package com.sun.net.ssl.internal.ssl;

import COM.rsa.asn1.SunJSSE_bl;
import COM.rsa.asn1.SunJSSE_bp;
import com.sun.net.ssl.internal.ssl.HandshakeMessage;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: DashoA6275 */
/* loaded from: input_file:com/sun/net/ssl/internal/ssl/ClientHandshaker.class */
public final class ClientHandshaker extends Handshaker {
    private PublicKey a;
    private byte[] b;
    private BigInteger c;
    private SunJSSE_au d;
    private SunJSSE_s e;
    private boolean f;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientHandshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl) throws NoSuchAlgorithmException {
        super(sSLSocketImpl, sSLContextImpl, true);
    }

    ClientHandshaker(SSLSocketImpl sSLSocketImpl) throws NoSuchAlgorithmException {
        this(sSLSocketImpl, null);
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    SunJSSE_e e() throws NoSuchAlgorithmException {
        return this.aa.a(this.n, this.p, false);
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    MAC f() throws NoSuchAlgorithmException {
        return this.ae.newMAC(this.r);
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    SunJSSE_e c() throws NoSuchAlgorithmException {
        return this.aa.a(this.m, this.o, true);
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    MAC d() throws NoSuchAlgorithmException {
        return this.ae.newMAC(((Handshaker) this).q);
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    protected void processMessage(byte b, int i) throws IOException, NoSuchAlgorithmException {
        if (super.f > b && b != 0 && super.f != 1) {
            throw new SSLProtocolException(new StringBuffer().append("Handshake message sequence violation, ").append((int) b).toString());
        }
        switch (b) {
            case 0:
                a(new SunJSSE_m(((Handshaker) this).d));
                break;
            case 1:
            case 3:
            case 4:
            case 5:
            case SunJSSE_bp.ac /* 6 */:
            case 7:
            case 8:
            case SunJSSE_bl.b /* 9 */:
            case SunJSSE_bl.c /* 10 */:
            case 15:
            case 16:
            case SunJSSE_bl.o /* 17 */:
            case 18:
            case 19:
            default:
                throw new SSLProtocolException(new StringBuffer().append("Illegal client handshake msg, ").append((int) b).toString());
            case 2:
                a(new SunJSSE_o(((Handshaker) this).d));
                break;
            case 11:
                if (((CipherSpec) this).q == 7) {
                    ((Handshaker) this).a.a((byte) 10, "unexpected server cert chain");
                }
                a(new HandshakeMessage.CertificateMsg(((Handshaker) this).d));
                this.a = this.j.getPeerCertificates()[0].getPublicKey();
                break;
            case SunJSSE_bl.g /* 12 */:
                this.f = true;
                switch (((CipherSpec) this).q) {
                    case 1:
                    case 2:
                        try {
                            a(new SunJSSE_q(((Handshaker) this).d, i));
                            break;
                        } catch (InvalidKeyException e) {
                            throw new SSLException(new StringBuffer().append("Server key, ").append(e).toString());
                        } catch (SignatureException e2) {
                            throw new SSLException(new StringBuffer().append("Server key, ").append(e2).toString());
                        }
                    case 3:
                    case 4:
                    default:
                        throw new SSLProtocolException(new StringBuffer().append("unsupported key exchange algorithm = ").append(((CipherSpec) this).q).toString());
                    case 5:
                    case SunJSSE_bp.ac /* 6 */:
                        try {
                            a(new HandshakeMessage.DH_ServerKeyExchange(((Handshaker) this).d, this.a, ((Handshaker) this).h.a, this.i.a, i));
                            break;
                        } catch (InvalidKeyException e3) {
                            throw new SSLException(new StringBuffer().append("Server key, ").append(e3).toString());
                        } catch (SignatureException e4) {
                            throw new SSLException(new StringBuffer().append("Server key, ").append(e4).toString());
                        }
                    case 7:
                        a(new HandshakeMessage.DH_ServerKeyExchange(((Handshaker) this).d));
                        break;
                }
            case 13:
                if (((CipherSpec) this).q != 7) {
                    this.e = new SunJSSE_s(((Handshaker) this).d);
                    if (Handshaker.s != null && Debug.isOn("handshake")) {
                        this.e.a(System.out);
                        break;
                    }
                } else {
                    throw new SSLHandshakeException("Client authentication requested for anonymous cipher suite.");
                }
                break;
            case 14:
                a(new SunJSSE_t(((Handshaker) this).d));
                break;
            case 20:
                a(new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, ((Handshaker) this).d));
                break;
        }
        if (super.f < b) {
            super.f = b;
        }
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    boolean a(int i, boolean z) {
        switch (i) {
            case 1:
            case 2:
            case 5:
                return true;
            case 3:
            case 4:
            default:
                return false;
            case SunJSSE_bp.ac /* 6 */:
                return true;
            case 7:
                return true;
        }
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    protected boolean canUseCipherSuite(String str) {
        return isEnabled(str);
    }

