package com.claymoresystems.ptls;

import com.claymoresystems.cert.CertContext;
import com.claymoresystems.cert.CertificateDecodeException;
import com.claymoresystems.cert.CertificateVerifyException;
import com.claymoresystems.cert.X509Cert;
import com.claymoresystems.crypto.DHPrivateKey;
import com.claymoresystems.sslg.SSLPolicyInt;
import com.claymoresystems.util.Util;
import cryptix.util.core.ArrayUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Vector;
import xjava.security.interfaces.CryptixRSAPrivateKey;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/oscarjdbc-7.4.1.21-jdk8.jar:com/claymoresystems/ptls/SSLHandshake.class */
public abstract class SSLHandshake {
    public static final int SSL_HT_HELLO_REQUEST = 0;
    public static final int SSL_HT_CLIENT_HELLO = 1;
    public static final int SSL_HT_SERVER_HELLO = 2;
    public static final int SSL_HT_CERTIFICATE = 11;
    public static final int SSL_HT_SERVER_KEY_EXCHANGE = 12;
    public static final int SSL_HT_CERTIFICATE_REQUEST = 13;
    public static final int SSL_HT_SERVER_HELLO_DONE = 14;
    public static final int SSL_HT_CERTIFICATE_VERIFY = 15;
    public static final int SSL_HT_CLIENT_KEY_EXCHANGE = 16;
    public static final int SSL_HT_FINISHED = 20;
    public static final int SSL_HT_V2_CLIENT_HELLO = 255;
    public static final int SSL_HANDSHAKE_FINISHED = 255;
    public static final int SSL_V3_VERSION = 768;
    public static final int TLS_V1_VERSION = 769;
    public static final int MASTER_SECRET_SIZE = 48;
    public static byte[] pad_1 = {54};
    public static byte[] pad_2 = {92};
    int state;
    SSLConn _conn;
    byte[] session_id;
    boolean client;
    CertContext cert_ctx;
    Vector cipher_suites;
    SecureRandom rng;
    SSLHandshakeHashes save_hashes;
    SSLCipherSuite cipher_suite;
    byte[] pre_master_secret;
    byte[] master_secret;
    PublicKey peerSignatureKey;
    PublicKey peerEncryptionKey;
    DHPrivateKey dhEphemeral;
    public final int SSL_HS_WAIT_FOR_CHANGE_CIPHER_SPECS = 20;
    public final int SSL_HS_WAIT_FOR_FINISHED = 21;
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    byte[] client_random = new byte[32];
    byte[] server_random = new byte[32];
    CryptixRSAPrivateKey rsaEphemeral = null;
    CryptixRSAPublicKey rsaEphemeralPublic = null;
    int client_offered_version = 0;
    SSLHandshakeHashes hashes = new SSLHandshakeHashes();

    public SSLHandshake(SSLConn sSLConn) {
        this._conn = sSLConn;
        this.cert_ctx = new CertContext(sSLConn.ctx.getRootList());
        this.rng = new SecureRandom(sSLConn.ctx.getSeedBytes());
        filterCipherSuites(sSLConn.ctx.getPrivateKey(), sSLConn.getPolicy());
    }

    public void handshake() throws IOException {
        while (this.state != 255) {
            handshakeContinue();
        }
        this._conn.session_id = this.session_id.length != 0 ? this.session_id : null;
        this._conn.sock_out_external = new SSLOutputStream(this._conn);
        SSLDebug.debug(4, "Handshake completed");
    }

    public abstract void handshakeContinue() throws IOException;

    public void sendHandshakeMsg(SSLConn sSLConn, int i, SSLPDU sslpdu) throws IOException {
        sendHandshakeMsg(sSLConn, i, sslpdu, true);
    }

    public void sendHandshakeMsg(SSLConn sSLConn, int i, SSLPDU sslpdu, boolean z) throws IOException, Error {
        sslpdu.encode(sSLConn, this.os);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(this.os.size() + 10);
        new SSLHandshakeHdr(i, this.os.size()).encode(sSLConn, byteArrayOutputStream);
        this.os.writeTo(byteArrayOutputStream);
        this.os.reset();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (z) {
            this.hashes.update(byteArray);
        }
        new SSLRecord(sSLConn, 22, byteArray).send(sSLConn);
    }

