package com.sun.net.ssl.internal.ssl;

import com.sun.net.ssl.internal.ssl.CipherSuite;
import com.sun.net.ssl.internal.ssl.HandshakeMessage;
import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import sun.misc.HexDumpEncoder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:118668-06/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/Handshaker.class */
public abstract class Handshaker implements CipherSuiteConstants {
    ProtocolVersion protocolVersion;
    ProtocolList enabledProtocols;
    private boolean isClient;
    SSLSocketImpl conn;
    SSLEngineImpl engine;
    HandshakeHash handshakeHash;
    HandshakeInStream input;
    HandshakeOutStream output;
    int state;
    SSLContextImpl sslContext;
    RandomCookie clnt_random;
    RandomCookie svr_random;
    SSLSessionImpl session;
    private MessageDigest md5Tmp;
    private MessageDigest shaTmp;
    CipherSuiteList enabledCipherSuites;
    CipherSuite cipherSuite;
    CipherSuite.KeyExchange keyExchange;
    boolean resumingSession;
    boolean enableNewSession;
    private byte[] clntWriteKey;
    private byte[] svrWriteKey;
    private byte[] clntWriteIV;
    private byte[] svrWriteIV;
    private byte[] clntMacSecret;
    private byte[] svrMacSecret;
    private boolean taskDelegated;
    private DelegatedTask delegatedTask;
    private Exception thrown;
    static final Debug debug = Debug.getInstance("ssl");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:118668-06/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/Handshaker$DelegatedTask.class */
    public class DelegatedTask implements Runnable {
        private PrivilegedExceptionAction pea;

        DelegatedTask(PrivilegedExceptionAction privilegedExceptionAction) {
            this.pea = privilegedExceptionAction;
        }

        @Override // java.lang.Runnable
        public void run() {
            synchronized (Handshaker.this.engine) {
                try {
                    try {
                        AccessController.doPrivileged(this.pea, Handshaker.this.engine.getAcc());
                    } catch (PrivilegedActionException e) {
                        Handshaker.this.thrown = e.getException();
                    }
                } catch (RuntimeException e2) {
                    Handshaker.this.thrown = e2;
                }
                Handshaker.this.delegatedTask = null;
                Handshaker.this.taskDelegated = false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2) {
        this.conn = null;
        this.engine = null;
        this.taskDelegated = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.conn = sSLSocketImpl;
        init(sSLContextImpl, protocolList, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLEngineImpl sSLEngineImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2) {
        this.conn = null;
        this.engine = null;
        this.taskDelegated = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.engine = sSLEngineImpl;
        init(sSLContextImpl, protocolList, z, z2);
    }

    private void init(SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2) {
        this.sslContext = sSLContextImpl;
        this.isClient = z2;
        this.enableNewSession = true;
        setCipherSuite(CipherSuite.C_NULL);
        this.md5Tmp = JsseJce.getMD5();
        this.shaTmp = JsseJce.getSHA();
        this.handshakeHash = new HandshakeHash(z);
        setEnabledProtocols(protocolList);
        if (this.conn != null) {
            this.conn.getAppInputStream().r.setHandshakeHash(this.handshakeHash);
        } else {
            this.engine.inputRecord.setHandshakeHash(this.handshakeHash);
        }
        this.state = -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, String str) throws IOException {
        fatalSE(b, str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, Throwable th) throws IOException {
        fatalSE(b, null, th);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, String str, Throwable th) throws IOException {
        if (this.conn != null) {
            this.conn.fatal(b, str, th);
        } else {
            this.engine.fatal(b, str, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void warningSE(byte b) {
        if (this.conn != null) {
            this.conn.warning(b);
        } else {
            this.engine.warning(b);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHostSE() {
        return this.conn != null ? this.conn.getHost() : this.engine.getPeerHost();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHostAddressSE() {
        return this.conn != null ? this.conn.getInetAddress().getHostAddress() : this.engine.getPeerHost();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLoopbackSE() {
        if (this.conn != null) {
            return this.conn.getInetAddress().isLoopbackAddress();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getPortSE() {
        return this.conn != null ? this.conn.getPort() : this.engine.getPeerPort();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getLocalPortSE() {
        if (this.conn != null) {
            return this.conn.getLocalPort();
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlContext getAccSE() {
        return this.conn != null ? this.conn.getAcc() : this.engine.getAcc();
    }

