package cn.com.infosec.mobile.gm.tls;

import a6.d;
import ac.b;
import android.support.v4.media.a;
import cn.com.infosec.mobile.gm.tls.CipherSuite;
import cn.com.infosec.mobile.gm.tls.ServerNameExtension;
import cn.com.infosec.mobile.gm.tls.crypto.KeyStore;
import cn.com.infosec.mobile.netcert.framework.crypto.CipherUtil;
import cn.com.infosec.mobile.netcert.framework.crypto.IHSM;
import cn.com.infosec.mobile.netcert.framework.crypto.SM2Id;
import cn.com.infosec.mobile.netcert.framework.crypto.impl.SoftImpl;
import com.alipay.mobile.common.transport.multimedia.DjgHttpUrlRequest;
import com.tencent.smtt.sdk.WebView;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.MessageDigestSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLProtocolException;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public abstract class HandshakeMessage {
    public static final byte ht_certificate = 11;
    public static final byte ht_certificate_request = 13;
    public static final byte ht_certificate_verify = 15;
    public static final byte ht_client_hello = 1;
    public static final byte ht_client_key_exchange = 16;
    public static final byte ht_finished = 20;
    public static final byte ht_hello_request = 0;
    public static final byte ht_server_hello = 2;
    public static final byte ht_server_hello_done = 14;
    public static final byte ht_server_key_exchange = 12;
    public static final Debug debug = Debug.getInstance("ssl");
    public static final byte[] MD5_pad1 = genPad(54, 48);
    public static final byte[] MD5_pad2 = genPad(92, 48);
    public static final byte[] SHA_pad1 = genPad(54, 40);
    public static final byte[] SHA_pad2 = genPad(92, 40);

    /* loaded from: classes.dex */
    public static final class CertificateMsg extends HandshakeMessage {
        private X509Certificate[] chain;
        private List<byte[]> encodedChain;
        private int messageLength;

        public CertificateMsg(HandshakeInStream handshakeInStream) throws IOException {
            int int24 = handshakeInStream.getInt24();
            ArrayList arrayList = new ArrayList(4);
            CertificateFactory certificateFactory = null;
            while (int24 > 0) {
                byte[] bytes24 = handshakeInStream.getBytes24();
                int24 -= bytes24.length + 3;
                if (certificateFactory == null) {
                    try {
                        certificateFactory = CertificateFactory.getInstance("X.509", IHSM.INFOSEC);
                    } catch (Exception e10) {
                        throw ((SSLProtocolException) new SSLProtocolException(e10.getMessage()).initCause(e10));
                    }
                }
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(bytes24)));
            }
            this.chain = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }

        public CertificateMsg(X509Certificate[] x509CertificateArr) {
            this.chain = x509CertificateArr;
        }

        public X509Certificate[] getCertificateChain() {
            return this.chain;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            if (this.encodedChain == null) {
                this.messageLength = 3;
                this.encodedChain = new ArrayList(this.chain.length);
                try {
                    for (X509Certificate x509Certificate : this.chain) {
                        byte[] encoded = x509Certificate.getEncoded();
                        this.encodedChain.add(encoded);
                        this.messageLength = encoded.length + 3 + this.messageLength;
                    }
                } catch (CertificateEncodingException e10) {
                    this.encodedChain = null;
                    throw new RuntimeException("Could not encode certificates", e10);
                }
            }
            return this.messageLength;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 11;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** Certificate chain");
            if (HandshakeMessage.debug == null || !Debug.isOn("verbose")) {
                return;
            }
            for (int i10 = 0; i10 < this.chain.length; i10++) {
                StringBuilder s10 = d.s("chain [", i10, "] = ");
                s10.append(this.chain[i10]);
                printStream.println(s10.toString());
            }
            printStream.println("***");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt24(messageLength() - 3);
            Iterator<byte[]> it = this.encodedChain.iterator();
            while (it.hasNext()) {
                handshakeOutStream.putBytes24(it.next());
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class CertificateRequest extends HandshakeMessage {
        public static final int cct_dss_ephemeral_dh = 6;
        public static final int cct_dss_fixed_dh = 4;
        public static final int cct_dss_sign = 2;
        public static final int cct_ecdsa_fixed_ecdh = 66;
        public static final int cct_ecdsa_sign = 64;
        public static final int cct_rsa_ephemeral_dh = 5;
        public static final int cct_rsa_fixed_dh = 3;
        public static final int cct_rsa_fixed_ecdh = 65;
        public static final int cct_rsa_sign = 1;
        public DistinguishedName[] authorities;
        public byte[] types;
        private static final byte[] TYPES_NO_ECC = {1, 2};
        private static final byte[] TYPES_ECC = {1, 2, 64};
        private static final byte[] TYPES_SM2 = {64};

