package gnu.javax.net.ssl.provider;

import gnu.classpath.debug.Component;
import gnu.java.security.action.GetSecurityPropertyAction;
import gnu.javax.crypto.key.dh.GnuDHPublicKey;
import gnu.javax.net.ssl.AbstractSessionContext;
import gnu.javax.net.ssl.Session;
import gnu.javax.net.ssl.provider.AbstractHandshake;
import gnu.javax.net.ssl.provider.Alert;
import gnu.javax.net.ssl.provider.Extension;
import gnu.javax.net.ssl.provider.Handshake;
import gnu.javax.net.ssl.provider.ServerNameList;
import java.nio.ByteBuffer;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509ExtendedKeyManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:gnu/javax/net/ssl/provider/ServerHandshake.class */
public class ServerHandshake extends AbstractHandshake {
    private State state;
    private ByteBuffer outBuffer;
    private boolean clientHadExtensions;
    private boolean continuedSession;
    private ServerNameList requestedNames;
    private String keyAlias;
    private X509Certificate clientCert;
    private X509Certificate localCert;
    private boolean helloV2;
    private KeyPair dhPair;
    private PrivateKey serverKey;
    private GenDH genDH;
    private AbstractHandshake.CertVerifier certVerifier;
    private CertLoader certLoader;
    private DelegatedTask keyExchangeTask;
    private static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type;
    private static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$KeyExchangeAlgorithm;
    private static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$ServerHandshake$State;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ServerHandshake$CertLoader.class */
    class CertLoader extends DelegatedTask {
        CertLoader() {
        }

        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        public void implRun() throws SSLException {
            KeyExchangeAlgorithm keyExchangeAlgorithm = ServerHandshake.this.engine.session().suite.keyExchangeAlgorithm();
            X509ExtendedKeyManager x509ExtendedKeyManager = ServerHandshake.this.engine.contextImpl.keyManager;
            ServerHandshake.this.keyAlias = x509ExtendedKeyManager.chooseEngineServerAlias(keyExchangeAlgorithm.name(), (Principal[]) null, ServerHandshake.this.engine);
            if (ServerHandshake.this.keyAlias == null) {
                throw new SSLException("no certificates available");
            }
            X509Certificate[] certificateChain = x509ExtendedKeyManager.getCertificateChain(ServerHandshake.this.keyAlias);
            ServerHandshake.this.engine.session().setLocalCertificates(certificateChain);
            ServerHandshake.this.localCert = certificateChain[0];
            ServerHandshake.this.serverKey = x509ExtendedKeyManager.getPrivateKey(ServerHandshake.this.keyAlias);
            if (keyExchangeAlgorithm == KeyExchangeAlgorithm.DH_DSS || keyExchangeAlgorithm == KeyExchangeAlgorithm.DH_RSA) {
                ServerHandshake.this.dhPair = new KeyPair(ServerHandshake.this.localCert.getPublicKey(), x509ExtendedKeyManager.getPrivateKey(ServerHandshake.this.keyAlias));
            }
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ServerHandshake$GenDH.class */
    private class GenDH extends DelegatedTask {
        ByteBuffer paramsBuffer;
        ByteBuffer sigBuffer;

        private GenDH() {
        }

        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        protected void implRun() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, SignatureException {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
            keyPairGenerator.initialize(DiffieHellman.getParams().getParams(), ServerHandshake.this.engine.session().random());
            ServerHandshake.this.dhPair = keyPairGenerator.generateKeyPair();
            DHPublicKey dHPublicKey = (DHPublicKey) ServerHandshake.this.dhPair.getPublic();
            this.paramsBuffer = new ServerDHParams(dHPublicKey.getParams().getP(), dHPublicKey.getParams().getG(), dHPublicKey.getY()).buffer();
            if (ServerHandshake.this.engine.session().suite.signatureAlgorithm() != SignatureAlgorithm.ANONYMOUS) {
                this.sigBuffer = ServerHandshake.this.signParams(this.paramsBuffer);
                this.paramsBuffer.rewind();
            }
            ServerHandshake.logger.logv(Component.SSL_KEY_EXCHANGE, "Diffie-Hellman public:{0} private:{1}", ServerHandshake.this.dhPair.getPublic(), ServerHandshake.this.dhPair.getPrivate());
        }

