package com.ibm.oti.connection.ssl;

import com.ibm.bluez.crypto.CL3;
import com.ibm.oti.crypto.MD5OutputStream;
import com.ibm.oti.crypto.SHAOutputStream;
import com.ibm.oti.security.provider.CertificateVerifier;
import com.ibm.oti.security.provider.PKCS1;
import com.ibm.oti.security.provider.RSAPublicKey;
import com.ibm.oti.security.provider.X509Certificate;
import com.ibm.oti.util.Msg;
import com.ibm.oti.util.math.BigInteger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Date;
import java.util.Random;
import java.util.Vector;
import javax.microedition.pki.CertificateException;

/* loaded from: input_file:fixed/ive-2.2/runtimes/wm2003/arm/midp20/lib/jclMidp20/classes.zip:com/ibm/oti/connection/ssl/HandshakeHandler.class */
public class HandshakeHandler {
    private Connection socket;
    private InputStream input;
    private OutputStream output;
    private static final int timeoutExpansionFactor = 2;
    private SessionState pendingSession;
    private ConnectionState pendingConnection;
    private StreamQueue outputQueue = new StreamQueue();
    private StreamQueue inputQueue = new StreamQueue();
    private HandshakeMessage lastMessage = null;
    private boolean isHandshaking = false;
    private boolean shouldHandshake = true;
    private byte[] pre_master_secret = null;
    private RSAPublicKey tempKey = null;
    private boolean resumeSession = false;
    private SHAOutputStream shaMessageHash = new SHAOutputStream(new byte[]{103, 69, 35, 1, -17, -51, -85, -119, -104, -70, -36, -2, 16, 50, 84, 118, -61, -46, -31, -16});
    private MD5OutputStream md5MessageHash = new MD5OutputStream(new byte[]{103, 69, 35, 1, -17, -51, -85, -119, -104, -70, -36, -2, 16, 50, 84, 118});

    public HandshakeHandler(Connection connection) {
        this.socket = connection;
    }

    public boolean shouldHandshake() {
        return this.shouldHandshake;
    }

    public void run() throws IOException {
        beginHandshakeSequence();
        long j = -1;
        if (this.socket.socket instanceof com.ibm.oti.connection.socket.Connection) {
            long timeout = ((com.ibm.oti.connection.socket.Connection) this.socket.socket).getTimeout() * 2;
            j = timeout < 1 ? -1L : timeout + System.currentTimeMillis();
        }
        while (this.isHandshaking) {
            this.socket.readData();
            processQueuedMessages();
            if (j != -1 && System.currentTimeMillis() > j) {
                throw new IOException(Msg.getString("K01ee"));
            }
        }
        endHandshakeSequence();
    }

    public void notifyReceived(byte[] bArr) {
        try {
            this.inputQueue.getWriteStream().write(bArr);
        } catch (IOException unused) {
        }
    }

    private void beginHandshakeSequence() throws IOException {
        this.isHandshaking = true;
        this.pendingSession = Connection.getSession(this.socket.getAddress());
        if (this.pendingSession == null || this.pendingSession.sessionID == null || this.pendingSession.sessionID.length == 0) {
            this.pendingSession = new SessionState(this.socket.getAddress());
        } else {
            this.resumeSession = true;
        }
        this.pendingConnection = new ConnectionState();
        this.pendingConnection.setSessionState(this.pendingSession);
        this.shaMessageHash.reset();
        this.md5MessageHash.reset();
        byte[] bytes = Util.getBytes(System.currentTimeMillis() / 1000, 4);
        byte[] bArr = new byte[28];
        CL3.rng(null, bArr, 0, bArr.length);
        this.pendingConnection.clientRandom = Util.concatenate(bytes, bArr);
        sendMessage((byte) 1);
        flushMessages();
    }

    private void endHandshakeSequence() {
        this.isHandshaking = false;
        this.shouldHandshake = false;
        Connection.addSession(this.pendingSession);
    }

