package com.sun.net.ssl.internal.ssl;

import COM.rsa.asn1.be;
import com.sun.net.ssl.X509KeyManager;
import com.sun.net.ssl.internal.ssl.HandshakeMessage;
import edu.sdsc.secureftp.Constants;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: [DashoPro-V1.2-120198] */
/* loaded from: input_file:com/sun/net/ssl/internal/ssl/ServerHandshaker.class */
public final class ServerHandshaker extends Handshaker {
    private boolean a;
    private boolean b;
    private X509Certificate[] c;
    private PrivateKey d;
    private PrivateKey e;
    private RSAPublicKey f;
    private s g;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerHandshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, boolean z) throws NoSuchAlgorithmException {
        super(sSLSocketImpl, sSLContextImpl, z);
        this.b = false;
        this.a = z;
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    boolean a(int i, boolean z) {
        if (this.k) {
            return true;
        }
        X509KeyManager d = super.g.d();
        if (i != 1 && i != 2 && i != 5) {
            if (i != 6) {
                if (i != 7) {
                    return false;
                }
                a(z);
                return true;
            }
            String chooseServerAlias = d.chooseServerAlias("DSA", null);
            if (chooseServerAlias == null) {
                return false;
            }
            this.d = d.getPrivateKey(chooseServerAlias);
            if (this.d == null) {
                return false;
            }
            this.c = d.getCertificateChain(chooseServerAlias);
            a(z);
            return this.d != null;
        }
        String chooseServerAlias2 = d.chooseServerAlias("RSA", null);
        if (chooseServerAlias2 == null) {
            return false;
        }
        this.d = d.getPrivateKey(chooseServerAlias2);
        if (this.d == null) {
            return false;
        }
        this.c = d.getCertificateChain(chooseServerAlias2);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) this.c[0].getPublicKey();
        if (i == 2 && rSAPublicKey.getModulus().bitLength() > 512 && !b(z)) {
            return false;
        }
        if (i == 5) {
            a(z);
        }
        return this.d != null && (this.d instanceof RSAPrivateKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    public boolean canUseCipherSuite(String str) {
        if (str.startsWith("SSL_RSA_")) {
            return a(1, false);
        }
        if (str.startsWith("SSL_DH_anon_")) {
            return a(7, false);
        }
        if (str.startsWith("SSL_DHE_DSS_")) {
            return a(6, false);
        }
        return false;
    }

    private boolean a(h hVar, byte[] bArr) {
        boolean z = false;
        int i = 0;
        while (i < hVar.e.length && (bArr[0] != hVar.e[i] || bArr[1] != hVar.e[i + 1])) {
            i += 2;
        }
        if (i < hVar.e.length) {
            z = a(bArr[0], bArr[1]);
        }
        return z;
    }

    private void a(h hVar) throws IOException {
        int i = 0;
        while (i < hVar.e.length && (!a(hVar.e[i], hVar.e[i + 1]) || (this.a && this.o == 7))) {
            i += 2;
        }
        if (i >= hVar.e.length) {
            ((Handshaker) this).a.a((byte) 40, "no cipher suites in common");
        }
    }

    private void a(HandshakeMessage.CertificateMsg certificateMsg) throws IOException {
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            certificateMsg.a(System.out);
        }
        X509Certificate[] certificateChain = certificateMsg.getCertificateChain();
        if (certificateChain.length == 0) {
            ((Handshaker) this).a.a((byte) 42, "null cert chain");
        }
        if (super.g.e().isClientTrusted(certificateChain)) {
            this.j.a(certificateChain);
        } else {
            ((Handshaker) this).a.a((byte) 46, "untrusted client cert chain");
        }
    }