        /* synthetic */ GenDH(ServerHandshake serverHandshake, GenDH genDH) {
            this();
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ServerHandshake$RSAKeyExchange.class */
    class RSAKeyExchange extends DelegatedTask {
        private final byte[] encryptedPreMasterSecret;

        RSAKeyExchange(byte[] bArr) {
            this.encryptedPreMasterSecret = bArr;
        }

        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        public void implRun() throws BadPaddingException, IllegalBlockSizeException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, SSLException {
            Cipher cipher = Cipher.getInstance("RSA");
            cipher.init(2, ServerHandshake.this.serverKey);
            cipher.init(2, ServerHandshake.this.localCert);
            ServerHandshake.this.preMasterSecret = cipher.doFinal(this.encryptedPreMasterSecret);
            ServerHandshake.this.generateMasterSecret(ServerHandshake.this.clientRandom, ServerHandshake.this.serverRandom, ServerHandshake.this.engine.session());
            ServerHandshake.this.setupSecurityParameters(ServerHandshake.this.generateKeys(ServerHandshake.this.clientRandom, ServerHandshake.this.serverRandom, ServerHandshake.this.engine.session()), false, ServerHandshake.this.engine, ServerHandshake.this.compression);
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ServerHandshake$RSA_PSKExchange.class */
    class RSA_PSKExchange extends DelegatedTask {
        private final byte[] encryptedPreMasterSecret;
        private final SecretKey psKey;

        RSA_PSKExchange(byte[] bArr, SecretKey secretKey) {
            this.encryptedPreMasterSecret = bArr;
            this.psKey = secretKey;
        }

        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        public void implRun() throws BadPaddingException, IllegalBlockSizeException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, SSLException {
            Cipher cipher = Cipher.getInstance("RSA");
            cipher.init(2, ServerHandshake.this.serverKey);
            cipher.init(2, ServerHandshake.this.localCert);
            byte[] doFinal = cipher.doFinal(this.encryptedPreMasterSecret);
            byte[] encoded = this.psKey.getEncoded();
            ServerHandshake.this.preMasterSecret = new byte[doFinal.length + encoded.length + 4];
            ServerHandshake.this.preMasterSecret[0] = (byte) (doFinal.length >>> 8);
            ServerHandshake.this.preMasterSecret[1] = (byte) doFinal.length;
            System.arraycopy(doFinal, 0, ServerHandshake.this.preMasterSecret, 2, doFinal.length);
            ServerHandshake.this.preMasterSecret[doFinal.length + 2] = (byte) (encoded.length >>> 8);
            ServerHandshake.this.preMasterSecret[doFinal.length + 3] = (byte) encoded.length;
            System.arraycopy(encoded, 0, ServerHandshake.this.preMasterSecret, doFinal.length + 4, encoded.length);
            ServerHandshake.this.generateMasterSecret(ServerHandshake.this.clientRandom, ServerHandshake.this.serverRandom, ServerHandshake.this.engine.session());
            ServerHandshake.this.setupSecurityParameters(ServerHandshake.this.generateKeys(ServerHandshake.this.clientRandom, ServerHandshake.this.serverRandom, ServerHandshake.this.engine.session()), false, ServerHandshake.this.engine, ServerHandshake.this.compression);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:gnu/javax/net/ssl/provider/ServerHandshake$State.class */
    public enum State {
        WRITE_HELLO_REQUEST(true, false),
        WRITE_SERVER_HELLO(true, false),
        WRITE_CERTIFICATE(true, false),
        WRITE_SERVER_KEY_EXCHANGE(true, false),
        WRITE_CERTIFICATE_REQUEST(true, false),
        WRITE_SERVER_HELLO_DONE(true, false),
        WRITE_FINISHED(true, false),
        READ_CLIENT_HELLO(false, true),
        READ_CERTIFICATE(false, true),
        READ_CLIENT_KEY_EXCHANGE(false, true),
        READ_CERTIFICATE_VERIFY(false, true),
        READ_FINISHED(false, true),
        DONE(false, false);

        private final boolean isWriteState;
        private final boolean isReadState;

