package cn.com.infosec.mobile.gm.tls;

import cn.com.infosec.mobile.gm.tls.CipherSuite;
import cn.com.infosec.mobile.gm.tls.HandshakeMessage;
import cn.com.infosec.mobile.netcert.framework.crypto.CipherUtil;
import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProviderException;
import java.util.Random;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public abstract class Handshaker {
    static final Debug x = Debug.getInstance("ssl");
    static final boolean y = Debug.a("sm2.tls.allowUnsafeRenegotiation", false);
    static final boolean z = Debug.a("sm2.tls.allowLegacyHelloMessages", true);
    ProtocolVersion a;
    ProtocolVersion b;
    boolean c;
    private byte[] clntMacSecret;
    private byte[] clntWriteIV;
    private byte[] clntWriteKey;
    byte[] d;
    private volatile DelegatedTask delegatedTask;
    byte[] e;
    boolean f;
    ProtocolList g;
    SSLSocketImpl h;
    SSLEngineImpl i;
    private boolean isClient;
    HandshakeHash j;
    HandshakeInStream k;
    HandshakeOutStream l;
    int m;
    private MessageDigest md5Tmp;
    SSLContextImpl n;
    RandomCookie o;
    RandomCookie p;
    SSLSessionImpl q;
    CipherSuiteList r;
    CipherSuite s;
    private MessageDigest shaTmp;
    private byte[] svrMacSecret;
    private byte[] svrWriteIV;
    private byte[] svrWriteKey;
    CipherSuite.KeyExchange t;
    private volatile boolean taskDelegated;
    private volatile Exception thrown;
    private Object thrownLock;
    boolean u;
    boolean v;
    boolean w;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class DelegatedTask<E> implements Runnable {
        private PrivilegedExceptionAction<E> pea;

        DelegatedTask(PrivilegedExceptionAction<E> privilegedExceptionAction) {
            this.pea = privilegedExceptionAction;
        }

        @Override // java.lang.Runnable
        public void run() {
            synchronized (Handshaker.this.i) {
                try {
                    AccessController.doPrivileged(this.pea, Handshaker.this.i.e());
                } catch (RuntimeException e) {
                    Handshaker.this.thrown = e;
                } catch (PrivilegedActionException e2) {
                    Handshaker.this.thrown = e2.getException();
                }
                Handshaker.this.taskDelegated = false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLEngineImpl sSLEngineImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z2, boolean z3, ProtocolVersion protocolVersion, boolean z4, boolean z5, byte[] bArr, byte[] bArr2) {
        this.h = null;
        this.i = null;
        this.taskDelegated = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.thrownLock = new Object();
        this.i = sSLEngineImpl;
        init(sSLContextImpl, protocolList, z2, z3, protocolVersion, z4, z5, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z2, boolean z3, ProtocolVersion protocolVersion, boolean z4, boolean z5, byte[] bArr, byte[] bArr2) {
        this.h = null;
        this.i = null;
        this.taskDelegated = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.thrownLock = new Object();
        this.h = sSLSocketImpl;
        init(sSLContextImpl, protocolList, z2, z3, protocolVersion, z4, z5, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void O(String str, Throwable th) throws SSLException {
        SSLException sSLException = new SSLException(str);
        sSLException.initCause(th);
        throw sSLException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] a(byte[] bArr, String str, byte[] bArr2, int i) {
        byte[] bArr3 = new byte[i];
        byte[] bytes = str.getBytes();
        int length = bytes.length + bArr2.length;
        byte[] bArr4 = new byte[length];
        System.arraycopy(bytes, 0, bArr4, 0, bytes.length);
        System.arraycopy(bArr2, 0, bArr4, bytes.length, bArr2.length);
        byte[] bArr5 = bArr4;
        int i2 = 0;
        while (i2 < i) {
            bArr5 = CipherUtil.hmac(bArr, bArr5);
            byte[] bArr6 = new byte[bArr5.length + length];
            System.arraycopy(bArr5, 0, bArr6, 0, bArr5.length);
            System.arraycopy(bArr4, 0, bArr6, bArr5.length, length);
            byte[] hmac = CipherUtil.hmac(bArr, bArr6);
            int length2 = hmac.length + i2 >= i ? hmac.length - ((hmac.length + i2) - i) : hmac.length;
            System.arraycopy(hmac, 0, bArr3, i2, length2);
            i2 += length2;
        }
        return bArr3;
    }

