package com.certicom.tls.record.handshake;

import com.bea.security.saml2.util.SAML2Constants;
import com.certicom.locale.Resources;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.event.HandshakeWouldBlockException;
import com.certicom.tls.interfaceimpl.ProtocolVersion;
import com.certicom.tls.interfaceimpl.TLSSystem;
import com.certicom.tls.provider.Cipher;
import com.certicom.tls.provider.MessageDigest;
import com.certicom.tls.provider.Signature;
import com.certicom.tls.record.Util;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/certicom/tls/record/handshake/ServerStateReceivedClientKeyExchange.class */
public final class ServerStateReceivedClientKeyExchange extends HandshakeState implements CryptoNames {
    Object clientCertificate;
    MessageDigest md5MessageDigest;
    MessageDigest shaMessageDigest;
    boolean receivedCertVerify;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerStateReceivedClientKeyExchange(HandshakeHandler handshakeHandler, Object obj, Object obj2, Object obj3) {
        super(handshakeHandler);
        this.clientCertificate = null;
        this.md5MessageDigest = null;
        this.shaMessageDigest = null;
        this.receivedCertVerify = false;
        this.clientCertificate = obj;
        this.md5MessageDigest = (MessageDigest) obj2;
        this.shaMessageDigest = (MessageDigest) obj3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.certicom.tls.record.handshake.HandshakeState
    public void handle(HandshakeMessage handshakeMessage) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, HandshakeWouldBlockException {
        ProtocolVersion protocolVersion = this.handler.getProtocolVersion();
        switch (handshakeMessage.getHandshakeType()) {
            case 1:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("CLIENT_HELLO: ServerStateReceivedClientKeyExchange, assuming client is restarting the handshake for the server gated crypto");
                }
                ServerStateNoHandshake serverStateNoHandshake = new ServerStateNoHandshake(this.handler);
                this.handler.setState(serverStateNoHandshake);
                serverStateNoHandshake.handle(handshakeMessage);
                return;
            case 15:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("CERTIFICATE_VERIFY \nEnd.");
                }
                this.receivedCertVerify = true;
                if (this.clientCertificate == null) {
                    this.handler.fireAlert(2, 10);
                }
                byte[] bArr = null;
                byte[] bArr2 = null;
                PublicKey publicKey = ((X509Certificate[]) this.clientCertificate)[0].getPublicKey();
                byte[] readBytesLength16 = Util.readBytesLength16(((MessageCertificateVerify) handshakeMessage).getSignature(), HandshakeMessage.maxCertificateVerifySignatureLength);
                if (readBytesLength16 == null) {
                    throw new IOException(Resources.getMessage("281"));
                }
                if (publicKey.getAlgorithm().equalsIgnoreCase("RSA")) {
                    if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 1) {
                        bArr = this.md5MessageDigest.digest();
                        bArr2 = this.shaMessageDigest.digest();
                    } else if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 0) {
                        bArr = this.handler.getV3CertificateVerifyMD5Hash(this.md5MessageDigest);
                        bArr2 = this.handler.getV3CertificateVerifySHAHash(this.shaMessageDigest);
                    }
                    if (verifyMessageRSASignature(publicKey, bArr, bArr2, readBytesLength16)) {
                        return;
                    }
                    this.handler.fireAlert(2, 51);
                    return;
                }
                if (!publicKey.getAlgorithm().equalsIgnoreCase(SAML2Constants.DSA_KEY_TYPE)) {
                    if (!publicKey.getAlgorithm().startsWith(CryptoNames.EC)) {
                        this.handler.fireAlert(2, 47);
                        return;
                    }
                    this.md5MessageDigest.digest();
                    byte[] digest = this.shaMessageDigest.digest();
                    Signature signature = Signature.getInstance(CryptoNames.RawECDSA);
                    signature.initVerify(publicKey);
                    signature.update(digest);
                    if (signature.verify(readBytesLength16)) {
                        return;
                    }
                    this.handler.fireAlert(2, 51);
                    return;
                }
                if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 1) {
                    bArr2 = this.shaMessageDigest.digest();
                } else if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 0) {
                    bArr2 = this.handler.getV3CertificateVerifySHAHash(this.shaMessageDigest);
                }
                Signature signature2 = Signature.getInstance(CryptoNames.RawDSA);
                signature2.initVerify(publicKey);
                signature2.update(bArr2);
                if (signature2.verify(readBytesLength16)) {
                    return;
                }
                this.handler.fireAlert(2, 51);
                return;
            case 20:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("FINISHED \nEnd.");
                }
                if (!this.receivedCertVerify && this.clientCertificate != null && ((X509Certificate[]) this.clientCertificate).length > 0 && !this.handler.getECDSA_fixed_ECDHFlag()) {
                    this.handler.fireAlert(2, 10);
                }
                this.handler.changeCipherSpec();
                MessageFinished messageFinished = new MessageFinished(this.handler.getVerifyData(this.handler.isClient()));
                if (this.handler.returnDebugFlag()) {
                    System.out.print("Type: FINISHED ");
                }
                this.handler.write(messageFinished);
                this.handler.flush();
                this.handler.completeHandshake();
                return;
            default:
                this.handler.fireAlert(2, 10);
                return;
        }
    }

    private boolean verifyMessageRSASignature(PublicKey publicKey, byte[] bArr, byte[] bArr2, byte[] bArr3) throws NoSuchAlgorithmException, InvalidKeyException {
        Cipher cipher = Cipher.getInstance(CryptoNames.RSA_RAW);
        cipher.init(2, publicKey, TLSSystem.getRandomNumberGenerator());
        byte[] removePKCS1Padding = this.handler.removePKCS1Padding(cipher.doFinal(bArr3, 0, bArr3.length));
        return this.handler.isEqual(removePKCS1Padding, 0, 16, bArr, 0, bArr.length) && this.handler.isEqual(removePKCS1Padding, 16, 20, bArr2, 0, bArr2.length);
    }
}
