package com.sun.net.ssl.internal.ssl;

import COM.rsa.asn1.SunJSSE_bp;
import com.sun.net.ssl.internal.ssl.HandshakeMessage;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: DashoA6275 */
/* loaded from: input_file:com/sun/net/ssl/internal/ssl/ServerHandshaker.class */
public final class ServerHandshaker extends Handshaker {
    private byte a;
    private boolean b;
    private X509Certificate[] c;
    private PrivateKey d;
    private boolean e;
    private PrivateKey f;
    private RSAPublicKey g;
    private SunJSSE_au h;

    private boolean b(boolean z) {
        int i = !z ? 1024 : 512;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(i, super.g.a());
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            this.g = (RSAPublicKey) genKeyPair.getPublic();
            this.f = genKeyPair.getPrivate();
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private void c(boolean z) {
        if (z) {
            this.h = new SunJSSE_au(SunJSSE_au.i, SunJSSE_au.j);
            this.h.a(super.g.a(), SunJSSE_bp.n);
        } else {
            this.h = new SunJSSE_au();
            this.h.a(super.g.a(), SunJSSE_bp.p);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerHandshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, byte b) throws NoSuchAlgorithmException {
        super(sSLSocketImpl, sSLContextImpl, b != 0);
        this.b = false;
        this.e = false;
        this.a = b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(byte b) {
        this.a = b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    public SunJSSE_e c() throws NoSuchAlgorithmException {
        return this.aa.a(this.n, this.p, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    public MAC d() throws NoSuchAlgorithmException {
        return this.ae.newMAC(this.r);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    public SunJSSE_e e() throws NoSuchAlgorithmException {
        return this.aa.a(this.m, this.o, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    public MAC f() throws NoSuchAlgorithmException {
        return this.ae.newMAC(((Handshaker) this).q);
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    boolean a(int i, boolean z) {
        if (this.k) {
            return true;
        }
        X509KeyManager b = super.g.b();
        if (i != 1 && i != 2 && i != 5) {
            if (i != 6) {
                if (i != 7) {
                    return false;
                }
                c(z);
                return true;
            }
            String chooseServerAlias = b.chooseServerAlias("DSA", null, ((Handshaker) this).a);
            if (chooseServerAlias == null) {
                return false;
            }
            this.d = b.getPrivateKey(chooseServerAlias);
            if (this.d == null) {
                return false;
            }
            this.c = b.getCertificateChain(chooseServerAlias);
            c(z);
            return this.d != null;
        }
        String chooseServerAlias2 = b.chooseServerAlias("RSA", null, ((Handshaker) this).a);
        if (chooseServerAlias2 == null) {
            return false;
        }
        this.d = b.getPrivateKey(chooseServerAlias2);
        if (this.d == null) {
            return false;
        }
        this.c = b.getCertificateChain(chooseServerAlias2);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) this.c[0].getPublicKey();
        if (i == 2 && rSAPublicKey.getModulus().bitLength() > 512 && !b(z)) {
            return false;
        }
        if (i == 5) {
            c(z);
        }
        return this.d != null && (this.d instanceof RSAPrivateKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    public boolean canUseCipherSuite(String str) {
        if (str.startsWith("SSL_RSA_")) {
            return a(1, false);
        }
        if (str.startsWith("SSL_DH_anon_")) {
            return a(7, false);
        }
        if (str.startsWith("SSL_DHE_DSS_")) {
            return a(6, false);
        }
        return false;
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    protected void processMessage(byte b, int i) throws IOException, NoSuchAlgorithmException {
        byte[] a;
        if (super.f > b && super.f != 16 && b != 15) {
            throw new SSLProtocolException(new StringBuffer().append("Handshake message sequence violation, state = ").append(super.f).append(", type = ").append((int) b).toString());
        }
        switch (b) {
            case 1:
                ((Handshaker) this).d.mark(i);
                SunJSSE_n sunJSSE_n = new SunJSSE_n(((Handshaker) this).d);
                ((Handshaker) this).d.reset();
                ((Handshaker) this).d.skip(i);
                a(sunJSSE_n);
                break;
            case 11:
                if (this.a == 0) {
                    ((Handshaker) this).a.a((byte) 10, "client sent unsolicited cert chain");
                }
                a(new HandshakeMessage.CertificateMsg(((Handshaker) this).d));
                break;
            case 15:
                a(new SunJSSE_u(((Handshaker) this).d));
                break;
            case 16:
                switch (((CipherSpec) this).q) {
                    case 1:
                    case 2:
                        a = a(new SunJSSE_av(((CipherSpec) this).a, ((CipherSpec) this).b, super.g.a(), ((Handshaker) this).d, i, this.d));
                        break;
                    case 3:
                    case 4:
                    case 5:
                    case SunJSSE_bp.ac /* 6 */:
                    case 7:
                        a = a(new ClientDiffieHellmanPublic(((Handshaker) this).d));
                        break;
                    default:
                        throw new SSLProtocolException(new StringBuffer().append("unsupported key exchange algorithm = ").append(((CipherSpec) this).q).toString());
                }
                a(a);
                for (int i2 = 0; i2 < a.length; i2++) {
                    a[i2] = 0;
                }
                break;
            case 20:
                a(new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, ((Handshaker) this).d));
                break;
            default:
                throw new SSLProtocolException(new StringBuffer().append("Illegal server handshake msg, ").append((int) b).toString());
        }
        if (super.f >= b || b == 15) {
            return;
        }
        super.f = b;
    }