        State(boolean z, boolean z2) {
            this.isWriteState = z;
            this.isReadState = z2;
        }

        boolean isReadState() {
            return this.isReadState;
        }

        boolean isWriteState() {
            return this.isWriteState;
        }

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static State[] valuesCustom() {
            State[] valuesCustom = values();
            int length = valuesCustom.length;
            State[] stateArr = new State[length];
            System.arraycopy(valuesCustom, 0, stateArr, 0, length);
            return stateArr;
        }
    }

    static {
        $assertionsDisabled = !ServerHandshake.class.desiredAssertionStatus();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerHandshake(boolean z, SSLEngineImpl sSLEngineImpl) throws NoSuchAlgorithmException {
        super(sSLEngineImpl);
        this.clientHadExtensions = false;
        this.continuedSession = false;
        this.requestedNames = null;
        this.keyAlias = null;
        this.clientCert = null;
        this.localCert = null;
        this.helloV2 = false;
        if (z) {
            this.state = State.WRITE_HELLO_REQUEST;
        } else {
            this.state = State.READ_CLIENT_HELLO;
        }
        this.handshakeOffset = 0;
    }

    private static ProtocolVersion chooseProtocol(ProtocolVersion protocolVersion, String[] strArr) throws SSLException {
        ProtocolVersion protocolVersion2 = null;
        for (String str : strArr) {
            ProtocolVersion forName = ProtocolVersion.forName(str);
            if (forName.compareTo(protocolVersion) <= 0 && (protocolVersion2 == null || forName.compareTo(protocolVersion2) > 0)) {
                protocolVersion2 = forName;
            }
        }
        if (protocolVersion2 == null) {
            throw new SSLException("no acceptable protocol version available");
        }
        return protocolVersion2;
    }

    private CipherSuite chooseSuite(CipherSuiteList cipherSuiteList, String[] strArr, ProtocolVersion protocolVersion) throws SSLException {
        HashSet hashSet = new HashSet(8);
        hashSet.add(KeyExchangeAlgorithm.NONE);
        X509ExtendedKeyManager x509ExtendedKeyManager = this.engine.contextImpl.keyManager;
        if (x509ExtendedKeyManager != null) {
            if (x509ExtendedKeyManager.getServerAliases(KeyExchangeAlgorithm.DH_DSS.name(), null).length > 0) {
                hashSet.add(KeyExchangeAlgorithm.DH_DSS);
            }
            if (x509ExtendedKeyManager.getServerAliases(KeyExchangeAlgorithm.DH_RSA.name(), null).length > 0) {
                hashSet.add(KeyExchangeAlgorithm.DH_RSA);
            }
            if (x509ExtendedKeyManager.getServerAliases(KeyExchangeAlgorithm.DHE_DSS.name(), null).length > 0) {
                hashSet.add(KeyExchangeAlgorithm.DHE_DSS);
            }
            if (x509ExtendedKeyManager.getServerAliases(KeyExchangeAlgorithm.DHE_RSA.name(), null).length > 0) {
                hashSet.add(KeyExchangeAlgorithm.DHE_RSA);
            }
            if (x509ExtendedKeyManager.getServerAliases(KeyExchangeAlgorithm.RSA.name(), null).length > 0) {
                hashSet.add(KeyExchangeAlgorithm.RSA);
            }
            if (x509ExtendedKeyManager.getServerAliases(KeyExchangeAlgorithm.RSA_PSK.name(), null).length > 0 && this.engine.contextImpl.pskManager != null) {
                hashSet.add(KeyExchangeAlgorithm.RSA_PSK);
            }
        }
        if (this.engine.contextImpl.pskManager != null) {
            hashSet.add(KeyExchangeAlgorithm.DHE_PSK);
            hashSet.add(KeyExchangeAlgorithm.PSK);
        }
        logger.logv(Component.SSL_HANDSHAKE, "we have certs for key exchange algorithms {0}", hashSet);
        HashSet hashSet2 = new HashSet();
        for (String str : strArr) {
            CipherSuite forName = CipherSuite.forName(str);
            if (forName != null && hashSet.contains(forName.keyExchangeAlgorithm())) {
                hashSet2.add(forName);
            }
        }
        Iterator<CipherSuite> it = cipherSuiteList.iterator();
        while (it.hasNext()) {
            CipherSuite resolve = it.next().resolve();
            if (resolve.isResolved() && hashSet2.contains(resolve)) {
                return resolve;
            }
        }
        throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.INSUFFICIENT_SECURITY));
    }

    private static CompressionMethod chooseCompression(CompressionMethodList compressionMethodList) throws SSLException {
        if (Boolean.valueOf((String) AccessController.doPrivileged(new GetSecurityPropertyAction("jessie.enable.compression"))).booleanValue()) {
            Iterator<CompressionMethod> it = compressionMethodList.iterator();
            while (it.hasNext()) {
                if (it.next().equals(CompressionMethod.ZLIB)) {
                    return CompressionMethod.ZLIB;
                }
            }
        }
        Iterator<CompressionMethod> it2 = compressionMethodList.iterator();
        while (it2.hasNext()) {
            if (it2.next().equals(CompressionMethod.NULL)) {
                return CompressionMethod.NULL;
            }
        }
        throw new SSLException("no supported compression method");
    }

