package com.certicom.tls.record.handshake;

import com.bea.sslplus.WeblogicHandler;
import com.certicom.locale.Resources;
import com.certicom.tls.TLSSessionDB;
import com.certicom.tls.ciphersuite.CipherSuite;
import com.certicom.tls.ciphersuite.CipherSuiteSupport;
import com.certicom.tls.ciphersuite.CipherSuites;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.ciphersuite.SecurityParameters;
import com.certicom.tls.event.HandshakeWouldBlockException;
import com.certicom.tls.interfaceimpl.AlertEvent;
import com.certicom.tls.interfaceimpl.CertificateSupport;
import com.certicom.tls.interfaceimpl.ProtocolVersion;
import com.certicom.tls.interfaceimpl.ProtocolVersions;
import com.certicom.tls.interfaceimpl.SessionID;
import com.certicom.tls.interfaceimpl.TLSConnectionImpl;
import com.certicom.tls.interfaceimpl.TLSSessionImpl;
import com.certicom.tls.provider.CryptoLabels;
import com.certicom.tls.provider.MessageDigest;
import com.certicom.tls.record.CryptoRecordState;
import com.certicom.tls.record.MessageChangeCipherSpec;
import com.certicom.tls.record.WriteHandler;
import com.certicom.tls.record.alert.Alert;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLProtocolException;
import javax.resource.spi.work.WorkException;

/* loaded from: input_file:com/certicom/tls/record/handshake/HandshakeHandler.class */
public final class HandshakeHandler implements ProtocolVersions, CryptoLabels, CryptoNames {
    public static final int SGCFlagDoHandshake = 0;
    public static final int SGCFlagInHandshake = 1;
    private static final String ENABLE_RENEGOTIATION = "weblogic.security.SSL.enable.renegotiation";
    private Principal[] clientCertDistinguishedNames;
    private X509Certificate[] clientCertChain;
    private ProtocolVersion helloProtocol;
    private byte[] clientCertSignatureTypes;
    private TLSConnectionImpl connection;
    private MessageDigest md5;
    private MessageDigest sha;
    private CertificateSupport certificateSupport;
    private SecurityParameters parameters;
    private boolean isRenegotiationEnabled;
    private ProtocolVersion peerHelloProtocol;
    private X509Certificate ServerHello_Certificate;
    private boolean[] sgcFlags = new boolean[2];
    private boolean ECDSA_fixed_ECDHFlag = false;
    private boolean RSA_fixed_ECDHFlag = false;
    private HandshakeState state = null;
    private HandshakeInputBuffer fragment = new HandshakeInputBuffer(new byte[0]);
    private byte[] serverRandom = null;
    private byte[] clientRandom = null;
    private byte[] Certificate_Challenge = null;
    private byte[] preMasterSecret = null;
    private byte[] masterSecret = null;
    private CipherSuite pendingCipherSuite = CipherSuites.TLS_NULL_WITH_NULL_NULL;
    private boolean debugFlag = false;
    private boolean HandshakeRollBackBug = false;
    private boolean isRenegotiationPending = false;
    private int challengeLength = 16;
    private boolean bClientCertSentState = false;
    private int LastMessageType = 0;

    public HandshakeHandler(TLSConnectionImpl tLSConnectionImpl, CertificateSupport certificateSupport) {
        this.isRenegotiationEnabled = false;
        this.connection = tLSConnectionImpl;
        this.certificateSupport = certificateSupport;
        this.helloProtocol = tLSConnectionImpl.getProtocolVersion();
        String property = System.getProperty(ENABLE_RENEGOTIATION);
        if (property != null) {
            this.isRenegotiationEnabled = property.equals("true");
        }
        boolean[] zArr = this.sgcFlags;
        this.sgcFlags[1] = false;
        zArr[0] = false;
    }

    public void setDebugFlag() {
        this.debugFlag = true;
    }

    public synchronized void setClientCertSentState(boolean z) {
        this.bClientCertSentState = z;
    }

    public synchronized boolean isClientCertSentState() {
        return this.bClientCertSentState;
    }

    public boolean returnDebugFlag() {
        return this.debugFlag;
    }

    public void SetServerCertificate(X509Certificate x509Certificate) {
        this.ServerHello_Certificate = x509Certificate;
    }

