package cn.com.infosec.mobile.gm.tls;

import cn.com.infosec.mobile.gm.tls.CipherSuite;
import cn.com.infosec.mobile.gm.tls.crypto.KeyStore;
import cn.com.infosec.mobile.netcert.framework.crypto.CipherUtil;
import cn.com.infosec.mobile.netcert.framework.crypto.IHSM;
import cn.com.infosec.mobile.netcert.framework.crypto.SM2Id;
import cn.com.infosec.mobile.netcert.framework.crypto.impl.SoftImpl;
import com.google.common.primitives.SignedBytes;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.MessageDigestSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLProtocolException;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public abstract class HandshakeMessage {
    static final byte a = 0;
    static final byte b = 1;
    static final byte c = 2;
    static final byte d = 11;
    static final byte e = 12;
    static final byte f = 13;
    static final byte g = 14;
    static final byte h = 15;
    static final byte i = 16;
    static final byte j = 20;
    static final Debug k = Debug.getInstance("ssl");
    static final byte[] l = genPad(54, 48);
    static final byte[] m = genPad(92, 48);
    static final byte[] n = genPad(54, 40);
    static final byte[] o = genPad(92, 40);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class CertificateMsg extends HandshakeMessage {
        private X509Certificate[] chain;
        private List<byte[]> encodedChain;
        private int messageLength;

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateMsg(HandshakeInStream handshakeInStream) throws IOException {
            int j = handshakeInStream.j();
            ArrayList arrayList = new ArrayList(4);
            CertificateFactory certificateFactory = null;
            while (j > 0) {
                byte[] e = handshakeInStream.e();
                j -= e.length + 3;
                if (certificateFactory == null) {
                    try {
                        certificateFactory = CertificateFactory.getInstance("X.509", IHSM.INFOSEC);
                    } catch (Exception e2) {
                        throw ((SSLProtocolException) new SSLProtocolException(e2.getMessage()).initCause(e2));
                    }
                }
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(e)));
            }
            this.chain = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateMsg(X509Certificate[] x509CertificateArr) {
            this.chain = x509CertificateArr;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            if (this.encodedChain == null) {
                this.messageLength = 3;
                this.encodedChain = new ArrayList(this.chain.length);
                try {
                    for (X509Certificate x509Certificate : this.chain) {
                        byte[] encoded = x509Certificate.getEncoded();
                        this.encodedChain.add(encoded);
                        this.messageLength += encoded.length + 3;
                    }
                } catch (CertificateEncodingException e) {
                    this.encodedChain = null;
                    throw new RuntimeException("Could not encode certificates", e);
                }
            }
            return this.messageLength;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 11;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** Certificate chain");
            if (HandshakeMessage.k == null || !Debug.isOn("verbose")) {
                return;
            }
            for (int i = 0; i < this.chain.length; i++) {
                printStream.println("chain [" + i + "] = " + this.chain[i]);
            }
            printStream.println("***");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.g(a() - 3);
            Iterator<byte[]> it = this.encodedChain.iterator();
            while (it.hasNext()) {
                handshakeOutStream.d(it.next());
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public X509Certificate[] g() {
            return this.chain;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class CertificateRequest extends HandshakeMessage {
        static final int r = 1;
        static final int s = 2;
        static final int t = 3;
        static final int u = 4;
        static final int v = 5;
        static final int w = 6;
        static final int x = 64;
        static final int y = 65;
        static final int z = 66;
        byte[] p;
        DistinguishedName[] q;
        private static final byte[] TYPES_NO_ECC = {1, 2};
        private static final byte[] TYPES_ECC = {1, 2, SignedBytes.MAX_POWER_OF_TWO};
        private static final byte[] TYPES_SM2 = {SignedBytes.MAX_POWER_OF_TWO};