    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    protected boolean doHash() {
        boolean z = this.helloV2;
        this.helloV2 = false;
        return (this.state == State.WRITE_HELLO_REQUEST || z) ? false : true;
    }

    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    public SSLEngineResult.HandshakeStatus implHandleInput() throws SSLException {
        X509Certificate[] x509CertificateArr;
        if (this.state == State.DONE) {
            return SSLEngineResult.HandshakeStatus.FINISHED;
        }
        if (this.state.isWriteState() || (this.outBuffer != null && this.outBuffer.hasRemaining())) {
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }
        ByteBuffer duplicate = this.handshakeBuffer.duplicate();
        duplicate.flip();
        duplicate.position(this.handshakeOffset);
        Handshake handshake = new Handshake(duplicate.slice(), this.engine.session().suite, this.engine.session().version);
        logger.logv(Component.SSL_HANDSHAKE, "processing in state {0}:\n{1}", this.state, handshake);
        switch ($SWITCH_TABLE$gnu$javax$net$ssl$provider$ServerHandshake$State()[this.state.ordinal()]) {
            case 8:
                if (handshake.type() == Handshake.Type.CLIENT_HELLO) {
                    ClientHello clientHello = (ClientHello) handshake.body();
                    this.engine.session().version = chooseProtocol(clientHello.version(), this.engine.getEnabledProtocols());
                    this.engine.session().suite = chooseSuite(clientHello.cipherSuites(), this.engine.getEnabledCipherSuites(), this.engine.session().version);
                    this.compression = chooseCompression(clientHello.compressionMethods());
                    logger.logv(Component.SSL_HANDSHAKE, "chose version:{0} suite:{1} compression:{2}", this.engine.session().version, this.engine.session().suite, this.compression);
                    this.clientRandom = clientHello.random().copy();
                    byte[] sessionId = clientHello.sessionId();
                    if (clientHello.hasExtensions()) {
                        this.clientHadExtensions = clientHello.extensions().size() > 0;
                        Iterator<Extension> it = clientHello.extensions().iterator();
                        while (it.hasNext()) {
                            Extension next = it.next();
                            Extension.Type type = next.type();
                            if (type != null) {
                                switch ($SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type()[type.ordinal()]) {
                                    case 1:
                                        this.requestedNames = (ServerNameList) next.value();
                                        ArrayList arrayList = new ArrayList(this.requestedNames.size());
                                        Iterator<ServerNameList.ServerName> it2 = this.requestedNames.iterator();
                                        while (it2.hasNext()) {
                                            arrayList.add(it2.next().name());
                                        }
                                        this.engine.session().putValue("gnu.javax.net.ssl.RequestedServerNames", arrayList);
                                        break;
                                    case 2:
                                        MaxFragmentLength maxFragmentLength = (MaxFragmentLength) next.value();
                                        this.engine.session().maxLength = maxFragmentLength;
                                        this.engine.session().setApplicationBufferSize(maxFragmentLength.maxLength());
                                        break;
                                    case 3:
                                    case 4:
                                    default:
                                        logger.log(Level.INFO, "skipping unsupported extension {0}", next);
                                        break;
                                    case 5:
                                        this.engine.session().setTruncatedMac(true);
                                        break;
                                }
                            }
                        }
                    }
                    AbstractSessionContext abstractSessionContext = (AbstractSessionContext) this.engine.contextImpl.engineGetServerSessionContext();
                    SSLSession session = abstractSessionContext.getSession(sessionId);
                    logger.logv(Component.SSL_HANDSHAKE, "looked up saved session {0}", session);
                    if (session != null && session.isValid() && (session instanceof SessionImpl)) {
                        this.engine.setSession((SessionImpl) session);
                        this.continuedSession = true;
                    } else {
                        if (this.engine.session().id().equals(new Session.ID(sessionId))) {
                            byte[] bArr = new byte[32];
                            this.engine.session().random().nextBytes(bArr);