        public CertificateRequest(HandshakeInStream handshakeInStream) throws IOException {
            this.types = handshakeInStream.getBytes8();
            int int16 = handshakeInStream.getInt16();
            ArrayList arrayList = new ArrayList();
            while (int16 >= 3) {
                DistinguishedName distinguishedName = new DistinguishedName(handshakeInStream);
                arrayList.add(distinguishedName);
                int16 -= distinguishedName.length();
            }
            if (int16 != 0) {
                throw new SSLProtocolException("Bad CertificateRequest DN length");
            }
            this.authorities = (DistinguishedName[]) arrayList.toArray(new DistinguishedName[arrayList.size()]);
        }

        public CertificateRequest(X509Certificate[] x509CertificateArr, CipherSuite.KeyExchange keyExchange) throws IOException {
            this.authorities = new DistinguishedName[x509CertificateArr.length];
            for (int i10 = 0; i10 < x509CertificateArr.length; i10++) {
                this.authorities[i10] = new DistinguishedName(x509CertificateArr[i10].getSubjectX500Principal());
            }
            this.types = TYPES_SM2;
        }

        public X500Principal[] getAuthorities() throws IOException {
            X500Principal[] x500PrincipalArr = new X500Principal[this.authorities.length];
            int i10 = 0;
            while (true) {
                DistinguishedName[] distinguishedNameArr = this.authorities;
                if (i10 >= distinguishedNameArr.length) {
                    return x500PrincipalArr;
                }
                x500PrincipalArr[i10] = distinguishedNameArr[i10].getX500Principal();
                i10++;
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            int length = this.types.length + 1 + 2;
            int i10 = 0;
            while (true) {
                DistinguishedName[] distinguishedNameArr = this.authorities;
                if (i10 >= distinguishedNameArr.length) {
                    return length;
                }
                length += distinguishedNameArr[i10].length();
                i10++;
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 13;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** CertificateRequest");
            if (HandshakeMessage.debug == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("Cert Types: ");
            int i10 = 0;
            int i11 = 0;
            while (true) {
                byte[] bArr = this.types;
                if (i11 < bArr.length) {
                    byte b10 = bArr[i11];
                    switch (b10) {
                        case 1:
                            printStream.print(IHSM.RSA);
                            break;
                        case 2:
                            printStream.print("DSS");
                            break;
                        case 3:
                            printStream.print("Fixed DH (RSA sig)");
                            break;
                        case 4:
                            printStream.print("Fixed DH (DSS sig)");
                            break;
                        case 5:
                            printStream.print("Ephemeral DH (RSA sig)");
                            break;
                        case 6:
                            printStream.print("Ephemeral DH (DSS sig)");
                            break;
                        default:
                            switch (b10) {
                                case 64:
                                    printStream.print("ECDSA");
                                    break;
                                case 65:
                                    printStream.print("Fixed ECDH (RSA sig)");
                                    break;
                                case 66:
                                    printStream.print("Fixed ECDH (ECDSA sig)");
                                    break;
                                default:
                                    StringBuilder r10 = d.r("Type-");
                                    r10.append(this.types[i11] & DjgHttpUrlRequest.INNER_BIZ_TYPE_UNKNOWN);
                                    printStream.print(r10.toString());
                                    break;
                            }
                    }
                    if (i11 != this.types.length - 1) {
                        printStream.print(", ");
                    }
                    i11++;
                } else {
                    printStream.println();
                    printStream.println("Cert Authorities:");
                    while (true) {
                        DistinguishedName[] distinguishedNameArr = this.authorities;
                        if (i10 >= distinguishedNameArr.length) {
                            return;
                        }
                        distinguishedNameArr[i10].print(printStream);
                        i10++;
                    }
                }
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            int i10 = 0;
            int i11 = 0;
            int i12 = 0;
            while (true) {
                DistinguishedName[] distinguishedNameArr = this.authorities;
                if (i11 >= distinguishedNameArr.length) {
                    break;
                }
                i12 += distinguishedNameArr[i11].length();
                i11++;
            }
            handshakeOutStream.putBytes8(this.types);
            handshakeOutStream.putInt16(i12);
            while (true) {
                DistinguishedName[] distinguishedNameArr2 = this.authorities;
                if (i10 >= distinguishedNameArr2.length) {
                    return;
                }
                distinguishedNameArr2[i10].send(handshakeOutStream);
                i10++;
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class CertificateVerify extends HandshakeMessage {
        private static Class delegate;
        private static Field spiField;
        private byte[] signature;
        private static final Object NULL_OBJECT = new Object();
        private static final Map<Class, Object> methodCache = new ConcurrentHashMap();

        public CertificateVerify(HandshakeInStream handshakeInStream) throws IOException {
            this.signature = handshakeInStream.getBytes16();
        }