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateRequest(HandshakeInStream handshakeInStream) throws IOException {
            this.p = handshakeInStream.f();
            int g = handshakeInStream.g();
            ArrayList arrayList = new ArrayList();
            while (g >= 3) {
                DistinguishedName distinguishedName = new DistinguishedName(handshakeInStream);
                arrayList.add(distinguishedName);
                g -= distinguishedName.b();
            }
            if (g != 0) {
                throw new SSLProtocolException("Bad CertificateRequest DN length");
            }
            this.q = (DistinguishedName[]) arrayList.toArray(new DistinguishedName[arrayList.size()]);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateRequest(X509Certificate[] x509CertificateArr, CipherSuite.KeyExchange keyExchange) throws IOException {
            this.q = new DistinguishedName[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                this.q[i] = new DistinguishedName(x509CertificateArr[i].getSubjectX500Principal());
            }
            this.p = TYPES_SM2;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            int length = this.p.length + 1 + 2;
            int i = 0;
            while (true) {
                DistinguishedName[] distinguishedNameArr = this.q;
                if (i >= distinguishedNameArr.length) {
                    return length;
                }
                length += distinguishedNameArr[i].b();
                i++;
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 13;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** CertificateRequest");
            if (HandshakeMessage.k == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("Cert Types: ");
            int i = 0;
            int i2 = 0;
            while (true) {
                byte[] bArr = this.p;
                if (i2 < bArr.length) {
                    byte b = bArr[i2];
                    switch (b) {
                        case 1:
                            printStream.print(IHSM.RSA);
                            break;
                        case 2:
                            printStream.print("DSS");
                            break;
                        case 3:
                            printStream.print("Fixed DH (RSA sig)");
                            break;
                        case 4:
                            printStream.print("Fixed DH (DSS sig)");
                            break;
                        case 5:
                            printStream.print("Ephemeral DH (RSA sig)");
                            break;
                        case 6:
                            printStream.print("Ephemeral DH (DSS sig)");
                            break;
                        default:
                            switch (b) {
                                case 64:
                                    printStream.print("ECDSA");
                                    break;
                                case 65:
                                    printStream.print("Fixed ECDH (RSA sig)");
                                    break;
                                case 66:
                                    printStream.print("Fixed ECDH (ECDSA sig)");
                                    break;
                                default:
                                    printStream.print("Type-" + (this.p[i2] & 255));
                                    break;
                            }
                    }
                    if (i2 != this.p.length - 1) {
                        printStream.print(", ");
                    }
                    i2++;
                } else {
                    printStream.println();
                    printStream.println("Cert Authorities:");
                    while (true) {
                        DistinguishedName[] distinguishedNameArr = this.q;
                        if (i >= distinguishedNameArr.length) {
                            return;
                        }
                        distinguishedNameArr[i].c(printStream);
                        i++;
                    }
                }
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            int i = 0;
            int i2 = 0;
            int i3 = 0;
            while (true) {
                DistinguishedName[] distinguishedNameArr = this.q;
                if (i2 >= distinguishedNameArr.length) {
                    break;
                }
                i3 += distinguishedNameArr[i2].b();
                i2++;
            }
            handshakeOutStream.e(this.p);
            handshakeOutStream.f(i3);
            while (true) {
                DistinguishedName[] distinguishedNameArr2 = this.q;
                if (i >= distinguishedNameArr2.length) {
                    return;
                }
                distinguishedNameArr2[i].d(handshakeOutStream);
                i++;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public X500Principal[] g() throws IOException {
            X500Principal[] x500PrincipalArr = new X500Principal[this.q.length];
            int i = 0;
            while (true) {
                DistinguishedName[] distinguishedNameArr = this.q;
                if (i >= distinguishedNameArr.length) {
                    return x500PrincipalArr;
                }
                x500PrincipalArr[i] = distinguishedNameArr[i].a();
                i++;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class CertificateVerify extends HandshakeMessage {
        private static Class delegate;
        private static Field spiField;
        private byte[] signature;
        private static final Object NULL_OBJECT = new Object();
        private static final Map<Class, Object> methodCache = new ConcurrentHashMap();

