package com.rsa.ssl.ssl2;

import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_MessageDigest;
import com.rsa.ssl.AlertException;
import com.rsa.ssl.AlertedException;
import com.rsa.ssl.CipherSuite;
import com.rsa.ssl.CompressionMethod;
import com.rsa.ssl.SSLException;
import com.rsa.ssl.SSLParams;
import com.rsa.ssl.SSLSession;
import com.rsa.ssl.ciphers.Null_With_Null_Null;
import com.rsa.ssl.common.AuthenticationInfo;
import com.rsa.ssl.common.HelloInformation;
import java.io.IOException;

/* loaded from: input_file:lib/external/sslj.jar:com/rsa/ssl/ssl2/SSLJaj.class */
public class SSLJaj extends SSLJak {
    SSLSession a;
    boolean b;
    X509Certificate[] c;

    public SSLJaj(SSLParams sSLParams, SSLJai sSLJai, PacketInputStream packetInputStream, PacketOutputStream packetOutputStream, String str, HelloInformation helloInformation) throws SSLException, AlertedException {
        this.b = false;
        super.c = sSLParams;
        super.a = new Null_With_Null_Null();
        packetInputStream.setCipherSuite(super.a);
        packetOutputStream.setCipherSuite(super.a);
        this.j = str;
        if (sSLJai.a() == 0) {
            byte[][] f = sSLJai.f();
            if (f.length == 0) {
                throw new AlertException("No supported ciphers", 2, 1);
            }
            super.b = a(f);
            if (super.b == null) {
                throw new AlertException("No available cipher suite", 2, 1);
            }
            super.b = super.b.makeNewCipher();
            if ((sSLParams.getDebug() & 4) == 4) {
                sSLParams.getDebugOutput().println(new StringBuffer().append("Using Cipher Suite: ").append(super.b.getCipherSuiteName()).toString());
            }
        } else {
            this.b = true;
        }
        this.d = packetInputStream;
        this.e = packetOutputStream;
        this.g = new byte[helloInformation.getRandom().length];
        System.arraycopy(helloInformation.getRandom(), 0, this.g, 0, this.g.length);
        this.a = sSLParams.getSession(helloInformation.getSessionID());
        this.i = sSLJai.e();
        try {
            a(sSLJai.d());
            e();
        } catch (AlertException e) {
            if ((sSLParams.getDebug() & 1) == 1) {
                sSLParams.getDebugOutput().println(new StringBuffer().append("STATE: Sending alert because: ").append(e.getMessage()).toString());
            }
            try {
                this.e.write(0);
                this.e.write(e.getDescription());
                this.e.flush();
                this.e.close();
            } catch (IOException e2) {
            }
            throw e;
        } catch (AlertedException e3) {
            throw e3;
        }
    }

    private void a(byte[] bArr) throws AlertException, SSLException {
        if (bArr.length == 0) {
            return;
        }
        try {
            this.c = new X509Certificate[1];
            this.c[0] = new X509Certificate(bArr, 0, 0);
            try {
                super.b.setPeerPublicKey(this.c[0].getSubjectPublicKey(super.c.getDevice()));
            } catch (SSLException e) {
                super.b.setPeerPublicKey(this.c[0].getSubjectPublicKeyBER(), 0);
            }
            try {
                if (super.c.getTruster().verifyCertificate(super.c, this.c, super.b) == -1) {
                    throw new AlertException("certificate unknown", 1, 3);
                }
                if (this.a != null) {
                    this.a.setServerCertChain(this.c);
                }
            } catch (AlertException e2) {
                if (e2.getDescription() != 42 && e2.getDescription() != 44 && e2.getDescription() != 45) {
                    throw e2;
                }
                throw new AlertException(e2.getMessage(), 1, 3);
            }
        } catch (CertificateException e3) {
            throw new AlertException(new StringBuffer().append("Could not handle the server's certificate: ").append(e3.getMessage()).toString(), 1, 3);
        }
    }