    public InputStream recvHandshakeMsg(SSLConn sSLConn, SSLHandshakeHdr sSLHandshakeHdr) throws IOException {
        sSLHandshakeHdr.decode(sSLConn, sSLConn.sock_in_hp);
        switch (sSLHandshakeHdr.ct.value) {
            case 15:
            case 20:
                try {
                    this.save_hashes = (SSLHandshakeHashes) this.hashes.clone();
                    break;
                } catch (CloneNotSupportedException e) {
                    throw new Error("Internal error");
                }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        sSLHandshakeHdr.encode(sSLConn, byteArrayOutputStream);
        this.hashes.update(byteArrayOutputStream.toByteArray());
        byte[] bArr = new byte[sSLHandshakeHdr.length.value];
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= bArr.length) {
                this.hashes.update(bArr);
                return new ByteArrayInputStream(bArr);
            }
            i = sSLConn.sock_in_hp.read(bArr, i2, bArr.length - i2);
        }
    }

    public boolean finishedP() {
        return this.state == 255;
    }

    public void stateChange(int i) {
        this.state = i;
        SSLDebug.debug(4, "New handshake state " + i);
    }

    public void stateAssert(int i) throws IOException {
        if (this.state == i) {
            return;
        }
        this._conn.alert(SSLAlertX.TLS_ALERT_UNEXPECTED_MESSAGE);
    }

    public void stateAssert(int i, int i2) throws IOException {
        if (this.state == i || this.state == i2) {
            return;
        }
        this._conn.alert(SSLAlertX.TLS_ALERT_UNEXPECTED_MESSAGE);
    }

    public void stateAssert(int i, int i2, int i3) throws IOException {
        if (this.state == i || this.state == i2 || this.state == i3) {
            return;
        }
        this._conn.alert(SSLAlertX.TLS_ALERT_UNEXPECTED_MESSAGE);
    }

    public void sendCertificate(Vector vector) throws IOException {
        SSLCertificate sSLCertificate = new SSLCertificate();
        for (int i = 1; i <= vector.size(); i++) {
            SSLopaque sSLopaque = new SSLopaque(-16777215);
            sSLopaque.value = (byte[]) vector.elementAt(i - 1);
            sSLCertificate.certificate_list.value.addElement(sSLopaque);
        }
        sendHandshakeMsg(this._conn, 11, sSLCertificate);
    }

    public void recvCertificate(InputStream inputStream) throws IOException {
        SSLCertificate sSLCertificate = new SSLCertificate();
        Vector vector = new Vector();
        Vector vector2 = null;
        sSLCertificate.decode(this._conn, inputStream);
        if (sSLCertificate.certificate_list.value.size() == 0) {
            this._conn.alert(SSLAlertX.TLS_ALERT_ILLEGAL_PARAMETER);
        }
        for (int i = 1; i <= sSLCertificate.certificate_list.value.size(); i++) {
            vector.addElement(new X509Cert(((SSLopaque) sSLCertificate.certificate_list.value.elementAt(sSLCertificate.certificate_list.value.size() - i)).value));
        }
        try {
            vector2 = X509Cert.verifyCertChain(this.cert_ctx, vector, this._conn.getPolicy().getCertVerifyPolicy());
        } catch (CertificateDecodeException e) {
            this._conn.alert(SSLAlertX.TLS_ALERT_BAD_CERTIFICATE);
        } catch (CertificateVerifyException e2) {
            if (SSLDebug.getDebug(32)) {
                e2.printStackTrace();
            }
            this._conn.alert(SSLAlertX.TLS_ALERT_BAD_CERTIFICATE);
        }
        if (vector2 == null && !this._conn.getPolicy().acceptUnverifiableCertificatesP()) {
            this._conn.alert(SSLAlertX.TLS_ALERT_UNKNOWN_CA);
        }
        this.peerSignatureKey = ((X509Cert) vector.elementAt(vector.size() - 1)).getPublicKey();
        this._conn.peerCertificateChain = vector2;
    }

