package com.certicom.tls.record.handshake;

import com.bea.security.saml2.util.SAML2Constants;
import com.certicom.security.cert.internal.x509.PrincipalImpl;
import com.certicom.tls.ciphersuite.CipherSuite;
import com.certicom.tls.ciphersuite.CipherSuiteSupport;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.event.HandshakeWouldBlockException;
import com.certicom.tls.interfaceimpl.CertificateSupport;
import com.certicom.tls.interfaceimpl.ProtocolVersion;
import com.certicom.tls.interfaceimpl.SessionID;
import com.certicom.tls.interfaceimpl.TLSSessionImpl;
import com.certicom.tls.interfaceimpl.TLSSystem;
import com.certicom.tls.provider.Cipher;
import com.certicom.tls.provider.KeyPairGenerator;
import com.certicom.tls.provider.MessageDigest;
import com.certicom.tls.provider.Signature;
import com.certicom.tls.provider.spec.DHParameters;
import com.certicom.tls.record.Util;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Vector;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/certicom/tls/record/handshake/ServerStateNoHandshake.class */
public final class ServerStateNoHandshake extends HandshakeState implements CryptoNames {
    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerStateNoHandshake(HandshakeHandler handshakeHandler) {
        super(handshakeHandler);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.certicom.tls.record.handshake.HandshakeState
    public void handle(HandshakeMessage handshakeMessage) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, HandshakeWouldBlockException {
        MessageClientHello messageClientHello;
        switch (handshakeMessage.getHandshakeType()) {
            case 0:
                return;
            case 1:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("CLIENT_HELLO \nEnd.\n");
                }
                if (!(handshakeMessage instanceof MessageClientHelloVersion2)) {
                    messageClientHello = (MessageClientHello) handshakeMessage;
                } else {
                    if (((MessageClientHelloVersion2) handshakeMessage).getProtocolVersion().equals(ProtocolVersion.SSL20) || this.handler.getProtocolVersion().equals(ProtocolVersion.SSL20)) {
                        handleVersion2(handshakeMessage);
                        return;
                    }
                    messageClientHello = ((MessageClientHelloVersion2) handshakeMessage).createTLSClientHello();
                }
                byte[] randomBytes = messageClientHello.getRandom().getRandomBytes();
                MessageRandom messageRandom = new MessageRandom();
                byte[] randomBytes2 = messageRandom.getRandomBytes();
                this.handler.setClientRandom(randomBytes);
                this.handler.setServerRandom(randomBytes2);
                ProtocolVersion chooseProtocolVersion = chooseProtocolVersion(messageClientHello);
                chooseProtocolVersion.resetRecord();
                this.handler.setProtocolVersion(chooseProtocolVersion);
                if (resumeSession(messageClientHello, chooseProtocolVersion, messageRandom)) {
                    return;
                }
                TLSSessionImpl pendingSession = this.handler.getPendingSession();
                TLSSessionImpl tLSSessionImpl = new TLSSessionImpl(pendingSession.getPeerID(), this.handler.getSessionDB(), new SessionID(TLSSystem.getRandomNumberGenerator()));
                CipherSuite matchCipherSuites = matchCipherSuites(messageClientHello.getCipherSuites());
                tLSSessionImpl.setCacheOn(pendingSession.getCacheOn());
                sendServerHello(tLSSessionImpl, matchCipherSuites, messageRandom);
                int keyAgreementAlgorithm = matchCipherSuites.getKeyAgreementAlgorithm();
                this.handler.setPendingCipherSuite(matchCipherSuites);
                this.handler.setPendingSession(tLSSessionImpl);
                if (keyAgreementAlgorithm == 2 || keyAgreementAlgorithm == 3 || keyAgreementAlgorithm == 10 || keyAgreementAlgorithm == 11 || keyAgreementAlgorithm == 4 || keyAgreementAlgorithm == 1 || keyAgreementAlgorithm == 9) {
                    doDHServerGreetings(keyAgreementAlgorithm);
                } else if (keyAgreementAlgorithm == 5) {
                    doECDSAServerGreetings();
                } else if (keyAgreementAlgorithm == 12) {
                    doECDH_RSAServerGreetings();
                } else if (keyAgreementAlgorithm == 6 || keyAgreementAlgorithm == 7 || keyAgreementAlgorithm == 8) {
                    doRSAServerGreetings(keyAgreementAlgorithm);
                }
                if (this.handler.getNeedClientAuth() && keyAgreementAlgorithm != 1 && keyAgreementAlgorithm != 9) {
                    int i = 0;
                    byte[] bArr = new byte[5];
                    if (CipherSuiteSupport.isCryptoAlgAvail(CryptoNames.RSA_SIG)) {
                        i = 0 + 1;
                        bArr[0] = 1;
                    }
                    if (CipherSuiteSupport.isCryptoAlgAvail(CryptoNames.DSA)) {
                        int i2 = i;
                        i++;
                        bArr[i2] = 2;
                    }
                    if (CipherSuiteSupport.isCryptoAlgAvail(CryptoNames.RSA_SIG) && (keyAgreementAlgorithm == 12 || keyAgreementAlgorithm == 5)) {
                        int i3 = i;
                        i++;
                        bArr[i3] = 6;
                    }
                    if (CipherSuiteSupport.isCryptoAlgAvail(CryptoNames.ECDSA) && (keyAgreementAlgorithm == 5 || keyAgreementAlgorithm == 12)) {
                        int i4 = i;
                        i++;
                        bArr[i4] = 7;
                    }
                    if (CipherSuiteSupport.isCryptoAlgAvail(CryptoNames.ECDSA)) {
                        int i5 = i;
                        i++;
                        bArr[i5] = 5;
                    }
                    byte[] bArr2 = new byte[i];
                    System.arraycopy(bArr, 0, bArr2, 0, i);
                    X509Certificate[] trustedCertificates = this.handler.getCertificateSupport().getTrustedCertificates();
                    Vector vector = new Vector();
                    for (X509Certificate x509Certificate : trustedCertificates) {
                        vector.addElement(x509Certificate.getSubjectDN());
                    }
                    PrincipalImpl[] principalImplArr = new PrincipalImpl[vector.size()];
                    vector.copyInto(principalImplArr);
                    MessageCertificateRequest messageCertificateRequest = new MessageCertificateRequest(principalImplArr, bArr2);
                    if (this.handler.returnDebugFlag()) {
                        System.out.print("Type: CERTIFICATE_REQUEST ");
                    }
                    this.handler.write(messageCertificateRequest);
                }
                this.handler.write(new MessageServerHelloDone());
                this.handler.flush();
                return;
            default:
                this.handler.fireAlert(2, 10);
                return;
        }
    }