    private void updateMessagesHash(HandshakeMessage handshakeMessage) {
        if (handshakeMessage.type != 0) {
            byte[] byteArray = handshakeMessage.toByteArray();
            try {
                this.shaMessageHash.write(byteArray);
                this.md5MessageHash.write(byteArray);
            } catch (IOException unused) {
            }
        }
    }

    public boolean hasQueuedMessages() {
        return this.inputQueue.getSize() > 0;
    }

    public void processQueuedMessages() throws IOException {
        while (hasQueuedMessages()) {
            processNextMessage();
        }
    }

    private void processNextMessage() throws IOException {
        HandshakeMessage handshakeMessage = new HandshakeMessage(this.inputQueue.getReadStream());
        if (handshakeMessage.type != 0 && handshakeMessage.type != 20) {
            updateMessagesHash(handshakeMessage);
        }
        switch (handshakeMessage.type) {
            case 0:
                processHelloRequest(handshakeMessage);
                break;
            case 2:
                processServerHello(handshakeMessage);
                break;
            case 11:
                processCertificate(handshakeMessage);
                break;
            case 12:
                processServerKeyExchange(handshakeMessage);
                break;
            case 13:
                processCertificateRequest(handshakeMessage);
                break;
            case 14:
                processServerHelloDone(handshakeMessage);
                break;
            case 20:
                processServerFinished(handshakeMessage);
                break;
            default:
                throw new IOException();
        }
        this.lastMessage = handshakeMessage;
    }

    private void sendMessage(byte b) throws IOException {
        HandshakeMessage handshakeMessage = new HandshakeMessage();
        handshakeMessage.type = b;
        switch (b) {
            case 1:
                handshakeMessage.rawData = generateClientHelloData();
                break;
            case 16:
                handshakeMessage.rawData = generateClientKeyExchangeData();
                break;
            case 20:
                handshakeMessage.rawData = generateClientFinishedData();
                break;
        }
        updateMessagesHash(handshakeMessage);
        this.outputQueue.getWriteStream().write(handshakeMessage.toByteArray());
    }

    private void processHelloRequest(HandshakeMessage handshakeMessage) throws IOException {
        if (this.isHandshaking) {
            return;
        }
        sendMessage((byte) 1);
        flushMessages();
    }

    private byte[] generateClientHelloData() throws IOException {
        ClientHelloData clientHelloData = new ClientHelloData();
        clientHelloData.version = Connection.PROTOCOL_VERSION;
        clientHelloData.random = this.pendingConnection.clientRandom;
        clientHelloData.sessionID = this.pendingSession.sessionID;
        clientHelloData.cipherSuites = CipherSpec.SUPPORTED_SPECS;
        clientHelloData.compressionMethods = new byte[1];
        return clientHelloData.toByteArray();
    }

    private void processServerHello(HandshakeMessage handshakeMessage) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(handshakeMessage.rawData);
        byte[] bArr = new byte[2];
        byteArrayInputStream.read(bArr);
        this.pendingConnection.serverRandom = new byte[32];
        byteArrayInputStream.read(this.pendingConnection.serverRandom);
        byte[] bArr2 = new byte[byteArrayInputStream.read()];
        if (bArr2.length > 0) {
            byteArrayInputStream.read(bArr2);
        }
        CipherSpec cipherSpec = CipherSpec.getCipherSpec(byteArrayInputStream);
        byte read = (byte) byteArrayInputStream.read();
        if (bArr[0] != Connection.PROTOCOL_VERSION[0] || bArr[1] != Connection.PROTOCOL_VERSION[1]) {
            throw new IOException(Msg.getString("K01e5", bArr));
        }
        if (cipherSpec == null) {
            throw new IOException(Msg.getString("K01e6", cipherSpec));
        }
        if (read != 0) {
            throw new IOException(Msg.getString("K01e7", read));
        }
        if (this.resumeSession && !Util.equals(this.pendingSession.sessionID, bArr2)) {
            this.resumeSession = false;
            this.pendingSession = new SessionState(this.socket.getAddress());
            this.pendingConnection.setSessionState(this.pendingSession);
        }
        this.pendingSession.sessionID = bArr2;
        this.pendingSession.cipherSpec = cipherSpec;
        this.pendingSession.compressionMethod = read;
        if (this.resumeSession) {
            this.pendingConnection.generateConnectionKeys();
            this.socket.setReadPendingConnectionState(this.pendingConnection);
        }
    }