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateVerify(HandshakeInStream handshakeInStream) throws IOException {
            this.signature = handshakeInStream.c();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateVerify(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, KeyStore keyStore, byte[] bArr, SecureRandom secureRandom) throws GeneralSecurityException {
            try {
                byte[] bArr2 = new byte[32];
                handshakeHash.b().digest(bArr2);
                this.signature = new SoftImpl().signSM2(keyStore.getPriKey(), keyStore.getCert().getPublicKey(), bArr2, IHSM.SM3withSM2, SM2Id.getSignId("TLS"));
            } catch (Exception e) {
                throw new GeneralSecurityException(e);
            }
        }

        private static void digestKey(MessageDigest messageDigest, SecretKey secretKey) {
            Object obj;
            try {
                if (messageDigest.getClass() != delegate) {
                    throw new Exception("Digest is not a MessageDigestSpi");
                }
                MessageDigestSpi messageDigestSpi = (MessageDigestSpi) spiField.get(messageDigest);
                Class<?> cls = messageDigestSpi.getClass();
                Object obj2 = methodCache.get(cls);
                Object obj3 = obj2;
                if (obj2 == null) {
                    try {
                        Method declaredMethod = cls.getDeclaredMethod("implUpdate", SecretKey.class);
                        makeAccessible(declaredMethod);
                        obj = declaredMethod;
                    } catch (NoSuchMethodException unused) {
                        obj = NULL_OBJECT;
                    }
                    methodCache.put(cls, obj);
                    obj3 = obj;
                }
                if (obj3 == NULL_OBJECT) {
                    throw new Exception("Digest does not support implUpdate(SecretKey)");
                }
                ((Method) obj3).invoke(messageDigestSpi, secretKey);
            } catch (Exception e) {
                throw new RuntimeException("Could not obtain encoded key and MessageDigest cannot digest key", e);
            }
        }

        static void g(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, SecretKey secretKey) {
            byte[] encoded = "RAW".equals(secretKey.getFormat()) ? secretKey.getEncoded() : null;
            if (encoded != null) {
                messageDigest.update(encoded);
            } else {
                digestKey(messageDigest, secretKey);
            }
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            if (encoded != null) {
                messageDigest.update(encoded);
            } else {
                digestKey(messageDigest, secretKey);
            }
            messageDigest.update(bArr2);
            messageDigest.update(digest);
        }

        private static void makeAccessible(final AccessibleObject accessibleObject) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: cn.com.infosec.mobile.gm.tls.HandshakeMessage.CertificateVerify.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    accessibleObject.setAccessible(true);
                    return null;
                }
            });
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return this.signature.length + 2;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 15;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** CertificateVerify");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.b(this.signature);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean h(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, PublicKey publicKey, byte[] bArr) throws GeneralSecurityException {
            byte[] bArr2 = new byte[32];
            handshakeHash.b().digest(bArr2);
            try {
                return new SoftImpl().verify(bArr2, this.signature, publicKey, IHSM.SM3withSM2, SM2Id.getVerifyId("TLS"));
            } catch (Exception e) {
                throw new GeneralSecurityException("cert verify exception", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class ClientHello extends HandshakeMessage {
        private static final byte[] NULL_COMPRESSION = {0};
        private CipherSuiteList cipherSuites;
        ProtocolVersion p;
        RandomCookie q;
        SessionID r;
        byte[] s;
        HelloExtensions t;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ClientHello(HandshakeInStream handshakeInStream, int i) throws IOException {
            this.t = new HelloExtensions();
            this.p = ProtocolVersion.a(handshakeInStream.l(), handshakeInStream.l());
            this.q = new RandomCookie(handshakeInStream);
            this.r = new SessionID(handshakeInStream.f());
            this.cipherSuites = new CipherSuiteList(handshakeInStream);
            this.s = handshakeInStream.f();
            if (a() != i) {
                this.t = new HelloExtensions(handshakeInStream);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ClientHello(SecureRandom secureRandom, ProtocolVersion protocolVersion, SessionID sessionID, CipherSuiteList cipherSuiteList) {
            this.t = new HelloExtensions();
            this.p = protocolVersion;
            this.r = sessionID;
            this.cipherSuites = cipherSuiteList;
            if (cipherSuiteList.d()) {
                this.t.a(SupportedEllipticCurvesExtension.b);
                this.t.a(SupportedEllipticPointFormatsExtension.e);
            }
            this.q = new RandomCookie(secureRandom);
            this.s = NULL_COMPRESSION;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return this.r.b() + 38 + (this.cipherSuites.i() * 2) + this.s.length + this.t.c();
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 1;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** ClientHello, " + this.p);
            if (HandshakeMessage.k == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("RandomCookie:  ");
            this.q.a(printStream);
            printStream.print("Session ID:  ");
            printStream.println(this.r);
            printStream.println("Cipher Suites: " + this.cipherSuites);
            Debug.b(printStream, "Compression Methods", this.s);
            this.t.e(printStream);
            printStream.println("***");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.i(this.p.b);
            handshakeOutStream.i(this.p.c);
            this.q.b(handshakeOutStream);
            handshakeOutStream.e(this.r.a());
            this.cipherSuites.h(handshakeOutStream);
            handshakeOutStream.e(this.s);
            this.t.f(handshakeOutStream);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void g(byte[] bArr) {
            this.t.a(new RenegotiationInfoExtension(bArr, new byte[0]));
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CipherSuiteList h() {
            return this.cipherSuites;
        }
    }

