package sun.security.ssl;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLProtocolException;
import sun.security.AuthContext;
import sun.security.ExportControl;
import sun.security.TrustDecider;
import sun.security.ssl.HandshakeMessage;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:sun/security/ssl/Handshaker.class */
public abstract class Handshaker extends CipherSpec implements Debugging, ExportControl {
    protected SSLSocketImpl conn;
    protected MessageDigest[] md5;
    protected MessageDigest[] sha1;
    protected HandshakeInStream input;
    protected HandshakeOutStream output;
    protected int state;
    protected AuthContext authContext;
    protected RandomCookie clnt_random;
    protected RandomCookie svr_random;
    protected SSLSessionImpl session;
    protected boolean resumingSession;
    protected boolean enableNewSession = true;

    /* JADX INFO: Access modifiers changed from: protected */
    public Handshaker(SSLSocketImpl sSLSocketImpl, AuthContext authContext, boolean z) throws NoSuchAlgorithmException {
        AuthKeys.initAuthContext(authContext, null, null);
        this.conn = sSLSocketImpl;
        this.resumingSession = false;
        this.session = null;
        this.md5 = getDigests("MD5", z);
        this.sha1 = getDigests("SHA", z);
        this.output = new HandshakeOutStream(sSLSocketImpl, this.md5, this.sha1);
        this.input = new HandshakeInStream();
        this.input.initHashes(this.md5, this.sha1);
        ((SSLInputStream) sSLSocketImpl.getInputStream()).initHashes(this.md5, this.sha1);
        this.authContext = authContext;
        this.state = -1;
    }

    private MessageDigest[] getDigests(String str, boolean z) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        try {
            messageDigest.clone();
            return new MessageDigest[]{messageDigest};
        } catch (CloneNotSupportedException unused) {
            return !z ? new MessageDigest[]{messageDigest, MessageDigest.getInstance(str)} : new MessageDigest[]{messageDigest, MessageDigest.getInstance(str), MessageDigest.getInstance(str)};
        }
    }

    public boolean isDone() {
        return this.state == 20;
    }

    public SSLSessionImpl getSession() {
        return this.session;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void process_record(InputRecord inputRecord) throws IOException, NoSuchAlgorithmException {
        this.input.incomingRecord(inputRecord);
        while (this.input.available() > 0) {
            this.input.mark(4);
            byte int8 = this.input.getInt8();
            int int24 = this.input.getInt24();
            if (this.input.available() < int24) {
                this.input.reset();
                return;
            }
            if (int8 == 0) {
                this.input.reset();
                processMessage(int8, int24);
                this.input.ignore(4 + int24);
            } else {
                this.input.mark(int24);
                processMessage(int8, int24);
                this.input.digestNow();
            }
            if (int8 == 1) {
                this.input.reset();
                this.input.skip(int24);
            }
        }
    }

    public boolean started() {
        return this.state >= 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void kickstart() throws IOException {
        if (this.state >= 0) {
            return;
        }
        HandshakeMessage kickstartMessage = getKickstartMessage();
        kickstartMessage.write(this.output);
        this.output.flush();
        this.state = kickstartMessage.messageType();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean canUseCipherSuite(String str);

    protected abstract HandshakeMessage getKickstartMessage() throws SSLException;

    protected abstract void processMessage(byte b, int i) throws IOException, NoSuchAlgorithmException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void handshakeAlert(byte b) throws SSLProtocolException;

    protected abstract boolean canExchange(int i, boolean z);

