package org.conscrypt;

import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHPublicKeySpec;
import org.apache.poi.ss.formula.ptg.RefErrorPtg;

/* loaded from: classes3.dex */
public class ServerHandshakeImpl extends HandshakeProtocol {
    private PrivateKey privKey;

    public ServerHandshakeImpl(Object obj) {
        super(obj);
        this.status = 1;
    }

    private SSLSessionImpl findSessionToResume(byte[] bArr) {
        return (SSLSessionImpl) this.parameters.getServerSessionContext().getSession(bArr);
    }

    private CipherSuite selectSuite(CipherSuite[] cipherSuiteArr) {
        for (CipherSuite cipherSuite : cipherSuiteArr) {
            if (cipherSuite.supported) {
                for (CipherSuite cipherSuite2 : this.parameters.getEnabledCipherSuitesMember()) {
                    if (cipherSuite.equals(cipherSuite2)) {
                        return cipherSuite;
                    }
                }
            }
        }
        return null;
    }

    @Override // org.conscrypt.HandshakeProtocol
    protected void makeFinished() {
        byte[] bArr;
        boolean z = this.serverHello.server_version[1] == 1;
        if (z) {
            bArr = new byte[12];
            computerVerifyDataTLS("server finished", bArr);
        } else {
            bArr = new byte[36];
            computerVerifyDataSSLv3(SSLv3Constants.server, bArr);
        }
        this.serverFinished = new Finished(bArr);
        send(this.serverFinished);
        if (!this.isResuming) {
            this.session.lastAccessedTime = System.currentTimeMillis();
            this.status = 3;
        } else {
            if (z) {
                computerReferenceVerifyDataTLS("client finished");
            } else {
                computerReferenceVerifyDataSSLv3(SSLv3Constants.client);
            }
            this.status = 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:101:0x02b4  */
    /* JADX WARN: Removed duplicated region for block: B:103:0x03ef  */
    /* JADX WARN: Removed duplicated region for block: B:116:0x02d0  */
    /* JADX WARN: Removed duplicated region for block: B:86:0x022b  */
    /* JADX WARN: Type inference failed for: r0v71, types: [int] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void processClientHello() {
        /*
            Method dump skipped, instructions count: 1073
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.conscrypt.ServerHandshakeImpl.processClientHello():void");
    }

    @Override // org.conscrypt.HandshakeProtocol
    public void receiveChangeCipherSpec() {
        if (this.isResuming) {
            if (this.serverFinished == null) {
                unexpectedMessage();
                return;
            } else {
                this.changeCipherSpecReceived = true;
                return;
            }
        }
        if ((this.parameters.getNeedClientAuth() && this.clientCert == null) || this.clientKeyExchange == null || (this.clientCert != null && this.clientCert.certs.length > 0 && !this.clientKeyExchange.isEmpty() && this.certificateVerify == null)) {
            unexpectedMessage();
        } else {
            this.changeCipherSpecReceived = true;
        }
        if (this.serverHello.server_version[1] == 1) {
            computerReferenceVerifyDataTLS("client finished");
        } else {
            computerReferenceVerifyDataSSLv3(SSLv3Constants.client);
        }
    }