    void handleVersion2(HandshakeMessage handshakeMessage) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, HandshakeWouldBlockException {
        MessageClientHelloVersion2 messageClientHelloVersion2 = (MessageClientHelloVersion2) handshakeMessage;
        byte[] challenge = messageClientHelloVersion2.getChallenge();
        byte[] byteArray = new MessageRandom(16).toByteArray();
        this.handler.setChallengeLength(challenge.length);
        this.handler.setClientRandom(challenge);
        this.handler.setServerRandom(byteArray);
        ProtocolVersion helloProtocol = this.handler.getHelloProtocol();
        ProtocolVersion protocolVersion = messageClientHelloVersion2.getProtocolVersion();
        if ((helloProtocol.equals(ProtocolVersion.SSL20) && protocolVersion.equals(ProtocolVersion.SSL20)) || (helloProtocol.equals(ProtocolVersion.SSL20) && protocolVersion.isRollBack())) {
            helloProtocol.resetRecord();
            this.handler.setProtocolVersion(helloProtocol);
        } else if (protocolVersion.equals(ProtocolVersion.SSL20) && helloProtocol.isSSL2Hello()) {
            protocolVersion.resetRecord();
            this.handler.setProtocolVersion(protocolVersion);
        } else {
            this.handler.write(new MessageSSL2Error(1));
            this.handler.flush();
            this.handler.handleSSL2Error(2, 1);
        }
        if (resumeSessionVersion2(messageClientHelloVersion2, protocolVersion, byteArray)) {
            return;
        }
        TLSSessionImpl pendingSession = this.handler.getPendingSession();
        TLSSessionImpl tLSSessionImpl = new TLSSessionImpl(pendingSession.getPeerID(), this.handler.getSessionDB(), new SessionID(TLSSystem.getRandomNumberGenerator()));
        tLSSessionImpl.setCacheOn(pendingSession.getCacheOn());
        this.handler.setPendingSession(tLSSessionImpl);
        CertificateSupport certificateSupport = this.handler.getCertificateSupport();
        X509Certificate[] authChain = certificateSupport.getAuthChain("RSA", 0);
        PrivateKey privateKey = certificateSupport.getPrivateKey(authChain[0]);
        CipherSuite[] matchCipherSuiteList = matchCipherSuiteList(messageClientHelloVersion2.getCipherSuites());
        if (matchCipherSuiteList != null) {
            sendServerHelloVersion2(matchCipherSuiteList, byteArray, 0, authChain[0]);
            this.handler.setState(new ServerStateSentSSL2HelloDone(this.handler, privateKey));
        } else {
            this.handler.write(new MessageSSL2Error(1));
            this.handler.flush();
            this.handler.handleSSL2Error(2, 1);
        }
    }