    private byte[] calculateMasterSecret(byte[] bArr, ProtocolVersion protocolVersion) {
        if (x != null && Debug.isOn("keygen")) {
            HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
            System.out.println("SESSION KEYGEN:");
            System.out.println("PreMaster Secret:");
            printHex(hexDumpEncoder, bArr);
        }
        try {
            byte[] bArr2 = this.o.a;
            byte[] bArr3 = new byte[bArr2.length + this.p.a.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            byte[] bArr4 = this.p.a;
            System.arraycopy(bArr4, 0, bArr3, this.o.a.length, bArr4.length);
            return a(bArr, "master secret", bArr3, 48);
        } catch (Throwable th) {
            if (x != null && Debug.isOn("handshake")) {
                System.out.println("RSA master secret generation error:");
                th.printStackTrace(System.out);
            }
            byte[] bArr5 = new byte[48];
            new Random(System.currentTimeMillis()).nextBytes(bArr5);
            return bArr5;
        }
    }

    private <T> void delegateTask(PrivilegedExceptionAction<T> privilegedExceptionAction) {
        this.delegatedTask = new DelegatedTask(privilegedExceptionAction);
        this.taskDelegated = false;
        this.thrown = null;
    }

    private void init(SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z2, boolean z3, ProtocolVersion protocolVersion, boolean z4, boolean z5, byte[] bArr, byte[] bArr2) {
        if (x != null && Debug.isOn("handshake")) {
            System.out.println("Allow unsafe renegotiation: " + y + "\nAllow legacy hello messages: " + z + "\nIs initial handshake: " + z4 + "\nIs secure renegotiation: " + z5);
        }
        this.n = sSLContextImpl;
        this.isClient = z3;
        this.b = protocolVersion;
        this.f = z4;
        this.c = z5;
        this.d = bArr;
        this.e = bArr2;
        this.v = true;
        this.w = false;
        I(CipherSuite.q);
        this.j = new HandshakeHash(z2);
        K(protocolList);
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.l().a.p(this.j);
        } else {
            SSLEngineImpl sSLEngineImpl = this.i;
            if (sSLEngineImpl == null) {
                throw new RuntimeException("SSLSockImpl is null");
            }
            sSLEngineImpl.b.p(this.j);
        }
        this.m = -1;
    }

    private static void printHex(HexDumpEncoder hexDumpEncoder, byte[] bArr) {
        if (bArr == null) {
            System.out.println("(key bytes not available)");
        } else {
            try {
                hexDumpEncoder.encodeBuffer(bArr, System.out);
            } catch (IOException unused) {
            }
        }
    }