    private void setVersionSE(ProtocolVersion protocolVersion) {
        if (this.conn != null) {
            this.conn.setVersion(protocolVersion);
        } else {
            this.engine.setVersion(protocolVersion);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setVersion(ProtocolVersion protocolVersion) {
        this.protocolVersion = protocolVersion;
        setVersionSE(protocolVersion);
        this.output.r.setVersion(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEnabledProtocols(ProtocolList protocolList) {
        this.enabledProtocols = protocolList;
        this.protocolVersion = protocolList.max;
        ProtocolVersion protocolVersion = protocolList.helloVersion;
        this.input = new HandshakeInStream(this.handshakeHash);
        if (this.conn != null) {
            this.output = new HandshakeOutStream(this.protocolVersion, protocolVersion, this.handshakeHash, this.conn);
            this.conn.getAppInputStream().r.setHelloVersion(protocolVersion);
        } else {
            this.output = new HandshakeOutStream(this.protocolVersion, protocolVersion, this.handshakeHash, this.engine);
            this.engine.outputRecord.setHelloVersion(protocolVersion);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCipherSuite(CipherSuite cipherSuite) {
        this.cipherSuite = cipherSuite;
        this.keyExchange = cipherSuite.keyExchange;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isEnabled(CipherSuite cipherSuite) {
        return this.enabledCipherSuites.contains(cipherSuite) && cipherSuite.isAvailable();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEnableSessionCreation(boolean z) {
        this.enableNewSession = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherBox newReadCipher() throws NoSuchAlgorithmException {
        CipherBox newCipher;
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        if (this.isClient) {
            newCipher = bulkCipher.newCipher(this.protocolVersion, this.svrWriteKey, this.svrWriteIV, false);
            this.svrWriteKey = null;
            this.svrWriteIV = null;
        } else {
            newCipher = bulkCipher.newCipher(this.protocolVersion, this.clntWriteKey, this.clntWriteIV, false);
            this.clntWriteKey = null;
            this.clntWriteIV = null;
        }
        return newCipher;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherBox newWriteCipher() throws NoSuchAlgorithmException {
        CipherBox newCipher;
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        if (this.isClient) {
            newCipher = bulkCipher.newCipher(this.protocolVersion, this.clntWriteKey, this.clntWriteIV, true);
            this.clntWriteKey = null;
            this.clntWriteIV = null;
        } else {
            newCipher = bulkCipher.newCipher(this.protocolVersion, this.svrWriteKey, this.svrWriteIV, true);
            this.svrWriteKey = null;
            this.svrWriteIV = null;
        }
        return newCipher;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MAC newReadMAC() throws NoSuchAlgorithmException {
        MAC newMac;
        CipherSuite.MacAlg macAlg = this.cipherSuite.macAlg;
        if (this.isClient) {
            newMac = macAlg.newMac(this.protocolVersion, this.svrMacSecret);
            this.svrMacSecret = null;
        } else {
            newMac = macAlg.newMac(this.protocolVersion, this.clntMacSecret);
            this.clntMacSecret = null;
        }
        return newMac;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MAC newWriteMAC() throws NoSuchAlgorithmException {
        MAC newMac;
        CipherSuite.MacAlg macAlg = this.cipherSuite.macAlg;
        if (this.isClient) {
            newMac = macAlg.newMac(this.protocolVersion, this.clntMacSecret);
            this.clntMacSecret = null;
        } else {
            newMac = macAlg.newMac(this.protocolVersion, this.svrMacSecret);
            this.svrMacSecret = null;
        }
        return newMac;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isDone() {
        return this.state == 20;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSessionImpl getSession() {
        return this.session;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void process_record(InputRecord inputRecord, boolean z) throws IOException {
        checkThrown();
        this.input.incomingRecord(inputRecord);
        if (this.conn != null || z) {
            processLoop();
        } else {
            delegateTask(new PrivilegedExceptionAction() { // from class: com.sun.net.ssl.internal.ssl.Handshaker.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Handshaker.this.processLoop();
                    return null;
                }
            });
        }
    }