                            this.engine.session().setId(new Session.ID(bArr));
                        }
                        abstractSessionContext.put(this.engine.session());
                    }
                    this.state = State.WRITE_SERVER_HELLO;
                    break;
                } else {
                    throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNEXPECTED_MESSAGE));
                }
            case 9:
                if (handshake.type() == Handshake.Type.CERTIFICATE) {
                    Certificate certificate = (Certificate) handshake.body();
                    try {
                        this.engine.session().setPeerVerified(false);
                        x509CertificateArr = (X509Certificate[]) certificate.certificates().toArray(new X509Certificate[0]);
                    } catch (NoSuchAlgorithmException e) {
                        throw new SSLException(e);
                    } catch (CertificateException e2) {
                        if (this.engine.getNeedClientAuth()) {
                            SSLPeerUnverifiedException sSLPeerUnverifiedException = new SSLPeerUnverifiedException("client certificates could not be verified");
                            sSLPeerUnverifiedException.initCause(e2);
                            throw sSLPeerUnverifiedException;
                        }
                    }
                    if (x509CertificateArr.length != 0) {
                        this.certVerifier = new AbstractHandshake.CertVerifier(false, x509CertificateArr);
                        this.tasks.add(this.certVerifier);
                        this.engine.session().setPeerCertificates(x509CertificateArr);
                        this.clientCert = x509CertificateArr[0];
                        this.state = State.READ_CLIENT_KEY_EXCHANGE;
                        break;
                    } else {
                        throw new CertificateException("no certificates in chain");
                    }
                } else {
                    if (this.engine.getNeedClientAuth()) {
                        throw new SSLException("client auth required");
                    }
                    this.state = State.READ_CLIENT_KEY_EXCHANGE;
                    return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
                }
            case 10:
                if (handshake.type() == Handshake.Type.CLIENT_KEY_EXCHANGE) {
                    ClientKeyExchange clientKeyExchange = (ClientKeyExchange) handshake.body();
                    switch ($SWITCH_TABLE$gnu$javax$net$ssl$provider$KeyExchangeAlgorithm()[this.engine.session().suite.keyExchangeAlgorithm().ordinal()]) {
                        case 1:
                            Inflater inflater = null;
                            Deflater deflater = null;
                            if (this.compression == CompressionMethod.ZLIB) {
                                inflater = new Inflater();
                                deflater = new Deflater();
                            }
                            this.inParams = new InputSecurityParameters(null, null, inflater, this.engine.session(), this.engine.session().suite);
                            this.outParams = new OutputSecurityParameters(null, null, deflater, this.engine.session(), this.engine.session().suite);
                            this.engine.session().privateData.masterSecret = new byte[0];
                            break;
                        case 2:
                            this.keyExchangeTask = new RSAKeyExchange(((EncryptedPreMasterSecret) clientKeyExchange.exchangeKeys()).encryptedSecret());
                            this.tasks.add(this.keyExchangeTask);
                            break;
                        case 5:
                        case 6:
                        case 7:
                            ClientDiffieHellmanPublic clientDiffieHellmanPublic = (ClientDiffieHellmanPublic) clientKeyExchange.exchangeKeys();
                            DHPublicKey dHPublicKey = (DHPublicKey) this.dhPair.getPublic();
                            this.keyExchangeTask = new AbstractHandshake.DHPhase(this, new GnuDHPublicKey(null, dHPublicKey.getParams().getP(), dHPublicKey.getParams().getG(), clientDiffieHellmanPublic.publicValue()));
                            this.tasks.add(this.keyExchangeTask);
                            break;
                        case 8:
                            generatePSKSecret(((ClientPSKParameters) clientKeyExchange.exchangeKeys()).identity(), null, false);
                            break;
                        case 9:
                            ClientDHE_PSKParameters clientDHE_PSKParameters = (ClientDHE_PSKParameters) clientKeyExchange.exchangeKeys();
                            DHPublicKey dHPublicKey2 = (DHPublicKey) this.dhPair.getPublic();
                            GnuDHPublicKey gnuDHPublicKey = new GnuDHPublicKey(null, dHPublicKey2.getParams().getP(), dHPublicKey2.getParams().getG(), clientDHE_PSKParameters.params().publicValue());
                            SecretKey secretKey = null;