    private void a(SunJSSE_m sunJSSE_m) throws IOException {
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_m.a(System.out);
        }
        if (super.f < 1) {
            kickstart();
        }
    }

    private void a(SunJSSE_o sunJSSE_o) throws IOException {
        this.f = false;
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_o.a(System.out);
        }
        if (sunJSSE_o.a != 3 || sunJSSE_o.b > 1) {
            throw new SSLProtocolException(new StringBuffer().append("version mismatch, server is v").append((int) sunJSSE_o.a).append(".").append((int) sunJSSE_o.b).toString());
        }
        ((CipherSpec) this).a = sunJSSE_o.a;
        ((CipherSpec) this).b = sunJSSE_o.b;
        ((Handshaker) this).a.a(((CipherSpec) this).a, ((CipherSpec) this).b);
        super.e.r.a(((CipherSpec) this).a, ((CipherSpec) this).b);
        this.i = sunJSSE_o.d;
        if (this.j != null) {
            if (this.j.d().equals(sunJSSE_o.e)) {
                CipherSpec e = this.j.e();
                byte[] cipherSuite = e.getCipherSuite();
                if (sunJSSE_o.f[0] != cipherSuite[0] || sunJSSE_o.f[1] != cipherSuite[1] || sunJSSE_o.a != e.a || sunJSSE_o.b != e.b) {
                    throw new SSLProtocolException("Server returned wrong cipher suite for session");
                }
                this.k = true;
                super.f = 19;
                if (Handshaker.s != null && Debug.isOn("session")) {
                    System.out.println(new StringBuffer().append("%% Server resumed ").append(this.j).toString());
                }
            } else {
                this.j = null;
                if (!this.l) {
                    throw new SSLException("New session creation was disabled");
                }
            }
        }
        if (!a(sunJSSE_o.f[0], sunJSSE_o.f[1])) {
            ((Handshaker) this).a.a((byte) 47, new StringBuffer().append("Can't support cipher suite [").append((int) sunJSSE_o.f[0]).append(", ").append((int) sunJSSE_o.f[1]).append("]").toString());
        } else if (sunJSSE_o.g != 0) {
            ((Handshaker) this).a.a((byte) 47, new StringBuffer().append("compression type not supported, ").append((int) sunJSSE_o.g).toString());
        }
        if (this.j != null) {
            try {
                b(this.j.a());
            } catch (NoSuchAlgorithmException e2) {
                throw new SSLException(new StringBuffer().append("Missing algorithm: ").append(e2.getMessage()).toString());
            }
        } else {
            this.j = new SSLSessionImpl(this, sunJSSE_o.e, ((Handshaker) this).a.e(), ((Handshaker) this).a.getPort());
            if (Handshaker.s == null || !Debug.isOn("handshake")) {
                return;
            }
            System.out.println(new StringBuffer().append("** ").append(this.j.e()).toString());
        }
    }

    private void a(SunJSSE_q sunJSSE_q) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_q.a(System.out);
        }
        if (!(this.a instanceof RSAPublicKey)) {
            throw new InvalidKeyException("server key not an RSA key");
        }
        if (!sunJSSE_q.a((RSAPublicKey) this.a, ((Handshaker) this).h, this.i)) {
            ((Handshaker) this).a.a((byte) 40, "server key exchange invalid");
        }
        this.a = sunJSSE_q.a();
    }

    private void a(BigInteger bigInteger, BigInteger bigInteger2) {
        this.d = new SunJSSE_au(bigInteger, bigInteger2);
        this.d.a(this.g.a(), SunJSSE_bp.p);
    }