    private void setVersionSE(ProtocolVersion protocolVersion) {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.r(protocolVersion);
            return;
        }
        SSLEngineImpl sSLEngineImpl = this.i;
        if (sSLEngineImpl == null) {
            throw new RuntimeException("SSLSockImpl is null");
        }
        sSLEngineImpl.g(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherBox A() throws NoSuchAlgorithmException {
        CipherSuite.BulkCipher bulkCipher = this.s.e;
        if (this.isClient) {
            CipherBox c = bulkCipher.c(this.a, this.svrWriteKey, this.svrWriteIV, false);
            this.svrWriteKey = null;
            this.svrWriteIV = null;
            return c;
        }
        CipherBox c2 = bulkCipher.c(this.a, this.clntWriteKey, this.clntWriteIV, false);
        this.clntWriteKey = null;
        this.clntWriteIV = null;
        return c2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MAC B() throws NoSuchAlgorithmException, InvalidKeyException {
        CipherSuite.MacAlg macAlg = this.s.f;
        if (this.isClient) {
            MAC a = macAlg.a(this.a, this.svrMacSecret);
            this.svrMacSecret = null;
            return a;
        }
        MAC a2 = macAlg.a(this.a, this.clntMacSecret);
        this.clntMacSecret = null;
        return a2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherBox C() throws NoSuchAlgorithmException {
        CipherSuite.BulkCipher bulkCipher = this.s.e;
        if (this.isClient) {
            CipherBox c = bulkCipher.c(this.a, this.clntWriteKey, this.clntWriteIV, true);
            this.clntWriteKey = null;
            this.clntWriteIV = null;
            return c;
        }
        CipherBox c2 = bulkCipher.c(this.a, this.svrWriteKey, this.svrWriteIV, true);
        this.svrWriteKey = null;
        this.svrWriteIV = null;
        return c2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MAC D() throws NoSuchAlgorithmException, InvalidKeyException {
        CipherSuite.MacAlg macAlg = this.s.f;
        if (this.isClient) {
            MAC a = macAlg.a(this.a, this.clntMacSecret);
            this.clntMacSecret = null;
            return a;
        }
        MAC a2 = macAlg.a(this.a, this.svrMacSecret);
        this.svrMacSecret = null;
        return a2;
    }

    void E() throws IOException {
        while (this.k.available() >= 4) {
            this.k.mark(4);
            byte l = (byte) this.k.l();
            int j = this.k.j();
            if (this.k.available() < j) {
                this.k.reset();
                return;
            } else if (l == 0) {
                this.k.reset();
                F(l, j);
                this.k.m(j + 4);
            } else {
                this.k.mark(j);
                F(l, j);
                this.k.a();
            }
        }
    }

