package com.certicom.tls.record.handshake;

import com.bea.sslplus.WeblogicHandler;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.event.HandshakeWouldBlockException;
import com.certicom.tls.interfaceimpl.CertificateSupport;
import com.certicom.tls.interfaceimpl.ProtocolVersion;
import com.certicom.tls.interfaceimpl.ProtocolVersions;
import com.certicom.tls.interfaceimpl.TLSSystem;
import com.certicom.tls.provider.Cipher;
import com.certicom.tls.provider.CryptoLabels;
import com.certicom.tls.provider.KeyAgreement;
import com.certicom.tls.provider.KeyPairGenerator;
import com.certicom.tls.provider.MessageDigest;
import com.certicom.tls.provider.Signature;
import com.certicom.tls.provider.spec.DHParameters;
import com.certicom.tls.provider.spec.DHPublicKey;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/certicom/tls/record/handshake/ClientStateReceivedCertificate.class */
final class ClientStateReceivedCertificate extends HandshakeState implements CryptoNames, CryptoLabels {
    private PublicKey peerKey;
    private PrivateKey kaPrivateKey;
    private boolean preferCompressed;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientStateReceivedCertificate(HandshakeHandler handshakeHandler, PublicKey publicKey, boolean z) {
        super(handshakeHandler);
        this.peerKey = publicKey;
        this.preferCompressed = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.certicom.tls.record.handshake.HandshakeState
    public void handle(HandshakeMessage handshakeMessage) throws IOException, NoSuchAlgorithmException, SignatureException, HandshakeWouldBlockException {
        int keyAgreementAlgorithm = this.handler.getPendingCipherSuite().getKeyAgreementAlgorithm();
        switch (handshakeMessage.getHandshakeType()) {
            case 0:
                return;
            case 12:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("SERVER_KEY_EXCHANGE \nEnd.");
                }
                try {
                    if (keyAgreementAlgorithm == 2 || keyAgreementAlgorithm == 3 || keyAgreementAlgorithm == 10 || keyAgreementAlgorithm == 11 || keyAgreementAlgorithm == 4 || keyAgreementAlgorithm == 1 || keyAgreementAlgorithm == 9) {
                        MessageServerKeyExchangeDH messageServerKeyExchangeDH = (MessageServerKeyExchangeDH) handshakeMessage;
                        if (keyAgreementAlgorithm == 10 || keyAgreementAlgorithm == 11) {
                            if (!verifyMessageRSASignature(messageServerKeyExchangeDH.getDHMessage(), messageServerKeyExchangeDH.getSignature())) {
                                this.handler.fireAlert(2, 51);
                            }
                        } else if (keyAgreementAlgorithm != 1 && keyAgreementAlgorithm != 9) {
                            Signature signature = (keyAgreementAlgorithm == 10 || keyAgreementAlgorithm == 11) ? Signature.getInstance("RSA") : Signature.getInstance(CryptoNames.DSA);
                            signature.initVerify(this.peerKey);
                            signature.update(this.handler.getClientRandom());
                            signature.update(this.handler.getServerRandom());
                            signature.update(messageServerKeyExchangeDH.getDHMessage());
                            if (!signature.verify(messageServerKeyExchangeDH.getSignature())) {
                                this.handler.fireAlert(2, 51);
                            }
                        }
                        DHParameters dHParameters = messageServerKeyExchangeDH.getDHParameters();
                        DHPublicKey dHPublicKey = messageServerKeyExchangeDH.getDHPublicKey();
                        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(CryptoNames.DIFFIE_HELLMAN);
                        keyPairGenerator.initialize(dHParameters, TLSSystem.getRandomNumberGenerator());
                        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                        PublicKey publicKey = genKeyPair.getPublic();
                        KeyAgreement keyAgreement = KeyAgreement.getInstance(CryptoNames.DIFFIE_HELLMAN);
                        keyAgreement.init(genKeyPair.getPrivate(), TLSSystem.getRandomNumberGenerator());
                        keyAgreement.doPhase(dHPublicKey, true);