    private void a(o oVar) throws IOException {
        boolean z = false;
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            oVar.a(System.out);
        }
        try {
            PublicKey publicKey = this.j.getPeerCertificateChain()[0].getPublicKey();
            try {
                z = oVar.a(((CipherSpec) this).b, publicKey, (MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) super.c[0].clone(), this.j.c());
            } catch (CloneNotSupportedException unused) {
                z = oVar.a(((CipherSpec) this).b, publicKey, ((Handshaker) this).b[2], super.c[2], this.j.c());
                ((Handshaker) this).b[2] = null;
                super.c[2] = null;
            }
        } catch (InvalidKeyException unused2) {
        } catch (NoSuchAlgorithmException unused3) {
            ((Handshaker) this).a.a((byte) 43, "client cert type is unsupported");
        } catch (SignatureException unused4) {
        }
        if (z) {
            return;
        }
        ((Handshaker) this).a.a((byte) 42, "client cert didn't verify");
    }

    private void a(HandshakeMessage.Finished finished) throws IOException {
        boolean verify;
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            finished.a(System.out);
        }
        try {
            verify = ((CipherSpec) this).b == 0 ? finished.verify((MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) super.c[0].clone(), HandshakeMessage.Finished.c, this.j.c()) : finished.verify((MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) super.c[0].clone(), "client finished", this.j.c());
        } catch (CloneNotSupportedException unused) {
            verify = ((CipherSpec) this).b == 0 ? finished.verify(((Handshaker) this).b[1], super.c[1], HandshakeMessage.Finished.c, this.j.c()) : finished.verify(((Handshaker) this).b[1], super.c[1], "client finished", this.j.c());
            ((Handshaker) this).b[1] = null;
            super.c[1] = null;
        }
        if (!verify) {
            ((Handshaker) this).a.a((byte) 40, "client 'finished' message doesn't verify");
        }
        if (!this.k) {
            super.d.digestNow();
            c(false);
        }
        if (this.k || !this.j.e()) {
            if (Handshaker.m == null || !Debug.isOn("session")) {
                return;
            }
            System.out.println(new StringBuffer("%% Didn't cache non-resumable server session: ").append(this.j).toString());
            return;
        }
        super.g.c().a(this.j);
        if (Handshaker.m == null || !Debug.isOn("session")) {
            return;
        }
        System.out.println(new StringBuffer("%% Cached server session: ").append(this.j).toString());
    }