                            try {
                                secretKey = this.engine.contextImpl.pskManager.getKey(clientDHE_PSKParameters.identity());
                            } catch (KeyManagementException unused) {
                            }
                            this.keyExchangeTask = new AbstractHandshake.DHE_PSKGen(gnuDHPublicKey, secretKey, false);
                            this.tasks.add(this.keyExchangeTask);
                            break;
                        case 10:
                            ClientRSA_PSKParameters clientRSA_PSKParameters = (ClientRSA_PSKParameters) clientKeyExchange.exchangeKeys();
                            SecretKey secretKey2 = null;
                            try {
                                secretKey2 = this.engine.contextImpl.pskManager.getKey(clientRSA_PSKParameters.identity());
                            } catch (KeyManagementException unused2) {
                            }
                            if (secretKey2 == null) {
                                byte[] bArr2 = new byte[16];
                                this.engine.session().random().nextBytes(bArr2);
                                secretKey2 = new SecretKeySpec(bArr2, "DHE_PSK");
                            }
                            this.keyExchangeTask = new RSA_PSKExchange(clientRSA_PSKParameters.secret().encryptedSecret(), secretKey2);
                            this.tasks.add(this.keyExchangeTask);
                            break;
                    }
                    if (this.clientCert == null) {
                        this.state = State.READ_FINISHED;
                        break;
                    } else {
                        this.state = State.READ_CERTIFICATE_VERIFY;
                        break;
                    }
                } else {
                    throw new SSLException("expecting client key exchange");
                }
            case 11:
                if (handshake.type() == Handshake.Type.CERTIFICATE_VERIFY) {
                    try {
                        verifyClient(((CertificateVerify) handshake.body()).signature());
                        if (this.certVerifier != null && this.certVerifier.verified()) {
                            this.engine.session().setPeerVerified(true);
                        }
                    } catch (SignatureException e3) {
                        if (this.engine.getNeedClientAuth()) {
                            throw new SSLException("client auth failed", e3);
                        }
                    }
                    if (!this.continuedSession) {
                        this.state = State.READ_FINISHED;
                        break;
                    } else {
                        this.engine.changeCipherSpec();
                        this.state = State.WRITE_FINISHED;
                        break;
                    }
                } else {
                    throw new SSLException("expecting certificate verify message");
                }
                break;
            case 12:
                if (handshake.type() != Handshake.Type.FINISHED) {
                    throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNEXPECTED_MESSAGE));
                }
                Finished finished = (Finished) handshake.body();
                try {
                    Finished finished2 = new Finished(generateFinished((MessageDigest) this.md5.clone(), (MessageDigest) this.sha.clone(), true, this.engine.session()), this.engine.session().version);
                    logger.log(Component.SSL_HANDSHAKE, "server finished: {0}", finished2);
                    if (this.engine.session().version == ProtocolVersion.SSL_3) {
                        if (!Arrays.equals(finished.md5Hash(), finished2.md5Hash()) || !Arrays.equals(finished.shaHash(), finished2.shaHash())) {
                            this.engine.session().invalidate();
                            throw new SSLException("session verify failed");
                        }
                    } else if (!Arrays.equals(finished.verifyData(), finished2.verifyData())) {
                        this.engine.session().invalidate();
                        throw new SSLException("session verify failed");
                    }
                    if (!this.continuedSession) {
                        this.engine.changeCipherSpec();
                        this.state = State.WRITE_FINISHED;
                        break;
                    } else {
                        this.state = State.DONE;
                        break;
                    }
                } catch (CloneNotSupportedException e4) {
                    throw new SSLException(e4);
                }
                break;
        }
        this.handshakeOffset += handshake.length() + 4;
        return !this.tasks.isEmpty() ? SSLEngineResult.HandshakeStatus.NEED_TASK : this.state.isReadState() ? SSLEngineResult.HandshakeStatus.NEED_UNWRAP : this.state.isWriteState() ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.FINISHED;
    }

