package com.sun.net.ssl.internal.ssl;

import COM.rsa.asn1.SunJSSE_b3;
import COM.rsa.asn1.SunJSSE_bz;
import com.sun.net.ssl.internal.ssl.HandshakeMessage;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.X509KeyManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: DashoA6275 */
/* loaded from: input_file:com/sun/net/ssl/internal/ssl/SunJSSE_az.class */
public final class SunJSSE_az extends SunJSSE_ax {
    private PublicKey a;
    private BigInteger b;
    private SunJSSE_bd c;
    private SunJSSE_a9 d;
    private boolean e;

    private void j() throws IOException {
        a(new SunJSSE_bc(super.a, super.e, 1, this.l.a()));
        this.h = 19;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.SunJSSE_ax
    public void b(byte b) throws SSLProtocolException {
        String b2 = BaseSSLSocketImpl.b(b);
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            System.out.println(new StringBuffer().append("SSL - handshake alert: ").append(b2).toString());
        }
        throw new SSLProtocolException(new StringBuffer().append("handshake alert:  ").append(b2).toString());
    }

    @Override // com.sun.net.ssl.internal.ssl.SunJSSE_ax
    void a(byte b, int i) throws IOException {
        if (this.h > b && b != 0 && this.h != 1) {
            throw new SSLProtocolException(new StringBuffer().append("Handshake message sequence violation, ").append((int) b).toString());
        }
        switch (b) {
            case 0:
                a(new SunJSSE_a3(this.f));
                break;
            case 1:
            case PKCS12KeyStore.VERSION_3 /* 3 */:
            case 4:
            case 5:
            case SunJSSE_b3.ac /* 6 */:
            case 7:
            case 8:
            case SunJSSE_bz.b /* 9 */:
            case SunJSSE_bz.c /* 10 */:
            case 15:
            case 16:
            case SunJSSE_bz.o /* 17 */:
            case 18:
            case 19:
            default:
                throw new SSLProtocolException(new StringBuffer().append("Illegal client handshake msg, ").append((int) b).toString());
            case 2:
                a(new SunJSSE_a5(this.f));
                break;
            case 11:
                if (this.q == SunJSSE_g.K_DH_ANON) {
                    super.d.a((byte) 10, "unexpected server cert chain");
                }
                a(new HandshakeMessage.CertificateMsg(this.f));
                this.a = this.l.getPeerCertificates()[0].getPublicKey();
                break;
            case SunJSSE_bz.g /* 12 */:
                this.e = true;
                if (this.q == SunJSSE_g.K_RSA || this.q == SunJSSE_g.K_RSA_EXPORT) {
                    try {
                        a(new SunJSSE_a7(this.f, i));
                        break;
                    } catch (GeneralSecurityException e) {
                        SunJSSE_ax.a("Server key", e);
                        break;
                    }
                } else if (this.q == SunJSSE_g.K_DH_ANON) {
                    a(new HandshakeMessage.DH_ServerKeyExchange(this.f));
                    break;
                } else {
                    if (this.q != SunJSSE_g.K_DHE_DSS && this.q != SunJSSE_g.K_DHE_RSA) {
                        throw new SSLProtocolException(new StringBuffer().append("unsupported key exchange algorithm = ").append(this.q).toString());
                    }
                    try {
                        a(new HandshakeMessage.DH_ServerKeyExchange(this.f, this.a, this.j.a, this.k.a, i));
                        break;
                    } catch (GeneralSecurityException e2) {
                        SunJSSE_ax.a("Server key", e2);
                        break;
                    }
                }
                break;
            case 13:
                if (this.q != SunJSSE_g.K_DH_ANON) {
                    this.d = new SunJSSE_a9(this.f);
                    if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
                        this.d.a(System.out);
                        break;
                    }
                } else {
                    throw new SSLHandshakeException("Client authentication requested for anonymous cipher suite.");
                }
                break;
            case 14:
                a(new SunJSSE_ba(this.f));
                break;
            case 20:
                b(new SunJSSE_bc(super.a, this.f));
                break;
        }
        if (this.h < b) {
            this.h = b;
        }
    }