    /* loaded from: classes.dex */
    static final class DH_ServerKeyExchange extends ServerKeyExchange {
        private static final boolean dhKeyExchangeFix = Debug.a("com.sun.net.ssl.dhKeyExchangeFix", true);
        private byte[] dh_Ys;
        private byte[] dh_g;
        private byte[] dh_p;
        private byte[] signature;

        DH_ServerKeyExchange(DHCrypt dHCrypt) {
            getValues(dHCrypt);
            this.signature = null;
        }

        DH_ServerKeyExchange(DHCrypt dHCrypt, PrivateKey privateKey, byte[] bArr, byte[] bArr2, SecureRandom secureRandom) throws GeneralSecurityException {
            getValues(dHCrypt);
            Signature n = privateKey.getAlgorithm().equals("DSA") ? JsseJce.n("DSA") : RSASignature.a();
            n.initSign(privateKey, secureRandom);
            updateSignature(n, bArr, bArr2);
            this.signature = n.sign();
        }

        DH_ServerKeyExchange(HandshakeInStream handshakeInStream) throws IOException {
            this.dh_p = handshakeInStream.c();
            this.dh_g = handshakeInStream.c();
            this.dh_Ys = handshakeInStream.c();
            this.signature = null;
        }

        DH_ServerKeyExchange(HandshakeInStream handshakeInStream, PublicKey publicKey, byte[] bArr, byte[] bArr2, int i) throws IOException, GeneralSecurityException {
            byte[] bArr3;
            Signature a;
            this.dh_p = handshakeInStream.c();
            this.dh_g = handshakeInStream.c();
            byte[] c = handshakeInStream.c();
            this.dh_Ys = c;
            if (dhKeyExchangeFix) {
                bArr3 = handshakeInStream.c();
            } else {
                byte[] bArr4 = new byte[((i - (this.dh_p.length + 2)) - (this.dh_g.length + 2)) - (c.length + 2)];
                handshakeInStream.read(bArr4);
                bArr3 = bArr4;
            }
            String algorithm = publicKey.getAlgorithm();
            if (algorithm.equals("DSA")) {
                a = JsseJce.n("DSA");
            } else {
                if (!algorithm.equals(IHSM.RSA)) {
                    throw new SSLKeyException("neither an RSA or a DSA key");
                }
                a = RSASignature.a();
            }
            a.initVerify(publicKey);
            updateSignature(a, bArr, bArr2);
            if (!a.verify(bArr3)) {
                throw new SSLKeyException("Server D-H key verification failed");
            }
        }

        private void getValues(DHCrypt dHCrypt) {
            this.dh_p = HandshakeMessage.e(dHCrypt.d());
            this.dh_g = HandshakeMessage.e(dHCrypt.b());
            this.dh_Ys = HandshakeMessage.e(dHCrypt.e());
        }