        public CertificateVerify(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, KeyStore keyStore, byte[] bArr, SecureRandom secureRandom) throws GeneralSecurityException {
            try {
                byte[] bArr2 = new byte[32];
                handshakeHash.getSM3Clone().digest(bArr2);
                this.signature = new SoftImpl().signSM2(keyStore.getPriKey(), keyStore.getCert().getPublicKey(), bArr2, IHSM.SM3withSM2, SM2Id.getSignId("TLS"));
            } catch (Exception e10) {
                throw new GeneralSecurityException(e10);
            }
        }

        private static void digestKey(MessageDigest messageDigest, SecretKey secretKey) {
            Object obj;
            try {
                if (messageDigest.getClass() != delegate) {
                    throw new Exception("Digest is not a MessageDigestSpi");
                }
                MessageDigestSpi messageDigestSpi = (MessageDigestSpi) spiField.get(messageDigest);
                Class<?> cls = messageDigestSpi.getClass();
                Object obj2 = methodCache.get(cls);
                Object obj3 = obj2;
                if (obj2 == null) {
                    try {
                        Method declaredMethod = cls.getDeclaredMethod("implUpdate", SecretKey.class);
                        makeAccessible(declaredMethod);
                        obj = declaredMethod;
                    } catch (NoSuchMethodException unused) {
                        obj = NULL_OBJECT;
                    }
                    methodCache.put(cls, obj);
                    obj3 = obj;
                }
                if (obj3 == NULL_OBJECT) {
                    throw new Exception("Digest does not support implUpdate(SecretKey)");
                }
                ((Method) obj3).invoke(messageDigestSpi, secretKey);
            } catch (Exception e10) {
                throw new RuntimeException("Could not obtain encoded key and MessageDigest cannot digest key", e10);
            }
        }

        private static void makeAccessible(final AccessibleObject accessibleObject) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: cn.com.infosec.mobile.gm.tls.HandshakeMessage.CertificateVerify.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    accessibleObject.setAccessible(true);
                    return null;
                }
            });
        }

        public static void updateDigest(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, SecretKey secretKey) {
            byte[] encoded = "RAW".equals(secretKey.getFormat()) ? secretKey.getEncoded() : null;
            if (encoded != null) {
                messageDigest.update(encoded);
            } else {
                digestKey(messageDigest, secretKey);
            }
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            if (encoded != null) {
                messageDigest.update(encoded);
            } else {
                digestKey(messageDigest, secretKey);
            }
            messageDigest.update(bArr2);
            messageDigest.update(digest);
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return this.signature.length + 2;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 15;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** CertificateVerify");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.signature);
        }

        public boolean verify(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, PublicKey publicKey, byte[] bArr) throws GeneralSecurityException {
            byte[] bArr2 = new byte[32];
            handshakeHash.getSM3Clone().digest(bArr2);
            try {
                return new SoftImpl().verify(bArr2, this.signature, publicKey, IHSM.SM3withSM2, SM2Id.getVerifyId("TLS"));
            } catch (Exception e10) {
                throw new GeneralSecurityException("cert verify exception", e10);
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class ClientHello extends HandshakeMessage {
        private static final byte[] NULL_COMPRESSION = {0};
        private CipherSuiteList cipherSuites;
        public RandomCookie clnt_random;
        public byte[] compression_methods;
        public HelloExtensions extensions;
        public ProtocolVersion protocolVersion;
        public SessionID sessionId;

        public ClientHello(HandshakeInStream handshakeInStream, int i10) throws IOException {
            this.extensions = new HelloExtensions();
            this.protocolVersion = ProtocolVersion.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8());
            this.clnt_random = new RandomCookie(handshakeInStream);
            this.sessionId = new SessionID(handshakeInStream.getBytes8());
            this.cipherSuites = new CipherSuiteList(handshakeInStream);
            this.compression_methods = handshakeInStream.getBytes8();
            if (messageLength() != i10) {
                this.extensions = new HelloExtensions(handshakeInStream);
            }
        }

        public ClientHello(SecureRandom secureRandom, ProtocolVersion protocolVersion, SessionID sessionID, CipherSuiteList cipherSuiteList) {
            this.extensions = new HelloExtensions();
            this.protocolVersion = protocolVersion;
            this.sessionId = sessionID;
            this.cipherSuites = cipherSuiteList;
            if (cipherSuiteList.containsEC()) {
                this.extensions.add(SupportedEllipticCurvesExtension.DEFAULT);
                this.extensions.add(SupportedEllipticPointFormatsExtension.DEFAULT);
            }
            this.clnt_random = new RandomCookie(secureRandom);
            this.compression_methods = NULL_COMPRESSION;
        }

        public void addRenegotiationInfoExtension(byte[] bArr) {
            this.extensions.add(new RenegotiationInfoExtension(bArr, new byte[0]));
        }

