package com.certicom.tls.record.handshake;

import com.bea.sslplus.WeblogicHandler;
import com.certicom.locale.Resources;
import com.certicom.tls.ciphersuite.CipherSuite;
import com.certicom.tls.ciphersuite.CipherSuiteSupport;
import com.certicom.tls.event.HandshakeWouldBlockException;
import com.certicom.tls.interfaceimpl.CertificateSupport;
import com.certicom.tls.interfaceimpl.ProtocolVersion;
import com.certicom.tls.interfaceimpl.SessionID;
import com.certicom.tls.interfaceimpl.TLSSessionImpl;
import com.certicom.tls.record.alert.Alert;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLSocket;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/certicom/tls/record/handshake/ClientStateSentHello.class */
public final class ClientStateSentHello extends HandshakeState {
    Alert alert;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientStateSentHello(HandshakeHandler handshakeHandler) {
        super(handshakeHandler);
    }

    @Override // com.certicom.tls.record.handshake.HandshakeState
    void handle(HandshakeMessage handshakeMessage) throws IOException, NoSuchAlgorithmException, HandshakeWouldBlockException {
        if (this.handler.getProtocolVersion().equals(ProtocolVersion.SSL20) || (handshakeMessage instanceof MessageServerHelloVersion2)) {
            handleVersion2(handshakeMessage);
            return;
        }
        switch (handshakeMessage.getHandshakeType()) {
            case 0:
                return;
            case 2:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("SERVER_HELLO \nEnd.");
                }
                MessageServerHello messageServerHello = (MessageServerHello) handshakeMessage;
                this.handler.setServerRandom(messageServerHello.getRandom().getRandomBytes());
                ProtocolVersion protocolVersion = this.handler.getProtocolVersion();
                ProtocolVersion protocolVersion2 = messageServerHello.getProtocolVersion();
                if (protocolVersion2.equals(ProtocolVersion.TLS10) && (protocolVersion.equals(ProtocolVersion.TLS10) || ((protocolVersion.equals(ProtocolVersion.SSL30) && protocolVersion.isRollForward()) || (protocolVersion.equals(ProtocolVersion.SSL20) && protocolVersion.isRollForward())))) {
                    protocolVersion2.resetRecord();
                    this.handler.setProtocolVersion(protocolVersion2);
                } else if (!protocolVersion2.equals(ProtocolVersion.SSL30) || (!protocolVersion.equals(ProtocolVersion.SSL30) && ((!protocolVersion.equals(ProtocolVersion.SSL20) || !protocolVersion.isRollForward()) && (!protocolVersion.equals(ProtocolVersion.TLS10) || !protocolVersion.isRollBack())))) {
                    this.alert = new Alert(2, 70);
                    this.handler.fireAlert(this.alert);
                    return;
                } else {
                    protocolVersion2.resetRecord();
                    this.handler.setProtocolVersion(protocolVersion2);
                }
                if (!acceptSessionResumption(messageServerHello)) {
                    try {
                        CipherSuite cipherSuite = CipherSuiteSupport.getCipherSuite(messageServerHello.getCipherSuiteTag());
                        TLSSessionImpl pendingSession = this.handler.getPendingSession();
                        SessionID sessionID = pendingSession.getSessionID();
                        SessionID sessionID2 = messageServerHello.getSessionID();
                        if (!sessionID.isEmpty()) {
                            pendingSession.invalidate();
                            this.handler.setPendingSession(new TLSSessionImpl(pendingSession.getPeerID(), pendingSession.getSessionDB(), sessionID2));
                        } else if (!sessionID2.isEmpty()) {
                            this.handler.setPendingSessionID(sessionID2);
                        }
                        this.handler.setPendingCipherSuite(cipherSuite);
                    } catch (NoSuchAlgorithmException e) {
                        WeblogicHandler.debugEaten(e);
                        this.handler.fireAlert();
                        return;
                    }
                }
                this.handler.setState(new ClientStateReceivedServerHello(this.handler));
                return;
            default:
                this.alert = new Alert(2, 10);
                this.handler.fireAlert(this.alert);
                return;
        }
    }

    private X509Certificate[] convertToArray(X509Certificate x509Certificate) {
        return new X509Certificate[]{x509Certificate};
    }