        private void updateSignature(Signature signature, byte[] bArr, byte[] bArr2) throws SignatureException {
            signature.update(bArr);
            signature.update(bArr2);
            int length = this.dh_p.length;
            signature.update((byte) (length >> 8));
            signature.update((byte) (length & 255));
            signature.update(this.dh_p);
            int length2 = this.dh_g.length;
            signature.update((byte) (length2 >> 8));
            signature.update((byte) (length2 & 255));
            signature.update(this.dh_g);
            int length3 = this.dh_Ys.length;
            signature.update((byte) (length3 >> 8));
            signature.update((byte) (length3 & 255));
            signature.update(this.dh_Ys);
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            int length = this.dh_p.length + 6 + this.dh_g.length + this.dh_Ys.length;
            byte[] bArr = this.signature;
            if (bArr == null) {
                return length;
            }
            int length2 = length + bArr.length;
            return dhKeyExchangeFix ? length2 + 2 : length2;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** Diffie-Hellman ServerKeyExchange");
            if (HandshakeMessage.k == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.b(printStream, "DH Modulus", this.dh_p);
            Debug.b(printStream, "DH Base", this.dh_g);
            Debug.b(printStream, "Server DH Public Key", this.dh_Ys);
            if (this.signature == null) {
                printStream.println("Anonymous");
            } else {
                printStream.println("Signed with a DSA or RSA public key");
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.b(this.dh_p);
            handshakeOutStream.b(this.dh_g);
            handshakeOutStream.b(this.dh_Ys);
            byte[] bArr = this.signature;
            if (bArr != null) {
                if (dhKeyExchangeFix) {
                    handshakeOutStream.b(bArr);
                } else {
                    handshakeOutStream.write(bArr);
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public BigInteger g() {
            return new BigInteger(1, this.dh_g);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public BigInteger h() {
            return new BigInteger(1, this.dh_p);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public BigInteger i() {
            return new BigInteger(1, this.dh_Ys);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class DistinguishedName {
        byte[] a;

        DistinguishedName(HandshakeInStream handshakeInStream) throws IOException {
            this.a = handshakeInStream.c();
        }

        DistinguishedName(X500Principal x500Principal) {
            this.a = x500Principal.getEncoded();
        }

        X500Principal a() throws IOException {
            try {
                return new X500Principal(this.a);
            } catch (IllegalArgumentException e) {
                throw ((SSLProtocolException) new SSLProtocolException(e.getMessage()).initCause(e));
            }
        }

        int b() {
            return this.a.length + 2;
        }

        void c(PrintStream printStream) throws IOException {
            printStream.println("<" + new X500Principal(this.a).toString() + ">");
        }

        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.b(this.a);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class ECDH_ServerKeyExchange extends ServerKeyExchange {
        private static final int CURVE_NAMED_CURVE = 3;
        private int curveId;
        private byte[] pointBytes;
        private byte[] signatureBytes;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECDH_ServerKeyExchange(HandshakeInStream handshakeInStream, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws IOException, GeneralSecurityException {
            this.pointBytes = null;
            this.signatureBytes = null;
            int l = handshakeInStream.l();
            if (l != 3) {
                throw new SSLHandshakeException("Unsupported ECCurveType: " + l);
            }
            int g = handshakeInStream.g();
            this.curveId = g;
            if (g != 0) {
                throw new SSLHandshakeException("Unsupported curveId: " + this.curveId);
            }
            this.pointBytes = handshakeInStream.f();
            this.signatureBytes = handshakeInStream.c();
            try {
                if (new SoftImpl().verify(getSignSource(bArr, bArr2, l, this.curveId, this.pointBytes), this.signatureBytes, publicKey, IHSM.SM3withSM2, SM2Id.getVerifyId("TLS"))) {
                } else {
                    throw new SSLKeyException("Invalid signature on ECDH server key exchange message");
                }
            } catch (Exception e) {
                throw new GeneralSecurityException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECDH_ServerKeyExchange(ProtocolVersion protocolVersion, ECDHCrypt eCDHCrypt, byte[] bArr, byte[] bArr2, SSLContextImpl sSLContextImpl) throws GeneralSecurityException {
            this.pointBytes = null;
            this.signatureBytes = null;
            if (protocolVersion.a != ProtocolVersion.h.a) {
                throw new GeneralSecurityException("Unsupported ProtocolVersion");
            }
            try {
                KeyStore encStore = sSLContextImpl.getEncStore();
                byte[] priKey = encStore.getPriKey();
                byte[] sm2PublicKeyToByte = CipherUtil.sm2PublicKeyToByte(encStore.getCert().getPublicKey());
                eCDHCrypt.f(priKey);
                eCDHCrypt.g(sm2PublicKeyToByte);
                this.pointBytes = new byte[eCDHCrypt.e().length];
                System.arraycopy(eCDHCrypt.e(), 0, this.pointBytes, 0, eCDHCrypt.e().length);
                this.curveId = 0;
                byte[] signSource = getSignSource(bArr, bArr2, 3, 0, this.pointBytes);
                KeyStore signStore = sSLContextImpl.getSignStore();
                try {
                    this.signatureBytes = new SoftImpl().signSM2(signStore.getPriKey(), signStore.getCert().getPublicKey(), signSource, IHSM.SM3withSM2, SM2Id.getSignId("TLS"));
                } catch (Exception e) {
                    throw new GeneralSecurityException(e);
                }
            } catch (Exception e2) {
                throw new GeneralSecurityException("exception when parse enc keypair for DHE", e2);
            }
        }

