package com.ibm.ssl;

import com.ibm.cfwk.Cipher;
import com.ibm.cfwk.Key;
import com.ibm.cfwk.key.SimpleKey;
import com.ibm.cfwk.pki.AssortedIDs;
import com.ibm.cfwk.pki.X509Cert;
import java.io.IOException;
import org.apache.xerces.utils.XMLMessages;

/* loaded from: input_file:com/ibm/ssl/SSLClient.class */
class SSLClient extends SSLConnection {
    static final int CERT_REQ = 32;
    static final int HELLO_REQ = 64;
    static final int HELLO_DONE = 128;
    private int server_port;
    private boolean auth;

    @Override // com.ibm.ssl.SSLConnection
    int install(boolean z) {
        if (z && this.handshake_state != 64) {
            return 0;
        }
        this.handshake_state = 2;
        if (!z || !SSLSession.reinstall(this.session, this)) {
            this.session = SSLSession.allocate(this.context.context_id, this.context.cm_list, this.context.cs_list, this.sock.getInetAddress().getAddress(), this.server_port, this.context.timeout[1]);
        }
        return sendClientHello();
    }

    @Override // com.ibm.ssl.SSLConnection
    boolean uninstall(boolean z) {
        return SSLSession.uninstall(this.session, this, z);
    }

    @Override // com.ibm.ssl.SSLConnection
    int alert(byte b, byte b2) {
        if (this.context.debug) {
            System.out.println(">> alert.");
        }
        sendAlert((byte) 2, (byte) 40);
        return -1;
    }

    @Override // com.ibm.ssl.SSLConnection
    int handshake(byte[] bArr, byte b, int i, int i2, int i3) {
        if (this.context.debug) {
            System.out.println(new StringBuffer(">> handshakeV3 type = ").append((int) b).toString());
        }
        switch (b) {
            case 0:
                if (this.context.debug) {
                    System.out.println(">> helloRequest.");
                }
                if ((64 & this.handshake_state) != 0) {
                    return reopen();
                }
                return 0;
            case 2:
                if ((2 & this.handshake_state) != 0) {
                    return serverHello(bArr, i, i2);
                }
                break;
            case 11:
                if ((4 & this.handshake_state) != 0) {
                    return serverCertificate(bArr, i, i2);
                }
                break;
            case 12:
                if ((8 & this.handshake_state) != 0) {
                    return serverKeyExchange(bArr, i, i2);
                }
                break;
            case 13:
                if ((32 & this.handshake_state) != 0) {
                    return serverCertificateRequest(bArr, i, i2);
                }
                break;
            case 14:
                if ((128 & this.handshake_state) != 0) {
                    return serverHelloDone(bArr, i, i2);
                }
                break;
            case 20:
                if ((16 & this.handshake_state) != 0) {
                    if (finished(bArr, i, i2) != 0) {
                        return -1;
                    }
                    SSLSession.install(this.session, this);
                    reset();
                    this.handshake_state = 64;
                    return 0;
                }
                break;
        }
        sendAlert((byte) 2, (byte) 10);
        return -1;
    }

    /* JADX WARN: Code restructure failed: missing block: B:37:0x0144, code lost:
    
        if ((r0[0].length - (r0[0][0] == 0 ? 1 : 0)) <= 64) goto L45;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int serverKeyExchange(byte[] r10, int r11, int r12) {
        /*
            Method dump skipped, instructions count: 614
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ssl.SSLClient.serverKeyExchange(byte[], int, int):int");
    }

    private int serverHelloDone(byte[] bArr, int i, int i2) {
        if (this.context.debug) {
            System.out.println(">> serverHelloDone.");
        }
        register(bArr, i, i2);
        if (this.auth) {
            if (this.conn_cert == null) {
                if (sendAlert((byte) 1, (byte) 41) == -1) {
                    return -1;
                }
            } else if (sendCertificate() == -1) {
                return -1;
            }
        }
        if (sendClientKeyExchange() != 0) {
            return -1;
        }
        if (this.conn_cert != null && sendCertificateVerify() == -1) {
            return -1;
        }
        update();
        this.handshake_state = 1;
        if ((this.session.cipher_suite & 65280) == 65280) {
            return 0;
        }
        return sendFinished(true);
    }