    private void a(SunJSSE_n sunJSSE_n) throws IOException {
        HandshakeMessage sunJSSE_q;
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_n.a(System.out);
        }
        ((Handshaker) this).d.a();
        SunJSSE_o sunJSSE_o = new SunJSSE_o();
        if (sunJSSE_n.a != 3) {
            throw new SSLProtocolException(new StringBuffer().append("version mismatch, client is v").append((int) sunJSSE_n.a).append(".").append((int) sunJSSE_n.b).toString());
        }
        sunJSSE_o.a = (byte) 3;
        ((CipherSpec) this).a = sunJSSE_n.a;
        if (sunJSSE_n.b > ((CipherSpec) this).b) {
            sunJSSE_o.b = ((CipherSpec) this).b;
        } else {
            sunJSSE_o.b = sunJSSE_n.b;
        }
        ((CipherSpec) this).b = sunJSSE_o.b;
        ((Handshaker) this).a.a(((CipherSpec) this).a, ((CipherSpec) this).b);
        super.e.r.a(((CipherSpec) this).a, ((CipherSpec) this).b);
        ((Handshaker) this).h = sunJSSE_n.d;
        this.i = new SunJSSE_l(super.g.a());
        sunJSSE_o.d = this.i;
        if (sunJSSE_n.e.a() != 0) {
            if (this.j != null && !this.b && !sunJSSE_n.e.equals(this.j.d())) {
                throw new SSLException("Client cannot change existing session");
            }
            this.j = null;
            SSLSessionImpl a = ((SSLSessionContextImpl) super.g.engineGetServerSessionContext()).a(sunJSSE_n.e.b());
            if (a != null) {
                byte[] cipherSuite = a.e().getCipherSuite();
                this.k = a.b();
                if (this.k) {
                    this.k = a(sunJSSE_n, cipherSuite);
                }
                if (this.k && this.a != 0) {
                    try {
                        a.getPeerCertificates();
                    } catch (SSLPeerUnverifiedException e) {
                        this.k = false;
                    }
                }
                if (this.k) {
                    this.j = a;
                    if (Handshaker.s != null && (Debug.isOn("handshake") || Debug.isOn("session"))) {
                        System.out.println(new StringBuffer().append("%% Resuming ").append(this.j).toString());
                    }
                }
            }
        } else {
            if (this.j != null && !this.b) {
                throw new SSLException("Client cannot change existing session");
            }
            this.j = null;
        }
        if (this.j == null) {
            if (!this.l) {
                throw new SSLException("Client did not resume a session");
            }
            this.j = new SSLSessionImpl(this, super.g.a(), ((Handshaker) this).a.getInetAddress().getHostAddress(), ((Handshaker) this).a.getPort());
            b(sunJSSE_n);
        }
        sunJSSE_o.f = this.j.e().getCipherSuite();
        sunJSSE_o.e = this.j.d();
        sunJSSE_o.g = this.j.f();
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_o.a(System.out);
            System.out.println(new StringBuffer().append("Cipher suite:  ").append(this.j.e()).toString());
        }
        sunJSSE_o.write(super.e);
        if (this.k) {
            try {
                b(this.j.a());
                d(true);
                return;
            } catch (NoSuchAlgorithmException e2) {
                throw new SSLException(new StringBuffer().append("Missing algorithm: ").append(e2.getMessage()).toString());
            }
        }
        if (((CipherSpec) this).q != 7) {
            if (this.c == null) {
                throw new SSLException("internal error, no certs!");
            }
            HandshakeMessage.CertificateMsg certificateMsg = new HandshakeMessage.CertificateMsg(this.c);
            this.j.b(this.c);
            if (Handshaker.s != null && Debug.isOn("handshake")) {
                certificateMsg.a(System.out);
            }
            certificateMsg.write(super.e);
        }
        boolean z = false;
        if (this.c == null) {
            z = true;
        } else {
            switch (((CipherSpec) this).q) {
                case 1:
                case 2:
                    if (((CipherSpec) this).q == 2 && ((RSAPrivateKey) this.d).getModulus().bitLength() > 512) {
                        z = true;
                        break;
                    }
                    break;
                case 3:
                case 4:
                    break;
                case 5:
                case SunJSSE_bp.ac /* 6 */:
                case 7:
                    z = true;
                    break;
                default:
                    throw new SSLException(new StringBuffer().append("unsupported server key exchange ").append(((CipherSpec) this).q).toString());
            }
        }
        if (z) {
            switch (((CipherSpec) this).q) {
                case 1:
                case 2:
                    try {
                        if (this.c != null) {
                            sunJSSE_q = new SunJSSE_q(this.g, this.d, ((Handshaker) this).h, this.i, super.g.a());
                            this.d = this.f;
                            break;
                        } else {
                            throw new SSLException("Anonymous RSA not supported");
                        }
                    } catch (InvalidKeyException e3) {
                        throw new SSLException(new StringBuffer().append("Bad RSA key, ").append(e3).toString());
                    } catch (NoSuchAlgorithmException e4) {
                        throw new SSLException(new StringBuffer().append("Algorithm missing, ").append(e4).toString());
                    } catch (SignatureException e5) {
                        throw new SSLException(new StringBuffer().append("Internal error, ").append(e5).toString());
                    }
                case 3:
                case 4:
                default:
                    throw new SSLException(new StringBuffer().append("unsupported server key exchange ").append(((CipherSpec) this).q).toString());
                case 5:
                case SunJSSE_bp.ac /* 6 */:
                    try {
                        sunJSSE_q = new HandshakeMessage.DH_ServerKeyExchange(this.h, this.d, ((Handshaker) this).h.a, this.i.a, super.g.a());
                        break;
                    } catch (InvalidKeyException e6) {
                        throw new SSLException(new StringBuffer().append("Bad RSA or DSS key, ").append(e6).toString());
                    } catch (NoSuchAlgorithmException e7) {
                        throw new SSLException(new StringBuffer().append("Algorithm missing, ").append(e7).toString());
                    } catch (SignatureException e8) {
                        throw new SSLException(new StringBuffer().append("Internal error, ").append(e8).toString());
                    }
                case 7:
                    sunJSSE_q = new HandshakeMessage.DH_ServerKeyExchange(this.h);
                    break;
            }
            if (Handshaker.s != null && Debug.isOn("handshake")) {
                sunJSSE_q.a(System.out);
            }
            sunJSSE_q.write(super.e);
        }
        if (this.a != 0 && ((CipherSpec) this).q != 7) {
            SunJSSE_s sunJSSE_s = new SunJSSE_s(super.g.c().getAcceptedIssuers(), ((CipherSpec) this).q);
            if (Handshaker.s != null && Debug.isOn("handshake")) {
                sunJSSE_s.a(System.out);
            }
            sunJSSE_s.write(super.e);
        }
        SunJSSE_t sunJSSE_t = new SunJSSE_t();
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_t.a(System.out);
        }
        sunJSSE_t.write(super.e);
        super.e.flush();
    }