    private void b(h hVar) throws IOException {
        j kVar;
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            hVar.a(System.out);
        }
        super.d.digestNow();
        i iVar = new i();
        if (hVar.a != 3) {
            throw new SSLProtocolException(new StringBuffer("version mismatch, client is v").append((int) hVar.a).append(".").append((int) hVar.b).toString());
        }
        iVar.a = (byte) 3;
        ((CipherSpec) this).a = hVar.a;
        if (hVar.b > 1) {
            iVar.b = (byte) 1;
        } else {
            iVar.b = hVar.b;
        }
        ((CipherSpec) this).b = iVar.b;
        ((Handshaker) this).a.a(((CipherSpec) this).a, ((CipherSpec) this).b);
        super.e.r.a(((CipherSpec) this).a, ((CipherSpec) this).b);
        this.h = hVar.c;
        this.i = new q(super.g.b());
        iVar.c = this.i;
        if (hVar.d.b() != 0) {
            if (this.j != null && !this.b && !hVar.d.equals(this.j.d())) {
                throw new SSLException("Client cannot change existing session");
            }
            this.j = null;
            SSLSessionImpl a = super.g.c().a(hVar.d.a());
            if (a != null) {
                byte[] cipherSuite = a.a().getCipherSuite();
                this.k = a.e();
                if (this.k) {
                    this.k = a(hVar, cipherSuite);
                }
                if (this.k && this.a) {
                    try {
                        a.getPeerCertificateChain();
                    } catch (SSLPeerUnverifiedException unused) {
                        this.k = false;
                    }
                }
                if (this.k) {
                    this.j = a;
                    if (Handshaker.m != null && (Debug.isOn("handshake") || Debug.isOn("session"))) {
                        System.out.println(new StringBuffer("%% Resuming ").append(this.j).toString());
                    }
                }
            }
        } else {
            if (this.j != null && !this.b) {
                throw new SSLException("Client cannot change existing session");
            }
            this.j = null;
        }
        if (this.j == null) {
            if (!this.l) {
                throw new SSLException("Client did not resume a session");
            }
            this.j = new SSLSessionImpl(this, super.g.b(), ((Handshaker) this).a.e(), ((Handshaker) this).a.getPort());
            a(hVar);
        }
        iVar.e = this.j.a().getCipherSuite();
        iVar.d = this.j.d();
        iVar.f = this.j.b();
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            iVar.a(System.out);
            System.out.println(new StringBuffer("Cipher suite:  ").append(this.j.a()).toString());
        }
        iVar.write(super.e);
        if (this.k) {
            try {
                a(this.j.c());
                c(true);
                return;
            } catch (NoSuchAlgorithmException e) {
                throw new SSLException(new StringBuffer("Missing algorithm: ").append(e.getMessage()).toString());
            }
        }
        if (this.o != 7) {
            if (this.c == null) {
                throw new SSLException("internal error, no certs!");
            }
            HandshakeMessage.CertificateMsg certificateMsg = new HandshakeMessage.CertificateMsg(this.c);
            if (Handshaker.m != null && Debug.isOn("handshake")) {
                certificateMsg.a(System.out);
            }
            certificateMsg.write(super.e);
        }
        boolean z = false;
        if (this.c == null) {
            z = true;
        } else {
            switch (this.o) {
                case 1:
                case 2:
                    if (this.o == 2 && ((RSAPrivateKey) this.d).getModulus().bitLength() > 512) {
                        z = true;
                        break;
                    }
                    break;
                case 3:
                case 4:
                    break;
                case 5:
                case 6:
                case Constants.STATUS_DELETE /* 7 */:
                    z = true;
                    break;
                default:
                    throw new SSLException(new StringBuffer("unsupported server key exchange ").append(this.o).toString());
            }
        }
        if (z) {
            switch (this.o) {
                case 1:
                case 2:
                    try {
                        if (this.c != null) {
                            kVar = new k(this.f, this.d, this.h, this.i);
                            this.d = this.e;
                            break;
                        } else {
                            throw new SSLException("Anonymous RSA not supported");
                        }
                    } catch (InvalidKeyException e2) {
                        throw new SSLException(new StringBuffer("Bad RSA key, ").append(e2).toString());
                    } catch (NoSuchAlgorithmException e3) {
                        throw new SSLException(new StringBuffer("Algorithm missing, ").append(e3).toString());
                    } catch (SignatureException e4) {
                        throw new SSLException(new StringBuffer("Internal error, ").append(e4).toString());
                    }
                case 3:
                case 4:
                default:
                    throw new SSLException(new StringBuffer("unsupported server key exchange ").append(this.o).toString());
                case 5:
                case 6:
                    try {
                        kVar = new HandshakeMessage.DH_ServerKeyExchange(this.g, this.d, this.h.a, this.i.a);
                        break;
                    } catch (InvalidKeyException e5) {
                        throw new SSLException(new StringBuffer("Bad RSA or DSS key, ").append(e5).toString());
                    } catch (NoSuchAlgorithmException e6) {
                        throw new SSLException(new StringBuffer("Algorithm missing, ").append(e6).toString());
                    } catch (SignatureException e7) {
                        throw new SSLException(new StringBuffer("Internal error, ").append(e7).toString());
                    }
                case Constants.STATUS_DELETE /* 7 */:
                    kVar = new HandshakeMessage.DH_ServerKeyExchange(this.g);
                    break;
            }
            if (Handshaker.m != null && Debug.isOn("handshake")) {
                kVar.a(System.out);
            }
            kVar.write(super.e);
        }
        if (this.a) {
            m mVar = new m(super.g.e().getAcceptedIssuers(), this.o);
            if (Handshaker.m != null && Debug.isOn("handshake")) {
                mVar.a(System.out);
            }
            mVar.write(super.e);
        }
        n nVar = new n();
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            nVar.a(System.out);
        }
        nVar.write(super.e);
        super.e.flush();
    }

    private byte[] a(ClientDiffieHellmanPublic clientDiffieHellmanPublic) throws IOException, NoSuchAlgorithmException {
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            clientDiffieHellmanPublic.a(System.out);
        }
        return this.g.a(clientDiffieHellmanPublic.getClientPublicKey());
    }