        public void addServerNameExtension(String str) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new ServerNameExtension.ServerName(str));
            this.extensions.add(new ServerNameExtension(arrayList));
        }

        public CipherSuiteList getCipherSuites() {
            return this.cipherSuites;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return (this.cipherSuites.size() * 2) + this.sessionId.length() + 38 + this.compression_methods.length + this.extensions.length();
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 1;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            StringBuilder r10 = d.r("*** ClientHello, ");
            r10.append(this.protocolVersion);
            printStream.println(r10.toString());
            if (HandshakeMessage.debug == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("RandomCookie:  ");
            this.clnt_random.print(printStream);
            printStream.print("Session ID:  ");
            printStream.println(this.sessionId);
            printStream.println("Cipher Suites: " + this.cipherSuites);
            Debug.println(printStream, "Compression Methods", this.compression_methods);
            this.extensions.print(printStream);
            printStream.println("***");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(this.protocolVersion.major);
            handshakeOutStream.putInt8(this.protocolVersion.minor);
            this.clnt_random.send(handshakeOutStream);
            handshakeOutStream.putBytes8(this.sessionId.getId());
            this.cipherSuites.send(handshakeOutStream);
            handshakeOutStream.putBytes8(this.compression_methods);
            this.extensions.send(handshakeOutStream);
        }
    }

    /* loaded from: classes.dex */
    public static final class DH_ServerKeyExchange extends ServerKeyExchange {
        private static final boolean dhKeyExchangeFix = Debug.getBooleanProperty("com.sun.net.ssl.dhKeyExchangeFix", true);
        private byte[] dh_Ys;
        private byte[] dh_g;
        private byte[] dh_p;
        private byte[] signature;

        public DH_ServerKeyExchange(DHCrypt dHCrypt) {
            getValues(dHCrypt);
            this.signature = null;
        }

        public DH_ServerKeyExchange(DHCrypt dHCrypt, PrivateKey privateKey, byte[] bArr, byte[] bArr2, SecureRandom secureRandom) throws GeneralSecurityException {
            getValues(dHCrypt);
            Signature signature = privateKey.getAlgorithm().equals(JsseJce.SIGNATURE_DSA) ? JsseJce.getSignature(JsseJce.SIGNATURE_DSA) : RSASignature.getInstance();
            signature.initSign(privateKey, secureRandom);
            updateSignature(signature, bArr, bArr2);
            this.signature = signature.sign();
        }

        public DH_ServerKeyExchange(HandshakeInStream handshakeInStream) throws IOException {
            this.dh_p = handshakeInStream.getBytes16();
            this.dh_g = handshakeInStream.getBytes16();
            this.dh_Ys = handshakeInStream.getBytes16();
            this.signature = null;
        }

        public DH_ServerKeyExchange(HandshakeInStream handshakeInStream, PublicKey publicKey, byte[] bArr, byte[] bArr2, int i10) throws IOException, GeneralSecurityException {
            byte[] bArr3;
            Signature rSASignature;
            this.dh_p = handshakeInStream.getBytes16();
            this.dh_g = handshakeInStream.getBytes16();
            byte[] bytes16 = handshakeInStream.getBytes16();
            this.dh_Ys = bytes16;
            if (dhKeyExchangeFix) {
                bArr3 = handshakeInStream.getBytes16();
            } else {
                byte[] bArr4 = new byte[((i10 - (this.dh_p.length + 2)) - (this.dh_g.length + 2)) - (bytes16.length + 2)];
                handshakeInStream.read(bArr4);
                bArr3 = bArr4;
            }
            String algorithm = publicKey.getAlgorithm();
            if (algorithm.equals(JsseJce.SIGNATURE_DSA)) {
                rSASignature = JsseJce.getSignature(JsseJce.SIGNATURE_DSA);
            } else {
                if (!algorithm.equals(IHSM.RSA)) {
                    throw new SSLKeyException("neither an RSA or a DSA key");
                }
                rSASignature = RSASignature.getInstance();
            }
            rSASignature.initVerify(publicKey);
            updateSignature(rSASignature, bArr, bArr2);
            if (!rSASignature.verify(bArr3)) {
                throw new SSLKeyException("Server D-H key verification failed");
            }
        }

        private void getValues(DHCrypt dHCrypt) {
            this.dh_p = HandshakeMessage.toByteArray(dHCrypt.getModulus());
            this.dh_g = HandshakeMessage.toByteArray(dHCrypt.getBase());
            this.dh_Ys = HandshakeMessage.toByteArray(dHCrypt.getPublicKey());
        }