    private boolean a(SunJSSE_n sunJSSE_n, byte[] bArr) {
        boolean z = false;
        int i = 0;
        while (i < sunJSSE_n.f.length && (bArr[0] != sunJSSE_n.f[i] || bArr[1] != sunJSSE_n.f[i + 1])) {
            i += 2;
        }
        if (i < sunJSSE_n.f.length) {
            z = a(bArr[0], bArr[1]);
        }
        return z;
    }

    private void b(SunJSSE_n sunJSSE_n) throws IOException {
        int i = 0;
        while (i < sunJSSE_n.f.length && (!a(sunJSSE_n.f[i], sunJSSE_n.f[i + 1]) || (this.a == 2 && ((CipherSpec) this).q == 7))) {
            i += 2;
        }
        if (i >= sunJSSE_n.f.length) {
            ((Handshaker) this).a.a((byte) 40, "no cipher suites in common");
        }
    }

    private byte[] a(SunJSSE_av sunJSSE_av) throws IOException, NoSuchAlgorithmException {
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_av.a(System.out);
        }
        if (sunJSSE_av.a == ((CipherSpec) this).a && sunJSSE_av.b == ((CipherSpec) this).b) {
            return sunJSSE_av.c;
        }
        throw new SSLProtocolException("Incorrect RSA Key Exchange");
    }

    private byte[] a(ClientDiffieHellmanPublic clientDiffieHellmanPublic) throws IOException, NoSuchAlgorithmException {
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            clientDiffieHellmanPublic.a(System.out);
        }
        return this.h.b(clientDiffieHellmanPublic.getClientPublicKey());
    }

