package com.huawei.svn.sdk.thirdpart.ssl;

import com.huawei.ecs.imp.MsgCode;
import com.huawei.push.util.RSAEncrypt;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class ClientHandshakeImpl extends HandshakeProtocol {
    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientHandshakeImpl(Object obj) {
        super(obj);
    }

    private SSLSessionImpl findSessionToResume() {
        String peerHostName;
        int peerPort;
        if (this.engineOwner != null) {
            peerHostName = this.engineOwner.getPeerHost();
            peerPort = this.engineOwner.getPeerPort();
        } else {
            peerHostName = this.socketOwner.getPeerHostName();
            peerPort = this.socketOwner.getPeerPort();
        }
        if (peerHostName == null || peerPort == -1) {
            return null;
        }
        SSLSessionImpl sSLSessionImpl = (SSLSessionImpl) this.parameters.getClientSessionContext().getSession(peerHostName, peerPort);
        return sSLSessionImpl != null ? (SSLSessionImpl) sSLSessionImpl.clone() : sSLSessionImpl;
    }

    private void renegotiateNewSession() {
        if (!this.parameters.getEnableSessionCreation()) {
            this.status = 2;
            sendWarningAlert(MsgCode.IM_EQUIPMSG);
            return;
        }
        this.isResuming = false;
        this.session = new SSLSessionImpl(this.parameters.getSecureRandom());
        if (this.engineOwner != null) {
            this.session.setPeer(this.engineOwner.getPeerHost(), this.engineOwner.getPeerPort());
        } else {
            this.session.setPeer(this.socketOwner.getPeerHostName(), this.socketOwner.getPeerPort());
        }
        this.session.protocol = ProtocolVersion.getLatestVersion(this.parameters.getEnabledProtocols());
        this.recordProtocol.setVersion(this.session.protocol.version);
        startSession();
    }

    private void startSession() {
        this.clientHello = new ClientHello(this.parameters.getSecureRandom(), this.session.protocol.version, this.session.id, this.isResuming ? new CipherSuite[]{this.session.cipherSuite} : this.parameters.getEnabledCipherSuitesMember());
        this.session.clientRandom = this.clientHello.random;
        send(this.clientHello);
        this.status = 1;
    }

    private void verifyServerCert() {
        if (this.session.cipherSuite.getAuthType(this.serverKeyExchange != null) == null) {
            return;
        }
        if (this.engineOwner != null) {
            this.engineOwner.getPeerHost();
        } else {
            this.socketOwner.getWrappedHostName();
        }
        this.session.peerCertificates = this.serverCert.certs;
    }

    @Override // com.huawei.svn.sdk.thirdpart.ssl.HandshakeProtocol
    protected void makeFinished() {
        byte[] bArr;
        if (this.serverHello.server_version[1] == 1) {
            bArr = new byte[12];
            computerVerifyDataTLS("client finished", bArr);
        } else {
            bArr = new byte[36];
            computerVerifyDataSSLv3(SSLv3Constants.client, bArr);
        }
        this.clientFinished = new Finished(bArr);
        send(this.clientFinished);
        if (this.isResuming) {
            this.session.lastAccessedTime = System.currentTimeMillis();
            this.status = 3;
        } else {
            if (this.serverHello.server_version[1] == 1) {
                computerReferenceVerifyDataTLS("server finished");
            } else {
                computerReferenceVerifyDataSSLv3(SSLv3Constants.server);
            }
            this.status = 1;
        }
    }