        private void updateSignature(Signature signature, byte[] bArr, byte[] bArr2) throws SignatureException {
            signature.update(bArr);
            signature.update(bArr2);
            int length = this.dh_p.length;
            signature.update((byte) (length >> 8));
            signature.update((byte) (length & WebView.NORMAL_MODE_ALPHA));
            signature.update(this.dh_p);
            int length2 = this.dh_g.length;
            signature.update((byte) (length2 >> 8));
            signature.update((byte) (length2 & WebView.NORMAL_MODE_ALPHA));
            signature.update(this.dh_g);
            int length3 = this.dh_Ys.length;
            signature.update((byte) (length3 >> 8));
            signature.update((byte) (length3 & WebView.NORMAL_MODE_ALPHA));
            signature.update(this.dh_Ys);
        }

        public BigInteger getBase() {
            return new BigInteger(1, this.dh_g);
        }

        public BigInteger getModulus() {
            return new BigInteger(1, this.dh_p);
        }

        public BigInteger getServerPublicKey() {
            return new BigInteger(1, this.dh_Ys);
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            int length = this.dh_p.length + 6 + this.dh_g.length + this.dh_Ys.length;
            byte[] bArr = this.signature;
            if (bArr == null) {
                return length;
            }
            int length2 = length + bArr.length;
            return dhKeyExchangeFix ? length2 + 2 : length2;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** Diffie-Hellman ServerKeyExchange");
            if (HandshakeMessage.debug == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.println(printStream, "DH Modulus", this.dh_p);
            Debug.println(printStream, "DH Base", this.dh_g);
            Debug.println(printStream, "Server DH Public Key", this.dh_Ys);
            if (this.signature == null) {
                printStream.println("Anonymous");
            } else {
                printStream.println("Signed with a DSA or RSA public key");
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.dh_p);
            handshakeOutStream.putBytes16(this.dh_g);
            handshakeOutStream.putBytes16(this.dh_Ys);
            byte[] bArr = this.signature;
            if (bArr != null) {
                if (dhKeyExchangeFix) {
                    handshakeOutStream.putBytes16(bArr);
                } else {
                    handshakeOutStream.write(bArr);
                }
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class DistinguishedName {
        public byte[] name;

        public DistinguishedName(HandshakeInStream handshakeInStream) throws IOException {
            this.name = handshakeInStream.getBytes16();
        }

        public DistinguishedName(X500Principal x500Principal) {
            this.name = x500Principal.getEncoded();
        }

        public X500Principal getX500Principal() throws IOException {
            try {
                return new X500Principal(this.name);
            } catch (IllegalArgumentException e10) {
                throw ((SSLProtocolException) new SSLProtocolException(e10.getMessage()).initCause(e10));
            }
        }

        public int length() {
            return this.name.length + 2;
        }

        public void print(PrintStream printStream) throws IOException {
            X500Principal x500Principal = new X500Principal(this.name);
            StringBuilder r10 = d.r("<");
            r10.append(x500Principal.toString());
            r10.append(">");
            printStream.println(r10.toString());
        }

        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.name);
        }
    }

    /* loaded from: classes.dex */
    public static final class ECDH_ServerKeyExchange extends ServerKeyExchange {
        private static final int CURVE_NAMED_CURVE = 3;
        private int curveId;
        private byte[] pointBytes;
        private byte[] signatureBytes;

        public ECDH_ServerKeyExchange(HandshakeInStream handshakeInStream, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws IOException, GeneralSecurityException {
            this.pointBytes = null;
            this.signatureBytes = null;
            int int8 = handshakeInStream.getInt8();
            if (int8 != 3) {
                throw new SSLHandshakeException(a.h("Unsupported ECCurveType: ", int8));
            }
            int int16 = handshakeInStream.getInt16();
            this.curveId = int16;
            if (int16 != 0) {
                StringBuilder r10 = d.r("Unsupported curveId: ");
                r10.append(this.curveId);
                throw new SSLHandshakeException(r10.toString());
            }
            this.pointBytes = handshakeInStream.getBytes8();
            this.signatureBytes = handshakeInStream.getBytes16();
            try {
                if (new SoftImpl().verify(getSignSource(bArr, bArr2, int8, this.curveId, this.pointBytes), this.signatureBytes, publicKey, IHSM.SM3withSM2, SM2Id.getVerifyId("TLS"))) {
                } else {
                    throw new SSLKeyException("Invalid signature on ECDH server key exchange message");
                }
            } catch (Exception e10) {
                throw new GeneralSecurityException(e10);
            }
        }