    public X509Certificate getServerCertificate() {
        return this.ServerHello_Certificate;
    }

    public int getLastMessageType() {
        return this.LastMessageType;
    }

    public void setHandshakeRollBackBug(boolean z) {
        this.HandshakeRollBackBug = z;
    }

    public boolean getHandshakeRollBackBug() {
        return this.HandshakeRollBackBug;
    }

    public void resetState() {
        if (isClient() && (this.state == null || (this.state instanceof ClientStateNoHandshake) || (this.state instanceof ServerStateNoHandshake))) {
            this.state = new ClientStateNoHandshake(this);
        } else {
            if (isClient() || !(this.state == null || (this.state instanceof ServerStateNoHandshake) || (this.state instanceof ClientStateNoHandshake))) {
                throw new IllegalArgumentException(Resources.getMessage("12"));
            }
            this.state = new ServerStateNoHandshake(this);
        }
        try {
            this.md5 = MessageDigest.getInstance("MD5");
            this.sha = MessageDigest.getInstance("SHA");
        } catch (NoSuchAlgorithmException e) {
            WeblogicHandler.debugEaten(e);
        }
        this.isRenegotiationPending = false;
    }

    public void startHandshake() throws IOException, HandshakeWouldBlockException {
        if (this.isRenegotiationPending) {
            return;
        }
        if (isClient() && !(this.state instanceof ClientStateNoHandshake)) {
            throw new IllegalStateException();
        }
        if (this.connection.isHandshakeComplete()) {
            if (getProtocolVersion().equals(ProtocolVersion.SSL20)) {
                throw new IOException("Renegotiation not supported in SSL2 protocol");
            }
            if (!this.isRenegotiationEnabled) {
                fireAlert(new Alert(1, 100));
                return;
            } else {
                resetState();
                this.isRenegotiationPending = true;
            }
        }
        if (!isClient()) {
            if (this.state != null && !(this.state instanceof ServerStateNoHandshake)) {
                this.connection.getWriteHandler().write(new MessageHelloRequest());
                flush();
            }
            this.state = new ServerStateNoHandshake(this);
            return;
        }
        this.state = new ClientStateSentHello(this);
        CipherSuite[] enabledCipherSuites = getEnabledCipherSuites();
        TLSSessionImpl pendingSession = getPendingSession();
        if (!pendingSession.getSessionID().isEmpty()) {
            try {
                if (!this.connection.getEnabledCipherSuitesVector().contains(CipherSuiteSupport.getCipherSuite(pendingSession.getCipherSuite()))) {
                    throw new NoSuchAlgorithmException();
                }
                if (this.helloProtocol.isSSL2Hello()) {
                    ProtocolVersion protocolVersion = pendingSession.getProtocolVersion();
                    setHelloProtocol(protocolVersion);
                    this.connection.setProtocolVersion(protocolVersion);
                }
                this.helloProtocol.resetRecord();
            } catch (NoSuchAlgorithmException e) {
                WeblogicHandler.debugEaten(e);
                getSessionDB().remove(pendingSession.getPeerID());
                setPendingSession(new TLSSessionImpl(pendingSession.getPeerID(), getSessionDB(), new SessionID()));
            }
        }
        if (!this.helloProtocol.isSSL2Hello()) {
            SessionID pendingSessionID = getPendingSessionID();
            if (this.sgcFlags[0]) {
                this.sgcFlags[0] = false;
                this.sgcFlags[1] = true;
                enabledCipherSuites = getEnabledCipherSuites();
                pendingSessionID = new SessionID();
            }
            MessageClientHello messageClientHello = new MessageClientHello(pendingSessionID, enabledCipherSuites, this.helloProtocol, new MessageRandom());
            this.clientRandom = messageClientHello.getRandom().getRandomBytes();
            write(messageClientHello);
            flush();
            return;
        }
        if (getProtocolVersion().equals(ProtocolVersion.SSL20)) {
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= enabledCipherSuites.length) {
                    break;
                }
                if (MapCipher.isSSL2Cipher(enabledCipherSuites[i].getTag()) == 1) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                write(new MessageSSL2Error(1));
                flush();
                handleSSL2Error(2, 1);
                return;
            }
        }
        MessageClientHelloVersion2 messageClientHelloVersion2 = new MessageClientHelloVersion2(getPendingSessionID(), enabledCipherSuites, this.helloProtocol, new MessageRandom(16).toByteArray());
        this.clientRandom = messageClientHelloVersion2.createTLSClientHello().getRandom().getRandomBytes();
        setChallengeLength(16);
        write(messageClientHelloVersion2);
        flush();
    }

