package com.ibm.ssl;

import com.ibm.cfwk.Key;
import com.ibm.cfwk.key.DHKey;
import com.ibm.cfwk.key.RSAKey;
import com.ibm.cfwk.pki.AssortedIDs;
import com.ibm.cfwk.pki.X509Cert;
import java.io.IOException;

/* loaded from: input_file:com/ibm/ssl/SSLServer.class */
class SSLServer extends SSLConnection {
    static final int CERT_VERIFY = 32;

    @Override // com.ibm.ssl.SSLConnection
    int install(boolean z) {
        if (z && this.handshake_state != 2) {
            return 0;
        }
        this.handshake_state = 2;
        if (z) {
            return sendHelloRequest();
        }
        return 0;
    }

    @Override // com.ibm.ssl.SSLConnection
    boolean uninstall(boolean z) {
        return SSLSession.uninstall(this.session, this, z);
    }

    @Override // com.ibm.ssl.SSLConnection
    int alert(byte b, byte b2) {
        if (this.context.debug) {
            System.out.println("SSLServer: alert.");
        }
        if (b2 == 41 && (4 & this.handshake_state) != 0 && this.context.handleNoPeerCertificate()) {
            this.handshake_state = 8;
            return 0;
        }
        sendAlert((byte) 2, (byte) 40);
        return -1;
    }

    @Override // com.ibm.ssl.SSLConnection
    int handshake(byte[] bArr, byte b, int i, int i2, int i3) {
        if (this.context.debug) {
            System.out.println(new StringBuffer(">> handshakeV").append(i3).append(" type = ").append((int) b).toString());
        }
        switch (b) {
            case 1:
                if ((2 & this.handshake_state) != 0) {
                    return clientHello(bArr, i, i2, i3);
                }
                break;
            case 11:
                if ((4 & this.handshake_state) != 0) {
                    return clientCertificate(bArr, i, i2);
                }
                break;
            case 15:
                if ((32 & this.handshake_state) != 0) {
                    return clientCertificateVerify(bArr, i, i2);
                }
                break;
            case 16:
                if ((8 & this.handshake_state) != 0) {
                    return clientKeyExchange(bArr, i, i2);
                }
                break;
            case 20:
                if ((16 & this.handshake_state) != 0) {
                    if (finished(bArr, i, i2) != 0) {
                        return -1;
                    }
                    SSLSession.install(this.session, this);
                    reset();
                    this.handshake_state = 2;
                    return 0;
                }
                break;
        }
        sendAlert((byte) 2, (byte) 10);
        return -1;
    }

    private int clientCertificateVerify(byte[] bArr, int i, int i2) {
        if (this.context.debug) {
            System.out.println(">> clientCertificateVerify.");
        }
        SSLCert sSLCert = this.session.peer_cert[0];
        int i3 = i2 - 4;
        int i4 = i + 4;
        int i5 = sSLCert.subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption) ? 1 : 0;
        int i6 = 47;
        byte[] bArr2 = new byte[20 + (i5 * 16)];
        handshakeHash(null, bArr2, 0, i5);
        if ((i5 == 1 ? (sSLCert.subjectKeySize() + 7) / 8 : 40) == i3 - 2) {
            i3 = (int) SSLContext.msbf(bArr, i4, 2);
            i4 += 2;
        }
        if (i5 == 1) {
            if (i3 == (sSLCert.subjectKeySize() + 7) / 8) {
                i6 = this.context.rsa_signature.verify(sSLCert.subjectKey(this.context.api), bArr2, 0, 36, bArr, i4, i3) ? 0 : 40;
            }
        } else if (i3 == 40) {
            i6 = this.context.dsa_signature.verify(sSLCert.subjectKey(this.context.api), bArr2, 0, 20, bArr, i4, i3) ? 0 : 40;
        }
        if (i6 != 0) {
            sendAlert((byte) 2, (byte) i6);
            return -1;
        }
        this.handshake_state = 1;
        update();
        register(bArr, i, i2);
        return 0;
    }

    private int clientCertificate(byte[] bArr, int i, int i2) {
        if (this.context.debug) {
            System.out.println(">> clientCertificate.");
        }
        if (certificate(bArr, i, i2) == -1) {
            return -1;
        }
        if ((SSLConnection.cipherSuite[this.session.cipher_suite & 255] & 3840) != 256 && (this.conn_cert[0].subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption) ^ this.session.peer_cert[0].subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption))) {
            sendAlert((byte) 2, (byte) 40);
            return -1;
        }
        this.handshake_state = 8;
        register(bArr, i, i2);
        return 0;
    }