    abstract void F(byte b, int i) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void G(InputRecord inputRecord, boolean z2) throws IOException {
        f();
        this.k.n(inputRecord);
        if (this.h == null && !z2) {
            throw new RuntimeException("SSLSockImpl is null");
        }
        E();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void H(HandshakeMessage.Finished finished, boolean z2) throws IOException {
        OutputRecord engineOutputRecord;
        this.l.flush();
        if (this.h != null) {
            engineOutputRecord = new OutputRecord((byte) 20);
        } else {
            if (this.i == null) {
                throw new RuntimeException("SSLSockImpl is null");
            }
            engineOutputRecord = new EngineOutputRecord((byte) 20, this.i);
        }
        engineOutputRecord.m(this.a);
        engineOutputRecord.write(1);
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.c.lock();
            try {
                this.h.u(engineOutputRecord);
                this.h.a();
                if (x != null && Debug.isOn("handshake")) {
                    finished.c(System.out);
                }
                finished.f(this.l);
                this.l.flush();
                return;
            } finally {
                this.h.c.unlock();
            }
        }
        synchronized (this.i.d) {
            this.i.i((EngineOutputRecord) engineOutputRecord);
            this.i.a();
            if (x != null && Debug.isOn("handshake")) {
                finished.c(System.out);
            }
            finished.f(this.l);
            if (z2) {
                this.l.j();
            }
            this.l.flush();
        }
        throw new RuntimeException("SSLSockImpl is null");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void I(CipherSuite cipherSuite) {
        this.s = cipherSuite;
        this.t = cipherSuite.d;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void J(boolean z2) {
        this.v = z2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void K(ProtocolList protocolList) {
        this.g = protocolList;
        this.a = protocolList.b;
        ProtocolVersion protocolVersion = protocolList.c;
        this.k = new HandshakeInStream(this.j);
        if (this.h != null) {
            this.l = new HandshakeOutStream(this.a, protocolVersion, this.j, this.h);
            this.h.l().a.q(protocolVersion);
        } else {
            this.l = new HandshakeOutStream(this.a, protocolVersion, this.j, this.i);
            this.i.c.l(protocolVersion);
            throw new RuntimeException("SSLSockImpl is null");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void L(ProtocolVersion protocolVersion) {
        this.a = protocolVersion;
        setVersionSE(protocolVersion);
        this.l.a.m(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean M() {
        return this.m >= 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean N() {
        return !this.taskDelegated;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void P(byte b) {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.t(b);
            return;
        }
        SSLEngineImpl sSLEngineImpl = this.i;
        if (sSLEngineImpl == null) {
            throw new RuntimeException("SSLSockImpl is null");
        }
        sSLEngineImpl.h(b);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void d(byte[] bArr, ProtocolVersion protocolVersion) {
        CipherSuite cipherSuite = this.s;
        int i = cipherSuite.f.b;
        CipherSuite.BulkCipher bulkCipher = cipherSuite.e;
        int i2 = bulkCipher.e;
        int i3 = bulkCipher.g;
        try {
            this.clntMacSecret = new byte[i];
            this.svrMacSecret = new byte[i];
            this.clntWriteKey = new byte[i2];
            this.svrWriteKey = new byte[i2];
            this.clntWriteIV = new byte[i3];
            this.svrWriteIV = new byte[i3];
            int length = this.o.a.length;
            byte[] bArr2 = this.p.a;
            byte[] bArr3 = new byte[length + bArr2.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            byte[] bArr4 = this.o.a;
            System.arraycopy(bArr4, 0, bArr3, this.p.a.length, bArr4.length);
            if (protocolVersion.a == ProtocolVersion.h.a) {
                int i4 = i * 2;
                int i5 = (i2 * 2) + i4;
                int i6 = (i3 * 2) + i5;
                byte[] bArr5 = new byte[i6];
                byte[] a = a(bArr, "key expansion", bArr3, i6);
                System.arraycopy(a, 0, this.clntMacSecret, 0, i);
                System.arraycopy(a, i, this.svrMacSecret, 0, i);
                System.arraycopy(a, i4, this.clntWriteKey, 0, i2);
                System.arraycopy(a, i4 + i2, this.svrWriteKey, 0, i2);
                System.arraycopy(a, i5, this.clntWriteIV, 0, i3);
                System.arraycopy(a, i5 + i3, this.svrWriteIV, 0, i3);
            }
            if (x == null || !Debug.isOn("keygen")) {
                return;
            }
            synchronized (System.out) {
                HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
                System.out.println("CONNECTION KEYGEN:");
                System.out.println("Client Nonce:");
                printHex(hexDumpEncoder, this.o.a);
                System.out.println("Server Nonce:");
                printHex(hexDumpEncoder, this.p.a);
                System.out.println("Master Secret:");
                printHex(hexDumpEncoder, bArr);
                System.out.println("Client MAC write Secret:");
                printHex(hexDumpEncoder, this.clntMacSecret);
                System.out.println("Server MAC write Secret:");
                printHex(hexDumpEncoder, this.svrMacSecret);
                if (this.clntWriteKey != null) {
                    System.out.println("Client write key:");
                    printHex(hexDumpEncoder, this.clntWriteKey);
                    System.out.println("Server write key:");
                    printHex(hexDumpEncoder, this.svrWriteKey);
                } else {
                    System.out.println("... no encryption keys used");
                }
                byte[] bArr6 = this.clntWriteIV;
                if (bArr6 == null || bArr6.length <= 0) {
                    System.out.println("... no IV used for this cipher");
                } else {
                    System.out.println("Client write IV:");
                    printHex(hexDumpEncoder, this.clntWriteIV);
                    System.out.println("Server write IV:");
                    printHex(hexDumpEncoder, this.svrWriteIV);
                }
                System.out.flush();
            }
        } catch (Exception e) {
            throw new ProviderException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void e(byte[] bArr, ProtocolVersion protocolVersion) {
        byte[] calculateMasterSecret = calculateMasterSecret(bArr, protocolVersion);
        this.q.m(calculateMasterSecret);
        d(calculateMasterSecret, protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void f() throws SSLException {
        synchronized (this.thrownLock) {
            if (this.thrown != null) {
                String message = this.thrown.getMessage();
                if (message == null) {
                    message = "Delegated task threw Exception/Error";
                }
                Exception exc = this.thrown;
                this.thrown = null;
                if (exc instanceof RuntimeException) {
                    throw ((RuntimeException) new RuntimeException(message).initCause(exc));
                }
                if (exc instanceof SSLHandshakeException) {
                    throw ((SSLHandshakeException) new SSLHandshakeException(message).initCause(exc));
                }
                if (exc instanceof SSLKeyException) {
                    throw ((SSLKeyException) new SSLKeyException(message).initCause(exc));
                }
                if (exc instanceof SSLPeerUnverifiedException) {
                    throw ((SSLPeerUnverifiedException) new SSLPeerUnverifiedException(message).initCause(exc));
                }
                if (!(exc instanceof SSLProtocolException)) {
                    throw ((SSLException) new SSLException(message).initCause(exc));
                }
                throw ((SSLProtocolException) new SSLProtocolException(message).initCause(exc));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void g(byte b, String str) throws IOException {
        h(b, str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void h(byte b, String str, Throwable th) throws IOException {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.i(b, str, th);
            return;
        }
        SSLEngineImpl sSLEngineImpl = this.i;
        if (sSLEngineImpl == null) {
            throw new RuntimeException("SSLSockImpl is null");
        }
        sSLEngineImpl.c(b, str, th);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void i(byte b, Throwable th) throws IOException {
        h(b, null, th);
    }