    public void handleChangeCipherSpec() throws IOException, HandshakeWouldBlockException {
        try {
            if (isClient()) {
                setClientCertSentState(false);
            }
            this.connection.getReadHandler().getMessageInterpreter().setCryptoRecordState(new CryptoRecordState(this.parameters.createReadCipher(), this.parameters.createReadMac()));
        } catch (NoSuchAlgorithmException e) {
            WeblogicHandler.debugEaten(e);
            fireAlert(new Alert(2, 40));
        }
    }

    public void changeCipherSpec() throws IOException, HandshakeWouldBlockException {
        WriteHandler writeHandler = this.connection.getWriteHandler();
        writeHandler.write(new MessageChangeCipherSpec());
        try {
            if (this.parameters.getCipherAlgorithm().toUpperCase().startsWith("NULL")) {
                WeblogicHandler.logSSLUsingNullCipher();
                if (!CipherSuiteSupport.isUnEncrytedNullCipherAllowed()) {
                    throw new IllegalArgumentException("NullCipher is used but the configuration flag is not set");
                }
            }
            writeHandler.getMessageEncryptor().setCryptoRecordState(new CryptoRecordState(this.parameters.createWriteCipher(), this.parameters.createWriteMac()));
        } catch (NoSuchAlgorithmException e) {
            WeblogicHandler.debugEaten(e);
            fireAlert(new Alert(2, 40));
        }
    }

    public void setSSL2CryptoRecordState() throws IOException {
        try {
            CryptoRecordState cryptoRecordState = this.connection.getReadHandler().getMessageInterpreter().getCryptoRecordState();
            cryptoRecordState.setCipher(this.parameters.createReadCipher());
            cryptoRecordState.setMac(this.parameters.createReadMac());
            CryptoRecordState cryptoRecordState2 = this.connection.getWriteHandler().getMessageEncryptor().getCryptoRecordState();
            cryptoRecordState2.setCipher(this.parameters.createWriteCipher());
            cryptoRecordState2.setMac(this.parameters.createWriteMac());
        } catch (NoSuchAlgorithmException e) {
            WeblogicHandler.debugEaten(e);
            handleSSL2Error(2, 40);
        }
    }

    public SecurityParameters getSecurityParameters() {
        return this.parameters;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void generateSecurityParameters() throws IOException, HandshakeWouldBlockException {
        try {
            if (getProtocolVersion().equals(SSL20)) {
                this.parameters = new SecurityParameters(this.pendingCipherSuite, this.masterSecret, this.clientRandom, this.serverRandom, getProtocolVersion(), this.challengeLength, isClient());
                setSSL2CryptoRecordState();
            } else {
                this.parameters = new SecurityParameters(this.pendingCipherSuite, this.masterSecret, this.clientRandom, this.serverRandom, getProtocolVersion(), isClient());
            }
            TLSSessionImpl pendingSession = getPendingSession();
            pendingSession.setCipher(this.pendingCipherSuite);
            pendingSession.setProtocolVersion(getProtocolVersion());
            pendingSession.setMasterSecret(this.masterSecret);
        } catch (NoSuchAlgorithmException e) {
            WeblogicHandler.debugEaten(e);
            fireAlert(new Alert(2, 40));
        }
    }