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean maybeSetCipherSuite(byte b, byte b2) {
        this.cipherSuite_b1 = b;
        this.cipherSuite_b2 = b2;
        if (b != 0) {
            return false;
        }
        try {
            switch (b2) {
                case 0:
                    return false;
                case 1:
                    if (!isEnabled("SSL_RSA_WITH_NULL_MD5") || !canExchange(1, false)) {
                        return false;
                    }
                    this.is_exportable = true;
                    this.key_exchange_algorithm = 1;
                    setCipherType(0);
                    setMAC(1);
                    return true;
                case 2:
                    if (!isEnabled("SSL_RSA_WITH_NULL_SHA") || !canExchange(1, false)) {
                        return false;
                    }
                    this.is_exportable = true;
                    this.key_exchange_algorithm = 1;
                    setCipherType(0);
                    setMAC(2);
                    return true;
                case 3:
                    if (!isEnabled("SSL_RSA_EXPORT_WITH_RC4_40_MD5") || !CipherRC4.hasRC4() || !canExchange(2, true)) {
                        return false;
                    }
                    this.is_exportable = true;
                    this.key_exchange_algorithm = 2;
                    setCipherType(1);
                    setMAC(1);
                    return true;
                case 4:
                    if (!isEnabled("SSL_RSA_WITH_RC4_128_MD5") || !CipherRC4.hasRC4() || !canExchange(1, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 1;
                    setCipherType(1);
                    setMAC(1);
                    return true;
                case Record.headerSize /* 5 */:
                    if (!isEnabled("SSL_RSA_WITH_RC4_128_SHA") || !CipherRC4.hasRC4() || !canExchange(1, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 1;
                    setCipherType(1);
                    setMAC(2);
                    return true;
                case 9:
                    if (!isEnabled("SSL_RSA_WITH_DES_CBC_SHA") || !canExchange(1, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 1;
                    setCipherType(3);
                    setMAC(2);
                    return true;
                case 10:
                    if (!isEnabled("SSL_RSA_WITH_3DES_EDE_CBC_SHA") || !canExchange(1, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 1;
                    setCipherType(4);
                    setMAC(2);
                    return true;
                case 17:
                    if (!isEnabled("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA") || !canExchange(6, true)) {
                        return false;
                    }
                    this.is_exportable = true;
                    this.key_exchange_algorithm = 6;
                    setCipherType(5);
                    setMAC(2);
                    return true;
                case 18:
                    if (!isEnabled("SSL_DHE_DSS_WITH_DES_CBC_SHA") || !canExchange(6, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 6;
                    setCipherType(3);
                    setMAC(2);
                    return true;
                case 19:
                    if (!isEnabled("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") || !canExchange(6, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 6;
                    setCipherType(4);
                    setMAC(2);
                    return true;
                case Record.ct_application_data /* 23 */:
                    if (!isEnabled("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5") || !CipherRC4.hasRC4() || !canExchange(7, true)) {
                        return false;
                    }
                    this.is_exportable = true;
                    this.key_exchange_algorithm = 7;
                    setCipherType(1);
                    setMAC(1);
                    return true;
                case 24:
                    if (!isEnabled("SSL_DH_anon_WITH_RC4_128_MD5") || !CipherRC4.hasRC4() || !canExchange(7, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 7;
                    setCipherType(1);
                    setMAC(1);
                    return true;
                case 25:
                    if (!isEnabled("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA") || !canExchange(7, true)) {
                        return false;
                    }
                    this.is_exportable = true;
                    this.key_exchange_algorithm = 7;
                    setCipherType(5);
                    setMAC(2);
                    return true;
                case 26:
                    if (!isEnabled("SSL_DH_anon_WITH_DES_CBC_SHA") || !canExchange(7, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 7;
                    setCipherType(3);
                    setMAC(2);
                    return true;
                case 27:
                    if (!isEnabled("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA") || !canExchange(7, false)) {
                        return false;
                    }
                    this.is_exportable = false;
                    this.key_exchange_algorithm = 7;
                    setCipherType(4);
                    setMAC(2);
                    return true;
                default:
                    return false;
            }
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void peerCertificate(HandshakeMessage.CertificateMsg certificateMsg) throws IOException {
        X509Certificate[] certificateChain = certificateMsg.getCertificateChain();
        if (certificateChain.length == 0) {
            this.conn.fatal((byte) 42, "null cert chain");
        }
        TrustDecider trustDecider = this.authContext.getTrustDecider();
        if (trustDecider == null || trustDecider.isTrustedFor(certificateChain, "channel", new Date())) {
            this.session.setPeerCerts(certificateChain);
        } else {
            this.conn.fatal((byte) 46, "untrusted server cert chain");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, java.lang.Object] */
    public void sendChangeCipherSpec(HandshakeMessage.Finished finished) throws IOException {
        this.output.flush();
        synchronized (this.conn.writeLock) {
            OutputRecord outputRecord = new OutputRecord((byte) 20);
            outputRecord.write(1);
            this.conn.write(outputRecord);
            this.conn.changeWriteCiphers();
            finished.write(this.output);
            this.output.flush();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void calculateKeys(byte[] bArr) throws NoSuchAlgorithmException {
        byte[] calculateMasterSecret = calculateMasterSecret(bArr);
        this.session.setMasterSecret(calculateMasterSecret);
        calculateConnectionKeys(calculateMasterSecret);
    }