    private boolean resumeSession(MessageClientHello messageClientHello, ProtocolVersion protocolVersion, MessageRandom messageRandom) throws IOException, HandshakeWouldBlockException {
        TLSSessionImpl tLSSessionImpl = (TLSSessionImpl) this.handler.getSessionDB().get(messageClientHello.getSessionID());
        if (tLSSessionImpl == null) {
            return false;
        }
        CipherSuite cipher = tLSSessionImpl.getCipher();
        boolean z = false;
        for (CipherSuite cipherSuite : this.handler.getEnabledCipherSuites()) {
            if (cipherSuite.equals(cipher)) {
                z = true;
            }
        }
        boolean z2 = tLSSessionImpl.getProtocolVersion().equals(protocolVersion) ? true : true;
        if (!z || !z2) {
            return false;
        }
        this.handler.setPendingSession(tLSSessionImpl);
        this.handler.setPendingCipherSuite(cipher);
        this.handler.setMasterSecret(tLSSessionImpl.getMasterSecret());
        this.handler.generateSecurityParameters();
        sendServerHello(tLSSessionImpl, cipher, messageRandom);
        this.handler.changeCipherSpec();
        this.handler.write(new MessageFinished(this.handler.getVerifyData(false)));
        this.handler.flush();
        this.handler.setState(new ServerStateSentFinished(this.handler));
        return true;
    }

    private boolean resumeSessionVersion2(MessageClientHelloVersion2 messageClientHelloVersion2, ProtocolVersion protocolVersion, byte[] bArr) throws IOException, HandshakeWouldBlockException {
        TLSSessionImpl tLSSessionImpl = (TLSSessionImpl) this.handler.getSessionDB().get(new SessionID(messageClientHelloVersion2.getSessionID()));
        if (tLSSessionImpl == null) {
            return false;
        }
        CipherSuite cipher = tLSSessionImpl.getCipher();
        boolean z = false;
        for (CipherSuite cipherSuite : this.handler.getEnabledCipherSuites()) {
            if (cipherSuite.equals(cipher)) {
                z = true;
            }
        }
        boolean z2 = false;
        if (tLSSessionImpl.getProtocolVersion().equals(ProtocolVersion.SSL20) && (protocolVersion.equals(ProtocolVersion.SSL20) || protocolVersion.isRollBack())) {
            z2 = true;
        }
        if (!z || !z2) {
            return false;
        }
        sendServerHelloVersion2(null, bArr, 1, null);
        this.handler.setPendingSession(tLSSessionImpl);
        this.handler.setPendingCipherSuite(cipher);
        this.handler.setMasterSecret(tLSSessionImpl.getMasterSecret());
        this.handler.generateSecurityParameters();
        this.handler.setState(new ServerStateSentSSL2HelloDone(this.handler));
        return true;
    }

    private void doECDSAServerGreetings() throws IOException, HandshakeWouldBlockException {
        CertificateSupport certificateSupport = this.handler.getCertificateSupport();
        X509Certificate[] authChain = certificateSupport.getAuthChain(CryptoNames.ECDSA, 0);
        PrivateKey privateKey = certificateSupport.getPrivateKey(authChain[0]);
        this.handler.write(new MessageCertificate(authChain));
        this.handler.setState(new ServerStateSentHelloDone(this.handler, privateKey));
    }

    private void doECDH_RSAServerGreetings() throws IOException, HandshakeWouldBlockException {
        CertificateSupport certificateSupport = this.handler.getCertificateSupport();
        X509Certificate[] authChain = certificateSupport.getAuthChain(CryptoNames.HYBRID, 0);
        PrivateKey privateKey = certificateSupport.getPrivateKey(authChain[0]);
        this.handler.write(new MessageCertificate(authChain));
        this.handler.setState(new ServerStateSentHelloDone(this.handler, privateKey));
    }