    public void computeMasterSecret() {
        SSLPRF pRFInstance = SSLPRF.getPRFInstance(this._conn.ssl_version);
        SSLDebug.debug(8, "Pre master secret", this.pre_master_secret);
        this.master_secret = new byte[48];
        pRFInstance.PRF(this.pre_master_secret, 1, this.client_random, this.server_random, this.master_secret);
        SSLDebug.debug(8, "Master secret", this.master_secret);
    }

    public void computeNextCipherStates() {
        this._conn.next_write_cipher_state = new SSLCipherState();
        this._conn.next_read_cipher_state = new SSLCipherState();
        try {
            SSLCipherState.computeSSLCipherState(this, this._conn.next_write_cipher_state, this._conn.next_read_cipher_state);
        } catch (KeyException e) {
            e.printStackTrace();
            throw new Error(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new Error(e2.toString());
        }
    }

    public void sendChangeCipherSpec() throws IOException {
        new SSLRecord(this._conn, 20, new byte[]{1}).send(this._conn);
        this._conn.write_cipher_state = this._conn.next_write_cipher_state;
        this._conn.write_sequence_num = 0L;
    }

    public void recvFinished(InputStream inputStream) throws IOException {
        new SSLFinished(this._conn, this, false).decode(this._conn, inputStream);
    }

    public void sendFinished() throws IOException {
        sendHandshakeMsg(this._conn, 20, new SSLFinished(this._conn, this, true));
        this._conn.sock_out.flush();
    }

    public void recvChangeCipherSpecs(byte[] bArr) throws IOException {
        byte[] bArr2 = {1};
        stateAssert(20);
        if (!ArrayUtil.areEqual(bArr2, bArr)) {
            this._conn.alert(SSLAlertX.TLS_ALERT_ILLEGAL_PARAMETER);
        }
        this._conn.read_cipher_state = this._conn.next_read_cipher_state;
        this._conn.read_sequence_num = 0L;
        stateChange(21);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeSession(String str) {
        SSLDebug.debug(64, "Storing session ", this.session_id);
        this._conn.ctx.storeSession(str, new SSLSessionData(this, str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SSLSessionData findSession(String str) {
        SSLDebug.debug(4, "Trying to recover session using key" + str);
        SSLSessionData findSession = this._conn.ctx.findSession(str);
        if (findSession == null || findSession.getExpiryTime() >= System.currentTimeMillis()) {
            return findSession;
        }
        this._conn.ctx.destroySession(findSession.getLookupKey());
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void restoreSession(SSLSessionData sSLSessionData) {
        sSLSessionData.restoreSession(this);
    }

    protected void filterCipherSuites(PrivateKey privateKey, SSLPolicyInt sSLPolicyInt) {
        String algorithm = privateKey.getAlgorithm();
        this.cipher_suites = new Vector();
        short[] cipherSuites = this._conn.getPolicy().getCipherSuites();
        for (int i = 0; i < cipherSuites.length; i++) {
            SSLCipherSuite findCipherSuite = SSLCipherSuite.findCipherSuite(cipherSuites[i]);
            if (findCipherSuite == null) {
                SSLDebug.debug(16, "Rejecting unrecognized cipher suite" + ((int) cipherSuites[i]));
            } else if (findCipherSuite.getSignatureAlgBase().equals(algorithm)) {
                SSLDebug.debug(16, "Accepting cipher suite: " + findCipherSuite.getName());
                this.cipher_suites.addElement(findCipherSuite);
            } else {
                SSLDebug.debug(16, "Rejecting cipher suite: " + findCipherSuite.getName() + " -- incompatible with signature algorithm " + algorithm);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void makeRandomValue(byte[] bArr) {
        if (bArr.length != 32) {
            throw new InternalError("Incorrect random value length");
        }
        this.rng.nextBytes(bArr);
        System.arraycopy(Util.toBytes(System.currentTimeMillis() / 1000, 4), 0, bArr, 0, 4);
    }
}