        private byte[] getSignSource(byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) {
            byte[] bArr4 = new byte[bArr.length + bArr2.length + 4 + bArr3.length];
            System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
            System.arraycopy(bArr2, 0, bArr4, bArr.length, bArr2.length);
            bArr4[bArr.length + bArr2.length] = (byte) i;
            bArr4[bArr.length + bArr2.length + 1] = (byte) ((i2 >> 8) & 255);
            bArr4[bArr.length + bArr2.length + 2] = (byte) (i2 & 255);
            bArr4[bArr.length + bArr2.length + 3] = (byte) bArr3.length;
            System.arraycopy(bArr3, 0, bArr4, bArr.length + bArr2.length + 4, bArr3.length);
            return bArr4;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return this.pointBytes.length + 1 + 3 + this.signatureBytes.length + 2;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** ECDH ServerKeyExchange");
            if (HandshakeMessage.k == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.println("Server key: " + new HexDumpEncoder().encode(this.pointBytes));
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.i(3);
            handshakeOutStream.f(this.curveId);
            handshakeOutStream.e(this.pointBytes);
            handshakeOutStream.b(this.signatureBytes);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] g() {
            return this.pointBytes;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class Finished extends HandshakeMessage {
        static final int p = 1;
        static final int q = 2;
        private byte[] verifyData;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Finished(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, int i, byte[] bArr) {
            this.verifyData = getFinished(protocolVersion, handshakeHash, i, bArr);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Finished(ProtocolVersion protocolVersion, HandshakeInStream handshakeInStream) throws IOException {
            byte[] bArr = new byte[12];
            this.verifyData = bArr;
            handshakeInStream.read(bArr);
        }

        private static byte[] getFinished(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, int i, byte[] bArr) {
            String str;
            if (i == 1) {
                str = "client finished";
            } else {
                if (i != 2) {
                    throw new RuntimeException("Invalid sender: " + i);
                }
                str = "server finished";
            }
            if (protocolVersion.a == ProtocolVersion.h.a) {
                byte[] bArr2 = new byte[32];
                handshakeHash.b().digest(bArr2);
                return Handshaker.a(bArr, str, bArr2, 12);
            }
            throw new RuntimeException("Digest failed: unkown protocalVersion [" + protocolVersion.a + "]");
        }

        private static void updateDigest(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, byte[] bArr3, SecretKey secretKey) {
            messageDigest.update(bArr);
            CertificateVerify.g(messageDigest, bArr2, bArr3, secretKey);
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return this.verifyData.length;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 20;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** Finished");
            if (HandshakeMessage.k == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.b(printStream, "verify_data", this.verifyData);
            printStream.println("***");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.write(this.verifyData);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] g() {
            return this.verifyData;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean h(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, int i, byte[] bArr) {
            return Arrays.equals(getFinished(protocolVersion, handshakeHash, i, bArr), this.verifyData);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class HelloRequest extends HandshakeMessage {
        /* JADX INFO: Access modifiers changed from: package-private */
        public HelloRequest() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public HelloRequest(HandshakeInStream handshakeInStream) throws IOException {
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return 0;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 0;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** HelloRequest (empty)");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
        }
    }