        public ECDH_ServerKeyExchange(ProtocolVersion protocolVersion, ECDHCrypt eCDHCrypt, byte[] bArr, byte[] bArr2, SSLContextImpl sSLContextImpl) throws GeneralSecurityException {
            this.pointBytes = null;
            this.signatureBytes = null;
            if (protocolVersion.f4281v != ProtocolVersion.TLS11.f4281v) {
                throw new GeneralSecurityException("Unsupported ProtocolVersion");
            }
            try {
                KeyStore encStore = sSLContextImpl.getEncStore();
                byte[] priKey = encStore.getPriKey();
                byte[] sm2PublicKeyToByte = CipherUtil.sm2PublicKeyToByte(encStore.getCert().getPublicKey());
                eCDHCrypt.setEncPriKey(priKey);
                eCDHCrypt.setEncPubKey(sm2PublicKeyToByte);
                this.pointBytes = new byte[eCDHCrypt.getPublicKey().length];
                System.arraycopy(eCDHCrypt.getPublicKey(), 0, this.pointBytes, 0, eCDHCrypt.getPublicKey().length);
                this.curveId = 0;
                byte[] signSource = getSignSource(bArr, bArr2, 3, 0, this.pointBytes);
                KeyStore signStore = sSLContextImpl.getSignStore();
                try {
                    this.signatureBytes = new SoftImpl().signSM2(signStore.getPriKey(), signStore.getCert().getPublicKey(), signSource, IHSM.SM3withSM2, SM2Id.getSignId("TLS"));
                } catch (Exception e10) {
                    throw new GeneralSecurityException(e10);
                }
            } catch (Exception e11) {
                throw new GeneralSecurityException("exception when parse enc keypair for DHE", e11);
            }
        }

        private byte[] getSignSource(byte[] bArr, byte[] bArr2, int i10, int i11, byte[] bArr3) {
            byte[] bArr4 = new byte[bArr.length + bArr2.length + 4 + bArr3.length];
            System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
            System.arraycopy(bArr2, 0, bArr4, bArr.length, bArr2.length);
            bArr4[bArr.length + bArr2.length] = (byte) i10;
            bArr4[bArr.length + bArr2.length + 1] = (byte) ((i11 >> 8) & WebView.NORMAL_MODE_ALPHA);
            bArr4[bArr.length + bArr2.length + 2] = (byte) (i11 & WebView.NORMAL_MODE_ALPHA);
            bArr4[bArr.length + bArr2.length + 3] = (byte) bArr3.length;
            System.arraycopy(bArr3, 0, bArr4, bArr.length + bArr2.length + 4, bArr3.length);
            return bArr4;
        }

        public byte[] getPublicKey() {
            return this.pointBytes;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return this.pointBytes.length + 1 + 3 + this.signatureBytes.length + 2;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** ECDH ServerKeyExchange");
            if (HandshakeMessage.debug == null || !Debug.isOn("verbose")) {
                return;
            }
            HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
            StringBuilder r10 = d.r("Server key: ");
            r10.append(hexDumpEncoder.encode(this.pointBytes));
            printStream.println(r10.toString());
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(3);
            handshakeOutStream.putInt16(this.curveId);
            handshakeOutStream.putBytes8(this.pointBytes);
            handshakeOutStream.putBytes16(this.signatureBytes);
        }
    }

    /* loaded from: classes.dex */
    public static final class Finished extends HandshakeMessage {
        public static final int CLIENT = 1;
        public static final int SERVER = 2;
        private byte[] verifyData;

        public Finished(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, int i10, byte[] bArr) {
            this.verifyData = getFinished(protocolVersion, handshakeHash, i10, bArr);
        }

        public Finished(ProtocolVersion protocolVersion, HandshakeInStream handshakeInStream) throws IOException {
            byte[] bArr = new byte[12];
            this.verifyData = bArr;
            handshakeInStream.read(bArr);
        }

        private static byte[] getFinished(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, int i10, byte[] bArr) {
            String str;
            if (i10 == 1) {
                str = "client finished";
            } else {
                if (i10 != 2) {
                    throw new RuntimeException(a.h("Invalid sender: ", i10));
                }
                str = "server finished";
            }
            if (protocolVersion.f4281v != ProtocolVersion.TLS11.f4281v) {
                throw new RuntimeException(b.s(d.r("Digest failed: unkown protocalVersion ["), protocolVersion.f4281v, "]"));
            }
            byte[] bArr2 = new byte[32];
            handshakeHash.getSM3Clone().digest(bArr2);
            return Handshaker.PRF_11(bArr, str, bArr2, 12);
        }

        private static void updateDigest(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, byte[] bArr3, SecretKey secretKey) {
            messageDigest.update(bArr);
            CertificateVerify.updateDigest(messageDigest, bArr2, bArr3, secretKey);
        }

        public byte[] getVerifyData() {
            return this.verifyData;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return this.verifyData.length;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 20;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** Finished");
            if (HandshakeMessage.debug == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.println(printStream, "verify_data", this.verifyData);
            printStream.println("***");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.write(this.verifyData);
        }

        public boolean verify(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, int i10, byte[] bArr) {
            return Arrays.equals(getFinished(protocolVersion, handshakeHash, i10, bArr), this.verifyData);
        }
    }