    private void processCertificate(HandshakeMessage handshakeMessage) throws IOException {
        Vector vector = new Vector();
        int i = 0 + 3;
        while (i < handshakeMessage.rawData.length) {
            int i2 = (int) Util.getLong(handshakeMessage.rawData, i, 3);
            int i3 = i + 3;
            byte[] bArr = new byte[i2];
            System.arraycopy(handshakeMessage.rawData, i3, bArr, 0, i2);
            i = i3 + i2;
            vector.addElement(X509Certificate.certificateFromASN1Object(bArr));
        }
        if (vector == null || vector.size() == 0) {
            this.socket.sendAlert((byte) 2, (byte) 41);
            throw new IOException(Msg.getString("K01e9"));
        }
        try {
            X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
            for (int i4 = 0; i4 < vector.size(); i4++) {
                x509CertificateArr[i4] = (X509Certificate) vector.elementAt(i4);
            }
            CertificateVerifier.verifyCertificateChain(x509CertificateArr, new Date(), 2);
            this.pendingSession.serverCertificates = vector;
        } catch (CertificateException e) {
            this.socket.sendAlert((byte) 2, (byte) 42);
            throw e;
        }
    }

    private void processServerKeyExchange(HandshakeMessage handshakeMessage) throws IOException {
        if (handshakeMessage.rawData == null || handshakeMessage.rawData.length < 3) {
            return;
        }
        int i = (int) Util.getLong(handshakeMessage.rawData, 0, 2);
        if (i > handshakeMessage.rawData.length - 0) {
            throw new IOException(Msg.getString("K01ea"));
        }
        int i2 = 0 + 2;
        byte[] bArr = new byte[i];
        System.arraycopy(handshakeMessage.rawData, i2, bArr, 0, i);
        BigInteger bigInteger = new BigInteger(1, bArr);
        int i3 = i2 + i;
        int i4 = (int) Util.getLong(handshakeMessage.rawData, i3, 2);
        if (i4 > handshakeMessage.rawData.length - i3) {
            throw new IOException(Msg.getString("K01ea"));
        }
        int i5 = i3 + 2;
        byte[] bArr2 = new byte[i4];
        System.arraycopy(handshakeMessage.rawData, i5, bArr2, 0, i4);
        BigInteger bigInteger2 = new BigInteger(1, bArr2);
        int i6 = i5 + i4;
        this.tempKey = new RSAPublicKey(bigInteger, bigInteger2);
    }

    private void processCertificateRequest(HandshakeMessage handshakeMessage) throws IOException {
        this.socket.sendAlert((byte) 1, (byte) 41);
    }

    private void processServerHelloDone(HandshakeMessage handshakeMessage) throws IOException {
        if (!this.resumeSession) {
            generatePreMasterSecret();
            this.pendingSession.masterSecret = Util.concatenate(HashingAlgorithmMD5.hashMD5(Util.concatenate(this.pre_master_secret, HashingAlgorithmSHA1.hashSHA1(Util.concatenate(new byte[]{65}, this.pre_master_secret, this.pendingConnection.clientRandom, this.pendingConnection.serverRandom)))), HashingAlgorithmMD5.hashMD5(Util.concatenate(this.pre_master_secret, HashingAlgorithmSHA1.hashSHA1(Util.concatenate(new byte[]{66, 66}, this.pre_master_secret, this.pendingConnection.clientRandom, this.pendingConnection.serverRandom)))), HashingAlgorithmMD5.hashMD5(Util.concatenate(this.pre_master_secret, HashingAlgorithmSHA1.hashSHA1(Util.concatenate(new byte[]{67, 67, 67}, this.pre_master_secret, this.pendingConnection.clientRandom, this.pendingConnection.serverRandom)))));
            sendMessage((byte) 16);
            flushMessages();
        }
        this.pendingConnection.generateConnectionKeys();
        this.socket.setSessionState(this.pendingSession);
        this.socket.setWriteConnectionState(this.pendingConnection);
        this.socket.setReadPendingConnectionState(this.pendingConnection);
        sendMessage((byte) 20);
        flushMessages();
    }

