package com.nationsky.d.b;

import com.nationsky.d.b.f;
import com.nationsky.d.b.q;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLProtocolException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public final class h extends s {
    private q.b A;
    private boolean B;
    private z C;
    private PublicKey v;
    private PublicKey w;
    private BigInteger x;
    private k y;
    private m z;

    /* JADX INFO: Access modifiers changed from: package-private */
    public h(ag agVar, com.nationsky.a.y yVar, z zVar, boolean z, boolean z2, byte[] bArr, byte[] bArr2) {
        super(agVar, yVar, true, zVar, z, z2, bArr, bArr2);
    }

    static RSAPublicKeySpec a(PublicKey publicKey) {
        if (publicKey instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            return new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent());
        }
        try {
            return (RSAPublicKeySpec) KeyFactory.getInstance("RSA").getKeySpec(publicKey, RSAPublicKeySpec.class);
        } catch (Exception e) {
            throw ((RuntimeException) new RuntimeException().initCause(e));
        }
    }

    private void a(q.a aVar) throws IOException {
        X509Certificate[] c = aVar.c();
        if (c.length == 0) {
            a((byte) 42, "empty certificate chain");
        }
        try {
            com.nationsky.a.v.a(this.n.g(), (X509Certificate[]) c.clone(), (this.s != f.b.K_RSA_EXPORT || this.B) ? this.s.q : f.b.K_RSA.q, c());
        } catch (CertificateException e) {
            a((byte) 46, e);
        }
        this.q.a(c);
    }

    private void a(q.e eVar) throws IOException {
        this.y = new k(eVar.c(), eVar.d(), this.n.h());
        this.x = eVar.e();
    }

    private void a(q.g gVar) throws IOException {
        ECPublicKey c = gVar.c();
        this.z = new m(c.getParams(), this.n.h());
        this.w = c;
    }

    private void a(q.h hVar) throws IOException {
        if (!hVar.a(this.j, 2, this.q.a())) {
            a((byte) 47, "server 'finished' message doesn't verify");
        }
        if (this.c) {
            this.e = hVar.c();
        }
        if (this.t) {
            this.k.a();
            a(true);
        }
        this.q.a(System.currentTimeMillis());
        if (this.t || !this.q.b()) {
            return;
        }
        this.n.b().c(this.q);
    }

    private void a(q.i iVar) throws IOException {
        if (this.m < 1) {
            if (this.c) {
                t();
            } else if (this.b.k < z.d.k) {
                a((byte) 40, "Renegotiation is not allowed");
            } else {
                b((byte) 100);
                this.u = true;
            }
        }
    }

    private void a(q.j jVar) throws IOException, GeneralSecurityException {
        if (!jVar.a(this.v, this.o, this.p)) {
            a((byte) 40, "server key exchange invalid");
        }
        this.w = jVar.c();
    }

