package org.apache.harmony.xnet.provider.jsse;

import java.io.IOException;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;

/* loaded from: input_file:org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.class */
public class ServerHandshakeImpl extends HandshakeProtocol {
    public PrivateKey privKey;

    public ServerHandshakeImpl(Object obj) {
        super(obj);
        this.status = 1;
    }

    @Override // org.apache.harmony.xnet.provider.jsse.HandshakeProtocol
    public void start() {
        if (this.session == null) {
            this.status = 1;
        } else if (this.clientHello == null || this.status == 3) {
            sendHelloRequest();
            this.status = 1;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:9:0x003d. Please report as an issue. */
    @Override // org.apache.harmony.xnet.provider.jsse.HandshakeProtocol
    public void unwrap(byte[] bArr) {
        KeyFactory keyFactory;
        KeyAgreement keyAgreement;
        this.io_stream.append(bArr);
        while (this.io_stream.available() > 0) {
            this.io_stream.mark();
            try {
                int read = this.io_stream.read();
                int readUint24 = this.io_stream.readUint24();
                if (this.io_stream.available() < readUint24) {
                    this.io_stream.reset();
                    return;
                }
                switch (read) {
                    case 1:
                        if (this.clientHello != null && this.status != 3) {
                            unexpectedMessage();
                            return;
                        }
                        this.needSendHelloRequest = false;
                        this.clientHello = new ClientHello(this.io_stream, readUint24);
                        if (this.nonBlocking) {
                            this.delegatedTasks.add(new DelegatedTask(new PrivilegedExceptionAction() { // from class: org.apache.harmony.xnet.provider.jsse.ServerHandshakeImpl.1
                                @Override // java.security.PrivilegedExceptionAction
                                public Object run() throws Exception {
                                    ServerHandshakeImpl.this.processClientHello();
                                    return null;
                                }
                            }, this, AccessController.getContext()));
                            return;
                        }
                        processClientHello();
                        break;
                    case 11:
                        if (this.isResuming || this.certificateRequest == null || this.serverHelloDone == null || this.clientCert != null) {
                            unexpectedMessage();
                            return;
                        }
                        this.clientCert = new CertificateMessage(this.io_stream, readUint24);
                        if (this.clientCert.certs.length != 0) {
                            try {
                                this.parameters.getTrustManager().checkClientTrusted(this.clientCert.certs, this.clientCert.certs[0].getPublicKey().getAlgorithm());
                            } catch (CertificateException e) {
                                fatalAlert((byte) 42, "Untrusted Client Certificate ", e);
                            }
                            this.session.peerCertificates = this.clientCert.certs;
                        } else if (this.parameters.getNeedClientAuth()) {
                            fatalAlert((byte) 40, "HANDSHAKE FAILURE: no client certificate recived");
                        }
                        break;
                    case 15:
                        if (this.isResuming || this.clientKeyExchange == null || this.clientCert == null || this.clientKeyExchange.isEmpty() || this.certificateVerify != null || this.changeCipherSpecReceived) {
                            unexpectedMessage();
                            return;
                        }
                        this.certificateVerify = new CertificateVerify(this.io_stream, readUint24);
                        DigitalSignature digitalSignature = new DigitalSignature(this.session.cipherSuite.keyExchange);
                        digitalSignature.init(this.serverCert.certs[0]);
                        byte[] bArr2 = null;
                        byte[] bArr3 = null;
                        if (this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT || this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA || this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA || this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA_EXPORT) {
                            bArr2 = this.io_stream.getDigestMD5withoutLast();
                            bArr3 = this.io_stream.getDigestSHAwithoutLast();
                        } else if (this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS || this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS_EXPORT) {
                            bArr3 = this.io_stream.getDigestSHAwithoutLast();