    /* loaded from: classes.dex */
    static final class RSA_ServerKeyExchange extends ServerKeyExchange {
        private byte[] rsa_exponent;
        private byte[] rsa_modulus;
        private Signature signature;
        private byte[] signatureBytes;

        RSA_ServerKeyExchange(HandshakeInStream handshakeInStream) throws IOException, NoSuchAlgorithmException {
            this.signature = RSASignature.a();
            this.rsa_modulus = handshakeInStream.c();
            this.rsa_exponent = handshakeInStream.c();
            this.signatureBytes = handshakeInStream.c();
        }

        RSA_ServerKeyExchange(PublicKey publicKey, PrivateKey privateKey, RandomCookie randomCookie, RandomCookie randomCookie2, SecureRandom secureRandom) throws GeneralSecurityException {
            RSAPublicKeySpec k = JsseJce.k(publicKey);
            this.rsa_modulus = HandshakeMessage.e(k.getModulus());
            this.rsa_exponent = HandshakeMessage.e(k.getPublicExponent());
            Signature a = RSASignature.a();
            this.signature = a;
            a.initSign(privateKey, secureRandom);
            updateSignature(randomCookie.a, randomCookie2.a);
            this.signatureBytes = this.signature.sign();
        }

        private void updateSignature(byte[] bArr, byte[] bArr2) throws SignatureException {
            this.signature.update(bArr);
            this.signature.update(bArr2);
            int length = this.rsa_modulus.length;
            this.signature.update((byte) (length >> 8));
            this.signature.update((byte) (length & 255));
            this.signature.update(this.rsa_modulus);
            int length2 = this.rsa_exponent.length;
            this.signature.update((byte) (length2 >> 8));
            this.signature.update((byte) (length2 & 255));
            this.signature.update(this.rsa_exponent);
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return this.rsa_modulus.length + 6 + this.rsa_exponent.length + this.signatureBytes.length;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void c(PrintStream printStream) throws IOException {
            printStream.println("*** RSA ServerKeyExchange");
            if (HandshakeMessage.k == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.b(printStream, "RSA Modulus", this.rsa_modulus);
            Debug.b(printStream, "RSA Public Exponent", this.rsa_exponent);
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.b(this.rsa_modulus);
            handshakeOutStream.b(this.rsa_exponent);
            handshakeOutStream.b(this.signatureBytes);
        }

        PublicKey g() {
            try {
                return JsseJce.d(IHSM.RSA).generatePublic(new RSAPublicKeySpec(new BigInteger(1, this.rsa_modulus), new BigInteger(1, this.rsa_exponent)));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        boolean h(PublicKey publicKey, RandomCookie randomCookie, RandomCookie randomCookie2) throws GeneralSecurityException {
            this.signature.initVerify(publicKey);
            updateSignature(randomCookie.a, randomCookie2.a);
            return this.signature.verify(this.signatureBytes);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class SM2_ServerKeyExchange extends ServerKeyExchange {
        private byte[] signatureBytes;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SM2_ServerKeyExchange(HandshakeInStream handshakeInStream) throws IOException {
            this.signatureBytes = null;
            this.signatureBytes = handshakeInStream.c();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SM2_ServerKeyExchange(ProtocolVersion protocolVersion, byte[] bArr, byte[] bArr2, SSLContextImpl sSLContextImpl) throws GeneralSecurityException {
            this.signatureBytes = null;
            KeyStore signStore = sSLContextImpl.getSignStore();
            try {
                this.signatureBytes = new SoftImpl().signSM2(signStore.getPriKey(), signStore.getCert().getPublicKey(), getSignSource(bArr, bArr2, sSLContextImpl.getEncStore().getCert()), IHSM.SM3withSM2, SM2Id.getSignId("TLS"));
            } catch (Exception e) {
                throw new GeneralSecurityException(e);
            }
        }