    private void a(q.k kVar) throws IOException {
        this.B = false;
        z zVar = kVar.e;
        if (!c(zVar)) {
            throw new SSLHandshakeException("Server chose " + zVar + ", but that protocol version is not enabled or not supported by the client.");
        }
        this.j.a(zVar);
        a(zVar);
        ad adVar = (ad) kVar.j.a(n.p);
        if (adVar != null) {
            if (this.f) {
                if (!adVar.b()) {
                    a((byte) 40, "The renegotiation_info field is not empty");
                }
                this.c = true;
            } else {
                if (!this.c) {
                    a((byte) 40, "Unexpected renegotiation indication extension");
                }
                byte[] bArr = new byte[this.d.length + this.e.length];
                System.arraycopy(this.d, 0, bArr, 0, this.d.length);
                System.arraycopy(this.e, 0, bArr, this.d.length, this.e.length);
                if (!Arrays.equals(bArr, adVar.c())) {
                    a((byte) 40, "Incorrect verify data in ServerHello renegotiation_info message");
                }
            }
        } else if (this.f) {
            this.c = false;
        } else if (this.c) {
            a((byte) 40, "No renegotiation indication extension");
        }
        this.p = kVar.f;
        if (!b(kVar.h)) {
            a((byte) 47, "Server selected improper ciphersuite " + kVar.h);
        }
        a(kVar.h);
        if (this.f419a.k >= z.f.k) {
            this.j.a(this.r.g.a());
        }
        if (kVar.i != 0) {
            a((byte) 47, "compression type not supported, " + ((int) kVar.i));
        }
        if (this.q != null) {
            if (this.q.d().equals(kVar.g)) {
                f e = this.q.e();
                if (this.r != e) {
                    throw new SSLProtocolException("Server returned wrong cipher suite for session");
                }
                if (this.f419a != this.q.f()) {
                    throw new SSLProtocolException("Server resumed session with wrong protocol version");
                }
                if (e.d == f.b.K_KRB5 || e.d == f.b.K_KRB5_EXPORT) {
                    this.q.getLocalPrincipal();
                    throw new SSLProtocolException("Server resumed session with no subject");
                }
                this.t = true;
                this.m = 19;
                a(this.q.a());
            } else {
                this.q = null;
                if (!this.n.o()) {
                    throw new SSLException("New session creation is disabled");
                }
            }
        }
        if (this.t && this.q != null) {
            if (this.f419a.k >= z.f.k) {
                this.j.b(null);
            }
            a(this.q);
            return;
        }
        Iterator<t> it = kVar.j.a().iterator();
        while (it.hasNext()) {
            n nVar = it.next().f420a;
            if (nVar != n.l && nVar != n.m && nVar != n.d && nVar != n.p) {
                a((byte) 110, "Server sent an unsupported extension: " + nVar);
            }
        }
        this.q = new af(this.f419a, this.r, e(), kVar.g, c(), d());
        a(this.q);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:53:0x00d1. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:45:0x00a4  */
    /* JADX WARN: Removed duplicated region for block: B:50:0x00bd  */
    /* JADX WARN: Removed duplicated region for block: B:65:0x01a8  */
    /* JADX WARN: Removed duplicated region for block: B:67:0x01c1  */
    /* JADX WARN: Removed duplicated region for block: B:70:0x024a  */
    /* JADX WARN: Removed duplicated region for block: B:75:0x01e5 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:94:0x01ca  */
    /* JADX WARN: Removed duplicated region for block: B:95:0x01d3  */
    /* JADX WARN: Removed duplicated region for block: B:96:0x01dc  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void a(com.nationsky.d.b.q.l r13) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 684
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nationsky.d.b.h.a(com.nationsky.d.b.q$l):void");
    }

    private void a(boolean z) throws IOException {
        q.h hVar = new q.h(this.f419a, this.j, 1, this.q.a(), this.r);
        a(hVar, z);
        if (this.c) {
            this.d = hVar.c();
        }
        this.m = 19;
    }

    static int b(PublicKey publicKey) {
        return (publicKey instanceof RSAPublicKey ? ((RSAPublicKey) publicKey).getModulus() : a(publicKey).getModulus()).bitLength();
    }

    @Override // com.nationsky.d.b.s
    q a() throws SSLException {
        aj d = af.f390a.d();
        g f = f();
        this.C = this.f419a;
        if (this.n.b() instanceof com.nationsky.a.d) {
            this.q = (af) ((com.nationsky.a.d) this.n.b()).a(c(), d());
        }
        if (this.q != null && !this.q.b()) {
            this.q = null;
        }
        if (this.q != null) {
            f e = this.q.e();
            z f2 = this.q.f();
            if (!b(e)) {
                this.q = null;
            }
            if (this.q != null && !c(f2)) {
                this.q = null;
            }
            if (this.q != null) {
                d = this.q.d();
                this.C = f2;
                a(f2);
            }
            if (!this.n.o()) {
                if (this.q == null) {
                    throw new SSLHandshakeException("Can't reuse existing SSL client session");
                }
                ArrayList arrayList = new ArrayList(2);
                arrayList.add(e);
                if (!this.c && f.a(f.B)) {
                    arrayList.add(f.B);
                }
                f = new g(arrayList);
            }
        }
        if (this.q == null && !this.n.o()) {
            throw new SSLHandshakeException("No existing session to resume");
        }
        if (this.c && f.a(f.B)) {
            ArrayList arrayList2 = new ArrayList(f.c() - 1);
            for (f fVar : f.b()) {
                if (fVar != f.B) {
                    arrayList2.add(fVar);
                }
            }
            f = new g(arrayList2);
        }
        boolean z = false;
        Iterator<f> it = f.b().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (b(it.next())) {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new SSLHandshakeException("No negotiable cipher suite");
        }
        q.d dVar = new q.d(this.n.h(), this.C, d, f);
        if (this.C.k >= z.f.k) {
            Collection<al> e2 = e();
            if (e2.isEmpty()) {
                throw new SSLHandshakeException("No supported signature algorithm");
            }
            dVar.a(e2);
        }
        String b = b();
        if (b != null && b.indexOf(46) > 0 && !com.nationsky.d.c.b.c(b) && !com.nationsky.d.c.b.d(b)) {
            dVar.a(b);
        }
        this.o = dVar.f;
        if (this.c || !f.a(f.B)) {
            dVar.a(this.d);
        }
        return dVar;
    }