    private void a(SunJSSE_u sunJSSE_u) throws IOException {
        boolean z = false;
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_u.a(System.out);
        }
        try {
            PublicKey publicKey = this.j.getPeerCertificates()[0].getPublicKey();
            try {
                z = sunJSSE_u.a(((CipherSpec) this).b, publicKey, (MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), this.j.a());
            } catch (CloneNotSupportedException e) {
                z = sunJSSE_u.a(((CipherSpec) this).b, publicKey, ((Handshaker) this).b[2], ((Handshaker) this).c[2], this.j.a());
                ((Handshaker) this).b[2] = null;
                ((Handshaker) this).c[2] = null;
            }
        } catch (InvalidKeyException e2) {
        } catch (NoSuchAlgorithmException e3) {
            ((Handshaker) this).a.a((byte) 43, "client cert type is unsupported");
        } catch (SignatureException e4) {
        }
        if (!z) {
            ((Handshaker) this).a.a((byte) 42, "client cert didn't verify");
        }
        this.e = false;
    }

    private void a(HandshakeMessage.Finished finished) throws IOException {
        boolean verify;
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            finished.a(System.out);
        }
        if (this.a == 2) {
            this.j.getPeerCertificates();
        }
        if (this.e) {
            ((Handshaker) this).a.a((byte) 40, "client did not send certificate verify message");
        }
        try {
            verify = ((CipherSpec) this).b == 0 ? finished.verify((MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), HandshakeMessage.Finished.c, this.j.a()) : finished.verify((MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), "client finished", this.j.a());
        } catch (CloneNotSupportedException e) {
            verify = ((CipherSpec) this).b == 0 ? finished.verify(((Handshaker) this).b[1], ((Handshaker) this).c[1], HandshakeMessage.Finished.c, this.j.a()) : finished.verify(((Handshaker) this).b[1], ((Handshaker) this).c[1], "client finished", this.j.a());
            ((Handshaker) this).b[1] = null;
            ((Handshaker) this).c[1] = null;
        }
        if (!verify) {
            ((Handshaker) this).a.a((byte) 40, "client 'finished' message doesn't verify");
        }
        if (!this.k) {
            ((Handshaker) this).d.a();
            d(false);
        }
        this.j.a(System.currentTimeMillis());
        if (this.k || !this.j.b()) {
            if (this.k || Handshaker.s == null || !Debug.isOn("session")) {
                return;
            }
            System.out.println(new StringBuffer().append("%% Didn't cache non-resumable server session: ").append(this.j).toString());
            return;
        }
        ((SSLSessionContextImpl) super.g.engineGetServerSessionContext()).a(this.j);
        if (Handshaker.s == null || !Debug.isOn("session")) {
            return;
        }
        System.out.println(new StringBuffer().append("%% Cached server session: ").append(this.j).toString());
    }

    private void d(boolean z) throws IOException {
        HandshakeMessage.Finished finished;
        super.e.flush();
        try {
            finished = ((CipherSpec) this).b == 0 ? new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, (MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), HandshakeMessage.Finished.d, this.j.a()) : new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, (MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), "server finished", this.j.a());
        } catch (CloneNotSupportedException e) {
            finished = ((CipherSpec) this).b == 0 ? new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, ((Handshaker) this).b[0], ((Handshaker) this).c[0], HandshakeMessage.Finished.d, this.j.a()) : new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, ((Handshaker) this).b[0], ((Handshaker) this).c[0], "server finished", this.j.a());
            if (!z || !this.k) {
                ((Handshaker) this).b[0] = null;
                ((Handshaker) this).c[0] = null;
            }
        }
        sendChangeCipherSpec(finished);
        if (z && this.k) {
            return;
        }
        super.f = 20;
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    protected HandshakeMessage getKickstartMessage() {
        return new SunJSSE_m();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    public void b(byte b) throws SSLProtocolException {
        String a = SSLSocketImpl.a(b);
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            System.out.println(new StringBuffer().append("SSL -- handshake alert:  ").append(a).toString());
        }
        if (b != 41 || this.a != 1) {
            throw new SSLProtocolException(new StringBuffer().append("handshake alert:  ").append(a).toString());
        }
    }

    private void a(HandshakeMessage.CertificateMsg certificateMsg) throws IOException {
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            certificateMsg.a(System.out);
        }
        X509Certificate[] certificateChain = certificateMsg.getCertificateChain();
        if (certificateChain.length == 0) {
            if (this.a == 1) {
                return;
            } else {
                ((Handshaker) this).a.a((byte) 42, "null cert chain");
            }
        }
        X509TrustManager c = super.g.c();
        try {
            PublicKey publicKey = certificateChain[0].getPublicKey();
            c.checkClientTrusted(certificateChain, publicKey instanceof RSAPublicKey ? "RSA" : publicKey instanceof DSAPublicKey ? "DSA" : "UNKNOWN");
        } catch (CertificateException e) {
            ((Handshaker) this).a.a((byte) 46, e.getMessage());
        }
        this.e = true;
        this.j.a(certificateChain);
    }
}