                        } else if (this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon || this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_DH_anon_EXPORT) {
                        }
                        digitalSignature.setMD5(bArr2);
                        digitalSignature.setSHA(bArr3);
                        if (!digitalSignature.verifySignature(this.certificateVerify.signedHash)) {
                            fatalAlert((byte) 51, "DECRYPT ERROR: CERTIFICATE_VERIFY incorrect signature");
                        }
                        break;
                    case 16:
                        if (this.isResuming || this.serverHelloDone == null || this.clientKeyExchange != null || (this.clientCert == null && this.parameters.getNeedClientAuth())) {
                            unexpectedMessage();
                            return;
                        }
                        if (this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA || this.session.cipherSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT) {
                            this.clientKeyExchange = new ClientKeyExchange(this.io_stream, readUint24, this.serverHello.server_version[1] == 1, true);
                            try {
                                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                                cipher.init(2, this.privKey);
                                this.preMasterSecret = cipher.doFinal(this.clientKeyExchange.exchange_keys);
                                if (this.preMasterSecret.length != 48 || this.preMasterSecret[0] != this.clientHello.client_version[0] || this.preMasterSecret[1] != this.clientHello.client_version[1]) {
                                    this.preMasterSecret = new byte[48];
                                    this.parameters.getSecureRandom().nextBytes(this.preMasterSecret);
                                }
                            } catch (Exception e2) {
                                fatalAlert((byte) 80, "INTERNAL ERROR", e2);
                            }
                            computerMasterSecret();
                        } else {
                            this.clientKeyExchange = new ClientKeyExchange(this.io_stream, readUint24, this.serverHello.server_version[1] == 1, false);
                            if (this.clientKeyExchange.isEmpty()) {
                                this.preMasterSecret = ((DHPublicKey) this.clientCert.certs[0].getPublicKey()).getY().toByteArray();
                            } else {
                                try {
                                    try {
                                        keyFactory = KeyFactory.getInstance("DH");
                                    } catch (NoSuchAlgorithmException e3) {
                                        keyFactory = KeyFactory.getInstance("DiffieHellman");
                                    }
                                    try {
                                        keyAgreement = KeyAgreement.getInstance("DH");
                                    } catch (NoSuchAlgorithmException e4) {
                                        keyAgreement = KeyAgreement.getInstance("DiffieHellman");
                                    }
                                    PublicKey generatePublic = keyFactory.generatePublic(new DHPublicKeySpec(new BigInteger(1, this.clientKeyExchange.exchange_keys), this.serverKeyExchange.par1, this.serverKeyExchange.par2));
                                    keyAgreement.init(this.privKey);
                                    keyAgreement.doPhase(generatePublic, true);
                                    this.preMasterSecret = keyAgreement.generateSecret();
                                } catch (Exception e5) {
                                    fatalAlert((byte) 80, "INTERNAL ERROR", e5);
                                    return;
                                }
                            }
                            computerMasterSecret();
                        }
                        break;
                    case 20:
                        if (!this.isResuming && !this.changeCipherSpecReceived) {
                            unexpectedMessage();
                            return;
                        }
                        this.clientFinished = new Finished(this.io_stream, readUint24);
                        verifyFinished(this.clientFinished.getData());
                        this.session.context = this.parameters.getServerSessionContext();
                        this.parameters.getServerSessionContext().putSession(this.session);
                        if (this.isResuming) {
                            this.session.lastAccessedTime = System.currentTimeMillis();
                            this.status = 3;
                        } else {
                            sendChangeCipherSpec();
                        }
                        break;
                    default:
                        unexpectedMessage();
                        return;
                }
            } catch (IOException e6) {
                this.io_stream.reset();
                return;
            }
        }
    }