    private void a(HandshakeMessage.DH_ServerKeyExchange dH_ServerKeyExchange) throws IOException, NoSuchAlgorithmException {
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            dH_ServerKeyExchange.a(System.out);
        }
        if (((CipherSpec) this).q == 4 || ((CipherSpec) this).q == 3) {
            ((Handshaker) this).a.a((byte) 10, "not supporting DH certs for key exchange now");
        }
        a(dH_ServerKeyExchange.getModulus(), dH_ServerKeyExchange.getBase());
        this.c = dH_ServerKeyExchange.getServerPublicKey();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void a(SunJSSE_t sunJSSE_t) throws IOException, NoSuchAlgorithmException {
        ClientDiffieHellmanPublic clientDiffieHellmanPublic;
        MessageDigest messageDigest;
        MessageDigest messageDigest2;
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            sunJSSE_t.a(System.out);
        }
        ((Handshaker) this).d.a();
        PrivateKey privateKey = null;
        if (this.e != null) {
            X509KeyManager b = this.g.b();
            String str = null;
            HandshakeMessage.CertificateMsg certificateMsg = null;
            X509Certificate[] x509CertificateArr = null;
            ArrayList arrayList = new ArrayList(4);
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            boolean z4 = false;
            for (int i = 0; i < this.e.g.length; i++) {
                switch (this.e.g[i]) {
                    case 1:
                        if (z) {
                            break;
                        } else {
                            arrayList.add("RSA");
                            z = true;
                            break;
                        }
                    case 2:
                        if (z2) {
                            break;
                        } else {
                            arrayList.add("DSA");
                            z2 = true;
                            break;
                        }
                    case 3:
                        if (z3) {
                            break;
                        } else {
                            arrayList.add("DH_RSA");
                            z3 = true;
                            break;
                        }
                    case 4:
                        if (z4) {
                            break;
                        } else {
                            arrayList.add("DH_DSA");
                            z4 = true;
                            break;
                        }
                }
            }
            int size = arrayList.size();
            if (size != 0) {
                String[] strArr = new String[size];
                for (int i2 = 0; i2 < strArr.length; i2++) {
                    strArr[i2] = (String) arrayList.get(i2);
                }
                str = b.chooseClientAlias(strArr, this.e.a(), ((Handshaker) this).a);
            }
            if (str != null) {
                x509CertificateArr = b.getCertificateChain(str);
                certificateMsg = new HandshakeMessage.CertificateMsg(x509CertificateArr);
                privateKey = b.getPrivateKey(str);
                this.j.a(true);
            } else if (((CipherSpec) this).b > 0) {
                certificateMsg = new HandshakeMessage.CertificateMsg(new X509Certificate[0]);
            } else {
                ((Handshaker) this).a.b((byte) 41);
            }
            if (certificateMsg != null) {
                this.j.b(x509CertificateArr);
                if (Handshaker.s != null && Debug.isOn("handshake")) {
                    certificateMsg.a(System.out);
                }
                certificateMsg.write(super.e);
            }
        }
        switch (((CipherSpec) this).q) {
            case 1:
            case 2:
                SunJSSE_av sunJSSE_av = new SunJSSE_av(((CipherSpec) this).a, ((CipherSpec) this).b, this.g.a(), this.a);
                this.b = sunJSSE_av.c;
                clientDiffieHellmanPublic = sunJSSE_av;
                break;
            case 3:
            case 4:
                clientDiffieHellmanPublic = new ClientDiffieHellmanPublic();
                break;
            case 5:
            default:
                throw new SSLProtocolException(new StringBuffer().append("unsupported key exchange algorithm = ").append(((CipherSpec) this).q).toString());
            case SunJSSE_bp.ac /* 6 */:
            case 7:
                clientDiffieHellmanPublic = new ClientDiffieHellmanPublic(this.d.c());
                break;
        }
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            clientDiffieHellmanPublic.a(System.out);
        }
        clientDiffieHellmanPublic.write(super.e);
        super.e.b();
        super.e.flush();
        switch (((CipherSpec) this).q) {
            case 1:
            case 2:
                break;
            case 3:
            case 4:
            case 5:
            case SunJSSE_bp.ac /* 6 */:
            case 7:
                this.b = this.d.b(this.c);
                break;
            default:
                throw new SSLProtocolException(new StringBuffer().append("unsupported key exchange algorithm = ").append(((CipherSpec) this).q).toString());
        }
        a(this.b);
        for (int i3 = 0; i3 < this.b.length; i3++) {
            this.b[i3] = 0;
        }
        if (privateKey != null) {
            SunJSSE_u sunJSSE_u = null;
            try {
                messageDigest = (MessageDigest) ((Handshaker) this).b[0].clone();
                messageDigest2 = (MessageDigest) ((Handshaker) this).c[0].clone();
            } catch (CloneNotSupportedException e) {
                messageDigest = ((Handshaker) this).b[2];
                messageDigest2 = ((Handshaker) this).c[2];
                ((Handshaker) this).b[2] = null;
                ((Handshaker) this).c[2] = null;
            }
            try {
                sunJSSE_u = privateKey instanceof RSAPrivateKey ? new SunJSSE_u(((CipherSpec) this).b, (RSAPrivateKey) privateKey, messageDigest, messageDigest2, this.j.a(), this.g.a()) : new SunJSSE_u(((CipherSpec) this).b, privateKey, messageDigest2, this.j.a(), this.g.a());
            } catch (InvalidKeyException e2) {
                ((Handshaker) this).a.a((byte) 40, "Invalid private key");
            } catch (NoSuchAlgorithmException e3) {
                ((Handshaker) this).a.a((byte) 40, "No DSS/DSA implementation");
            } catch (SignatureException e4) {
                ((Handshaker) this).a.a((byte) 40, "DSS/DSA signature failure");
            }
            if (Handshaker.s != null && Debug.isOn("handshake")) {
                sunJSSE_u.a(System.out);
            }
            sunJSSE_u.write(super.e);
            super.e.b();
        }
        g();
    }