    private void e() throws SSLException, AlertedException {
        if (this.b) {
            super.b = this.a.getCipherSuite();
            if (super.b != null) {
                super.b = super.b.makeNewCipher();
            }
            super.a = super.b;
            this.e.setCipherSuite(super.a);
            this.d.setCipherSuite(super.a);
            a(this.a.getMasterSecret(), this.g, this.i, false);
            if (super.b.getSymmetricBlockSize() != 1) {
                super.b.setReadIV(this.a.getIV(), 0);
                super.b.setWriteIV(this.a.getIV(), 0);
            }
        } else {
            f();
        }
        h();
        g();
        SSLJao i = i();
        if (i != null) {
            a(i);
        }
        if (i != null) {
            try {
                if (this.d.read() != 6) {
                    throw new AlertException("Unexpected Message", 2, 10);
                }
                k();
            } catch (IOException e) {
                throw new SSLException(e.getMessage());
            }
        }
        if (super.c.getSession(this.a.getID()) == null) {
            super.c.cacheSession(this.a);
        }
    }

    private void f() throws SSLException {
        byte[] bArr;
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println("STATE: Sending the Client's Master Key");
        }
        int symmetricKeySize = super.b.getSymmetricKeySize();
        int i = 0;
        if (symmetricKeySize > 5 && super.b.isExportable()) {
            i = symmetricKeySize - 5;
        }
        this.f = new byte[symmetricKeySize];
        super.c.getRandom().nextBytes(this.f);
        byte[] bArr2 = new byte[i];
        System.arraycopy(this.f, 0, bArr2, 0, i);
        byte[] bArr3 = new byte[symmetricKeySize - i];
        System.arraycopy(this.f, i, bArr3, 0, bArr3.length);
        byte[] bArr4 = new byte[super.b.getPublicKeyStrength()];
        super.b.encryptAsymmetric(bArr3, 0, bArr3.length, bArr4, 0, super.c.getRandom());
        if (super.b.getSymmetricBlockSize() != 1) {
            bArr = new byte[super.b.getSymmetricBlockSize()];
            super.c.getRandom().nextBytes(bArr);
            super.b.setReadIV(bArr, 0);
            super.b.setWriteIV(bArr, 0);
        } else {
            bArr = new byte[0];
        }
        a(this.f, this.g, this.i, false);
        SSLJal sSLJal = new SSLJal(super.b.getID(2), bArr2, bArr4, bArr);
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println(sSLJal);
        }
        try {
            sSLJal.a(this.e);
            super.a = super.b;
            this.e.setCipherSuite(super.a);
            this.d.setCipherSuite(super.a);
        } catch (IOException e) {
            throw new SSLException(new StringBuffer().append("An IOException occured while writing the client master key: ").append(e.getMessage()).toString());
        }
    }

    private void g() throws SSLException {
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println("STATE: Sending the Client Finished Message");
        }
        SSLJan sSLJan = new SSLJan(this.i);
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println(sSLJan);
        }
        try {
            sSLJan.a(this.e);
        } catch (IOException e) {
            throw new SSLException("An IO Exception occured while sending the client finished message");
        }
    }

    private void h() throws SSLException {
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println("STATE: Receiving the server's verify message");
        }
        SSLJam sSLJam = new SSLJam();
        try {
            sSLJam.b(this.d);
            if ((super.c.getDebug() & 1) == 1) {
                super.c.getDebugOutput().println(sSLJam.toString());
            }
            byte[] a = sSLJam.a();
            if (a(a, this.g)) {
                return;
            }
            byte[] bArr = new byte[16];
            System.arraycopy(this.g, 0, bArr, 0, 16);
            if (!a(a, bArr)) {
                throw new SSLException("Server Verify message did not verify");
            }
        } catch (IOException e) {
            throw new SSLException(new StringBuffer().append("An IO exception occured while reading the server verify message: ").append(e.getMessage()).toString());
        }
    }

    private SSLJao i() throws SSLException, AlertException {
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println("STATE: Checking for a certificate request");
        }
        try {
            int read = this.d.read();
            if (read != 7) {
                if (read != 6) {
                    throw new AlertException("Unexpected Message", 2, 10);
                }
                k();
                return null;
            }
            if ((super.c.getDebug() & 1) == 1) {
                super.c.getDebugOutput().println("STATE: The server requested our certificate");
            }
            SSLJao sSLJao = new SSLJao();
            sSLJao.b(this.d);
            return sSLJao;
        } catch (IOException e) {
            throw new SSLException("An IOException occured while checking for a certificate request");
        }
    }

    private void j() throws SSLException, AlertedException {
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println("STATE: Sending our NO_CERTIFICATE warning");
        }
        try {
            this.e.write(1);
            this.e.write(41);
            this.e.flush();
        } catch (AlertedException e) {
            throw e;
        } catch (IOException e2) {
            throw new SSLException("An IOException occured while trying to send a NO_CERTIFICATE exception");
        }
    }