    /* loaded from: classes.dex */
    public static final class HelloRequest extends HandshakeMessage {
        public HelloRequest() {
        }

        public HelloRequest(HandshakeInStream handshakeInStream) throws IOException {
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return 0;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 0;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** HelloRequest (empty)");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
        }
    }

    /* loaded from: classes.dex */
    public static final class RSA_ServerKeyExchange extends ServerKeyExchange {
        private byte[] rsa_exponent;
        private byte[] rsa_modulus;
        private Signature signature;
        private byte[] signatureBytes;

        public RSA_ServerKeyExchange(HandshakeInStream handshakeInStream) throws IOException, NoSuchAlgorithmException {
            this.signature = RSASignature.getInstance();
            this.rsa_modulus = handshakeInStream.getBytes16();
            this.rsa_exponent = handshakeInStream.getBytes16();
            this.signatureBytes = handshakeInStream.getBytes16();
        }

        public RSA_ServerKeyExchange(PublicKey publicKey, PrivateKey privateKey, RandomCookie randomCookie, RandomCookie randomCookie2, SecureRandom secureRandom) throws GeneralSecurityException {
            RSAPublicKeySpec rSAPublicKeySpec = JsseJce.getRSAPublicKeySpec(publicKey);
            this.rsa_modulus = HandshakeMessage.toByteArray(rSAPublicKeySpec.getModulus());
            this.rsa_exponent = HandshakeMessage.toByteArray(rSAPublicKeySpec.getPublicExponent());
            Signature rSASignature = RSASignature.getInstance();
            this.signature = rSASignature;
            rSASignature.initSign(privateKey, secureRandom);
            updateSignature(randomCookie.random_bytes, randomCookie2.random_bytes);
            this.signatureBytes = this.signature.sign();
        }

        private void updateSignature(byte[] bArr, byte[] bArr2) throws SignatureException {
            this.signature.update(bArr);
            this.signature.update(bArr2);
            int length = this.rsa_modulus.length;
            this.signature.update((byte) (length >> 8));
            this.signature.update((byte) (length & WebView.NORMAL_MODE_ALPHA));
            this.signature.update(this.rsa_modulus);
            int length2 = this.rsa_exponent.length;
            this.signature.update((byte) (length2 >> 8));
            this.signature.update((byte) (length2 & WebView.NORMAL_MODE_ALPHA));
            this.signature.update(this.rsa_exponent);
        }

        public PublicKey getPublicKey() {
            try {
                return JsseJce.getKeyFactory(IHSM.RSA).generatePublic(new RSAPublicKeySpec(new BigInteger(1, this.rsa_modulus), new BigInteger(1, this.rsa_exponent)));
            } catch (Exception e10) {
                throw new RuntimeException(e10);
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return this.rsa_modulus.length + 6 + this.rsa_exponent.length + this.signatureBytes.length;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** RSA ServerKeyExchange");
            if (HandshakeMessage.debug == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.println(printStream, "RSA Modulus", this.rsa_modulus);
            Debug.println(printStream, "RSA Public Exponent", this.rsa_exponent);
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.rsa_modulus);
            handshakeOutStream.putBytes16(this.rsa_exponent);
            handshakeOutStream.putBytes16(this.signatureBytes);
        }

        public boolean verify(PublicKey publicKey, RandomCookie randomCookie, RandomCookie randomCookie2) throws GeneralSecurityException {
            this.signature.initVerify(publicKey);
            updateSignature(randomCookie.random_bytes, randomCookie2.random_bytes);
            return this.signature.verify(this.signatureBytes);
        }
    }

    /* loaded from: classes.dex */
    public static final class SM2_ServerKeyExchange extends ServerKeyExchange {
        private byte[] signatureBytes;

        public SM2_ServerKeyExchange(HandshakeInStream handshakeInStream) throws IOException {
            this.signatureBytes = null;
            this.signatureBytes = handshakeInStream.getBytes16();
        }

        public SM2_ServerKeyExchange(ProtocolVersion protocolVersion, byte[] bArr, byte[] bArr2, SSLContextImpl sSLContextImpl) throws GeneralSecurityException {
            this.signatureBytes = null;
            KeyStore signStore = sSLContextImpl.getSignStore();
            try {
                this.signatureBytes = new SoftImpl().signSM2(signStore.getPriKey(), signStore.getCert().getPublicKey(), getSignSource(bArr, bArr2, sSLContextImpl.getEncStore().getCert()), IHSM.SM3withSM2, SM2Id.getSignId("TLS"));
            } catch (Exception e10) {
                throw new GeneralSecurityException(e10);
            }
        }