    void processServerHelloDone() {
        String chooseClientAlias;
        PrivateKey privateKey = null;
        if (this.serverCert != null) {
            if (this.session.cipherSuite.isAnonymous()) {
                unexpectedMessage();
                return;
            }
            verifyServerCert();
        } else if (!this.session.cipherSuite.isAnonymous()) {
            unexpectedMessage();
            return;
        }
        if (this.certificateRequest != null) {
            X509Certificate[] x509CertificateArr = null;
            String[] typesAsString = this.certificateRequest.getTypesAsString();
            X500Principal[] x500PrincipalArr = this.certificateRequest.certificate_authorities;
            X509KeyManager keyManager = this.parameters.getKeyManager();
            if (keyManager instanceof X509ExtendedKeyManager) {
                X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
                chooseClientAlias = this.socketOwner != null ? x509ExtendedKeyManager.chooseClientAlias(typesAsString, x500PrincipalArr, this.socketOwner) : x509ExtendedKeyManager.chooseEngineClientAlias(typesAsString, x500PrincipalArr, this.engineOwner);
                if (chooseClientAlias != null) {
                    x509CertificateArr = x509ExtendedKeyManager.getCertificateChain(chooseClientAlias);
                }
            } else {
                chooseClientAlias = keyManager.chooseClientAlias(typesAsString, x500PrincipalArr, this.socketOwner);
                if (chooseClientAlias != null) {
                    x509CertificateArr = keyManager.getCertificateChain(chooseClientAlias);
                }
            }
            this.session.localCertificates = x509CertificateArr;
            this.clientCert = new CertificateMessage(x509CertificateArr);
            privateKey = keyManager.getPrivateKey(chooseClientAlias);
            send(this.clientCert);
        }
        if (this.session.cipherSuite.keyExchange == 1 || this.session.cipherSuite.keyExchange == 2) {
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                if (this.serverKeyExchange != null && this.serverKeyExchange.getRSAPublicKey() != null) {
                    cipher.init(3, this.serverKeyExchange.getRSAPublicKey());
                } else if (this.serverCert != null) {
                    cipher.init(3, this.serverCert.certs[0]);
                }
                this.preMasterSecret = new byte[48];
                this.parameters.getSecureRandom().nextBytes(this.preMasterSecret);
                if (this.clientHello != null) {
                    System.arraycopy(this.clientHello.client_version, 0, this.preMasterSecret, 0, 2);
                }
                try {
                    this.clientKeyExchange = new ClientKeyExchange(cipher.wrap(new SecretKeySpec(this.preMasterSecret, "preMasterSecret")), this.serverHello.server_version[1] == 1);
                } catch (Exception e) {
                    fatalAlert((byte) 80, "Unexpected exception", e);
                    return;
                }
            } catch (Exception e2) {
                fatalAlert((byte) 80, "Unexpected exception", e2);
                return;
            }
        } else {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("DH");
                KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
                PublicKey publicKey = null;
                DHParameterSpec dHParameterSpec = null;
                if (this.serverKeyExchange != null) {
                    publicKey = keyFactory.generatePublic(new DHPublicKeySpec(this.serverKeyExchange.par3, this.serverKeyExchange.par1, this.serverKeyExchange.par2));
                    dHParameterSpec = new DHParameterSpec(this.serverKeyExchange.par1, this.serverKeyExchange.par2);
                } else if (this.serverCert != null) {
                    publicKey = this.serverCert.certs[0].getPublicKey();
                    dHParameterSpec = ((DHPublicKey) publicKey).getParams();
                }
                keyPairGenerator.initialize(dHParameterSpec);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                PublicKey publicKey2 = generateKeyPair.getPublic();
                if (this.clientCert == null || this.serverCert == null || !(this.session.cipherSuite.keyExchange == 5 || this.session.cipherSuite.keyExchange == 3)) {
                    this.clientKeyExchange = new ClientKeyExchange(((DHPublicKey) publicKey2).getY());
                } else {
                    PublicKey publicKey3 = this.clientCert.certs[0].getPublicKey();
                    PublicKey publicKey4 = this.serverCert.certs[0].getPublicKey();
                    if ((publicKey3 instanceof DHKey) && (publicKey4 instanceof DHKey) && ((DHKey) publicKey3).getParams().getG().equals(((DHKey) publicKey4).getParams().getG()) && ((DHKey) publicKey3).getParams().getP().equals(((DHKey) publicKey4).getParams().getP())) {
                        this.clientKeyExchange = new ClientKeyExchange();
                    }
                }
                keyAgreement.init(generateKeyPair.getPrivate());
                keyAgreement.doPhase(publicKey, true);
                this.preMasterSecret = keyAgreement.generateSecret();
            } catch (Exception e3) {
                fatalAlert((byte) 80, "Unexpected exception", e3);
                return;
            }
        }
        if (this.clientKeyExchange != null) {
            send(this.clientKeyExchange);
        }
        computerMasterSecret();
        if (this.clientCert != null && this.clientCert.certs.length > 0 && this.clientKeyExchange != null && !this.clientKeyExchange.isEmpty() && privateKey != null) {
            String algorithm = privateKey.getAlgorithm();
            DigitalSignature digitalSignature = new DigitalSignature(algorithm);
            digitalSignature.init(privateKey);
            if (RSAEncrypt.KEY_ALGORITHM.equals(algorithm)) {
                digitalSignature.setMD5(this.io_stream.getDigestMD5());
                digitalSignature.setSHA(this.io_stream.getDigestSHA());
            } else if ("DSA".equals(algorithm)) {
                digitalSignature.setSHA(this.io_stream.getDigestSHA());
            }
            this.certificateVerify = new CertificateVerify(digitalSignature.sign());
            send(this.certificateVerify);
        }
        sendChangeCipherSpec();
    }