    /* JADX WARN: Code restructure failed: missing block: B:26:0x087e, code lost:
    
        if (r8.tasks.isEmpty() != false) goto L166;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0884, code lost:
    
        return javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_TASK;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x088c, code lost:
    
        if (r8.state.isWriteState() != false) goto L170;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0896, code lost:
    
        if (r8.outBuffer.hasRemaining() == false) goto L172;
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x08a4, code lost:
    
        if (r8.state.isReadState() == false) goto L176;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x08aa, code lost:
    
        return javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x08ae, code lost:
    
        return javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED;
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x089c, code lost:
    
        return javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_WRAP;
     */
    /* JADX WARN: Code restructure failed: missing block: B:76:0x02b6, code lost:
    
        r8.genDH = new gnu.javax.net.ssl.provider.ServerHandshake.GenDH(r8, null);
        r8.tasks.add(r8.genDH);
        r8.state = gnu.javax.net.ssl.provider.ServerHandshake.State.WRITE_SERVER_KEY_EXCHANGE;
     */
    /* JADX WARN: Code restructure failed: missing block: B:83:0x026d, code lost:
    
        if (r0 == gnu.javax.net.ssl.provider.KeyExchangeAlgorithm.DHE_DSS) goto L38;
     */
    /* JADX WARN: Code restructure failed: missing block: B:85:0x0275, code lost:
    
        if (r0 != gnu.javax.net.ssl.provider.KeyExchangeAlgorithm.DHE_RSA) goto L162;
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x0278, code lost:
    
        r8.genDH = new gnu.javax.net.ssl.provider.ServerHandshake.GenDH(r8, null);
        r8.tasks.add(r8.genDH);
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:22:0x0095. Please report as an issue. */
    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public javax.net.ssl.SSLEngineResult.HandshakeStatus implHandleOutput(java.nio.ByteBuffer r9) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 2223
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: gnu.javax.net.ssl.provider.ServerHandshake.implHandleOutput(java.nio.ByteBuffer):javax.net.ssl.SSLEngineResult$HandshakeStatus");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    public SSLEngineResult.HandshakeStatus status() {
        return !this.tasks.isEmpty() ? SSLEngineResult.HandshakeStatus.NEED_TASK : this.state.isReadState() ? SSLEngineResult.HandshakeStatus.NEED_UNWRAP : this.state.isWriteState() ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.FINISHED;
    }

    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    void checkKeyExchange() throws SSLException {
        KeyExchangeAlgorithm keyExchangeAlgorithm;
        if (this.continuedSession || (keyExchangeAlgorithm = this.engine.session().suite.keyExchangeAlgorithm()) == KeyExchangeAlgorithm.NONE || keyExchangeAlgorithm == KeyExchangeAlgorithm.PSK || keyExchangeAlgorithm == KeyExchangeAlgorithm.RSA_PSK) {
            return;
        }
        if (this.keyExchangeTask == null) {
            throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.INTERNAL_ERROR));
        }
        if (!this.keyExchangeTask.hasRun()) {
            throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.INTERNAL_ERROR));
        }
        if (this.keyExchangeTask.thrown() != null) {
            throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.HANDSHAKE_FAILURE), this.keyExchangeTask.thrown());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    public void handleV2Hello(ByteBuffer byteBuffer) {
        int i = byteBuffer.getShort(0) & Short.MAX_VALUE;
        this.md5.update((ByteBuffer) byteBuffer.duplicate().position(2).limit(i + 2));
        this.sha.update((ByteBuffer) byteBuffer.duplicate().position(2).limit(i + 2));
        this.helloV2 = true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ByteBuffer signParams(ByteBuffer byteBuffer) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        java.security.Signature signature = java.security.Signature.getInstance(this.engine.session().suite.signatureAlgorithm().algorithm());
        PrivateKey privateKey = this.engine.contextImpl.keyManager.getPrivateKey(this.keyAlias);
        logger.logv(Component.SSL_HANDSHAKE, "server key: {0}", privateKey);
        signature.initSign(privateKey);
        signature.update(this.clientRandom.buffer());
        signature.update(this.serverRandom.buffer());
        signature.update(byteBuffer);
        return new Signature(signature.sign(), this.engine.session().suite.signatureAlgorithm()).buffer();
    }