    /* JADX WARN: Code restructure failed: missing block: B:48:0x0120, code lost:
    
        if (r0 <= 0) goto L36;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int clientKeyExchange(byte[] r10, int r11, int r12) {
        /*
            Method dump skipped, instructions count: 508
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ssl.SSLServer.clientKeyExchange(byte[], int, int):int");
    }

    private int clientHello(byte[] bArr, int i, int i2, int i3) {
        if (this.context.debug) {
            System.out.println(new StringBuffer(">> clientHello: SSLv").append(i3).append(".").toString());
        }
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        short[] sArr = null;
        if (i3 == 3) {
            int i4 = i2 - 4;
            int i5 = i + 4;
            if (i4 >= 35) {
                if (bArr[i5] != 3 || bArr[i5 + 1] != 0) {
                    sendAlert((byte) 2, (byte) 40);
                    return -1;
                }
                int i6 = i5 + 2;
                peerRandom(bArr, i6, 32);
                int i7 = i6 + 32;
                int i8 = i4 - 34;
                int i9 = i7 + 1;
                int i10 = bArr[i7];
                int i11 = i8 - 1;
                if (i10 >= 0 && i10 <= 32 && i11 >= i10) {
                    if (i10 > 0) {
                        bArr2 = new byte[i10];
                        System.arraycopy(bArr, i9, bArr2, 0, i10);
                        i9 += i10;
                        i11 -= i10;
                    }
                    if (i11 >= 2) {
                        int msbf = (int) SSLContext.msbf(bArr, i9, 2);
                        int i12 = i9 + 2;
                        int i13 = i11 - 2;
                        if (msbf % 2 == 0 && msbf >= 2 && msbf <= 65535 && i13 >= msbf) {
                            sArr = new short[msbf / 2];
                            int i14 = 0;
                            while (i14 < msbf / 2) {
                                sArr[i14] = (short) SSLContext.msbf(bArr, i12, 2);
                                i14++;
                                i12 += 2;
                            }
                            int i15 = i13 - msbf;
                            if (i15 >= 1) {
                                int i16 = i12;
                                int i17 = i12 + 1;
                                int i18 = bArr[i16];
                                int i19 = i15 - 1;
                                if (i18 >= 1 && i18 <= 255 && i19 >= i18 && bArr[i17] != 0) {
                                    bArr3 = new byte[i18];
                                    System.arraycopy(bArr, i17, bArr3, 0, i18);
                                }
                            }
                        }
                    }
                }
            }
        } else {
            if (bArr[1] != 3 || bArr[1 + 1] != 0) {
                sendAlert((byte) 2, (byte) 40);
                return -1;
            }
            int i20 = 1 + 2;
            int i21 = 0;
            int i22 = i2 - 3;
            if (i22 >= 6) {
                int msbf2 = (int) SSLContext.msbf(bArr, i20, 2);
                int msbf3 = (int) SSLContext.msbf(bArr, i20 + 2, 2);
                int msbf4 = (int) SSLContext.msbf(bArr, i20 + 4, 2);
                int i23 = i20 + 6;
                int i24 = i22 - 6;
                if (i24 == msbf2 + msbf3 + msbf4 && msbf2 != 0 && msbf2 % 3 == 0 && ((msbf3 == 0 || msbf3 == 16) && msbf4 >= 16)) {
                    for (int i25 = 0; i25 < msbf2; i25 += 3) {
                        if ((((int) SSLContext.msbf(bArr, i23 + i25, 3)) & 16711680) == 0) {
                            i21++;
                        }
                    }
                    if (i21 != 0) {
                        sArr = new short[i21];
                        int i26 = 0;
                        for (int i27 = 0; i27 < msbf2; i27 += 3) {
                            int msbf5 = (int) SSLContext.msbf(bArr, i23 + i27, 3);
                            if ((msbf5 & 16711680) == 0) {
                                int i28 = i26;
                                i26++;
                                sArr[i28] = (short) (msbf5 & 65535);
                            }
                        }
                        int i29 = i23 + msbf2;
                        int i30 = i24 - msbf2;
                        if (msbf3 != 0) {
                            bArr2 = new byte[msbf3];
                            System.arraycopy(bArr, i29, bArr2, 0, msbf3);
                            i29 += msbf3;
                            int i31 = i30 - msbf3;
                        }
                        peerRandom(bArr, i29, msbf4);
                    }
                }
            }
        }
        if (sArr == null) {
            sendAlert((byte) 2, (byte) 47);
            return -1;
        }
        if (this.context.debug) {
            for (short s : sArr) {
                System.out.println(SSLContext.getCipherSuite(s));
            }
        }
        register(bArr, i, i2);
        SSLSession sSLSession = null;
        byte b = 0;
        short s2 = 0;
        int i32 = 0;