    @Override // org.conscrypt.HandshakeProtocol
    public void start() {
        if (this.session == null) {
            this.status = 1;
        } else if (this.clientHello == null || this.status == 3) {
            sendHelloRequest();
            this.status = 1;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x0031. Please report as an issue. */
    @Override // org.conscrypt.HandshakeProtocol
    public void unwrap(byte[] bArr) {
        int read;
        int readUint24;
        this.io_stream.append(bArr);
        while (this.io_stream.available() > 0) {
            this.io_stream.mark();
            try {
                read = this.io_stream.read();
                readUint24 = this.io_stream.readUint24();
            } catch (IOException e) {
                this.io_stream.reset();
                return;
            }
            if (this.io_stream.available() < readUint24) {
                this.io_stream.reset();
                return;
            }
            switch (read) {
                case 1:
                    if (this.clientHello != null && this.status != 3) {
                        unexpectedMessage();
                        return;
                    }
                    this.needSendHelloRequest = false;
                    this.clientHello = new ClientHello(this.io_stream, readUint24);
                    if (this.nonBlocking) {
                        this.delegatedTasks.add(new DelegatedTask(new aa(this), this));
                        return;
                    }
                    processClientHello();
                    break;
                case 11:
                    if (this.isResuming || this.certificateRequest == null || this.serverHelloDone == null || this.clientCert != null) {
                        unexpectedMessage();
                        return;
                    }
                    this.clientCert = new CertificateMessage(this.io_stream, readUint24);
                    if (this.clientCert.certs.length != 0) {
                        try {
                            this.parameters.getTrustManager().checkClientTrusted(this.clientCert.certs, this.clientCert.getAuthType());
                        } catch (CertificateException e2) {
                            fatalAlert(RefErrorPtg.sid, "Untrusted Client Certificate ", e2);
                        }
                        this.session.peerCertificates = this.clientCert.certs;
                    } else if (this.parameters.getNeedClientAuth()) {
                        fatalAlert((byte) 40, "HANDSHAKE FAILURE: no client certificate received");
                    }
                    break;
                case 15:
                    if (this.isResuming || this.clientKeyExchange == null || this.clientCert == null || this.clientKeyExchange.isEmpty() || this.certificateVerify != null || this.changeCipherSpecReceived) {
                        unexpectedMessage();
                        return;
                    }
                    this.certificateVerify = new CertificateVerify(this.io_stream, readUint24);
                    String authType = this.clientCert.getAuthType();
                    DigitalSignature digitalSignature = new DigitalSignature(authType);
                    digitalSignature.init(this.clientCert.certs[0]);
                    byte[] bArr2 = null;
                    byte[] bArr3 = null;
                    if ("RSA".equals(authType)) {
                        bArr2 = this.io_stream.getDigestMD5withoutLast();
                        bArr3 = this.io_stream.getDigestSHAwithoutLast();
                    } else if ("DSA".equals(authType)) {
                        bArr3 = this.io_stream.getDigestSHAwithoutLast();
                    }
                    digitalSignature.setMD5(bArr2);
                    digitalSignature.setSHA(bArr3);
                    if (!digitalSignature.verifySignature(this.certificateVerify.signedHash)) {
                        fatalAlert((byte) 51, "DECRYPT ERROR: CERTIFICATE_VERIFY incorrect signature");
                    }
                    break;
                case 16:
                    if (this.isResuming || this.serverHelloDone == null || this.clientKeyExchange != null || (this.clientCert == null && this.parameters.getNeedClientAuth())) {
                        unexpectedMessage();
                        return;
                    }
                    if (this.session.cipherSuite.keyExchange == 1 || this.session.cipherSuite.keyExchange == 2) {
                        this.clientKeyExchange = new ClientKeyExchange(this.io_stream, readUint24, this.serverHello.server_version[1] == 1, true);
                        try {
                            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                            cipher.init(4, this.privKey);
                            this.preMasterSecret = cipher.unwrap(this.clientKeyExchange.exchange_keys, "preMasterSecret", 3).getEncoded();
                            if (this.preMasterSecret.length != 48 || this.preMasterSecret[0] != this.clientHello.client_version[0] || this.preMasterSecret[1] != this.clientHello.client_version[1]) {
                                this.preMasterSecret = new byte[48];
                                this.parameters.getSecureRandom().nextBytes(this.preMasterSecret);
                            }
                        } catch (Exception e3) {
                            fatalAlert((byte) 80, "INTERNAL ERROR", e3);
                        }
                        computerMasterSecret();
                    } else {
                        this.clientKeyExchange = new ClientKeyExchange(this.io_stream, readUint24, this.serverHello.server_version[1] == 1, false);
                        if (this.clientKeyExchange.isEmpty()) {
                            this.preMasterSecret = ((DHPublicKey) this.clientCert.certs[0].getPublicKey()).getY().toByteArray();
                        } else {
                            try {
                                KeyFactory keyFactory = KeyFactory.getInstance("DH");
                                KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
                                PublicKey generatePublic = keyFactory.generatePublic(new DHPublicKeySpec(new BigInteger(1, this.clientKeyExchange.exchange_keys), this.serverKeyExchange.par1, this.serverKeyExchange.par2));
                                keyAgreement.init(this.privKey);
                                keyAgreement.doPhase(generatePublic, true);
                                this.preMasterSecret = keyAgreement.generateSecret();
                            } catch (Exception e4) {
                                fatalAlert((byte) 80, "INTERNAL ERROR", e4);
                                return;
                            }
                        }
                        computerMasterSecret();
                    }
                    this.io_stream.reset();
                    return;
                case 20:
                    if (!this.isResuming && !this.changeCipherSpecReceived) {
                        unexpectedMessage();
                        return;
                    }
                    this.clientFinished = new Finished(this.io_stream, readUint24);
                    verifyFinished(this.clientFinished.getData());
                    this.session.context = this.parameters.getServerSessionContext();
                    this.parameters.getServerSessionContext().putSession(this.session);
                    if (this.isResuming) {
                        this.session.lastAccessedTime = System.currentTimeMillis();
                        this.status = 3;
                    } else {
                        sendChangeCipherSpec();
                    }
                    break;
                default:
                    unexpectedMessage();
                    return;
            }
        }
    }

    @Override // org.conscrypt.HandshakeProtocol
    public void unwrapSSLv2(byte[] bArr) {
        this.io_stream.append(bArr);
        this.io_stream.mark();
        try {
            this.clientHello = new ClientHello(this.io_stream);
            if (this.nonBlocking) {
                this.delegatedTasks.add(new DelegatedTask(new ab(this), this));
            } else {
                processClientHello();
            }
        } catch (IOException e) {
            this.io_stream.reset();
        }
    }
}