    public void handleHandshakeMessages(byte[] bArr, int i, ProtocolVersion protocolVersion) throws IOException, HandshakeWouldBlockException {
        if (this.connection.isHandshakeComplete() && !this.isRenegotiationEnabled) {
            fireAlert(new Alert(1, 100));
            return;
        }
        HandshakeInputBuffer handshakeInputBuffer = new HandshakeInputBuffer(bArr, 0, i);
        if (this.fragment.available() > 0) {
            int available = this.fragment.available();
            int available2 = handshakeInputBuffer.available();
            byte[] bArr2 = new byte[available + available2];
            this.fragment.read(bArr2, 0, available);
            handshakeInputBuffer.read(bArr2, available, available2);
            this.fragment = new HandshakeInputBuffer(bArr2);
        } else {
            this.fragment = new HandshakeInputBuffer(bArr, 0, i);
        }
        while (this.fragment.available() > 0) {
            this.fragment.mark();
            try {
                handleHandshakeMessage(HandshakeMessage.create(this.fragment, this.pendingCipherSuite, protocolVersion));
            } catch (IOException e) {
                WeblogicHandler.debugEaten(e);
                this.fragment.reset();
                return;
            } catch (IllegalArgumentException e2) {
                WeblogicHandler.debugEaten(e2);
                fireAlert(new Alert(2, 40));
                this.fragment = new HandshakeInputBuffer(new byte[0]);
                return;
            } catch (CertificateException e3) {
                fireAlert(new Alert(2, 42));
                this.fragment = new HandshakeInputBuffer(new byte[0]);
                return;
            }
        }
    }

    public void handleVersion2HandshakeMessages(byte[] bArr) throws IOException, HandshakeWouldBlockException {
        try {
            HandshakeMessage createVersion2 = HandshakeMessage.createVersion2(bArr, this.connection.getEnabledCipherSuitesVector());
            if (!(createVersion2 instanceof MessageSSL2Error) || ((MessageSSL2Error) createVersion2).getError() != 2 || !isClient()) {
                handleHandshakeMessage(createVersion2);
            } else {
                write(createVersion2);
                flush();
            }
        } catch (IllegalArgumentException e) {
            WeblogicHandler.debugEaten(e);
            handleSSL2Error(2, 70);
        }
    }

    private void handleHandshakeMessage(HandshakeMessage handshakeMessage) throws IOException, HandshakeWouldBlockException {
        if (handshakeMessage.getHandshakeType() == 20) {
            verifyHandshake(((MessageFinished) handshakeMessage).getVerifyData());
        }
        updateHashes(handshakeMessage);
        if (handshakeMessage instanceof MessageSSL2Error) {
            handleSSL2ErrorMessage((MessageSSL2Error) handshakeMessage);
            return;
        }
        try {
            this.state.handle(handshakeMessage);
        } catch (SSLException e) {
            throw e;
        } catch (Exception e2) {
            if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
                WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Exception during handshake, stack trace follows", e2);
            }
            WeblogicHandler.debugEaten(e2);
            fireAlert();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean getNeedClientAuth() {
        return this.connection.getNeedClientAuth();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getMD5Digest() {
        try {
            return ((MessageDigest) this.md5.clone()).digest();
        } catch (CloneNotSupportedException e) {
            WeblogicHandler.debugEaten(e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSHA1Digest() {
        try {
            return ((MessageDigest) this.sha.clone()).digest();
        } catch (CloneNotSupportedException e) {
            WeblogicHandler.debugEaten(e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TLSConnectionImpl getConnectionImpl() {
        return this.connection;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPendingSessionID(SessionID sessionID) {
        getPendingSession().setSessionID(sessionID);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionID getPendingSessionID() {
        return getPendingSession().getSessionID();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TLSSessionDB getSessionDB() {
        return this.connection.getSessionDB();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isClient() {
        return this.connection.isClient();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion getHelloProtocol() {
        return this.helloProtocol;
    }

    public void setHelloProtocol(ProtocolVersion protocolVersion) {
        this.helloProtocol = protocolVersion;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion getPeerHelloProtocol() {
        return this.peerHelloProtocol;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPeerHelloProtocol(ProtocolVersion protocolVersion) {
        this.peerHelloProtocol = protocolVersion;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientRandom(byte[] bArr) {
        this.clientRandom = bArr;
    }

    public byte[] getClientRandom() {
        return this.clientRandom;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setChallengeLength(int i) {
        this.challengeLength = i;
    }