    void processLoop() throws IOException {
        while (this.input.available() > 0) {
            this.input.mark(4);
            byte int8 = (byte) this.input.getInt8();
            int int24 = this.input.getInt24();
            if (this.input.available() < int24) {
                this.input.reset();
                return;
            } else if (int8 == 0) {
                this.input.reset();
                processMessage(int8, int24);
                this.input.ignore(4 + int24);
            } else {
                this.input.mark(int24);
                processMessage(int8, int24);
                this.input.digestNow();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean started() {
        return this.state >= 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void kickstart() throws IOException {
        if (this.state >= 0) {
            return;
        }
        HandshakeMessage kickstartMessage = getKickstartMessage();
        if (debug != null && Debug.isOn("handshake")) {
            kickstartMessage.print(System.out);
        }
        kickstartMessage.write(this.output);
        this.output.flush();
        this.state = kickstartMessage.messageType();
    }

    abstract HandshakeMessage getKickstartMessage() throws SSLException;

    abstract void processMessage(byte b, int i) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void handshakeAlert(byte b) throws SSLProtocolException;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v46, types: [com.sun.net.ssl.internal.ssl.OutputRecord] */
    public void sendChangeCipherSpec(HandshakeMessage.Finished finished, boolean z) throws IOException {
        this.output.flush();
        EngineOutputRecord outputRecord = this.conn != null ? new OutputRecord((byte) 20) : new EngineOutputRecord((byte) 20, this.engine);
        outputRecord.setVersion(this.protocolVersion);
        outputRecord.write(1);
        if (this.conn != null) {
            synchronized (this.conn.writeLock) {
                this.conn.writeRecord(outputRecord);
                this.conn.changeWriteCiphers();
                if (debug != null && Debug.isOn("handshake")) {
                    finished.print(System.out);
                }
                finished.write(this.output);
                this.output.flush();
            }
            return;
        }
        synchronized (this.engine.wrapLock) {
            this.engine.writeRecord(outputRecord);
            this.engine.changeWriteCiphers();
            if (debug != null && Debug.isOn("handshake")) {
                finished.print(System.out);
            }
            finished.write(this.output);
            if (z) {
                this.output.setFinishedMsg();
            }
            this.output.flush();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void calculateKeys(byte[] bArr) {
        byte[] calculateMasterSecret = calculateMasterSecret(bArr);
        this.session.setMasterSecret(calculateMasterSecret);
        calculateConnectionKeys(calculateMasterSecret);
    }

    private byte[] calculateMasterSecret(byte[] bArr) {
        byte[] bArr2 = new byte[48];
        if (debug != null && Debug.isOn("keygen")) {
            try {
                HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
                System.out.println("SESSION KEYGEN:");
                System.out.println("PreMaster Secret:");
                hexDumpEncoder.encodeBuffer(bArr, System.out);
            } catch (IOException e) {
            }
        }
        if (this.protocolVersion.v >= ProtocolVersion.TLS10.v) {
            doPRF(bArr, PRF.LABEL_MASTER_SECRET, bArr2);
        } else {
            for (int i = 0; i < 3; i++) {
                byte b = (byte) (65 + i);
                for (int i2 = 0; i2 <= i; i2++) {
                    this.shaTmp.update(b);
                }
                this.shaTmp.update(bArr);
                this.shaTmp.update(this.clnt_random.random_bytes);
                this.shaTmp.update(this.svr_random.random_bytes);
                this.md5Tmp.update(bArr);
                this.md5Tmp.update(this.shaTmp.digest());
                System.arraycopy(this.md5Tmp.digest(), 0, bArr2, 16 * i, 16);
            }
        }
        return bArr2;
    }