    private void doDHServerGreetings(int i) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, HandshakeWouldBlockException {
        CertificateSupport certificateSupport = this.handler.getCertificateSupport();
        PrivateKey privateKey = null;
        if (i != 1 && i != 9) {
            X509Certificate[] authChain = (i == 10 || i == 11) ? certificateSupport.getAuthChain("RSA", 0) : certificateSupport.getAuthChain(CryptoNames.DSA, 0);
            privateKey = certificateSupport.getPrivateKey(authChain[0]);
            this.handler.write(new MessageCertificate(authChain));
        }
        DHParameters dHParameters = (i == 3 || i == 9 || i == 11) ? new DHParameters(512) : new DHParameters();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CryptoNames.DIFFIE_HELLMAN);
        keyPairGenerator.initialize(dHParameters, TLSSystem.getRandomNumberGenerator());
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        PrivateKey privateKey2 = genKeyPair.getPrivate();
        byte[] encoded = genKeyPair.getPublic().getEncoded();
        byte[] bArr = new byte[0];
        if (i == 10 || i == 11) {
            byte[] signKeyExchangeData = signKeyExchangeData(privateKey, this.handler.getClientRandom(), this.handler.getServerRandom(), encoded);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Util.writeBytesLength16(signKeyExchangeData, byteArrayOutputStream);
            bArr = byteArrayOutputStream.toByteArray();
        } else if (i != 1 && i != 9) {
            Signature signature = Signature.getInstance(SAML2Constants.DSA_KEY_TYPE);
            signature.initSign(privateKey, TLSSystem.getRandomNumberGenerator());
            signature.update(this.handler.getClientRandom());
            signature.update(this.handler.getServerRandom());
            signature.update(encoded);
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            Util.writeBytesLength16(signature.sign(), byteArrayOutputStream2);
            bArr = byteArrayOutputStream2.toByteArray();
        }
        this.handler.write(new MessageServerKeyExchangeDH(encoded, bArr));
        this.handler.setState(new ServerStateSentHelloDone(this.handler, privateKey2));
    }

    private void doRSAServerGreetings(int i) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, HandshakeWouldBlockException {
        CertificateSupport certificateSupport = this.handler.getCertificateSupport();
        X509Certificate[] authChain = certificateSupport.getAuthChain("RSA", 0);
        PrivateKey privateKey = certificateSupport.getPrivateKey(authChain[0]);
        this.handler.write(new MessageCertificate(authChain));
        if (i == 7 || i == 8) {
            int bitLength = ((RSAPublicKey) authChain[0].getPublicKey()).getModulus().bitLength();
            KeyPair keyPair = null;
            if (bitLength > 1024 && i == 8) {
                keyPair = certificateSupport.getRSAExportKey(1024);
            } else if (bitLength > 512 && i == 7) {
                keyPair = certificateSupport.getRSAExportKey(512);
            }
            if (keyPair != null) {
                privateKey = keyPair.getPrivate();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                RSAPublicKey rSAPublicKey = (RSAPublicKey) keyPair.getPublic();
                Util.writeBytesLength16(Util.toUnsignedInteger(rSAPublicKey.getModulus()), byteArrayOutputStream);
                Util.writeBytesLength16(Util.toUnsignedInteger(rSAPublicKey.getPublicExponent()), byteArrayOutputStream);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                byte[] signKeyExchangeData = signKeyExchangeData(privateKey, this.handler.getClientRandom(), this.handler.getServerRandom(), byteArray);
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                Util.writeBytesLength16(signKeyExchangeData, byteArrayOutputStream2);
                this.handler.write(new MessageServerKeyExchangeRSA(byteArray, byteArrayOutputStream2.toByteArray()));
            }
        }
        this.handler.setState(new ServerStateSentHelloDone(this.handler, privateKey));
    }

    private byte[] signKeyExchangeData(PrivateKey privateKey, byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchAlgorithmException, InvalidKeyException {
        byte[] hashRandomAndParams = hashRandomAndParams("MD5", bArr, bArr2, bArr3);
        byte[] hashRandomAndParams2 = hashRandomAndParams("SHA", bArr, bArr2, bArr3);
        byte[] bArr4 = new byte[hashRandomAndParams.length + hashRandomAndParams2.length];
        System.arraycopy(hashRandomAndParams, 0, bArr4, 0, hashRandomAndParams.length);
        System.arraycopy(hashRandomAndParams2, 0, bArr4, hashRandomAndParams.length, hashRandomAndParams2.length);
        byte[] addPKCS1Padding = this.handler.addPKCS1Padding((((RSAPrivateKey) privateKey).getModulus().bitLength() + 7) / 8, bArr4);
        Cipher cipher = Cipher.getInstance(CryptoNames.RSA_RAW);
        cipher.init(1, privateKey, TLSSystem.getRandomNumberGenerator());
        return cipher.doFinal(addPKCS1Padding, 0, addPKCS1Padding.length);
    }

    private byte[] hashRandomAndParams(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(bArr);
        messageDigest.update(bArr2);
        messageDigest.update(bArr3);
        return messageDigest.digest();
    }