    @Override // com.nationsky.d.b.s
    void a(byte b) throws SSLProtocolException {
        throw new SSLProtocolException("handshake alert:  " + a.a(b));
    }

    @Override // com.nationsky.d.b.s
    void a(byte b, int i) throws IOException {
        if (this.m > b && b != 0 && this.m != 1) {
            throw new SSLProtocolException("Handshake message sequence violation, " + ((int) b));
        }
        if (b == 0) {
            a(new q.i(this.k));
        } else if (b == 2) {
            a(new q.k(this.k, i));
        } else if (b != 20) {
            switch (b) {
                case 11:
                    if (this.s == f.b.K_DH_ANON || this.s == f.b.K_ECDH_ANON || this.s == f.b.K_KRB5 || this.s == f.b.K_KRB5_EXPORT) {
                        a((byte) 10, "unexpected server cert chain");
                    }
                    a(new q.a(this.k));
                    this.v = this.q.getPeerCertificates()[0].getPublicKey();
                    break;
                case 12:
                    this.B = true;
                    switch (this.s) {
                        case K_RSA_EXPORT:
                            PublicKey publicKey = this.v;
                            if (publicKey == null) {
                                throw new SSLProtocolException("Server did not send certificate message");
                            }
                            if (!(publicKey instanceof RSAPublicKey)) {
                                throw new SSLProtocolException("Protocol violation: the certificate type must be appropriate for the selected cipher suite's key exchange algorithm");
                            }
                            if (b(publicKey) <= 512) {
                                throw new SSLProtocolException("Protocol violation: server sent a server key exchange message for key exchange " + this.s + " when the public key in the server certificate is less than or equal to 512 bits in length");
                            }
                            try {
                                a(new q.j(this.k));
                                break;
                            } catch (GeneralSecurityException e) {
                                a("Server key", e);
                                break;
                            }
                        case K_DH_ANON:
                            a(new q.e(this.k, this.f419a));
                            break;
                        case K_DHE_DSS:
                        case K_DHE_RSA:
                            try {
                                a(new q.e(this.k, this.v, this.o.f387a, this.p.f387a, i, this.g, this.f419a));
                                break;
                            } catch (GeneralSecurityException e2) {
                                a("Server key", e2);
                                break;
                            }
                        case K_ECDHE_ECDSA:
                        case K_ECDHE_RSA:
                        case K_ECDH_ANON:
                            try {
                                a(new q.g(this.k, this.v, this.o.f387a, this.p.f387a, this.g, this.f419a));
                                break;
                            } catch (GeneralSecurityException e3) {
                                a("Server key", e3);
                                break;
                            }
                        case K_RSA:
                        case K_DH_RSA:
                        case K_DH_DSS:
                        case K_ECDH_ECDSA:
                        case K_ECDH_RSA:
                            throw new SSLProtocolException("Protocol violation: server sent a server key exchangemessage for key exchange " + this.s);
                        case K_KRB5:
                        case K_KRB5_EXPORT:
                            throw new SSLProtocolException("unexpected receipt of server key exchange algorithm");
                        default:
                            throw new SSLProtocolException("unsupported key exchange algorithm = " + this.s);
                    }
                case 13:
                    if (this.s == f.b.K_DH_ANON || this.s == f.b.K_ECDH_ANON) {
                        throw new SSLHandshakeException("Client authentication requested for anonymous cipher suite.");
                    }
                    if (this.s == f.b.K_KRB5 || this.s == f.b.K_KRB5_EXPORT) {
                        throw new SSLHandshakeException("Client certificate requested for kerberos cipher suite.");
                    }
                    this.A = new q.b(this.k, this.f419a);
                    if (this.f419a.k >= z.f.k) {
                        Collection<al> d = this.A.d();
                        if (d == null || d.isEmpty()) {
                            throw new SSLHandshakeException("No peer supported signature algorithms");
                        }
                        Collection<al> a2 = al.a(d);
                        if (!a2.isEmpty()) {
                            a(a2);
                            this.q.a(a2);
                            break;
                        } else {
                            throw new SSLHandshakeException("No supported signature and hash algorithm in common");
                        }
                    }
                    break;
                case 14:
                    a(new q.l(this.k));
                    break;
                default:
                    throw new SSLProtocolException("Illegal client handshake msg, " + ((int) b));
            }
        } else {
            a(new q.h(this.f419a, this.k, this.r));
        }
        if (this.m < b) {
            this.m = b;
        }
    }
}