    @Override // com.huawei.svn.sdk.thirdpart.ssl.HandshakeProtocol
    public void receiveChangeCipherSpec() {
        if (this.isResuming) {
            if (this.serverHello == null) {
                unexpectedMessage();
            }
        } else if (this.clientFinished == null) {
            unexpectedMessage();
        }
        this.changeCipherSpecReceived = true;
    }

    @Override // com.huawei.svn.sdk.thirdpart.ssl.HandshakeProtocol
    public void start() {
        if (this.session == null) {
            this.session = findSessionToResume();
        } else {
            if (this.clientHello != null && this.status != 3) {
                return;
            }
            if (!this.session.isValid()) {
                this.session = null;
            }
        }
        if (this.session != null) {
            this.isResuming = true;
        } else if (this.parameters.getEnableSessionCreation()) {
            this.isResuming = false;
            this.session = new SSLSessionImpl(this.parameters.getSecureRandom());
            if (this.engineOwner != null) {
                this.session.setPeer(this.engineOwner.getPeerHost(), this.engineOwner.getPeerPort());
            } else {
                this.session.setPeer(this.socketOwner.getPeerHostName(), this.socketOwner.getPeerPort());
            }
            this.session.protocol = ProtocolVersion.getLatestVersion(this.parameters.getEnabledProtocols());
            this.recordProtocol.setVersion(this.session.protocol.version);
        } else {
            fatalAlert((byte) 40, "SSL Session may not be created ");
        }
        startSession();
    }