    @Override // org.apache.harmony.xnet.provider.jsse.HandshakeProtocol
    public void unwrapSSLv2(byte[] bArr) {
        try {
            this.io_stream.append(bArr);
            this.io_stream.mark();
            try {
                this.clientHello = new ClientHello(this.io_stream);
                if (this.nonBlocking) {
                    this.delegatedTasks.add(new DelegatedTask(new PrivilegedExceptionAction() { // from class: org.apache.harmony.xnet.provider.jsse.ServerHandshakeImpl.2
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            ServerHandshakeImpl.this.processClientHello();
                            return null;
                        }
                    }, this, AccessController.getContext()));
                } else {
                    processClientHello();
                }
            } catch (IOException e) {
                this.io_stream.reset();
            }
        } catch (Exception e2) {
            fatalAlert((byte) 80, "INTERNAL ERROR", e2);
        }
    }

    public void processClientHello() {
        CipherSuite selectSuite;
        KeyFactory keyFactory;
        int i = 0;
        while (true) {
            if (i >= this.clientHello.compression_methods.length) {
                fatalAlert((byte) 40, "HANDSHAKE FAILURE. Incorrect client hello message");
                break;
            } else if (this.clientHello.compression_methods[i] == 0) {
                break;
            } else {
                i++;
            }
        }
        if (!ProtocolVersion.isSupported(this.clientHello.client_version)) {
            fatalAlert((byte) 70, "PROTOCOL VERSION. Unsupported client version " + ((int) this.clientHello.client_version[0]) + ((int) this.clientHello.client_version[1]));
        }
        this.isResuming = false;
        if (this.clientHello.session_id.length != 0) {
            boolean z = false;
            if (this.session != null && Arrays.equals(this.session.id, this.clientHello.session_id)) {
                if (this.session.isValid()) {
                    this.isResuming = true;
                } else {
                    z = true;
                }
            }
            SSLSessionImpl findSessionToResume = findSessionToResume(this.clientHello.session_id);
            if (findSessionToResume == null || !findSessionToResume.isValid()) {
                if (!this.parameters.getEnableSessionCreation()) {
                    if (z) {
                        sendWarningAlert((byte) 100);
                        this.status = 2;
                        clearMessages();
                        return;
                    }
                    fatalAlert((byte) 40, "SSL Session may not be created");
                }
                this.session = null;
            } else {
                this.session = (SSLSessionImpl) findSessionToResume.clone();
                this.isResuming = true;
            }
        }
        if (this.isResuming) {
            selectSuite = this.session.cipherSuite;
            int i2 = 0;
            while (true) {
                if (i2 >= this.clientHello.cipher_suites.length) {
                    fatalAlert((byte) 40, "HANDSHAKE FAILURE. Incorrect client hello message");
                    break;
                } else if (selectSuite.equals(this.clientHello.cipher_suites[i2])) {
                    break;
                } else {
                    i2++;
                }
            }
        } else {
            selectSuite = selectSuite(this.clientHello.cipher_suites);
            if (selectSuite == null) {
                fatalAlert((byte) 40, "HANDSHAKE FAILURE. NO COMMON SUITE");
            }
            if (!this.parameters.getEnableSessionCreation()) {
                fatalAlert((byte) 40, "SSL Session may not be created");
            }
            this.session = new SSLSessionImpl(selectSuite, this.parameters.getSecureRandom());
        }
        this.recordProtocol.setVersion(this.clientHello.client_version);
        this.session.protocol = ProtocolVersion.getByVersion(this.clientHello.client_version);
        this.session.clientRandom = this.clientHello.random;
        this.serverHello = new ServerHello(this.parameters.getSecureRandom(), this.clientHello.client_version, this.session.getId(), selectSuite, (byte) 0);
        this.session.serverRandom = this.serverHello.random;
        send(this.serverHello);
        if (this.isResuming) {
            sendChangeCipherSpec();
            return;
        }
        if (!selectSuite.isAnonymous()) {
            X509Certificate[] x509CertificateArr = null;
            String str = null;
            if (selectSuite.keyExchange == CipherSuite.KeyExchange_RSA || selectSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT || selectSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA || selectSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA_EXPORT) {
                str = "RSA";
            } else if (selectSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS || selectSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS_EXPORT) {
                str = "DSA";
            } else if (selectSuite.keyExchange == CipherSuite.KeyExchange_DH_DSS) {
                str = "DH_DSA";
            } else if (selectSuite.keyExchange == CipherSuite.KeyExchange_DH_RSA) {
                str = "DH_RSA";
            }
            String str2 = null;
            X509KeyManager keyManager = this.parameters.getKeyManager();
            if (keyManager instanceof X509ExtendedKeyManager) {
                X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
                str2 = x509ExtendedKeyManager.chooseEngineServerAlias(str, null, this.engineOwner);
                if (str2 != null) {
                    x509CertificateArr = x509ExtendedKeyManager.getCertificateChain(str2);
                }
            } else {
                x509CertificateArr = keyManager.getCertificateChain(null);
            }
            if (x509CertificateArr == null) {