        private byte[] getSignSource(byte[] bArr, byte[] bArr2, Certificate certificate) throws Exception {
            byte[] encoded = certificate.getEncoded();
            int length = encoded.length;
            byte[] bArr3 = new byte[bArr.length + bArr2.length + 3 + encoded.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
            bArr3[bArr.length + bArr2.length] = (byte) ((length >>> 16) & WebView.NORMAL_MODE_ALPHA);
            bArr3[bArr.length + bArr2.length + 1] = (byte) ((length >>> 8) & WebView.NORMAL_MODE_ALPHA);
            bArr3[bArr.length + bArr2.length + 2] = (byte) (length & WebView.NORMAL_MODE_ALPHA);
            System.arraycopy(encoded, 0, bArr3, bArr.length + bArr2.length + 3, encoded.length);
            return bArr3;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return this.signatureBytes.length + 2;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** SM2 ServerKeyExchange");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.signatureBytes);
        }

        public boolean verify(PublicKey publicKey, RandomCookie randomCookie, RandomCookie randomCookie2, Certificate certificate) throws GeneralSecurityException {
            try {
                return new SoftImpl().verify(getSignSource(randomCookie.random_bytes, randomCookie2.random_bytes, certificate), this.signatureBytes, publicKey, IHSM.SM3withSM2, "1234567812345678");
            } catch (Exception e10) {
                throw new GeneralSecurityException("verify serverKeyExchange K_ECC exception", e10);
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class ServerHello extends HandshakeMessage {
        public CipherSuite cipherSuite;
        public byte compression_method;
        public HelloExtensions extensions;
        public ProtocolVersion protocolVersion;
        public SessionID sessionId;
        public RandomCookie svr_random;

        public ServerHello() {
            this.extensions = new HelloExtensions();
        }

        public ServerHello(HandshakeInStream handshakeInStream, int i10) throws IOException {
            this.extensions = new HelloExtensions();
            this.protocolVersion = ProtocolVersion.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8());
            this.svr_random = new RandomCookie(handshakeInStream);
            this.sessionId = new SessionID(handshakeInStream.getBytes8());
            this.cipherSuite = CipherSuite.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8());
            this.compression_method = (byte) handshakeInStream.getInt8();
            if (messageLength() != i10) {
                this.extensions = new HelloExtensions(handshakeInStream);
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return this.sessionId.length() + 38 + this.extensions.length();
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 2;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            StringBuilder r10 = d.r("*** ServerHello, ");
            r10.append(this.protocolVersion);
            printStream.println(r10.toString());
            if (HandshakeMessage.debug == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("RandomCookie:  ");
            this.svr_random.print(printStream);
            printStream.print("Session ID:  ");
            printStream.println(this.sessionId);
            printStream.println("Cipher Suite: " + this.cipherSuite);
            printStream.println("Compression Method: " + ((int) this.compression_method));
            this.extensions.print(printStream);
            printStream.println("***");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(this.protocolVersion.major);
            handshakeOutStream.putInt8(this.protocolVersion.minor);
            this.svr_random.send(handshakeOutStream);
            handshakeOutStream.putBytes8(this.sessionId.getId());
            handshakeOutStream.putInt8(this.cipherSuite.f4277id >> 8);
            handshakeOutStream.putInt8(this.cipherSuite.f4277id & WebView.NORMAL_MODE_ALPHA);
            handshakeOutStream.putInt8(this.compression_method);
            this.extensions.send(handshakeOutStream);
        }
    }

    /* loaded from: classes.dex */
    public static final class ServerHelloDone extends HandshakeMessage {
        public ServerHelloDone() {
        }

        public ServerHelloDone(HandshakeInStream handshakeInStream) {
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageLength() {
            return 0;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 14;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** ServerHelloDone");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void send(HandshakeOutStream handshakeOutStream) throws IOException {
        }
    }

    /* loaded from: classes.dex */
    public static abstract class ServerKeyExchange extends HandshakeMessage {
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public int messageType() {
            return 12;
        }
    }

    private static byte[] genPad(int i10, int i11) {
        byte[] bArr = new byte[i11];
        Arrays.fill(bArr, (byte) i10);
        return bArr;
    }

    public static byte[] toByteArray(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length <= 1 || byteArray[0] != 0) {
            return byteArray;
        }
        int length = byteArray.length - 1;
        byte[] bArr = new byte[length];
        System.arraycopy(byteArray, 1, bArr, 0, length);
        return bArr;
    }

    public abstract int messageLength();

    public abstract int messageType();

    public abstract void print(PrintStream printStream) throws IOException;

    public abstract void send(HandshakeOutStream handshakeOutStream) throws IOException;

    public final void write(HandshakeOutStream handshakeOutStream) throws IOException {
        int messageLength = messageLength();
        if (messageLength <= 16777216) {
            handshakeOutStream.write(messageType());
            handshakeOutStream.putInt24(messageLength);
            send(handshakeOutStream);
        } else {
            StringBuilder r10 = d.r("Handshake message too big, type = ");
            r10.append(messageType());
            r10.append(", len = ");
            r10.append(messageLength);
            throw new SSLException(r10.toString());
        }
    }
}