        private byte[] getSignSource(byte[] bArr, byte[] bArr2, Certificate certificate) throws Exception {
            byte[] encoded = certificate.getEncoded();
            int length = encoded.length;
            byte[] bArr3 = new byte[bArr.length + bArr2.length + 3 + encoded.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
            bArr3[bArr.length + bArr2.length] = (byte) ((length >>> 16) & 255);
            bArr3[bArr.length + bArr2.length + 1] = (byte) ((length >>> 8) & 255);
            bArr3[bArr.length + bArr2.length + 2] = (byte) (length & 255);
            System.arraycopy(encoded, 0, bArr3, bArr.length + bArr2.length + 3, encoded.length);
            return bArr3;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return this.signatureBytes.length + 2;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** SM2 ServerKeyExchange");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.b(this.signatureBytes);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean g(PublicKey publicKey, RandomCookie randomCookie, RandomCookie randomCookie2, Certificate certificate) throws GeneralSecurityException {
            try {
                return new SoftImpl().verify(getSignSource(randomCookie.a, randomCookie2.a, certificate), this.signatureBytes, publicKey, IHSM.SM3withSM2, "1234567812345678");
            } catch (Exception e) {
                throw new GeneralSecurityException("verify serverKeyExchange K_ECC exception", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class ServerHello extends HandshakeMessage {
        ProtocolVersion p;
        RandomCookie q;
        SessionID r;
        CipherSuite s;
        byte t;
        HelloExtensions u;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerHello() {
            this.u = new HelloExtensions();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerHello(HandshakeInStream handshakeInStream, int i) throws IOException {
            this.u = new HelloExtensions();
            this.p = ProtocolVersion.a(handshakeInStream.l(), handshakeInStream.l());
            this.q = new RandomCookie(handshakeInStream);
            this.r = new SessionID(handshakeInStream.f());
            this.s = CipherSuite.d(handshakeInStream.l(), handshakeInStream.l());
            this.t = (byte) handshakeInStream.l();
            if (a() != i) {
                this.u = new HelloExtensions(handshakeInStream);
            }
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return this.r.b() + 38 + this.u.c();
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 2;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** ServerHello, " + this.p);
            if (HandshakeMessage.k == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("RandomCookie:  ");
            this.q.a(printStream);
            printStream.print("Session ID:  ");
            printStream.println(this.r);
            printStream.println("Cipher Suite: " + this.s);
            printStream.println("Compression Method: " + ((int) this.t));
            this.u.e(printStream);
            printStream.println("***");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.i(this.p.b);
            handshakeOutStream.i(this.p.c);
            this.q.b(handshakeOutStream);
            handshakeOutStream.e(this.r.a());
            handshakeOutStream.i(this.s.b >> 8);
            handshakeOutStream.i(this.s.b & 255);
            handshakeOutStream.i(this.t);
            this.u.f(handshakeOutStream);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static final class ServerHelloDone extends HandshakeMessage {
        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerHelloDone() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerHelloDone(HandshakeInStream handshakeInStream) {
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int a() {
            return 0;
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 14;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        public void c(PrintStream printStream) throws IOException {
            printStream.println("*** ServerHelloDone");
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        void d(HandshakeOutStream handshakeOutStream) throws IOException {
        }
    }

    /* loaded from: classes.dex */
    static abstract class ServerKeyExchange extends HandshakeMessage {
        ServerKeyExchange() {
        }

        @Override // cn.com.infosec.mobile.gm.tls.HandshakeMessage
        int b() {
            return 12;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] e(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length <= 1 || byteArray[0] != 0) {
            return byteArray;
        }
        int length = byteArray.length - 1;
        byte[] bArr = new byte[length];
        System.arraycopy(byteArray, 1, bArr, 0, length);
        return bArr;
    }

    private static byte[] genPad(int i2, int i3) {
        byte[] bArr = new byte[i3];
        Arrays.fill(bArr, (byte) i2);
        return bArr;
    }

    abstract int a();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract int b();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void c(PrintStream printStream) throws IOException;

    abstract void d(HandshakeOutStream handshakeOutStream) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void f(HandshakeOutStream handshakeOutStream) throws IOException {
        int a2 = a();
        if (a2 <= 16777216) {
            handshakeOutStream.write(b());
            handshakeOutStream.g(a2);
            d(handshakeOutStream);
        } else {
            throw new SSLException("Handshake message too big, type = " + b() + ", len = " + a2);
        }
    }
}