    private void a(HandshakeMessage.Finished finished) throws IOException {
        boolean verify;
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            finished.a(System.out);
        }
        try {
            verify = ((CipherSpec) this).b == 0 ? finished.verify((MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), HandshakeMessage.Finished.d, this.j.a()) : finished.verify((MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), "server finished", this.j.a());
        } catch (CloneNotSupportedException e) {
            verify = ((CipherSpec) this).b == 0 ? finished.verify(((Handshaker) this).b[0], ((Handshaker) this).c[0], HandshakeMessage.Finished.d, this.j.a()) : finished.verify(((Handshaker) this).b[0], ((Handshaker) this).c[0], "server finished", this.j.a());
            ((Handshaker) this).b[0] = null;
            ((Handshaker) this).c[0] = null;
        }
        if (!verify) {
            ((Handshaker) this).a.a((byte) 47, "server 'finished' message doesn't verify");
        }
        if (this.k) {
            ((Handshaker) this).d.a();
            g();
        }
        this.j.a(System.currentTimeMillis());
        if (this.k) {
            return;
        }
        if (!((Handshaker) this).a.b() || !this.j.b()) {
            if (Handshaker.s == null || !Debug.isOn("session")) {
                return;
            }
            System.out.println(new StringBuffer().append("%% Didn't cache non-resumable client session: ").append(this.j).toString());
            return;
        }
        ((SSLSessionContextImpl) this.g.engineGetClientSessionContext()).a(this.j);
        if (Handshaker.s == null || !Debug.isOn("session")) {
            return;
        }
        System.out.println(new StringBuffer().append("%% Cached client session: ").append(this.j).toString());
    }