    AccessControlContext j() {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.k();
        }
        SSLEngineImpl sSLEngineImpl = this.i;
        if (sSLEngineImpl != null) {
            return sSLEngineImpl.e();
        }
        throw new RuntimeException("SSLSockImpl is null");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] k() {
        return this.d;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String l() {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.getInetAddress().getHostAddress();
        }
        SSLEngineImpl sSLEngineImpl = this.i;
        if (sSLEngineImpl != null) {
            return sSLEngineImpl.getPeerHost();
        }
        throw new RuntimeException("SSLSockImpl is null");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String m() {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.m();
        }
        SSLEngineImpl sSLEngineImpl = this.i;
        if (sSLEngineImpl != null) {
            return sSLEngineImpl.getPeerHost();
        }
        throw new RuntimeException("SSLSockImpl is null");
    }

    String n() {
        SSLSocketImpl sSLSocketImpl = this.h;
        return sSLSocketImpl != null ? sSLSocketImpl.getHostnameVerification() : this.i.getHostnameVerification();
    }

    abstract HandshakeMessage o() throws SSLException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public int p() {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.getLocalPort();
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int q() {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.getPort();
        }
        SSLEngineImpl sSLEngineImpl = this.i;
        if (sSLEngineImpl != null) {
            return sSLEngineImpl.getPeerPort();
        }
        throw new RuntimeException("SSLSockImpl is null");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] r() {
        return this.e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSessionImpl s() {
        return this.q;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DelegatedTask t() {
        if (this.taskDelegated) {
            return null;
        }
        this.taskDelegated = true;
        return this.delegatedTask;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void u(byte b) throws SSLProtocolException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean v() {
        return this.m == 20;
    }

    boolean w() {
        SSLSocketImpl sSLSocketImpl = this.h;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.getInetAddress().isLoopbackAddress();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean x(CipherSuite cipherSuite) {
        return this.r.c(cipherSuite) && cipherSuite.c();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean y() {
        return this.c;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void z() throws IOException {
        if (this.m >= 0) {
            return;
        }
        HandshakeMessage o = o();
        if (x != null && Debug.isOn("handshake")) {
            o.c(System.out);
        }
        o.f(this.l);
        this.l.flush();
        this.m = o.b();
    }
}