                        this.handler.setPremasterSecret(keyAgreement.generateSecret());
                        this.handler.generateMasterSecret();
                        this.handler.generateSecurityParameters();
                        this.handler.setState(new ClientStateReceivedServerKeyExchange(this.handler, publicKey, null));
                    } else if (keyAgreementAlgorithm == 7 || keyAgreementAlgorithm == 8) {
                        MessageServerKeyExchangeRSA messageServerKeyExchangeRSA = (MessageServerKeyExchangeRSA) handshakeMessage;
                        if (!verifyMessageRSASignature(messageServerKeyExchangeRSA.getRSAMessage(), messageServerKeyExchangeRSA.getSignature())) {
                            this.handler.fireAlert(2, 51);
                        }
                        this.handler.setState(new ClientStateReceivedServerKeyExchange(this.handler, messageServerKeyExchangeRSA.getPublicKey(), doRSAKE()));
                    }
                    return;
                } catch (InvalidKeyException e) {
                    WeblogicHandler.debugEaten(e);
                    return;
                } catch (NoSuchAlgorithmException e2) {
                    WeblogicHandler.debugEaten(e2);
                    this.handler.fireAlert();
                    return;
                }
            case 13:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("CERTIFICATE_REQUEST \nEnd.");
                }
                MessageCertificateRequest messageCertificateRequest = (MessageCertificateRequest) handshakeMessage;
                this.handler.setClientCertSignatureTypes(messageCertificateRequest.getSignatureTypes());
                this.handler.setClientCertDistinguishedNames(messageCertificateRequest.getDistinguishedNames());
                return;
            case 14:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("SERVER_HELLO_DONE \nEnd.");
                }
                if (this.handler.getClientCertSignatureTypes() != null) {
                    MessageCertificateRequest.findCertificateChainForHandler(this.handler);
                    ProtocolVersion protocolVersion = this.handler.getProtocolVersion();
                    if (this.handler.getClientCertChain() == null && protocolVersion.equals(ProtocolVersions.SSL30)) {
                        this.handler.fireAlert(1, 41);
                    } else {
                        this.handler.write(new MessageCertificate(this.handler.getClientCertChain()));
                        this.handler.flush();
                        this.handler.setClientCertSentState(true);
                    }
                }
                if (this.handler.returnDebugFlag()) {
                    System.out.print("\nType: CLIENT_KEY_EXCHANGE ");
                }
                try {
                    if (keyAgreementAlgorithm != 5 && keyAgreementAlgorithm != 12) {
                        byte[] doRSAKE = doRSAKE();
                        Cipher cipher = Cipher.getInstance(CryptoNames.RSA_PKCS1);
                        cipher.init(1, this.peerKey, TLSSystem.getRandomNumberGenerator());
                        this.handler.write(new MessageClientKeyExchangeRSA(cipher.doFinal(doRSAKE, 0, doRSAKE.length), this.handler.getProtocolVersion()));
                    } else if (this.handler.getECDSA_fixed_ECDHFlag() || this.handler.getRSA_fixed_ECDHFlag()) {
                        CertificateSupport certificateSupport = this.handler.getCertificateSupport();
                        X509Certificate[] x509CertificateArr = null;
                        if (this.handler.getECDSA_fixed_ECDHFlag()) {
                            x509CertificateArr = certificateSupport.getAuthChain(CryptoNames.ECDSA, 0);
                        } else if (this.handler.getRSA_fixed_ECDHFlag()) {
                            x509CertificateArr = certificateSupport.getAuthChain(CryptoNames.HYBRID, 0);
                        }
                        this.kaPrivateKey = certificateSupport.getPrivateKey(x509CertificateArr[0]);
                        SecureRandom randomNumberGenerator = TLSSystem.getRandomNumberGenerator();
                        KeyAgreement keyAgreement2 = KeyAgreement.getInstance("ECDH");
                        keyAgreement2.init(this.kaPrivateKey, randomNumberGenerator);
                        keyAgreement2.doPhase(this.peerKey, true);