    private byte[] a(ak akVar) throws IOException, NoSuchAlgorithmException {
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            akVar.a(System.out);
        }
        if (akVar.a == ((CipherSpec) this).a && akVar.b == ((CipherSpec) this).b) {
            return akVar.c;
        }
        throw new SSLProtocolException("Incorrect RSA Key Exchange");
    }

    private void a(boolean z) {
        this.g = new s(s.i, s.j);
        this.g.a(super.g.b(), be.n);
    }

    private boolean b(boolean z) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(be.n, super.g.b());
            KeyPair genKeyPair = keyPairGenerator.genKeyPair();
            this.f = (RSAPublicKey) genKeyPair.getPublic();
            this.e = genKeyPair.getPrivate();
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    protected HandshakeMessage getKickstartMessage() {
        return new g();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    public void a(byte b) throws SSLProtocolException {
        if (Handshaker.m != null && Debug.isOn("handshake")) {
            System.out.println(new StringBuffer("SSL -- handshake alert not dealt with, ").append((int) b).toString());
        }
        throw new SSLProtocolException(new StringBuffer("handshake alert not dealt with:  ").append((int) b).toString());
    }

    @Override // com.sun.net.ssl.internal.ssl.Handshaker
    protected void processMessage(byte b, int i) throws IOException, NoSuchAlgorithmException {
        byte[] a;
        if (((Handshaker) this).f > b && ((Handshaker) this).f != 16 && b != 15) {
            throw new SSLProtocolException(new StringBuffer("Handshake message sequence violation, state = ").append(((Handshaker) this).f).append(", type = ").append((int) b).toString());
        }
        switch (b) {
            case 1:
                b(new h(super.d));
                break;
            case 11:
                if (!this.a) {
                    ((Handshaker) this).a.a((byte) 10, "client sent unsolicited cert chain");
                }
                a(new HandshakeMessage.CertificateMsg(super.d));
                break;
            case 15:
                a(new o(super.d));
                break;
            case 16:
                switch (this.o) {
                    case 1:
                    case 2:
                        a = a(new ak(((CipherSpec) this).a, ((CipherSpec) this).b, super.g.b(), super.d, i, this.d));
                        break;
                    case 3:
                    case 4:
                    case 5:
                    case 6:
                    case Constants.STATUS_DELETE /* 7 */:
                        a = a(new ClientDiffieHellmanPublic(super.d));
                        break;
                    default:
                        throw new SSLProtocolException(new StringBuffer("unsupported key exchange algorithm = ").append(this.o).toString());
                }
                b(a);
                for (int i2 = 0; i2 < a.length; i2++) {
                    a[i2] = 0;
                }
                break;
            case 20:
                a(new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, super.d));
                break;
            default:
                throw new SSLProtocolException(new StringBuffer("Illegal server handshake msg, ").append((int) b).toString());
        }
        if (((Handshaker) this).f >= b || b == 15) {
            return;
        }
        ((Handshaker) this).f = b;
    }

    private void c(boolean z) throws IOException {
        HandshakeMessage.Finished finished;
        super.e.flush();
        try {
            finished = ((CipherSpec) this).b == 0 ? new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, (MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) super.c[0].clone(), HandshakeMessage.Finished.d, this.j.c()) : new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, (MessageDigest) ((Handshaker) this).b[0].clone(), (MessageDigest) super.c[0].clone(), "server finished", this.j.c());
        } catch (CloneNotSupportedException unused) {
            finished = ((CipherSpec) this).b == 0 ? new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, ((Handshaker) this).b[0], super.c[0], HandshakeMessage.Finished.d, this.j.c()) : new HandshakeMessage.Finished(((CipherSpec) this).a, ((CipherSpec) this).b, ((Handshaker) this).b[0], super.c[0], "server finished", this.j.c());
            if (!z || !this.k) {
                ((Handshaker) this).b[0] = null;
                super.c[0] = null;
            }
        }
        sendChangeCipherSpec(finished);
        if (z && this.k) {
            return;
        }
        ((Handshaker) this).f = 20;
    }
}