    public int getChallengeLength() {
        return this.challengeLength;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setServerRandom(byte[] bArr) {
        this.serverRandom = bArr;
    }

    public byte[] getServerRandom() {
        return this.serverRandom;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion getProtocolVersion() {
        return this.connection.getProtocolVersion();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProtocolVersion(ProtocolVersion protocolVersion) {
        this.connection.setProtocolVersion(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherSuite[] getEnabledCipherSuites() {
        Vector enabledCipherSuitesVector = this.connection.getEnabledCipherSuitesVector();
        int size = enabledCipherSuitesVector.size();
        int i = size;
        boolean[] zArr = new boolean[i];
        boolean z = isClient() && !this.sgcFlags[1] && this.connection.getServerGatedCrypto();
        if (z) {
            int i2 = 0;
            for (int i3 = 0; i3 < size; i3++) {
                if (((CipherSuite) enabledCipherSuitesVector.elementAt(i3)).isExportable()) {
                    i2++;
                    zArr[i3] = true;
                } else {
                    zArr[i3] = false;
                }
            }
            i = i2;
        }
        CipherSuite[] cipherSuiteArr = new CipherSuite[i];
        if (z) {
            int i4 = 0;
            for (int i5 = 0; i5 < size; i5++) {
                if (zArr[i5]) {
                    cipherSuiteArr[i4] = (CipherSuite) enabledCipherSuitesVector.elementAt(i5);
                    i4++;
                }
            }
        } else {
            enabledCipherSuitesVector.copyInto(cipherSuiteArr);
        }
        return cipherSuiteArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPremasterSecret(byte[] bArr) {
        this.preMasterSecret = bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPendingCipherSuite(CipherSuite cipherSuite) {
        this.pendingCipherSuite = cipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherSuite getPendingCipherSuite() {
        return this.pendingCipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPendingSession(TLSSessionImpl tLSSessionImpl) {
        this.connection.setSessionImpl(tLSSessionImpl);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TLSSessionImpl getPendingSession() {
        return this.connection.getSessionImpl();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertificateSupport getCertificateSupport() {
        return this.certificateSupport;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientCertSignatureTypes(byte[] bArr) {
        this.clientCertSignatureTypes = bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientCertDistinguishedNames(Principal[] principalArr) {
        this.clientCertDistinguishedNames = principalArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getClientCertSignatureTypes() {
        return this.clientCertSignatureTypes;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Principal[] getClientCertDistinguishedNames() {
        return this.clientCertDistinguishedNames;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientCertChain(X509Certificate[] x509CertificateArr) {
        this.clientCertChain = x509CertificateArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getClientCertChain() {
        return this.clientCertChain;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean[] getSGCFlags() {
        return this.sgcFlags;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSGCFlags(boolean[] zArr) {
        this.sgcFlags = zArr;
    }

    public boolean getECDSA_fixed_ECDHFlag() {
        return this.ECDSA_fixed_ECDHFlag;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setECDSA_fixed_ECDHFlag(boolean z) {
        this.ECDSA_fixed_ECDHFlag = z;
    }

    public boolean getRSA_fixed_ECDHFlag() {
        return this.RSA_fixed_ECDHFlag;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRSA_fixed_ECDHFlag(boolean z) {
        this.RSA_fixed_ECDHFlag = z;
    }

    private void verifyHandshake(byte[] bArr) throws IOException, HandshakeWouldBlockException {
        if (MessageDigest.isEqual(bArr, getVerifyData(!isClient()))) {
            return;
        }
        fireAlert(new Alert(2, 51));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void completeHandshake() {
        this.connection.setHandshakeComplete(true);
        getPendingSession().makeResumable(isClient());
        resetHandshakeParams();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resetHandshakeParams() {
        this.sha.reset();
        this.md5.reset();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fireAlert(int i, int i2) throws IOException, HandshakeWouldBlockException {
        fireAlert(new Alert(i, i2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fireAlert() throws IOException, HandshakeWouldBlockException {
        fireAlert(new Alert(2, 40));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fireAlert(Alert alert) throws IOException, HandshakeWouldBlockException {
        this.connection.fireAlertSent(alert);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void handleSSL2Error(int i, int i2) throws IOException {
        if (i == 2) {
            this.connection.drop();
            fireSSL2ErrorException(i2);
        }
    }