                fatalAlert((byte) 40, "NO SERVER CERTIFICATE FOUND");
                return;
            }
            this.session.localCertificates = x509CertificateArr;
            this.serverCert = new CertificateMessage(x509CertificateArr);
            this.privKey = this.parameters.getKeyManager().getPrivateKey(str2);
            send(this.serverCert);
        }
        RSAPublicKey rSAPublicKey = null;
        DHPublicKeySpec dHPublicKeySpec = null;
        byte[] bArr = null;
        BigInteger bigInteger = null;
        BigInteger bigInteger2 = null;
        KeyPairGenerator keyPairGenerator = null;
        try {
            if (selectSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT) {
                if (getRSAKeyLength(this.serverCert.certs[0].getPublicKey()) > 512) {
                    keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                    keyPairGenerator.initialize(512);
                }
            } else if (selectSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS || selectSuite.keyExchange == CipherSuite.KeyExchange_DHE_DSS_EXPORT || selectSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA || selectSuite.keyExchange == CipherSuite.KeyExchange_DHE_RSA_EXPORT || selectSuite.keyExchange == CipherSuite.KeyExchange_DH_anon || selectSuite.keyExchange == CipherSuite.KeyExchange_DH_anon_EXPORT) {
                try {
                    keyPairGenerator = KeyPairGenerator.getInstance("DH");
                } catch (NoSuchAlgorithmException e) {
                    keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
                }
                bigInteger = new BigInteger(1, DHParameters.getPrime());
                bigInteger2 = new BigInteger("2");
                keyPairGenerator.initialize(new DHParameterSpec(bigInteger, bigInteger2));
            }
        } catch (Exception e2) {
            fatalAlert((byte) 80, "INTERNAL ERROR", e2);
        }
        if (keyPairGenerator != null) {
            DigitalSignature digitalSignature = new DigitalSignature(selectSuite.keyExchange);
            try {
                KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                if (selectSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT) {
                    rSAPublicKey = (RSAPublicKey) genKeyPair.getPublic();
                } else {
                    DHPublicKey dHPublicKey = (DHPublicKey) genKeyPair.getPublic();
                    try {
                        keyFactory = KeyFactory.getInstance("DH");
                    } catch (NoSuchAlgorithmException e3) {
                        keyFactory = KeyFactory.getInstance("DiffieHellman");
                    }
                    dHPublicKeySpec = (DHPublicKeySpec) keyFactory.getKeySpec(dHPublicKey, DHPublicKeySpec.class);
                }
                if (selectSuite.isAnonymous()) {
                    this.privKey = genKeyPair.getPrivate();
                } else {
                    digitalSignature.init(this.privKey);
                    this.privKey = genKeyPair.getPrivate();
                    digitalSignature.update(this.clientHello.getRandom());
                    digitalSignature.update(this.serverHello.getRandom());
                    byte[] bArr2 = new byte[2];
                    if (selectSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT) {
                        byte[] byteArray = rSAPublicKey.getModulus().toByteArray();
                        bArr2[0] = (byte) ((byteArray.length & 65280) >>> 8);
                        bArr2[1] = (byte) (byteArray.length & 255);
                        digitalSignature.update(bArr2);
                        digitalSignature.update(byteArray);
                        byte[] byteArray2 = rSAPublicKey.getPublicExponent().toByteArray();
                        bArr2[0] = (byte) ((byteArray2.length & 65280) >>> 8);
                        bArr2[1] = (byte) (byteArray2.length & 255);
                        digitalSignature.update(byteArray2);
                    } else {
                        byte[] byteArray3 = dHPublicKeySpec.getP().toByteArray();
                        bArr2[0] = (byte) ((byteArray3.length & 65280) >>> 8);
                        bArr2[1] = (byte) (byteArray3.length & 255);
                        digitalSignature.update(byteArray3);
                        byte[] byteArray4 = dHPublicKeySpec.getG().toByteArray();
                        bArr2[0] = (byte) ((byteArray4.length & 65280) >>> 8);
                        bArr2[1] = (byte) (byteArray4.length & 255);
                        digitalSignature.update(byteArray4);
                        byte[] byteArray5 = dHPublicKeySpec.getY().toByteArray();
                        bArr2[0] = (byte) ((byteArray5.length & 65280) >>> 8);
                        bArr2[1] = (byte) (byteArray5.length & 255);
                        digitalSignature.update(byteArray5);
                    }
                    bArr = digitalSignature.sign();
                }
            } catch (Exception e4) {
                fatalAlert((byte) 80, "INTERNAL ERROR", e4);
            }
            if (selectSuite.keyExchange == CipherSuite.KeyExchange_RSA_EXPORT) {
                this.serverKeyExchange = new ServerKeyExchange(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent(), null, bArr);
            } else {
                this.serverKeyExchange = new ServerKeyExchange(bigInteger, bigInteger2, dHPublicKeySpec.getY(), bArr);
            }
            send(this.serverKeyExchange);
        }
        if (this.parameters.getWantClientAuth() || this.parameters.getNeedClientAuth()) {
            try {
                this.certificateRequest = new CertificateRequest(new byte[]{1, 2}, this.parameters.getTrustManager().getAcceptedIssuers());
                send(this.certificateRequest);
            } catch (ClassCastException e5) {
            }
        }
        this.serverHelloDone = new ServerHelloDone();
        send(this.serverHelloDone);
        this.status = 1;
    }