    private void sendServerHello(TLSSessionImpl tLSSessionImpl, CipherSuite cipherSuite, MessageRandom messageRandom) throws IOException {
        MessageServerHello messageServerHello = new MessageServerHello(tLSSessionImpl.getSessionID(), cipherSuite.getTag(), messageRandom, this.handler.getProtocolVersion());
        if (this.handler.returnDebugFlag()) {
            System.out.print("Type: SERVER_HELLO ");
        }
        this.handler.write(messageServerHello);
    }

    private void sendServerHelloVersion2(CipherSuite[] cipherSuiteArr, byte[] bArr, int i, X509Certificate x509Certificate) throws IOException, HandshakeWouldBlockException {
        MessageServerHelloVersion2 messageServerHelloVersion2 = new MessageServerHelloVersion2(bArr, i, cipherSuiteArr, x509Certificate);
        if (this.handler.returnDebugFlag()) {
            System.out.print("Type: SSL2 SERVER_HELLO ");
        }
        this.handler.write(messageServerHelloVersion2);
        this.handler.flush();
    }

    private ProtocolVersion chooseProtocolVersion(MessageClientHello messageClientHello) throws IOException, HandshakeWouldBlockException {
        ProtocolVersion helloProtocol = this.handler.getHelloProtocol();
        ProtocolVersion protocolVersion = messageClientHello.getProtocolVersion();
        this.handler.setPeerHelloProtocol(protocolVersion);
        if (protocolVersion.equals(ProtocolVersion.SSL30) && (helloProtocol.equals(ProtocolVersion.SSL30) || ((helloProtocol.equals(ProtocolVersion.TLS10) && helloProtocol.isRollBack()) || (helloProtocol.equals(ProtocolVersion.SSL20) && helloProtocol.isRollForward())))) {
            return protocolVersion;
        }
        if (protocolVersion.equals(ProtocolVersion.TLS10) && (helloProtocol.equals(ProtocolVersion.TLS10) || ((helloProtocol.equals(ProtocolVersion.SSL20) && helloProtocol.isRollForward()) || (helloProtocol.equals(ProtocolVersion.SSL30) && helloProtocol.isRollForward())))) {
            return protocolVersion;
        }
        if (protocolVersion.equals(ProtocolVersion.TLS10) && helloProtocol.equals(ProtocolVersion.SSL30)) {
            return helloProtocol;
        }
        if (protocolVersion.equals(ProtocolVersion.SSL20) && (helloProtocol.equals(ProtocolVersion.SSL20) || helloProtocol.isRollBack())) {
            return protocolVersion;
        }
        this.handler.fireAlert(2, 70);
        return null;
    }

    private CipherSuite matchCipherSuites(CipherSuite[] cipherSuiteArr) throws NoSuchAlgorithmException {
        CipherSuite[] enabledCipherSuites = this.handler.getEnabledCipherSuites();
        CertificateSupport certificateSupport = this.handler.getCertificateSupport();
        for (int i = 0; i < enabledCipherSuites.length; i++) {
            if (certificateSupport.getAuthChain(enabledCipherSuites[i].getCertificateType(), 0) != null || enabledCipherSuites[i].getCertificateType().equals(CryptoNames.ANONYMOUS)) {
                for (CipherSuite cipherSuite : cipherSuiteArr) {
                    if (enabledCipherSuites[i].equals(cipherSuite)) {
                        return enabledCipherSuites[i];
                    }
                }
            }
        }
        throw new NoSuchAlgorithmException();
    }

    private CipherSuite[] matchCipherSuiteList(CipherSuite[] cipherSuiteArr) {
        CipherSuite[] enabledCipherSuites = this.handler.getEnabledCipherSuites();
        int i = 0;
        Vector vector = new Vector(cipherSuiteArr.length);
        if (this.handler.getCertificateSupport().getAuthChain("RSA", 0) == null) {
            return null;
        }
        for (int i2 = 0; i2 < enabledCipherSuites.length; i2++) {
            for (int i3 = 0; i3 < cipherSuiteArr.length; i3++) {
                if (enabledCipherSuites[i2].equals(cipherSuiteArr[i3]) && MapCipher.isSSL2Cipher(cipherSuiteArr[i3].getTag()) == 1) {
                    vector.addElement(enabledCipherSuites[i2]);
                    i++;
                }
            }
        }
        if (i == 0) {
            return null;
        }
        CipherSuite[] cipherSuiteArr2 = new CipherSuite[i];
        vector.copyInto(cipherSuiteArr2);
        return cipherSuiteArr2;
    }
}