    private boolean acceptSessionResumption(MessageServerHello messageServerHello) throws IOException, NoSuchAlgorithmException, HandshakeWouldBlockException {
        CipherSuite cipherSuite;
        SessionID pendingSessionID = this.handler.getPendingSessionID();
        SessionID sessionID = messageServerHello.getSessionID();
        if (!sessionID.equals(pendingSessionID) || sessionID.isEmpty()) {
            return false;
        }
        TLSSessionImpl pendingSession = this.handler.getPendingSession();
        if (this.handler.getSGCFlags()[1]) {
            cipherSuite = CipherSuiteSupport.getCipherSuite(messageServerHello.getCipherSuiteTag());
        } else {
            cipherSuite = CipherSuiteSupport.getCipherSuite(messageServerHello.getCipherSuiteTag());
            boolean z = false;
            for (CipherSuite cipherSuite2 : this.handler.getEnabledCipherSuites()) {
                if (cipherSuite2.equals(cipherSuite)) {
                    z = true;
                }
            }
            if (!z) {
                return false;
            }
        }
        this.handler.setPendingCipherSuite(cipherSuite);
        this.handler.setMasterSecret(pendingSession.getMasterSecret());
        this.handler.generateSecurityParameters();
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v49, types: [java.security.cert.X509Certificate[], java.security.cert.X509Certificate[][]] */
    void handleVersion2(HandshakeMessage handshakeMessage) throws IOException, NoSuchAlgorithmException, HandshakeWouldBlockException {
        switch (handshakeMessage.getHandshakeType()) {
            case 4:
                if (this.handler.returnDebugFlag()) {
                    System.out.print("SERVER_HELLO \nEnd.");
                }
                MessageServerHelloVersion2 messageServerHelloVersion2 = (MessageServerHelloVersion2) handshakeMessage;
                ProtocolVersion protocolVersion = this.handler.getProtocolVersion();
                TLSSessionImpl pendingSession = this.handler.getPendingSession();
                SessionID sessionID = pendingSession.getSessionID();
                if (protocolVersion.equals(ProtocolVersion.SSL20)) {
                    protocolVersion.resetRecord();
                    this.handler.setProtocolVersion(protocolVersion);
                } else {
                    if (!protocolVersion.isRollBack()) {
                        this.handler.fireSSL2ErrorException(Resources.getMessage("133"));
                        return;
                    }
                    this.handler.setProtocolVersion(new ProtocolVersion("SSL2"));
                }
                this.handler.setServerRandom(messageServerHelloVersion2.getConnectionID());
                if (messageServerHelloVersion2.getSession_ID_hit() == 0) {
                    if (!sessionID.isEmpty()) {
                        pendingSession.invalidate();
                        this.handler.setPendingSession(new TLSSessionImpl(pendingSession.getPeerID(), pendingSession.getSessionDB(), new SessionID()));
                    }
                    this.handler.setPendingCipherSuite(matchCipherSuites(messageServerHelloVersion2.getCipherSuites()));
                    if (messageServerHelloVersion2.getCertificateType() != 1) {
                        this.handler.write(new MessageSSL2Error(6));
                        this.handler.flush();
                        this.handler.handleSSL2Error(2, 6);
                        return;
                    }
                    CertificateSupport certificateSupport = this.handler.getCertificateSupport();
                    X509Certificate[] convertToArray = convertToArray(messageServerHelloVersion2.getCertificateChain());
                    this.handler.SetServerCertificate(convertToArray[0]);
                    SSLSocket sSLSocket = this.handler.getConnectionImpl().getSSLSocket();
                    ?? r0 = {convertToArray};
                    boolean isServerTrusted = certificateSupport.isServerTrusted(r0, this.handler.getPendingCipherSuite().getDescription(), this.handler.getProtocolVersion(), this.handler.getConnectionImpl().getCertificateCallbackRef(), sSLSocket);
                    if (isServerTrusted) {
                        this.handler.getPendingSession().setPeerCertChain(r0[0]);
                        isServerTrusted = certificateSupport.isServerHostnameValid(sSLSocket);
                    }
                    if (!isServerTrusted) {
                        this.handler.write(new MessageSSL2Error(4));
                        this.handler.flush();
                        this.handler.handleSSL2Error(2, 4);
                        return;
                    } else {
                        this.handler.write(new MessageClientMasterKey(this.handler, messageServerHelloVersion2.getCertificateChain().getPublicKey()));
                        this.handler.flush();
                        this.handler.generateSecurityParameters();
                    }
                } else {
                    if (sessionID.isEmpty()) {
                        this.handler.fireSSL2ErrorException(Resources.getMessage("252"));
                        return;
                    }
                    CipherSuite cipherSuite = CipherSuiteSupport.getCipherSuite(pendingSession.getCipherSuite());
                    boolean z = false;
                    for (CipherSuite cipherSuite2 : this.handler.getEnabledCipherSuites()) {
                        if (cipherSuite2.equals(cipherSuite)) {
                            z = true;
                        }
                    }
                    if (!z) {
                        this.handler.write(new MessageSSL2Error(2));
                        this.handler.flush();
                        this.handler.handleSSL2Error(2, 2);
                    }
                    this.handler.setPendingCipherSuite(cipherSuite);
                    this.handler.setMasterSecret(pendingSession.getMasterSecret());
                    this.handler.generateSecurityParameters();
                }
                this.handler.write(new MessageFinishedVersion2(1, this.handler.getServerRandom()));
                this.handler.flush();
                this.handler.setState(new ClientStateSentFinished(this.handler));
                return;
            default:
                this.handler.fireSSL2ErrorException(Resources.getMessage("137"));
                return;
        }
    }

    public CipherSuite matchCipherSuites(CipherSuite[] cipherSuiteArr) throws NoSuchAlgorithmException {
        CipherSuite[] enabledCipherSuites = this.handler.getEnabledCipherSuites();
        this.handler.getCertificateSupport();
        for (int i = 0; i < enabledCipherSuites.length; i++) {
            for (int i2 = 0; i2 < cipherSuiteArr.length; i2++) {
                if (enabledCipherSuites[i].equals(cipherSuiteArr[i2]) && MapCipher.isSSL2Cipher(cipherSuiteArr[i2].getTag()) == 1) {
                    return enabledCipherSuites[i];
                }
            }
        }
        throw new NoSuchAlgorithmException();
    }
}