    private void g() throws IOException {
        HandshakeMessage.Finished finished;
        try {
        } catch (CloneNotSupportedException e) {
            finished = ((CipherSpec) this).b == 0 ? new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, ((Handshaker) this).b[1], ((Handshaker) this).c[1], HandshakeMessage.Finished.c, this.j.a()) : new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, ((Handshaker) this).b[1], ((Handshaker) this).c[1], "client finished", this.j.a());
            ((Handshaker) this).b[1] = null;
            ((Handshaker) this).c[1] = null;
        }
        if (((Handshaker) this).b[0] == null) {
            throw new CloneNotSupportedException("minor hack");
        }
        finished = ((CipherSpec) this).b == 0 ? new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, (MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), HandshakeMessage.Finished.c, this.j.a()) : new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, (MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) ((Handshaker) this).c[0].clone(), "client finished", this.j.a());
        sendChangeCipherSpec(finished);
        super.f = 19;
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    protected HandshakeMessage getKickstartMessage() throws SSLException {
        SunJSSE_n sunJSSE_n = new SunJSSE_n(this.g.a(), ((CipherSpec) this).a, ((CipherSpec) this).b, ((CipherSpec) this).c);
        ((Handshaker) this).h = sunJSSE_n.d;
        this.j = ((SSLSessionContextImpl) this.g.engineGetClientSessionContext()).a(((Handshaker) this).a.e(), ((Handshaker) this).a.getPort());
        if (Handshaker.s != null && Debug.isOn("session")) {
            if (this.j != null) {
                System.out.println(new StringBuffer().append("%% Client cached ").append(this.j).append(this.j.b() ? "" : " (not rejoinable)").toString());
            } else {
                System.out.println("%% No cached client session");
            }
        }
        if (this.j != null) {
            if (!isEnabled(this.j.getCipherSuite())) {
                if (Handshaker.s != null && Debug.isOn("session")) {
                    System.out.println("%% can't resume, cipher disabled");
                }
                this.j = null;
            }
            if (this.j != null) {
                if (Handshaker.s != null && (Debug.isOn("handshake") || Debug.isOn("session"))) {
                    System.out.println(new StringBuffer().append("%% Try resuming ").append(this.j).append(" from port ").append(((Handshaker) this).a.getLocalPort()).toString());
                }
                sunJSSE_n.e = this.j.d();
                CipherSpec e = this.j.e();
                byte b = e.a;
                sunJSSE_n.a = b;
                ((CipherSpec) this).a = b;
                byte b2 = e.b;
                sunJSSE_n.b = b2;
                ((CipherSpec) this).b = b2;
                ((Handshaker) this).a.a(((CipherSpec) this).a, ((CipherSpec) this).b);
                super.e.r.a(((CipherSpec) this).a, ((CipherSpec) this).b);
            }
            if (!this.l) {
                if (this.j == null) {
                    throw new SSLException("Can't reuse existing SSL client session");
                }
                sunJSSE_n.f = this.j.e().getCipherSuite();
                return sunJSSE_n;
            }
        }
        if (this.j == null) {
            if (!this.l) {
                throw new SSLException("No existing session to resume.");
            }
            sunJSSE_n.e = SSLSessionImpl.a.d();
        }
        sunJSSE_n.f = new byte[2 * this.ag.length];
        int i = 0;
        byte[] bArr = new byte[2];
        for (int i2 = 0; i2 < this.ag.length; i2++) {
            byte[] a = a(this.ag[i2]);
            int i3 = i;
            int i4 = i + 1;
            sunJSSE_n.f[i3] = a[0];
            i = i4 + 1;
            sunJSSE_n.f[i4] = a[1];
        }
        return sunJSSE_n;
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    void b(byte b) throws SSLProtocolException {
        String a = SSLSocketImpl.a(b);
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            System.out.println(new StringBuffer().append("SSL - handshake alert: ").append(a).toString());
        }
        throw new SSLProtocolException(new StringBuffer().append("handshake alert:  ").append(a).toString());
    }

    private void a(HandshakeMessage.CertificateMsg certificateMsg) throws IOException {
        if (Handshaker.s != null && Debug.isOn("handshake")) {
            certificateMsg.a(System.out);
        }
        X509Certificate[] certificateChain = certificateMsg.getCertificateChain();
        if (certificateChain.length == 0) {
            ((Handshaker) this).a.a((byte) 42, "null cert chain");
        }
        X509TrustManager c = this.g.c();
        try {
            String cipherSuite = this.j.getCipherSuite();
            String substring = cipherSuite.substring(cipherSuite.indexOf(95) + 1, cipherSuite.indexOf("_WITH"));
            if (substring.startsWith("RSA_EXPORT") && !this.f) {
                substring = "RSA";
            }
            c.checkServerTrusted(certificateChain, substring);
        } catch (CertificateException e) {
            ((Handshaker) this).a.a((byte) 46, e.getMessage());
        }
        this.j.a(certificateChain);
    }
}