    private void verifyClient(byte[] bArr) throws SSLException, SignatureException {
        try {
            MessageDigest messageDigest = (MessageDigest) this.md5.clone();
            MessageDigest messageDigest2 = (MessageDigest) this.sha.clone();
            byte[] genV3CertificateVerify = this.engine.session().version == ProtocolVersion.SSL_3 ? genV3CertificateVerify(messageDigest, messageDigest2, this.engine.session()) : this.engine.session().suite.signatureAlgorithm() == SignatureAlgorithm.RSA ? Util.concat(messageDigest.digest(), messageDigest2.digest()) : messageDigest2.digest();
            try {
                java.security.Signature signature = java.security.Signature.getInstance(this.engine.session().suite.signatureAlgorithm().toString());
                signature.initVerify(this.clientCert);
                signature.update(genV3CertificateVerify);
                signature.verify(bArr);
            } catch (InvalidKeyException e) {
                throw new SSLException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SSLException(e2);
            }
        } catch (CloneNotSupportedException e3) {
            throw new SSLException(e3);
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type() {
        int[] iArr = $SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[Extension.Type.valuesCustom().length];
        try {
            iArr2[Extension.Type.CERT_TYPE.ordinal()] = 8;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[Extension.Type.CLIENT_CERTIFICATE_URL.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[Extension.Type.MAX_FRAGMENT_LENGTH.ordinal()] = 2;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[Extension.Type.SERVER_NAME.ordinal()] = 1;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[Extension.Type.SRP.ordinal()] = 7;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[Extension.Type.STATUS_REQUEST.ordinal()] = 6;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[Extension.Type.TRUNCATED_HMAC.ordinal()] = 5;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[Extension.Type.TRUSTED_CA_KEYS.ordinal()] = 4;
        } catch (NoSuchFieldError unused8) {
        }
        $SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type = iArr2;
        return iArr2;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$KeyExchangeAlgorithm() {
        int[] iArr = $SWITCH_TABLE$gnu$javax$net$ssl$provider$KeyExchangeAlgorithm;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[KeyExchangeAlgorithm.valuesCustom().length];
        try {
            iArr2[KeyExchangeAlgorithm.DHE_DSS.ordinal()] = 6;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.DHE_PSK.ordinal()] = 9;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.DHE_RSA.ordinal()] = 7;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.DH_DSS.ordinal()] = 3;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.DH_RSA.ordinal()] = 4;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.DH_anon.ordinal()] = 5;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.NONE.ordinal()] = 1;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.PSK.ordinal()] = 8;
        } catch (NoSuchFieldError unused8) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.RSA.ordinal()] = 2;
        } catch (NoSuchFieldError unused9) {
        }
        try {
            iArr2[KeyExchangeAlgorithm.RSA_PSK.ordinal()] = 10;
        } catch (NoSuchFieldError unused10) {
        }
        $SWITCH_TABLE$gnu$javax$net$ssl$provider$KeyExchangeAlgorithm = iArr2;
        return iArr2;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$ServerHandshake$State() {
        int[] iArr = $SWITCH_TABLE$gnu$javax$net$ssl$provider$ServerHandshake$State;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[State.valuesCustom().length];
        try {
            iArr2[State.DONE.ordinal()] = 13;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[State.READ_CERTIFICATE.ordinal()] = 9;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[State.READ_CERTIFICATE_VERIFY.ordinal()] = 11;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[State.READ_CLIENT_HELLO.ordinal()] = 8;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[State.READ_CLIENT_KEY_EXCHANGE.ordinal()] = 10;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[State.READ_FINISHED.ordinal()] = 12;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[State.WRITE_CERTIFICATE.ordinal()] = 3;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[State.WRITE_CERTIFICATE_REQUEST.ordinal()] = 5;
        } catch (NoSuchFieldError unused8) {
        }
        try {
            iArr2[State.WRITE_FINISHED.ordinal()] = 7;
        } catch (NoSuchFieldError unused9) {
        }
        try {
            iArr2[State.WRITE_HELLO_REQUEST.ordinal()] = 1;
        } catch (NoSuchFieldError unused10) {
        }
        try {
            iArr2[State.WRITE_SERVER_HELLO.ordinal()] = 2;
        } catch (NoSuchFieldError unused11) {
        }
        try {
            iArr2[State.WRITE_SERVER_HELLO_DONE.ordinal()] = 6;
        } catch (NoSuchFieldError unused12) {
        }
        try {
            iArr2[State.WRITE_SERVER_KEY_EXCHANGE.ordinal()] = 4;
        } catch (NoSuchFieldError unused13) {
        }
        $SWITCH_TABLE$gnu$javax$net$ssl$provider$ServerHandshake$State = iArr2;
        return iArr2;
    }
}
