package com.certicom.tls.record.handshake;

import com.bluecast.xml.Piccolo;
import com.certicom.locale.Resources;
import com.certicom.security.cert.internal.x509.X509V3CertImpl;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.interfaceimpl.CertificateSupport;
import com.certicom.tls.interfaceimpl.TLSSystem;
import com.certicom.tls.provider.Cipher;
import com.certicom.tls.provider.MessageDigest;
import com.certicom.tls.record.Util;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/certicom/tls/record/handshake/MessageClientCertificate.class */
public final class MessageClientCertificate extends HandshakeMessage {
    private int CertificateType;
    private byte[] Certificate_Challenge;
    private byte[] Response_data;
    private byte[][] KeyMaterials;
    private X509Certificate Client_Certificate;
    private X509Certificate Server_Certificate;
    private HandshakeHandler handler;
    private final byte[] MD5Encode = {48, 32, 48, 12, 6, 8, 42, -122, 72, -122, -9, 13, 2, 5, 5, 0, 4, 16};

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageClientCertificate(int i, byte[] bArr, HandshakeHandler handshakeHandler, X509Certificate x509Certificate) {
        this.CertificateType = i;
        this.Certificate_Challenge = bArr;
        this.Client_Certificate = x509Certificate;
        this.handler = handshakeHandler;
        this.KeyMaterials = getKeyMaterial(handshakeHandler);
        this.Server_Certificate = handshakeHandler.getServerCertificate();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageClientCertificate(InputStream inputStream) throws IOException {
        this.CertificateType = Util.readUInt8(inputStream);
        int readUInt16 = Util.readUInt16(inputStream);
        int readUInt162 = Util.readUInt16(inputStream);
        try {
            byte[] bArr = new byte[readUInt16];
            Util.readFully(bArr, inputStream);
            this.Response_data = new byte[readUInt162];
            Util.readFully(this.Response_data, inputStream);
            this.Client_Certificate = new X509V3CertImpl(bArr);
        } catch (Exception e) {
            throw new IOException(Resources.getMessage("267"));
        }
    }

    @Override // com.certicom.tls.record.handshake.HandshakeMessage
    public int getHandshakeType() {
        return 8;
    }

    public PublicKey getClientPublicKey() {
        return this.Client_Certificate.getPublicKey();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v21, types: [java.security.cert.X509Certificate[], java.security.cert.X509Certificate[][]] */
    public int VerifyResponseData(byte[] bArr, HandshakeHandler handshakeHandler) {
        if (this.CertificateType != 1) {
            return Piccolo.WHITESPACE;
        }
        try {
            this.KeyMaterials = getKeyMaterial(handshakeHandler);
            this.Certificate_Challenge = bArr;
            CertificateSupport certificateSupport = handshakeHandler.getCertificateSupport();
            this.Server_Certificate = certificateSupport.getAuthChain("RSA", 0)[0];
            Cipher cipher = Cipher.getInstance(CryptoNames.RSA_RAW);
            cipher.init(2, getClientPublicKey(), TLSSystem.getRandomNumberGenerator());
            byte[] removePKCS1Padding = handshakeHandler.removePKCS1Padding(cipher.doFinal(this.Response_data, 0, this.Response_data.length));
            byte[] generateResponseData = generateResponseData();
            if (!handshakeHandler.isEqual(removePKCS1Padding, 0, removePKCS1Padding.length, generateResponseData, 0, generateResponseData.length)) {
                return Piccolo.CLOSE_TAG;
            }
            if (certificateSupport.isClientTrusted(new X509Certificate[]{new X509Certificate[]{this.Client_Certificate}}, handshakeHandler.getPendingCipherSuite().getDescription(), handshakeHandler.getProtocolVersion(), handshakeHandler.getConnectionImpl().getCertificateCallbackRef(), handshakeHandler.getConnectionImpl().getSSLSocket())) {
                return 0;
            }
            return Piccolo.EMPTY_TAG;
        } catch (Exception e) {
            e.printStackTrace();
            return 0;
        }
    }

    private byte[] AppendMD5(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + this.MD5Encode.length];
        System.arraycopy(this.MD5Encode, 0, bArr2, 0, this.MD5Encode.length);
        System.arraycopy(bArr, 0, bArr2, this.MD5Encode.length, bArr.length);
        return bArr2;
    }

    @Override // com.certicom.tls.record.handshake.HandshakeMessage, com.certicom.tls.record.Message
    public int getMessageType() {
        return 0;
    }

    private byte[][] getKeyMaterial(HandshakeHandler handshakeHandler) {
        return handshakeHandler.getSecurityParameters().getKeyMaterial();
    }

    private byte[] generateResponseData() {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            for (int i = 0; i < this.KeyMaterials.length; i++) {
                messageDigest.update(this.KeyMaterials[i]);
            }
            messageDigest.update(this.Certificate_Challenge);
            messageDigest.update(this.Server_Certificate.getEncoded());
            return AppendMD5(messageDigest.digest());
        } catch (Exception e) {
            return null;
        }
    }

    @Override // com.certicom.tls.record.handshake.HandshakeMessage
    void initMessage() {
        try {
            byte[] encoded = this.Client_Certificate.getEncoded();
            int length = encoded.length;
            PrivateKey privateKey = this.handler.getCertificateSupport().getPrivateKey(this.Client_Certificate);
            this.Response_data = this.handler.addPKCS1Padding((((RSAPrivateKey) privateKey).getModulus().bitLength() + 7) / 8, generateResponseData());
            Cipher cipher = Cipher.getInstance(CryptoNames.RSA_RAW);
            cipher.init(1, privateKey, TLSSystem.getRandomNumberGenerator());
            byte[] doFinal = cipher.doFinal(this.Response_data, 0, this.Response_data.length);
            initBufferVersion2(doFinal.length + length + 5);
            Util.writeUInt8(this.CertificateType, this.buffer);
            Util.writeUInt16(length, this.buffer);
            Util.writeUInt16(doFinal.length, this.buffer);
            this.buffer.write(encoded);
            this.buffer.write(doFinal);
        } catch (Exception e) {
        }
    }
}