    private void doPRF(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        PRF.compute(this.md5Tmp, this.shaTmp, bArr, bArr2, this.clnt_random.random_bytes, this.svr_random.random_bytes, bArr3);
    }

    private void doKeyExpansionPRF(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        PRF.compute(this.md5Tmp, this.shaTmp, bArr, bArr2, this.svr_random.random_bytes, this.clnt_random.random_bytes, bArr3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void calculateConnectionKeys(byte[] bArr) {
        int i = this.cipherSuite.macAlg.size;
        boolean z = this.cipherSuite.exportable;
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        int i2 = bulkCipher.keySize;
        int i3 = bulkCipher.ivSize;
        int i4 = (i + i2 + (z ? 0 : i3)) * 2;
        byte[] bArr2 = new byte[i4];
        if (this.protocolVersion.v >= ProtocolVersion.TLS10.v) {
            doKeyExpansionPRF(bArr, PRF.LABEL_KEY_EXPANSION, bArr2);
        } else {
            int i5 = 0;
            for (int i6 = i4; i6 > 0; i6 -= 16) {
                byte b = (byte) (65 + i5);
                for (int i7 = 0; i7 <= i5; i7++) {
                    this.shaTmp.update(b);
                }
                this.shaTmp.update(bArr);
                this.shaTmp.update(this.svr_random.random_bytes);
                this.shaTmp.update(this.clnt_random.random_bytes);
                this.md5Tmp.update(bArr);
                this.md5Tmp.update(this.shaTmp.digest());
                System.arraycopy(this.md5Tmp.digest(), 0, bArr2, i5 * 16, Math.min(i6, 16));
                i5++;
            }
        }
        this.clntMacSecret = new byte[i];
        this.svrMacSecret = new byte[i];
        System.arraycopy(bArr2, 0, this.clntMacSecret, 0, i);
        System.arraycopy(bArr2, i, this.svrMacSecret, 0, i);
        this.clntWriteKey = new byte[i2];
        this.svrWriteKey = new byte[i2];
        System.arraycopy(bArr2, 2 * i, this.clntWriteKey, 0, i2);
        System.arraycopy(bArr2, (2 * i) + i2, this.svrWriteKey, 0, i2);
        if (i3 != 0) {
            this.clntWriteIV = new byte[i3];
            this.svrWriteIV = new byte[i3];
            if (!z) {
                System.arraycopy(bArr2, 2 * (i + i2), this.clntWriteIV, 0, i3);
                System.arraycopy(bArr2, (2 * (i + i2)) + i3, this.svrWriteIV, 0, i3);
            }
        } else {
            this.clntWriteIV = null;
            this.svrWriteIV = null;
        }
        if (z) {
            int i8 = bulkCipher.expandedKeySize;
            if (this.protocolVersion.v >= ProtocolVersion.TLS10.v) {
                byte[] bArr3 = new byte[i8];
                doPRF(this.clntWriteKey, PRF.LABEL_CLIENT_WRITE_KEY, bArr3);
                this.clntWriteKey = bArr3;
                byte[] bArr4 = new byte[i8];
                doPRF(this.svrWriteKey, PRF.LABEL_SERVER_WRITE_KEY, bArr4);
                this.svrWriteKey = bArr4;
                if (i3 != 0) {
                    byte[] bArr5 = new byte[2 * i3];
                    doPRF(null, PRF.LABEL_IV_BLOCK, bArr5);
                    System.arraycopy(bArr5, 0, this.clntWriteIV, 0, i3);
                    System.arraycopy(bArr5, i3, this.svrWriteIV, 0, i3);
                }
            } else {
                this.md5Tmp.update(this.clntWriteKey);
                this.md5Tmp.update(this.clnt_random.random_bytes);
                this.md5Tmp.update(this.svr_random.random_bytes);
                this.clntWriteKey = new byte[i8];
                System.arraycopy(this.md5Tmp.digest(), 0, this.clntWriteKey, 0, i8);
                this.md5Tmp.update(this.svrWriteKey);
                this.md5Tmp.update(this.svr_random.random_bytes);
                this.md5Tmp.update(this.clnt_random.random_bytes);
                this.svrWriteKey = new byte[i8];
                System.arraycopy(this.md5Tmp.digest(), 0, this.svrWriteKey, 0, i8);
                if (i3 != 0) {
                    this.md5Tmp.update(this.clnt_random.random_bytes);
                    this.md5Tmp.update(this.svr_random.random_bytes);
                    System.arraycopy(this.md5Tmp.digest(), 0, this.clntWriteIV, 0, i3);
                    this.md5Tmp.update(this.svr_random.random_bytes);
                    this.md5Tmp.update(this.clnt_random.random_bytes);
                    System.arraycopy(this.md5Tmp.digest(), 0, this.svrWriteIV, 0, i3);
                }
            }
        }
        if (debug == null || !Debug.isOn("keygen")) {
            return;
        }
        try {
            HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
            System.out.println("CONNECTION KEYGEN:");
            System.out.println("Client Nonce:");
            hexDumpEncoder.encodeBuffer(this.clnt_random.random_bytes, System.out);
            System.out.println("Server Nonce:");
            hexDumpEncoder.encodeBuffer(this.svr_random.random_bytes, System.out);
            System.out.println("Master Secret:");
            hexDumpEncoder.encodeBuffer(bArr, System.out);
            System.out.println("Client MAC write Secret:");
            hexDumpEncoder.encodeBuffer(this.clntMacSecret, System.out);
            System.out.println("Server MAC write Secret:");
            hexDumpEncoder.encodeBuffer(this.svrMacSecret, System.out);
            System.out.println("Client write key:");
            hexDumpEncoder.encodeBuffer(this.clntWriteKey, System.out);
            System.out.println("Server write key:");
            hexDumpEncoder.encodeBuffer(this.svrWriteKey, System.out);
            if (this.clntWriteIV != null) {
                System.out.println("Client write IV:");
                hexDumpEncoder.encodeBuffer(this.clntWriteIV, System.out);
                System.out.println("Server write IV:");
                hexDumpEncoder.encodeBuffer(this.svrWriteIV, System.out);
            } else {
                System.out.println("... no IV for cipher");
            }
        } catch (IOException e) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void throwSSLException(String str, Throwable th) throws SSLException {
        SSLException sSLException = new SSLException(str);
        sSLException.initCause(th);
        throw sSLException;
    }