    @Override // com.sun.net.ssl.internal.ssl.SunJSSE_ax
    HandshakeMessage a() throws SSLException {
        SunJSSE_a4 sunJSSE_a4 = new SunJSSE_a4(this.i.a(), super.a);
        this.j = sunJSSE_a4.b;
        this.l = ((SSLSessionContextImpl) this.i.engineGetClientSessionContext()).a(super.d.g(), super.d.getPort());
        if (SunJSSE_ax.z != null && Debug.isOn("session")) {
            if (this.l != null) {
                System.out.println(new StringBuffer().append("%% Client cached ").append(this.l).append(this.l.b() ? "" : " (not rejoinable)").toString());
            } else {
                System.out.println("%% No cached client session");
            }
        }
        if (this.l != null) {
            CipherSuite e = this.l.e();
            ProtocolVersion f = this.l.f();
            if (!c(e)) {
                if (SunJSSE_ax.z != null && Debug.isOn("session")) {
                    System.out.println("%% can't resume, cipher disabled");
                }
                this.l = null;
            }
            if (this.l != null && !super.b.a(f)) {
                if (SunJSSE_ax.z != null && Debug.isOn("session")) {
                    System.out.println("%% can't resume, protocol disabled");
                }
                this.l = null;
            }
            if (this.l != null) {
                if (SunJSSE_ax.z != null && (Debug.isOn("handshake") || Debug.isOn("session"))) {
                    System.out.println(new StringBuffer().append("%% Try resuming ").append(this.l).append(" from port ").append(super.d.getLocalPort()).toString());
                }
                sunJSSE_a4.c = this.l.d();
                sunJSSE_a4.a = f;
                a(f);
            }
            if (!this.s) {
                if (this.l == null) {
                    throw new SSLException("Can't reuse existing SSL client session");
                }
                sunJSSE_a4.d = new CipherSuiteList(e);
                return sunJSSE_a4;
            }
        }
        if (this.l == null) {
            if (!this.s) {
                throw new SSLException("No existing session to resume.");
            }
            sunJSSE_a4.c = SSLSessionImpl.a.d();
        }
        sunJSSE_a4.d = this.o;
        return sunJSSE_a4;
    }

    private void a(HandshakeMessage.CertificateMsg certificateMsg) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            certificateMsg.a(System.out);
        }
        X509Certificate[] certificateChain = certificateMsg.getCertificateChain();
        if (certificateChain.length == 0) {
            super.d.a((byte) 42, "empty certificate chain");
        }
        try {
            this.i.c().checkServerTrusted(certificateChain, (this.q != SunJSSE_g.K_RSA_EXPORT || this.e) ? this.q.a : SunJSSE_g.K_RSA.a);
        } catch (CertificateException e) {
            super.d.a((byte) 46, e);
        }
        this.l.a(certificateChain);
    }

    private void a(HandshakeMessage.DH_ServerKeyExchange dH_ServerKeyExchange) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            dH_ServerKeyExchange.a(System.out);
        }
        a(dH_ServerKeyExchange.getModulus(), dH_ServerKeyExchange.getBase());
        this.b = dH_ServerKeyExchange.getServerPublicKey();
    }

    private void a(SunJSSE_a3 sunJSSE_a3) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_a3.a(System.out);
        }
        if (this.h < 1) {
            i();
        }
    }

    private void a(SunJSSE_a5 sunJSSE_a5) throws IOException {
        this.e = false;
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_a5.a(System.out);
        }
        ProtocolVersion protocolVersion = sunJSSE_a5.a;
        if (!super.b.a(protocolVersion)) {
            throw new SSLHandshakeException(new StringBuffer().append("Server chose unsupported or disabled protocol: ").append(protocolVersion).toString());
        }
        a(protocolVersion);
        this.k = sunJSSE_a5.b;
        if (!c(sunJSSE_a5.d)) {
            super.d.a((byte) 47, new StringBuffer().append("Server selected disabled ciphersuite ").append(this.p).toString());
        }
        b(sunJSSE_a5.d);
        if (sunJSSE_a5.e != 0) {
            super.d.a((byte) 47, new StringBuffer().append("compression type not supported, ").append((int) sunJSSE_a5.e).toString());
        }
        if (this.l != null) {
            if (this.l.d().equals(sunJSSE_a5.c)) {
                if (this.p != this.l.e()) {
                    throw new SSLProtocolException("Server returned wrong cipher suite for session");
                }
                if (super.a != this.l.f()) {
                    throw new SSLProtocolException("Server resumed session with wrong protocol version");
                }
                this.r = true;
                this.h = 19;
                b(this.l.a());
                if (SunJSSE_ax.z == null || !Debug.isOn("session")) {
                    return;
                }
                System.out.println(new StringBuffer().append("%% Server resumed ").append(this.l).toString());
                return;
            }
            this.l = null;
            if (!this.s) {
                throw new SSLException("New session creation is disabled");
            }
        }
        this.l = new SSLSessionImpl(super.a, this.p, sunJSSE_a5.c, super.d.g(), super.d.getPort());
        if (SunJSSE_ax.z == null || !Debug.isOn("handshake")) {
            return;
        }
        System.out.println(new StringBuffer().append("** ").append(this.p).toString());
    }

    private void a(SunJSSE_a7 sunJSSE_a7) throws IOException, GeneralSecurityException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_a7.a(System.out);
        }
        if (!sunJSSE_a7.a(this.a, this.j, this.k)) {
            super.d.a((byte) 40, "server key exchange invalid");
        }
        this.a = sunJSSE_a7.a();
    }