    @Override // com.huawei.svn.sdk.thirdpart.ssl.HandshakeProtocol
    public void unwrap(byte[] bArr) {
        if (this.delegatedTaskErr != null) {
            Exception exc = this.delegatedTaskErr;
            this.delegatedTaskErr = null;
            fatalAlert((byte) 40, "Error in delegated task", exc);
        }
        this.io_stream.append(bArr);
        while (this.io_stream.available() > 0) {
            this.io_stream.mark();
            try {
                int read = this.io_stream.read();
                int readUint24 = this.io_stream.readUint24();
                if (this.io_stream.available() < readUint24) {
                    this.io_stream.reset();
                    return;
                }
                switch (read) {
                    case 0:
                        this.io_stream.removeFromMarkedPosition();
                        if (this.clientHello == null || (this.clientFinished != null && this.serverFinished != null)) {
                            if (!this.session.isValid()) {
                                renegotiateNewSession();
                                break;
                            } else {
                                this.session = (SSLSessionImpl) this.session.clone();
                                this.isResuming = true;
                                startSession();
                                break;
                            }
                        }
                        break;
                    case 2:
                        if (this.clientHello != null && this.serverHello == null) {
                            this.serverHello = new ServerHello(this.io_stream, readUint24);
                            ProtocolVersion byVersion = ProtocolVersion.getByVersion(this.serverHello.server_version);
                            if (byVersion != null) {
                                String[] enabledProtocols = this.parameters.getEnabledProtocols();
                                int i = 0;
                                while (true) {
                                    if (i >= enabledProtocols.length) {
                                        fatalAlert((byte) 40, "Bad server hello protocol version");
                                    } else if (!byVersion.equals(ProtocolVersion.getByName(enabledProtocols[i]))) {
                                        i++;
                                    }
                                }
                                if (this.serverHello.compression_method != 0) {
                                    fatalAlert((byte) 40, "Bad server hello compression method");
                                }
                                CipherSuite[] enabledCipherSuitesMember = this.parameters.getEnabledCipherSuitesMember();
                                int i2 = 0;
                                while (true) {
                                    if (i2 >= enabledCipherSuitesMember.length) {
                                        fatalAlert((byte) 40, "Bad server hello cipher suite");
                                    } else if (!this.serverHello.cipher_suite.equals(enabledCipherSuitesMember[i2])) {
                                        i2++;
                                    }
                                }
                                if (this.isResuming) {
                                    if (this.serverHello.session_id.length == 0) {
                                        this.isResuming = false;
                                    } else if (!Arrays.equals(this.serverHello.session_id, this.clientHello.session_id)) {
                                        this.isResuming = false;
                                    } else if (!this.session.protocol.equals(byVersion)) {
                                        fatalAlert((byte) 40, "Bad server hello protocol version");
                                    } else if (!this.session.cipherSuite.equals(this.serverHello.cipher_suite)) {
                                        fatalAlert((byte) 40, "Bad server hello cipher suite");
                                    }
                                    if (this.serverHello.server_version[1] == 1) {
                                        computerReferenceVerifyDataTLS("server finished");
                                    } else {
                                        computerReferenceVerifyDataSSLv3(SSLv3Constants.server);
                                    }
                                }
                                this.session.protocol = byVersion;
                                this.recordProtocol.setVersion(this.session.protocol.version);
                                this.session.cipherSuite = this.serverHello.cipher_suite;
                                this.session.id = (byte[]) this.serverHello.session_id.clone();
                                this.session.serverRandom = this.serverHello.random;
                                break;
                            } else {
                                unexpectedMessage();
                                return;
                            }
                        } else {
                            unexpectedMessage();
                            return;
                        }
                    case 11:
                        if (this.serverHello != null && this.serverKeyExchange == null && this.serverCert == null && !this.isResuming) {
                            this.serverCert = new CertificateMessage(this.io_stream, readUint24);
                            break;
                        } else {
                            unexpectedMessage();
                            return;
                        }
                        break;
                    case 12:
                        if (this.serverHello != null && this.serverKeyExchange == null && !this.isResuming) {
                            this.serverKeyExchange = new ServerKeyExchange(this.io_stream, readUint24, this.session.cipherSuite.keyExchange);
                            break;
                        } else {
                            unexpectedMessage();
                            return;
                        }
                        break;
                    case 13:
                        if (this.serverCert != null && this.certificateRequest == null && !this.session.cipherSuite.isAnonymous() && !this.isResuming) {
                            this.certificateRequest = new CertificateRequest(this.io_stream, readUint24);
                            break;
                        } else {
                            unexpectedMessage();
                            return;
                        }
                        break;
                    case 14:
                        if (this.serverHello != null && this.serverHelloDone == null && !this.isResuming) {
                            this.serverHelloDone = new ServerHelloDone(this.io_stream, readUint24);
                            if (!this.nonBlocking) {
                                processServerHelloDone();
                                break;
                            } else {
                                this.delegatedTasks.add(new DelegatedTask(new Runnable() { // from class: com.huawei.svn.sdk.thirdpart.ssl.ClientHandshakeImpl.1
                                    @Override // java.lang.Runnable
                                    public void run() {
                                        ClientHandshakeImpl.this.processServerHelloDone();
                                    }
                                }, this));
                                return;
                            }
                        } else {
                            unexpectedMessage();
                            return;
                        }
                        break;
                    case 20:
                        if (!this.changeCipherSpecReceived) {
                            unexpectedMessage();
                            return;
                        }
                        this.serverFinished = new Finished(this.io_stream, readUint24);
                        verifyFinished(this.serverFinished.getData());
                        this.session.lastAccessedTime = System.currentTimeMillis();
                        this.session.context = this.parameters.getClientSessionContext();
                        this.parameters.getClientSessionContext().putSession(this.session);
                        if (!this.isResuming) {
                            this.session.lastAccessedTime = System.currentTimeMillis();
                            this.status = 3;
                            break;
                        } else {
                            sendChangeCipherSpec();
                            break;
                        }
                    default:
                        unexpectedMessage();
                        return;
                }
            } catch (IOException e) {
                this.io_stream.reset();
                return;
            }
        }
    }

    @Override // com.huawei.svn.sdk.thirdpart.ssl.HandshakeProtocol
    public void unwrapSSLv2(byte[] bArr) {
        unexpectedMessage();
    }
}