    private void delegateTask(PrivilegedExceptionAction privilegedExceptionAction) {
        this.delegatedTask = new DelegatedTask(privilegedExceptionAction);
        this.taskDelegated = false;
        this.thrown = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DelegatedTask getTask() {
        if (this.taskDelegated) {
            return null;
        }
        this.taskDelegated = true;
        return this.delegatedTask;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean taskOutstanding() {
        return this.delegatedTask != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkThrown() throws SSLException {
        if (this.thrown != null) {
            String message = this.thrown.getMessage();
            if (message == null) {
                message = "Delegated task threw Exception/Error";
            }
            Exception exc = this.thrown;
            this.thrown = null;
            if (exc instanceof RuntimeException) {
                throw ((RuntimeException) new RuntimeException(message).initCause(exc));
            }
            if (exc instanceof SSLHandshakeException) {
                throw ((SSLHandshakeException) new SSLHandshakeException(message).initCause(exc));
            }
            if (exc instanceof SSLKeyException) {
                throw ((SSLKeyException) new SSLKeyException(message).initCause(exc));
            }
            if (exc instanceof SSLPeerUnverifiedException) {
                throw ((SSLPeerUnverifiedException) new SSLPeerUnverifiedException(message).initCause(exc));
            }
            if (!(exc instanceof SSLProtocolException)) {
                throw ((SSLException) new SSLException(message).initCause(exc));
            }
            throw ((SSLProtocolException) new SSLProtocolException(message).initCause(exc));
        }
    }
}