    private void generatePreMasterSecret() {
        byte[] bArr = new byte[46];
        CL3.rng(null, bArr, 0, bArr.length);
        this.pre_master_secret = Util.concatenate(Connection.PROTOCOL_VERSION, bArr);
    }

    private byte[] generateClientKeyExchangeData() throws IOException {
        X509Certificate x509Certificate = (X509Certificate) this.pendingConnection.getSessionState().serverCertificates.elementAt(0);
        RSAPublicKey rSAPublicKey = null;
        if (this.tempKey != null) {
            rSAPublicKey = this.tempKey;
        } else {
            try {
                rSAPublicKey = new RSAPublicKey(x509Certificate.getPublicKey());
            } catch (IllegalArgumentException unused) {
            }
        }
        if (rSAPublicKey != null) {
            return new PKCS1("SHA1").encryptPKCS_15(rSAPublicKey, this.pre_master_secret, new Random());
        }
        return null;
    }

    private void processServerFinished(HandshakeMessage handshakeMessage) throws IOException {
        byte[] bArr = {83, 82, 86, 82};
        byte[] bArr2 = new byte[16];
        System.arraycopy(handshakeMessage.rawData, 0, bArr2, 0, 16);
        byte[] bArr3 = new byte[20];
        System.arraycopy(handshakeMessage.rawData, 16, bArr3, 0, 20);
        byte[] computeFinishedMD5Hash = computeFinishedMD5Hash(bArr);
        byte[] computeFinishedSHAHash = computeFinishedSHAHash(bArr);
        if (!Util.equals(bArr2, computeFinishedMD5Hash)) {
            this.socket.sendAlert((byte) 2, (byte) 40);
            throw new IOException(Msg.getString("K01eb"));
        }
        if (!Util.equals(bArr3, computeFinishedSHAHash)) {
            this.socket.sendAlert((byte) 2, (byte) 40);
            throw new IOException(Msg.getString("K01eb"));
        }
        if (this.resumeSession) {
            updateMessagesHash(handshakeMessage);
            this.socket.setSessionState(this.pendingSession);
            this.socket.setWriteConnectionState(this.pendingConnection);
            sendMessage((byte) 20);
            flushMessages();
        }
        this.isHandshaking = false;
    }

    private byte[] generateClientFinishedData() {
        byte[] bArr = {67, 76, 78, 84};
        return Util.concatenate(computeFinishedMD5Hash(bArr), computeFinishedSHAHash(bArr));
    }

    private byte[] computeFinishedMD5Hash(byte[] bArr) {
        try {
            MD5OutputStream copyOf = this.md5MessageHash.copyOf();
            copyOf.write(bArr);
            copyOf.write(this.pendingSession.masterSecret);
            copyOf.write(HashingAlgorithmMD5.PAD_1);
            return HashingAlgorithmMD5.hashMD5(Util.concatenate(this.pendingSession.masterSecret, HashingAlgorithmMD5.PAD_2, copyOf.getHashAsBytes()));
        } catch (IOException unused) {
            return null;
        }
    }

    private byte[] computeFinishedSHAHash(byte[] bArr) {
        try {
            SHAOutputStream copyOf = this.shaMessageHash.copyOf();
            copyOf.write(bArr);
            copyOf.write(this.pendingSession.masterSecret);
            copyOf.write(HashingAlgorithmSHA1.PAD_1);
            return HashingAlgorithmSHA1.hashSHA1(Util.concatenate(this.pendingSession.masterSecret, HashingAlgorithmSHA1.PAD_2, copyOf.getHashAsBytes()));
        } catch (IOException unused) {
            return null;
        }
    }

    private void flushMessages() throws IOException {
        byte[] bArr = new byte[this.outputQueue.getSize()];
        this.outputQueue.getReadStream().read(bArr);
        this.socket.writeData(bArr, 0, bArr.length, (byte) 22);
    }
}