    private byte[] calculateMasterSecret(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        MessageDigest messageDigest2 = MessageDigest.getInstance("SHA");
        byte[] bArr2 = new byte[48];
        for (int i = 0; i < 3; i++) {
            if (i != 0) {
                messageDigest.reset();
                messageDigest2.reset();
            }
            for (int i2 = 0; i2 <= i; i2++) {
                messageDigest2.update((byte) (65 + i));
            }
            messageDigest2.update(bArr);
            messageDigest2.update(this.clnt_random.random_bytes);
            messageDigest2.update(this.svr_random.random_bytes);
            messageDigest.update(bArr);
            messageDigest.update(messageDigest2.digest());
            System.arraycopy(messageDigest.digest(), 0, bArr2, 16 * i, 16);
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void calculateConnectionKeys(byte[] bArr) throws NoSuchAlgorithmException {
        int MAClen = this.algMAC.MAClen();
        int keyMaterialSize = this.algCipher.keyMaterialSize();
        int initVectorSize = this.algCipher.initVectorSize();
        int i = (MAClen + keyMaterialSize + (this.is_exportable ? 0 : initVectorSize)) * 2;
        byte[] bArr2 = new byte[i];
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        MessageDigest messageDigest2 = MessageDigest.getInstance("SHA");
        int i2 = 0;
        for (int i3 = i; i3 > 0; i3 -= 16) {
            for (int i4 = 0; i4 <= i2; i4++) {
                messageDigest2.update((byte) (65 + i2));
            }
            messageDigest2.update(bArr);
            messageDigest2.update(this.svr_random.random_bytes);
            messageDigest2.update(this.clnt_random.random_bytes);
            messageDigest.update(bArr);
            messageDigest.update(messageDigest2.digest());
            System.arraycopy(messageDigest.digest(), 0, bArr2, i2 * 16, Math.min(i3, 16));
            messageDigest.reset();
            messageDigest2.reset();
            i2++;
        }
        this.clntMacSecret = new byte[MAClen];
        this.svrMacSecret = new byte[MAClen];
        System.arraycopy(bArr2, 0, this.clntMacSecret, 0, MAClen);
        System.arraycopy(bArr2, MAClen, this.svrMacSecret, 0, MAClen);
        this.clntWriteKey = new byte[keyMaterialSize];
        this.svrWriteKey = new byte[keyMaterialSize];
        System.arraycopy(bArr2, 2 * MAClen, this.clntWriteKey, 0, keyMaterialSize);
        System.arraycopy(bArr2, (2 * MAClen) + keyMaterialSize, this.svrWriteKey, 0, keyMaterialSize);
        if (initVectorSize != 0) {
            this.clntWriteIV = new byte[initVectorSize];
            this.svrWriteIV = new byte[initVectorSize];
            if (!this.is_exportable) {
                System.arraycopy(bArr2, 2 * (MAClen + keyMaterialSize), this.clntWriteIV, 0, initVectorSize);
                System.arraycopy(bArr2, (2 * (MAClen + keyMaterialSize)) + initVectorSize, this.svrWriteIV, 0, initVectorSize);
            }
        } else {
            this.clntWriteIV = null;
            this.svrWriteIV = null;
        }
        if (this.is_exportable) {
            int keySize = this.algCipher.keySize();
            messageDigest.reset();
            messageDigest.update(this.clntWriteKey);
            messageDigest.update(this.clnt_random.random_bytes);
            messageDigest.update(this.svr_random.random_bytes);
            this.clntWriteKey = new byte[keySize];
            System.arraycopy(messageDigest.digest(), 0, this.clntWriteKey, 0, keySize);
            messageDigest.reset();
            messageDigest.update(this.svrWriteKey);
            messageDigest.update(this.svr_random.random_bytes);
            messageDigest.update(this.clnt_random.random_bytes);
            this.svrWriteKey = new byte[keySize];
            System.arraycopy(messageDigest.digest(), 0, this.svrWriteKey, 0, keySize);
            if (initVectorSize != 0) {
                messageDigest.reset();
                messageDigest.update(this.clnt_random.random_bytes);
                messageDigest.update(this.svr_random.random_bytes);
                System.arraycopy(messageDigest.digest(), 0, this.clntWriteIV, 0, initVectorSize);
                messageDigest.reset();
                messageDigest.update(this.svr_random.random_bytes);
                messageDigest.update(this.clnt_random.random_bytes);
                System.arraycopy(messageDigest.digest(), 0, this.svrWriteIV, 0, initVectorSize);
            }
        }
    }
}