    private int serverCertificate(byte[] bArr, int i, int i2) {
        if (this.context.debug) {
            System.out.println(">> serverCertificate.");
        }
        if (certificate(bArr, i, i2) == -1) {
            return -1;
        }
        SSLCert sSLCert = this.session.peer_cert[0];
        boolean equals = sSLCert.subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption);
        int i3 = SSLConnection.cipherSuite[this.session.cipher_suite & 255];
        int i4 = i3 >>> 16;
        boolean z = false;
        while (true) {
            if ((i4 & 127) != 1 || !equals) {
                if ((i4 & 127) == 2 && !equals) {
                    z = true;
                    break;
                }
                int i5 = i4 >>> 8;
                i4 = i5;
                if (i5 == 0) {
                    break;
                }
            } else {
                z = true;
                if ((i3 & 3840) == 256 && ((i3 & 61440) == 0 || sSLCert.subjectKeySize() <= 512)) {
                    z = 2;
                }
            }
        }
        if (!z) {
            sendAlert((byte) 2, (byte) 47);
            return -1;
        }
        this.handshake_state = z ? 40 : XMLMessages.MSG_ATT_DEFAULT_INVALID;
        register(bArr, i, i2);
        return 0;
    }

    private int serverCertificateRequest(byte[] bArr, int i, int i2) {
        int i3;
        if (this.context.debug) {
            System.out.println(">> serverCertificateRequest.");
        }
        if (this.session.peer_cert == null) {
            sendAlert((byte) 2, (byte) 40);
            return -1;
        }
        boolean equals = this.session.peer_cert[0].subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption);
        int i4 = i2 - 4;
        int i5 = i + 4;
        int i6 = 0;
        int i7 = SSLConnection.cipherSuite[this.session.cipher_suite & 255];
        if (i4 > 1) {
            try {
                int i8 = i5 + 1;
                byte b = bArr[i5];
                int i9 = i4 - 1;
                if (b > 0 && b <= 255 && i9 > b) {
                    int i10 = 0;
                    do {
                        byte b2 = bArr[i8 + i10];
                        if (!((i7 & 3840) == 256 && (b2 == 1 || b2 == 2)) && ((i7 & 3840) != 768 || (!(equals && b2 == 1) && (equals || b2 != 2)))) {
                            throw new SSLException();
                        }
                        if (i10 < 4) {
                            i6 |= b2 << (8 * i10);
                        }
                        i10++;
                    } while (i10 < b);
                    int i11 = i8 + b;
                    int i12 = i9 - b;
                    if (i12 >= 5 && i12 - 2 <= 65535 && ((int) SSLContext.msbf(bArr, i11, 2)) == i3) {
                        Object[] objArr = (Object[]) this.context.getCert(i6, bArr, i11 + 2, i3);
                        if (objArr != null) {
                            this.conn_cert = (X509Cert[]) objArr[0];
                            this.conn_key = (Key) objArr[1];
                        }
                        this.auth = true;
                        this.handshake_state = 128;
                        register(bArr, i, i2);
                        return 0;
                    }
                }
            } catch (Exception e) {
                if (this.context.debug) {
                    e.printStackTrace();
                }
            }
        }
        sendAlert((byte) 2, (byte) 47);
        return -1;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private int serverHello(byte[] bArr, int i, int i2) {
        if (this.context.debug) {
            System.out.println(">> serverHello.");
        }
        int i3 = i2 - 4;
        int i4 = i + 4;
        byte[] bArr2 = null;
        byte b = 0;
        short s = -1;
        if (i3 >= 35 && bArr[i4] == 3 && bArr[i4 + 1] == 0) {
            peerRandom(bArr, i4 + 2, 32);
            int i5 = i4 + 34;
            int i6 = i3 - 34;
            int i7 = i5 + 1;
            int i8 = bArr[i5];
            int i9 = i6 - 1;
            if (i8 >= 0 && i8 <= 32 && i9 >= i8) {
                if (i8 > 0) {
                    bArr2 = new byte[i8];
                    System.arraycopy(bArr, i7, bArr2, 0, i8);
                    i7 += i8;
                    i9 -= i8;
                }
                if (i9 == 3) {
                    s = (short) SSLContext.msbf(bArr, i7, 2);
                    int i10 = i9 - 2;
                    b = bArr[i7 + 2] == true ? 1 : 0;
                }
            }
        }
        if (s != -1) {
            register(bArr, i, i2);
            try {
                if (this.session.session_id != null) {
                    if (this.session.compare(bArr2)) {
                        if (this.session.cipher_suite != s || this.session.compression_method != b || ((SSLConnection.cipherSuite[s & 255] & (-65536)) == 0 && (s & 65280) != 65280 && !this.context.handleNoPeerCertificate())) {
                            throw new Exception();
                        }
                        update();
                        this.handshake_state = 1;
                        return 0;
                    }
                    SSLSession.uninstall(this.session, this, false);
                    this.session = new SSLSession(this.context.context_id, this.sock.getInetAddress().getAddress(), this.server_port, this.context.timeout[1]);
                }
                int i11 = 0;
                while (i11 < this.context.cs_list.length && this.context.cs_list[i11] != s) {
                    i11++;
                }
                if (i11 == this.context.cs_list.length || !((SSLConnection.cipherSuite[s & 255] & (-65536)) != 0 || (s & 65280) == 65280 || this.context.handleNoPeerCertificate())) {
                    throw new SSLException();
                }
                int i12 = 0;
                while (i12 < this.context.cm_list.length && this.context.cm_list[i12] != b) {
                    i12++;
                }
                if (i12 == this.context.cm_list.length) {
                    throw new Exception();
                }
                this.session.session_id = bArr2;
                this.session.compression_method = b;
                this.session.cipher_suite = s;
                this.handshake_state = (SSLConnection.cipherSuite[s & 255] & (-65536)) != 0 ? 4 : 8;
                return 0;
            } catch (Exception e) {
                if (this.context.debug) {
                    e.printStackTrace();
                }
            }
        }
        sendAlert((byte) 2, (byte) 47);
        return -1;
    }