        byte[] bArr4 = null;
        try {
            if (bArr2 != null) {
                SSLSession resume = SSLSession.resume(bArr2, this.context.context_id, bArr3, sArr);
                sSLSession = resume;
                if (resume != null) {
                    if (this.session != null && this.session != sSLSession) {
                        SSLSession.uninstall(this.session, this, true);
                    }
                    this.session = sSLSession;
                    b = this.session.compression_method;
                    s2 = this.session.cipher_suite;
                    if ((s2 & 65280) == 65280 && !this.context.confirmId(this.session.secret_id)) {
                        throw new SSLException(5);
                    }
                }
            } else if (this.session != null) {
                SSLSession.uninstall(this.session, this, false);
                this.session = null;
            }
            if (this.session == null) {
                if (bArr3 != null) {
                    int i33 = 0;
                    while (true) {
                        if (this.context.cm_list == null || i33 >= bArr3.length) {
                            break;
                        }
                        int i34 = 0;
                        while (i34 < this.context.cm_list.length && bArr3[i33] != this.context.cm_list[i34]) {
                            i34++;
                        }
                        if (i34 != this.context.cm_list.length) {
                            b = bArr3[i33];
                            break;
                        }
                        i33++;
                    }
                    if (i33 == bArr3.length) {
                        throw new SSLException(2);
                    }
                }
                s2 = -1;
                if (sArr != null && this.context.cs_list != null) {
                    int i35 = 0;
                    while (true) {
                        if (i35 >= sArr.length) {
                            break;
                        }
                        int i36 = 0;
                        while (i36 < this.context.cs_list.length && sArr[i35] != this.context.cs_list[i36]) {
                            i36++;
                        }
                        if (i36 != this.context.cs_list.length) {
                            s2 = sArr[i35];
                            break;
                        }
                        i35++;
                    }
                }
                if (s2 == -1) {
                    throw new SSLException(1);
                }
                int i37 = SSLConnection.cipherSuite[s2 & 255];
                i32 = i37;
                if ((i37 & (-65536)) != 0) {
                    Object[] objArr = (Object[]) this.context.getCert(i32, null, 0, 0);
                    if (objArr == null) {
                        throw new SSLException(3);
                    }
                    this.conn_cert = (X509Cert[]) objArr[0];
                    this.conn_key = (Key) objArr[1];
                }
                this.session = new SSLSession(this.context.context_id, b, s2, this.context.timeout[1]);
                if (this.conn_cert != null && this.context.clientAuthentication) {
                    byte[] auth = this.context.getAuth(i32);
                    bArr4 = auth;
                    if (auth == null) {
                        throw new SSLException(4);
                    }
                }
            }
            if (sendServerHello(b, s2) == -1) {
                return -1;
            }
            if (sSLSession != null) {
                update();
                this.handshake_state = 1;
                return sendFinished(true);
            }
            if (this.conn_cert != null && sendCertificate() == -1) {
                return -1;
            }
            if ((i32 & 3840) == 256) {
                if (!this.conn_cert[0].subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption) || ((i32 & 61440) != 0 && (this.conn_cert[0].subjectKeySize() + 7) / 8 > 64)) {
                    this.key_exchange = this.context.getEphemeralRSAKey((i32 & 61440) != 0);
                }
            } else if ((i32 & 3840) == 768) {
                this.key_exchange = this.context.dhKey(null, null, (i32 & 61440) != 0 ? 64 : 128);
            }
            if (this.key_exchange != null && sendServerKeyExchange() == -1) {
                return -1;
            }
            this.handshake_state = 8;
            if (bArr4 != null) {
                if (sendCertificateRequest(bArr4) == -1) {
                    return -1;
                }
                this.handshake_state = 4;
            }
            return sendServerHelloDone();
        } catch (SSLException e) {
            this.exception = e;
            e.alertReason = e.reason;
            e.reason = 5;
            e.alert = 40;
            sendAlert((byte) 2, (byte) 40);
            return -1;
        } catch (Exception e2) {
            if (this.context.debug) {
                e2.printStackTrace();
            }
            sendAlert((byte) 2, (byte) 40);
            return -1;
        }
    }