                        byte[] bArr = new byte[20];
                        this.handler.setPremasterSecret(keyAgreement2.generateSecret());
                        this.handler.generateMasterSecret();
                        this.handler.generateSecurityParameters();
                        this.handler.write(new MessageClientKeyExchangeECDH());
                    } else {
                        KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance(CryptoNames.ECDSA);
                        keyPairGenerator2.initialize(163, TLSSystem.getRandomNumberGenerator());
                        KeyPair genKeyPair2 = keyPairGenerator2.genKeyPair();
                        PublicKey publicKey2 = genKeyPair2.getPublic();
                        KeyAgreement keyAgreement3 = KeyAgreement.getInstance("ECDH");
                        keyAgreement3.init(genKeyPair2.getPrivate(), TLSSystem.getRandomNumberGenerator());
                        keyAgreement3.doPhase(this.peerKey, true);
                        byte[] bArr2 = new byte[20];
                        this.handler.setPremasterSecret(keyAgreement3.generateSecret());
                        this.handler.generateMasterSecret();
                        this.handler.generateSecurityParameters();
                        this.handler.write(new MessageClientKeyExchangeECDH(publicKey2, this.preferCompressed));
                    }
                    this.handler.flush();
                    if (!this.handler.getECDSA_fixed_ECDHFlag() && !this.handler.getRSA_fixed_ECDHFlag() && this.handler.getClientCertChain() != null) {
                        this.handler.write(new MessageCertificateVerify(this.handler));
                        this.handler.flush();
                    }
                    this.handler.changeCipherSpec();
                    this.handler.flush();
                    this.handler.write(new MessageFinished(this.handler.getVerifyData(true)));
                    this.handler.flush();
                    this.handler.setState(new ClientStateSentFinished(this.handler));
                    return;
                } catch (InvalidKeyException e3) {
                    WeblogicHandler.debugEaten(e3);
                    this.handler.fireAlert();
                    return;
                } catch (NoSuchAlgorithmException e4) {
                    WeblogicHandler.debugEaten(e4);
                    this.handler.fireAlert();
                    return;
                }
            default:
                this.handler.fireAlert(2, 10);
                return;
        }
    }

    private boolean verifyMessageRSASignature(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance(CryptoNames.RSA_RAW);
        cipher.init(2, this.peerKey, TLSSystem.getRandomNumberGenerator());
        byte[] removePKCS1Padding = this.handler.removePKCS1Padding(cipher.doFinal(bArr2, 0, bArr2.length));
        if (removePKCS1Padding.length != 36) {
            return false;
        }
        byte[] hashRandomAndParams = hashRandomAndParams("MD5", bArr);
        byte[] hashRandomAndParams2 = hashRandomAndParams("SHA", bArr);
        return this.handler.isEqual(removePKCS1Padding, 0, 16, hashRandomAndParams, 0, hashRandomAndParams.length) && this.handler.isEqual(removePKCS1Padding, 16, 20, hashRandomAndParams2, 0, hashRandomAndParams2.length);
    }

    private byte[] hashRandomAndParams(String str, byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(this.handler.getClientRandom());
        messageDigest.update(this.handler.getServerRandom());
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    private byte[] doRSAKE() throws IOException, NoSuchAlgorithmException, InvalidKeyException, HandshakeWouldBlockException {
        byte[] bArr = new byte[48];
        TLSSystem.getRandomNumberGenerator().nextBytes(bArr);
        ProtocolVersion helloProtocol = this.handler.getHelloProtocol();
        if (this.handler.getHandshakeRollBackBug()) {
            helloProtocol = this.handler.getProtocolVersion();
        }
        bArr[0] = (byte) helloProtocol.getMajor();
        bArr[1] = (byte) helloProtocol.getMinor();
        this.handler.setPremasterSecret(bArr);
        this.handler.generateMasterSecret();
        this.handler.generateSecurityParameters();
        return bArr;
    }
}