    private int sendClientHello() {
        if (this.context.debug) {
            System.out.println("<< sendClientHello.");
        }
        this.out.enable(false);
        byte[] bArr = this.context.cm_list;
        short[] sArr = this.context.cs_list;
        helloRandom();
        byte length = (byte) (this.session.session_id == null ? 0 : this.session.session_id.length);
        int length2 = 35 + length + 2 + (2 * sArr.length) + 1 + bArr.length;
        int register = register(null, 0, 4 + length2);
        int i = register + 4;
        byte[] bArr2 = this.handshake;
        int i2 = i + 1;
        bArr2[i] = 3;
        int i3 = i2 + 1;
        bArr2[i2] = 0;
        System.arraycopy(this.random[0], 0, bArr2, i3, 32);
        int i4 = i3 + 32;
        int i5 = i4 + 1;
        bArr2[i4] = length;
        if (length != 0) {
            System.arraycopy(this.session.session_id, 0, bArr2, i5, length);
            i5 += length;
        }
        if (this.context.debug) {
            for (short s : sArr) {
                System.out.println(SSLContext.getCipherSuite(s));
            }
        }
        SSLContext.msbf(2 * sArr.length, bArr2, i5, 2);
        int i6 = i5 + 2;
        int i7 = 0;
        while (i7 < sArr.length) {
            SSLContext.msbf((int) sArr[i7], bArr2, i6, 2);
            i7++;
            i6 += 2;
        }
        int i8 = i6;
        int i9 = i6 + 1;
        bArr2[i8] = (byte) bArr.length;
        System.arraycopy(bArr, 0, bArr2, i9, bArr.length);
        int length3 = i9 + bArr.length;
        return sendHandshake((byte) 1, bArr2, register, length2, true);
    }