    private void a(SSLJao sSLJao) throws SSLException, AlertedException {
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println("STATE: Sending our certificate");
        }
        if (sSLJao.b() != 1) {
            j();
            return;
        }
        try {
            AuthenticationInfo chooseCertificateChain = super.c.chooseCertificateChain(super.b);
            if (chooseCertificateChain == null) {
                j();
                return;
            }
            byte[] encodingAt = chooseCertificateChain.encodingAt(0);
            if (this.c == null) {
                this.c = this.a.getServerCertChain();
            }
            byte[] bArr = new byte[this.h.length + sSLJao.a().length + this.c[0].getDERLen(0)];
            if (chooseCertificateChain.isEncryptedKey()) {
                super.b.setPrivateKey(chooseCertificateChain.getPrivateKey(), 0, chooseCertificateChain.getPassPhrase());
            } else {
                super.b.setPrivateKey(chooseCertificateChain.getJSAFEPrivateKey());
            }
            super.b.setPrivateKeyStrength(chooseCertificateChain.getPrivateKeyStrength());
            System.arraycopy(this.h, 0, bArr, 0, this.h.length);
            System.arraycopy(sSLJao.a(), 0, bArr, this.h.length, sSLJao.a().length);
            this.c[0].getDEREncoding(bArr, this.h.length + sSLJao.a().length, 0);
            try {
                JSAFE_MessageDigest jSAFE_MessageDigest = JSAFE_MessageDigest.getInstance("MD5", super.c.getDevice());
                jSAFE_MessageDigest.digestInit();
                jSAFE_MessageDigest.digestUpdate(bArr, 0, bArr.length);
                byte[] digestFinal = jSAFE_MessageDigest.digestFinal();
                int sign = super.b.sign(digestFinal, 0, digestFinal.length, bArr, 0, super.c.getRandom());
                byte[] bArr2 = new byte[sign];
                System.arraycopy(bArr, 0, bArr2, 0, sign);
                if ((super.c.getDebug() & 1) == 1) {
                    super.c.getDebugOutput().println("STATE: Sending our certificate");
                }
                SSLJaq sSLJaq = new SSLJaq(PacketInputStream.SSL_X509Certificate, encodingAt, bArr2);
                sSLJaq.a(this.e);
                if ((super.c.getDebug() & 1) == 1) {
                    super.c.getDebugOutput().println(sSLJaq.toString());
                }
            } catch (JSAFE_Exception e) {
                throw new AlertException("Could not sign data", 2, 1);
            }
        } catch (CertificateException e2) {
            j();
        } catch (AlertedException e3) {
            throw e3;
        } catch (IOException e4) {
            throw new SSLException("An IOException occured while sending our certificate");
        }
    }

    private void k() throws SSLException {
        if ((super.c.getDebug() & 1) == 1) {
            super.c.getDebugOutput().println("STATE: Receiving the server's finished message");
        }
        SSLJap sSLJap = new SSLJap();
        try {
            sSLJap.b(this.d);
            if ((super.c.getDebug() & 1) == 1) {
                super.c.getDebugOutput().println(sSLJap.toString());
            }
            if (this.b) {
                return;
            }
            this.a = new SSLSession(sSLJap.a(), this.j, System.currentTimeMillis(), this.f, super.a, null, null, super.c, 2);
            this.a.setServerCertChain(this.c);
            if (super.b.getSymmetricBlockSize() != 1) {
                this.a.setIV(super.b.getReadIV());
            }
        } catch (IOException e) {
            throw new SSLException(new StringBuffer().append("An IO exception occured while reading the server finished message: ").append(e.getMessage()).toString());
        }
    }

    private CipherSuite a(byte[][] bArr) throws SSLException {
        CipherSuite[] cipherSuites = super.c.getCipherSuites();
        for (int i = 0; i < cipherSuites.length; i++) {
            for (byte[] bArr2 : bArr) {
                if (cipherSuites[i].getID(2) != null && a(bArr2, cipherSuites[i].getID(2))) {
                    return cipherSuites[i];
                }
            }
        }
        return null;
    }

    public CompressionMethod a() {
        return null;
    }

    public SSLSession b() {
        return this.a;
    }

    public X509Certificate[] c() {
        return this.c;
    }
}