    public void fireSSL2ErrorException(int i) throws IOException {
        Alert alert = new Alert(2, i);
        this.connection.fireException(new AlertEvent(this.connection, alert.getSeverity() == 2, alert.getAlertType()));
    }

    public void fireSSL2ErrorException(String str) throws IOException {
        this.connection.drop();
        throw new SSLProtocolException(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setState(HandshakeState handshakeState) {
        this.state = handshakeState;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setMasterSecret(byte[] bArr) {
        this.masterSecret = bArr;
    }

    public byte[] getMasterSecret() {
        return this.masterSecret;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void generateMasterSecret() throws IOException, HandshakeWouldBlockException {
        try {
            if (getProtocolVersion().equals(TLS10)) {
                this.masterSecret = SecurityParameters.TLS_PRF(this.preMasterSecret, MASTER_SECRET, this.clientRandom, this.serverRandom, 48);
            } else if (getProtocolVersion().equals(SSL30)) {
                this.masterSecret = SecurityParameters.SSL3_PRF(this.preMasterSecret, this.clientRandom, this.serverRandom, 48);
            } else {
                if (!getProtocolVersion().equals(SSL20)) {
                    throw new NoSuchAlgorithmException();
                }
                this.masterSecret = this.preMasterSecret;
            }
        } catch (NoSuchAlgorithmException e) {
            WeblogicHandler.debugEaten(e);
            fireAlert(new Alert(2, 40));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageDigest getMD5Clone() throws CloneNotSupportedException {
        return (MessageDigest) this.md5.clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageDigest getSHAClone() throws CloneNotSupportedException {
        return (MessageDigest) this.sha.clone();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getVerifyData(boolean z) throws IOException, HandshakeWouldBlockException {
        byte[] bArr = null;
        try {
            MessageDigest messageDigest = (MessageDigest) this.md5.clone();
            MessageDigest messageDigest2 = (MessageDigest) this.sha.clone();
            if (getProtocolVersion().equals(TLS10)) {
                bArr = SecurityParameters.TLS_PRF(this.masterSecret, z ? CLIENT_FINISHED : SERVER_FINISHED, messageDigest.digest(), messageDigest2.digest(), 12);
            } else {
                if (!getProtocolVersion().equals(SSL30)) {
                    throw new NoSuchAlgorithmException();
                }
                byte[] bArr2 = z ? SSL3_CLIENT_FINISHED : SSL3_SERVER_FINISHED;
                messageDigest.update(bArr2);
                messageDigest.update(this.masterSecret);
                messageDigest.update(SSL3_IPAD_MD5);
                MessageDigest messageDigest3 = MessageDigest.getInstance("MD5");
                messageDigest3.update(this.masterSecret);
                messageDigest3.update(SSL3_OPAD_MD5);
                messageDigest3.update(messageDigest.digest());
                byte[] digest = messageDigest3.digest();
                messageDigest2.update(bArr2);
                messageDigest2.update(this.masterSecret);
                messageDigest2.update(SSL3_IPAD_SHA);
                MessageDigest messageDigest4 = MessageDigest.getInstance("SHA");
                messageDigest4.update(this.masterSecret);
                messageDigest4.update(SSL3_OPAD_SHA);
                messageDigest4.update(messageDigest2.digest());
                byte[] digest2 = messageDigest4.digest();
                bArr = new byte[digest.length + digest2.length];
                System.arraycopy(digest, 0, bArr, 0, digest.length);
                System.arraycopy(digest2, 0, bArr, digest.length, digest2.length);
            }
        } catch (CloneNotSupportedException e) {
            WeblogicHandler.debugEaten(e);
            fireAlert(new Alert(2, 40));
        } catch (NoSuchAlgorithmException e2) {
            WeblogicHandler.debugEaten(e2);
            fireAlert(new Alert(2, 40));
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void write(HandshakeMessage handshakeMessage) throws IOException {
        updateHashes(handshakeMessage);
        this.connection.getWriteHandler().write(handshakeMessage);
        this.LastMessageType = handshakeMessage.getHandshakeType();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void flush() throws IOException, HandshakeWouldBlockException {
        this.connection.getWriteHandler().flushOutput();
    }