    private int sendCertificateVerify() {
        if (this.context.debug) {
            System.out.println("<< sendCertificateVerify.");
        }
        int i = this.conn_cert[0].subjectKeyAlgId().asn1oid().equals(AssortedIDs.pkcs_1_rsaEncryption) ? 1 : 0;
        byte[] bArr = new byte[(20 * ((i ^ 1) + 1)) + (16 * i)];
        handshakeHash(null, bArr, 0, i);
        if (i == 1) {
            byte[] bArr2 = new byte[(this.conn_key.keySize() + 7) / 8];
            this.context.rsa_signature.sign(this.conn_key, bArr, 0, 36, bArr2, 0);
            bArr = bArr2;
        } else {
            this.context.dsa_signature.sign(this.conn_key, bArr, 0, 20, bArr, 0);
        }
        int register = register(null, 0, bArr.length + 2 + 4);
        SSLContext.msbf(bArr.length, this.handshake, register + 4, 2);
        System.arraycopy(bArr, 0, this.handshake, register + 6, bArr.length);
        return sendHandshake((byte) 15, this.handshake, register, bArr.length + 2, false) == 0 ? 0 : -1;
    }

    private int sendClientKeyExchange() {
        byte[] dhPublic;
        byte[] dh;
        Object[] handleSecret;
        if (this.context.debug) {
            System.out.println("<< sendClientKeyExchange.");
        }
        int i = 0;
        if ((SSLConnection.cipherSuite[this.session.cipher_suite & 255] & 3840) == 256) {
            dh = new byte[48];
            dh[0] = 3;
            dh[1] = 0;
            this.context.random(dh, 2, 46);
            dhPublic = this.context.rsa_cipher.encipher(this.key_exchange == null ? this.session.peer_cert[0].subjectKey(this.context.api) : this.key_exchange, (Object) null, dh);
        } else {
            dhPublic = this.context.dhPublic(this.key_exchange, (this.session.cipher_suite & 65280) == 65280);
            dh = this.context.dh(this.key_exchange, this.dh_public, 0, this.dh_public.length, false);
            i = 2;
            if ((this.session.cipher_suite & 65280) == 65280) {
                if (dhPublic == null || (handleSecret = this.context.handleSecret(0, null, 0)) == null) {
                    sendAlert((byte) 2, (byte) 40);
                    return -1;
                }
                byte[] bArr = (byte[]) handleSecret[0];
                SSLSession sSLSession = this.session;
                byte[] bArr2 = new byte[bArr.length];
                sSLSession.secret_id = bArr2;
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                if (dhPublic[0] == 0) {
                    byte[] bArr3 = new byte[dhPublic.length - 1];
                    System.arraycopy(dhPublic, 1, bArr3, 0, bArr3.length);
                    dhPublic = bArr3;
                }
                Cipher.find("RC4", this.context.api).encipher(Key.importKeyMaterial(new SimpleKey("RC4", (byte[]) handleSecret[1]), this.context.api), (Object) null, dhPublic, 0, dhPublic.length, dhPublic, 0);
                i = 4 + this.session.secret_id.length;
            }
        }
        int register = register(null, 0, 4 + i + dhPublic.length);
        int i2 = register + 4;
        if (i > 2) {
            SSLContext.msbf(this.session.secret_id.length, this.handshake, i2, 2);
            System.arraycopy(this.session.secret_id, 0, this.handshake, i2 + 2, this.session.secret_id.length);
            i2 += 2 + this.session.secret_id.length;
        }
        if (i != 0) {
            SSLContext.msbf(dhPublic.length, this.handshake, i2, 2);
            i2 += 2;
        }
        System.arraycopy(dhPublic, 0, this.handshake, i2, dhPublic.length);
        if (this.context.debug) {
            Debug.printBytes("PreMasterSecret", dh);
        }
        this.key_exchange = null;
        this.dh_public = null;
        if (sendHandshake((byte) 16, this.handshake, register, dhPublic.length + i, i > 2) != 0) {
            return -1;
        }
        blockHash(dh, dh, 0);
        this.session.master_secret = dh;
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLClient(SSLSocket sSLSocket, boolean z, SSLContext sSLContext, int i, boolean z2) throws IOException, SSLException {
        this.server_port = i;
        install(sSLSocket, z, 0, sSLContext, z2);
    }
}