    private int sendServerKeyExchange() {
        if (this.context.debug) {
            System.out.println("<< sendServerKeyExchange.");
        }
        int i = 0;
        int i2 = 0;
        int i3 = SSLConnection.cipherSuite[this.session.cipher_suite & 255];
        byte[][] bArr = new byte[3];
        boolean z = false;
        if (this.conn_cert != null) {
            boolean equals = this.conn_cert[0].subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption);
            z = equals;
            i2 = equals ? (this.conn_key.keySize() + 7) / 8 : 40;
        }
        int i4 = i2 + 2;
        if (this.key_exchange.keyType().equals("RSA/private/CRT")) {
            RSAKey exportKeyMaterial = this.key_exchange.exportKeyMaterial(this.context.api);
            bArr[0] = exportKeyMaterial.modulus.toByteArray();
            bArr[2] = exportKeyMaterial.publicExponent.toByteArray();
        } else {
            DHKey exportKeyMaterial2 = this.key_exchange.exportKeyMaterial(this.context.api);
            bArr[0] = exportKeyMaterial2.prime.toByteArray();
            bArr[1] = exportKeyMaterial2.base.toByteArray();
            bArr[2] = exportKeyMaterial2.y.toByteArray();
        }
        do {
            if (i != 1 || (i3 & 3840) != 256) {
                i4 += 2 + bArr[i].length;
            }
            i++;
        } while (i < 3);
        int register = register(null, 0, 4 + i4);
        int i5 = register + 4;
        byte[] bArr2 = this.handshake;
        int i6 = 0;
        do {
            if (i6 != 1 || (i3 & 3840) != 256) {
                int length = bArr[i6].length;
                SSLContext.msbf(length, bArr2, i5, 2);
                int i7 = i5 + 2;
                System.arraycopy(bArr[i6], 0, bArr2, i7, length);
                i5 = i7 + length;
            }
            i6++;
        } while (i6 < 3);
        SSLContext.msbf(i2, bArr2, i5, 2);
        int i8 = i5 + 2;
        if (this.conn_cert != null) {
            paramHash(bArr2, register + 4, i4 - (2 + i2), bArr2, i8, z ? 1 : 0);
            if (z) {
                this.context.rsa_signature.sign(this.conn_key, bArr2, i8, 36, bArr2, i8);
            } else {
                this.context.dsa_signature.sign(this.conn_key, bArr2, i8, 20, bArr2, i8);
            }
        }
        return sendHandshake((byte) 12, bArr2, register, i4, false);
    }

    private int sendHelloRequest() {
        if (this.context.debug) {
            System.out.println("<< sendHelloRequest.");
        }
        return sendHandshake((byte) 0, new byte[4], 0, 0, true);
    }

    private int sendServerHello(byte b, short s) {
        if (this.context.debug) {
            System.out.println("<< sendServerHello.");
        }
        this.out.enable(false);
        byte length = this.session.session_id != null ? (byte) this.session.session_id.length : (byte) 0;
        helloRandom();
        int i = 35 + length + 2 + 1;
        int register = register(null, 0, 4 + i);
        int i2 = register + 4;
        byte[] bArr = this.handshake;
        bArr[i2] = 3;
        bArr[i2 + 1] = 0;
        System.arraycopy(this.random[1], 0, bArr, i2 + 2, 32);
        int i3 = i2 + 34;
        int i4 = i3 + 1;
        bArr[i3] = length;
        if (length != 0) {
            System.arraycopy(this.session.session_id, 0, bArr, i4, length);
            i4 += length;
        }
        SSLContext.msbf((int) s, bArr, i4, 2);
        bArr[i4 + 2] = b;
        return sendHandshake((byte) 2, bArr, register, i, false);
    }

    private int sendServerHelloDone() {
        if (this.context.debug) {
            System.out.println("<< sendServerHelloDone.");
        }
        return sendHandshake((byte) 14, this.handshake, register(null, 0, 4), 0, true);
    }

    private int sendCertificateRequest(byte[] bArr) {
        if (this.context.debug) {
            System.out.println("<< sendCertificateRequest.");
        }
        int i = (SSLConnection.cipherSuite[this.session.cipher_suite & 255] & 3840) == 256 ? 0 : 1;
        int msbf = (((int) SSLContext.msbf(bArr, 3, 2)) + 5) - i;
        int register = register(null, 0, 4 + msbf);
        System.arraycopy(bArr, i, this.handshake, register + 4, msbf);
        if (i != 0) {
            this.handshake[register + 5] = (byte) (this.conn_cert[0].subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption) ? 1 : 2);
        }
        return sendHandshake((byte) 13, this.handshake, register, msbf, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLServer(SSLSocket sSLSocket, boolean z, SSLContext sSLContext, boolean z2) throws IOException, SSLException {
        install(sSLSocket, z, 1, sSLContext, z2);
    }
}