    void updateHashes(HandshakeMessage handshakeMessage) {
        byte[] byteArray = handshakeMessage.toByteArray();
        if (handshakeMessage.getHandshakeType() != 0) {
            this.md5.update(byteArray);
            this.sha.update(byteArray);
        }
    }

    public byte[] addPKCS1Padding(int i, byte[] bArr) {
        byte[] bArr2 = new byte[0];
        if (bArr.length >= i - 3) {
            return bArr2;
        }
        byte[] bArr3 = new byte[i];
        int i2 = 0 + 1;
        bArr3[0] = 0;
        int i3 = i2 + 1;
        bArr3[i2] = 1;
        while (i3 < (i - bArr.length) - 1) {
            bArr3[i3] = -1;
            i3++;
        }
        bArr3[i3] = 0;
        System.arraycopy(bArr, 0, bArr3, i3 + 1, bArr.length);
        return bArr3;
    }

    public byte[] addPKCS1Type2Padding(int i, byte[] bArr) {
        byte[] bArr2 = new byte[0];
        if (bArr.length >= i - 3) {
            return bArr2;
        }
        byte[] bArr3 = new byte[i];
        int i2 = 0 + 1;
        bArr3[0] = 0;
        int i3 = i2 + 1;
        bArr3[i2] = 2;
        while (i3 < (i - bArr.length) - 1) {
            bArr3[i3] = 3;
            i3++;
        }
        bArr3[i3] = 0;
        System.arraycopy(bArr, 0, bArr3, i3 + 1, bArr.length);
        return bArr3;
    }

    public byte[] removePKCS1Padding(byte[] bArr) {
        byte[] bArr2 = new byte[0];
        if (bArr.length < 4 || bArr[0] != 0) {
            return bArr;
        }
        switch (bArr[1]) {
            case 1:
            case 2:
                int i = 2;
                while (i < bArr.length && bArr[i] != 0) {
                    i++;
                }
                if (i == bArr.length) {
                    return bArr2;
                }
                int i2 = i + 1;
                byte[] bArr3 = new byte[bArr.length - i2];
                System.arraycopy(bArr, i2, bArr3, 0, bArr3.length);
                return bArr3;
            default:
                return bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getV3CertificateVerifySHAHash(MessageDigest messageDigest) throws NoSuchAlgorithmException {
        messageDigest.update(this.masterSecret);
        messageDigest.update(SSL3_IPAD_SHA);
        MessageDigest messageDigest2 = MessageDigest.getInstance("SHA");
        messageDigest2.update(this.masterSecret);
        messageDigest2.update(SSL3_OPAD_SHA);
        messageDigest2.update(messageDigest.digest());
        return messageDigest2.digest();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getV3CertificateVerifyMD5Hash(MessageDigest messageDigest) throws NoSuchAlgorithmException {
        messageDigest.update(this.masterSecret);
        messageDigest.update(SSL3_IPAD_MD5);
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5");
        messageDigest2.update(this.masterSecret);
        messageDigest2.update(SSL3_OPAD_MD5);
        messageDigest2.update(messageDigest.digest());
        return messageDigest2.digest();
    }

    public boolean isEqual(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) {
        if (i2 != i4) {
            return false;
        }
        for (int i5 = 0; i5 < i2; i5++) {
            if (bArr[i + i5] != bArr2[i3 + i5]) {
                return false;
            }
        }
        return true;
    }

    public void handleSSL2ErrorMessage(MessageSSL2Error messageSSL2Error) throws IOException {
        String message;
        switch (messageSSL2Error.getError()) {
            case 1:
                message = Resources.getMessage("245");
                break;
            case 2:
                message = Resources.getMessage("73");
                break;
            case 3:
            case 5:
            default:
                message = Resources.getMessage("137");
                break;
            case 4:
                message = Resources.getMessage(WorkException.TX_RECREATE_FAILED);
                break;
            case 6:
                message = Resources.getMessage("135");
                break;
        }
        fireSSL2ErrorException(message);
    }
}