    private void a(SunJSSE_ba sunJSSE_ba) throws IOException {
        HandshakeMessage sunJSSE_be;
        SunJSSE_bb sunJSSE_bb;
        Object obj;
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_ba.a(System.out);
        }
        this.f.a();
        PrivateKey privateKey = null;
        if (this.d != null) {
            X509KeyManager b = this.i.b();
            HandshakeMessage.CertificateMsg certificateMsg = null;
            X509Certificate[] x509CertificateArr = null;
            ArrayList arrayList = new ArrayList(4);
            for (int i = 0; i < this.d.h.length; i++) {
                switch (this.d.h[i]) {
                    case 1:
                        obj = "RSA";
                        break;
                    case 2:
                        obj = "DSA";
                        break;
                    case PKCS12KeyStore.VERSION_3 /* 3 */:
                        obj = "DH_RSA";
                        break;
                    case 4:
                        obj = "DH_DSA";
                        break;
                    case 5:
                    case SunJSSE_b3.ac /* 6 */:
                    default:
                        obj = null;
                        break;
                }
                if (obj != null && !arrayList.contains(obj)) {
                    arrayList.add(obj);
                }
            }
            int size = arrayList.size();
            String chooseClientAlias = size != 0 ? b.chooseClientAlias((String[]) arrayList.toArray(new String[size]), this.d.a(), super.d) : null;
            if (chooseClientAlias != null) {
                x509CertificateArr = b.getCertificateChain(chooseClientAlias);
                certificateMsg = new HandshakeMessage.CertificateMsg(x509CertificateArr);
                privateKey = b.getPrivateKey(chooseClientAlias);
                this.l.a(true);
            } else if (super.a.i >= ProtocolVersion.d.i) {
                certificateMsg = new HandshakeMessage.CertificateMsg(new X509Certificate[0]);
            } else {
                super.d.a((byte) 41);
            }
            if (certificateMsg != null) {
                this.l.b(x509CertificateArr);
                if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
                    certificateMsg.a(System.out);
                }
                certificateMsg.write(this.g);
            }
        }
        if (this.q == SunJSSE_g.K_RSA || this.q == SunJSSE_g.K_RSA_EXPORT) {
            sunJSSE_be = new SunJSSE_be(super.a, super.b.e, this.i.a(), this.a);
        } else if (this.q == SunJSSE_g.K_DH_RSA || this.q == SunJSSE_g.K_DH_DSS) {
            sunJSSE_be = new ClientDiffieHellmanPublic();
        } else {
            if (this.q != SunJSSE_g.K_DHE_RSA && this.q != SunJSSE_g.K_DHE_DSS && this.q != SunJSSE_g.K_DH_ANON) {
                throw new RuntimeException(new StringBuffer().append("Unsupported key exchange: ").append(this.q).toString());
            }
            sunJSSE_be = new ClientDiffieHellmanPublic(this.c.c());
        }
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_be.a(System.out);
        }
        sunJSSE_be.write(this.g);
        this.g.a();
        this.g.flush();
        byte[] a = (this.q == SunJSSE_g.K_RSA || this.q == SunJSSE_g.K_RSA_EXPORT) ? ((SunJSSE_be) sunJSSE_be).d : this.c.a(this.b);
        a(a);
        Arrays.fill(a, (byte) 0);
        if (privateKey != null) {
            try {
                sunJSSE_bb = new SunJSSE_bb(super.a, super.e, privateKey, this.l.a(), this.i.a());
            } catch (GeneralSecurityException e) {
                super.d.a((byte) 40, "Error signing certificate verify", e);
                sunJSSE_bb = null;
            }
            if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
                sunJSSE_bb.a(System.out);
            }
            sunJSSE_bb.write(this.g);
            this.g.a();
        }
        j();
    }

    private void b(SunJSSE_bc sunJSSE_bc) throws IOException {
        if (SunJSSE_ax.z != null && Debug.isOn("handshake")) {
            sunJSSE_bc.a(System.out);
        }
        if (!sunJSSE_bc.a(super.a, super.e, 2, this.l.a())) {
            super.d.a((byte) 47, "server 'finished' message doesn't verify");
        }
        if (this.r) {
            this.f.a();
            j();
        }
        this.l.a(System.currentTimeMillis());
        if (this.r) {
            return;
        }
        if (!this.l.b()) {
            if (SunJSSE_ax.z == null || !Debug.isOn("session")) {
                return;
            }
            System.out.println(new StringBuffer().append("%% Didn't cache non-resumable client session: ").append(this.l).toString());
            return;
        }
        ((SSLSessionContextImpl) this.i.engineGetClientSessionContext()).a(this.l);
        if (SunJSSE_ax.z == null || !Debug.isOn("session")) {
            return;
        }
        System.out.println(new StringBuffer().append("%% Cached client session: ").append(this.l).toString());
    }

    private void a(BigInteger bigInteger, BigInteger bigInteger2) {
        this.c = new SunJSSE_bd(bigInteger, bigInteger2);
        this.c.a(this.i.a(), SunJSSE_b3.p);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SunJSSE_az(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList) {
        super(sSLSocketImpl, sSLContextImpl, protocolList, true, true);
    }
}
