i3;
    }

    @Override // sun.security.ssl.Handshaker
    void handshakeAlert(byte b) throws SSLProtocolException {
        System.out.println(new StringBuffer("SSL -- handshake alert not dealt with, ").append((int) b).toString());
        throw new SSLProtocolException(new StringBuffer("handshake alert not dealt with:  ").append((int) b).toString());
    }
}