    @Override // org.apache.harmony.xnet.provider.jsse.HandshakeProtocol
    public void makeFinished() {
        byte[] bArr;
        boolean z = this.serverHello.server_version[1] == 1;
        if (z) {
            bArr = new byte[12];
            computerVerifyDataTLS("server finished", bArr);
        } else {
            bArr = new byte[36];
            computerVerifyDataSSLv3(SSLv3Constants.server, bArr);
        }
        this.serverFinished = new Finished(bArr);
        send(this.serverFinished);
        if (!this.isResuming) {
            this.session.lastAccessedTime = System.currentTimeMillis();
            this.status = 3;
        } else {
            if (z) {
                computerReferenceVerifyDataTLS("client finished");
            } else {
                computerReferenceVerifyDataSSLv3(SSLv3Constants.client);
            }
            this.status = 1;
        }
    }

    public SSLSessionImpl findSessionToResume(byte[] bArr) {
        return (SSLSessionImpl) this.parameters.getServerSessionContext().getSession(bArr);
    }

    public CipherSuite selectSuite(CipherSuite[] cipherSuiteArr) {
        for (int i = 0; i < cipherSuiteArr.length; i++) {
            if (cipherSuiteArr[i].supported) {
                for (int i2 = 0; i2 < this.parameters.getEnabledCipherSuitesMember().length; i2++) {
                    if (cipherSuiteArr[i].equals(this.parameters.getEnabledCipherSuitesMember()[i2])) {
                        return cipherSuiteArr[i];
                    }
                }
            }
        }
        return null;
    }

    @Override // org.apache.harmony.xnet.provider.jsse.HandshakeProtocol
    public void receiveChangeCipherSpec() {
        if (this.isResuming) {
            if (this.serverFinished == null) {
                unexpectedMessage();
                return;
            } else {
                this.changeCipherSpecReceived = true;
                return;
            }
        }
        if ((this.parameters.getNeedClientAuth() && this.clientCert == null) || this.clientKeyExchange == null || (this.clientCert != null && !this.clientKeyExchange.isEmpty() && this.certificateVerify == null)) {
            unexpectedMessage();
        } else {
            this.changeCipherSpecReceived = true;
        }
        if (this.serverHello.server_version[1] == 1) {
            computerReferenceVerifyDataTLS("client finished");
        } else {
            computerReferenceVerifyDataSSLv3(SSLv3Constants.client);
        }
    }
}
