package com.enterprisedt.net.puretls;

import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.cryptix.provider.rsa.RawRSAPublicKey;
import com.enterprisedt.net.puretls.crypto.Blindable;
import com.enterprisedt.net.puretls.crypto.DHPublicKey;
import com.enterprisedt.util.debug.Logger;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPublicKey;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:home/mailcollector/ibmsdduu.jar:com/enterprisedt/net/puretls/M.class */
public class M extends C0020u {
    private static Logger V = Logger.getLogger("com.enterprisedt.net.puretls.SSLServerKeyExchange");
    C0014o W;
    C0009j T;
    C0020u U;
    String S;
    E R = new E(-65535);
    int X = 0;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.enterprisedt.net.puretls.C0020u, com.enterprisedt.net.puretls.K
    public int A(C0008i c0008i, OutputStream outputStream) throws IOException {
        Signature signature;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        switch (c0008i.b.O.K()) {
            case 1:
                c0008i.b.P = c0008i.V.A(c0008i.T.dhAlwaysEphemeralP());
                C0014o c0014o = new C0014o(c0008i.b.P);
                this.W = c0014o;
                this.U = c0014o;
                break;
            case 2:
                c0008i.b.j = c0008i.V.F();
                c0008i.b.Z = c0008i.V.I();
                C0009j c0009j = new C0009j(c0008i.V.I());
                this.T = c0009j;
                this.U = c0009j;
                break;
            default:
                throw new Error("Unknown key exchange algorithm");
        }
        this.U.A(c0008i, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        try {
            PrivateKey B = c0008i.V.B();
            String F = c0008i.b.O.F();
            if (F.equals("RawDSA")) {
                Signature signature2 = Signature.getInstance(F, Cryptix.PROVIDER_NAME);
                V.debug(new StringBuffer().append("encode: alg=").append(F).append(",provider=").append(signature2.getProvider().getName()).toString());
                signature2.setParameter("SecureRandom", c0008i.b.e);
                signature = signature2;
            } else {
                if (!F.equals("RawRSA")) {
                    throw new Exception("Unknown key type");
                }
                Signature signature3 = Signature.getInstance(F, Cryptix.PROVIDER_NAME);
                V.debug(new StringBuffer().append("encode: alg=").append(F).append(",provider=").append(signature3.getProvider().getName()).toString());
                ((Blindable) signature3).setBlindingInfo(c0008i.b.e, (CryptixRSAPublicKey) c0008i.V.G());
                signature = signature3;
            }
            signature.initSign(B);
            signature.update(A(c0008i, F, byteArray));
            byte[] sign = signature.sign();
            SSLDebug.debug(8, "Signed Data", byteArray);
            SSLDebug.debug(8, "Signature Data", sign);
            this.R.G = sign;
            this.X = this.U.A(c0008i, outputStream);
            this.X += this.R.A(c0008i, outputStream);
            return this.X;
        } catch (Exception e) {
            throw new InternalError(e.toString());
        }
    }

    @Override // com.enterprisedt.net.puretls.C0020u, com.enterprisedt.net.puretls.K
    public int A(C0008i c0008i, InputStream inputStream) throws Error, IOException {
        int A;
        PublicKey rawRSAPublicKey;
        PublicKey publicKey = c0008i.b.L;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (!c0008i.b.O.A(publicKey)) {
            c0008i.B(R.B);
        }
        switch (c0008i.b.O.K()) {
            case 1:
                this.W = new C0014o();
                A = this.W.A(c0008i, inputStream);
                this.W.A(c0008i, byteArrayOutputStream);
                rawRSAPublicKey = new DHPublicKey(new BigInteger(1, this.W.n.G), new BigInteger(1, this.W.o.G), new BigInteger(1, this.W.p.G));
                break;
            case 2:
                this.T = new C0009j();
                A = this.T.A(c0008i, inputStream);
                this.T.A(c0008i, byteArrayOutputStream);
                BigInteger bigInteger = new BigInteger(1, this.T.m.G);
                BigInteger bigInteger2 = new BigInteger(1, this.T.l.G);
                if (bigInteger.bitLength() > 512) {
                    c0008i.B(R.B);
                }
                rawRSAPublicKey = new RawRSAPublicKey(bigInteger, bigInteger2);
                break;
            default:
                throw new Error("Unknown key exchange algorithm");
        }
        int i = A;
        int A2 = A + this.R.A(c0008i, inputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (byteArray.length != i) {
            throw new InternalError("Inconsistency in param size");
        }
        try {
            String F = c0008i.b.O.F();
            Signature signature = Signature.getInstance(F, Cryptix.PROVIDER_NAME);
            V.debug(new StringBuffer().append("encode: alg=").append(F).append(",provider=").append(signature.getProvider().getName()).toString());
            A(c0008i, publicKey, F);
            signature.initVerify(publicKey);
            signature.update(A(c0008i, F, byteArray));
            SSLDebug.debug(8, "Signed Data", byteArray);
            SSLDebug.debug(8, "Signature Data", this.R.G);
            if (!signature.verify(this.R.G)) {
                c0008i.B(R.d);
            }
        } catch (InvalidKeyException e) {
            c0008i.A(R.d, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new InternalError(e2.toString());
        } catch (NoSuchProviderException e3) {
            throw new InternalError(e3.toString());
        } catch (SignatureException e4) {
            c0008i.A(R.d, e4);
        }
        c0008i.b.N = rawRSAPublicKey;
        return A2;
    }

    private byte[] A(C0008i c0008i, String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException {
        byte[] digest;
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1", Cryptix.PROVIDER_NAME);
        messageDigest.update(c0008i.b.E);
        messageDigest.update(c0008i.b.m);
        messageDigest.update(bArr);
        if (str.equals("RawRSA")) {
            MessageDigest messageDigest2 = MessageDigest.getInstance("MD5", Cryptix.PROVIDER_NAME);
            messageDigest2.update(c0008i.b.E);
            messageDigest2.update(c0008i.b.m);
            messageDigest2.update(bArr);
            byte[] digest2 = messageDigest2.digest();
            byte[] digest3 = messageDigest.digest();
            digest = new byte[36];
            System.arraycopy(digest2, 0, digest, 0, digest2.length);
            System.arraycopy(digest3, 0, digest, 16, digest3.length);
        } else {
            digest = messageDigest.digest();
        }
        return digest;
    }

    private void A(C0008i c0008i, PublicKey publicKey, String str) throws IOException {
        if (str.equals("RawRSA")) {
            if (publicKey instanceof CryptixRSAPublicKey) {
                return;
            }
            c0008i.B(R.B);
        } else {
            if (!str.equals("RawDSA")) {
                throw new InternalError("Unknown Algorithm");
            }
            if (publicKey instanceof DSAPublicKey) {
                return;
            }
            c0008i.B(R.B);
        }
    }
}
