package sun.security.ssl;

import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Iterator;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSocket;
import org.eclipse.jetty.npn.NextProtoNego;
import sun.misc.HexDumpEncoder;
import sun.security.internal.interfaces.TlsMasterSecret;
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialSpec;
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
import sun.security.ssl.CipherSuite;
import sun.security.ssl.HandshakeMessage;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public abstract class Handshaker {
    private CipherSuiteList activeCipherSuites;
    ProtocolVersion activeProtocolVersion;
    private ProtocolList activeProtocols;
    private AlgorithmConstraints algorithmConstraints;
    CipherSuite cipherSuite;
    byte[] clientVerifyData;
    private SecretKey clntMacSecret;
    private IvParameterSpec clntWriteIV;
    private SecretKey clntWriteKey;
    RandomCookie clnt_random;
    SSLSocketImpl conn;
    private volatile DelegatedTask delegatedTask;
    boolean enableNewSession;
    private CipherSuiteList enabledCipherSuites;
    private ProtocolList enabledProtocols;
    SSLEngineImpl engine;
    HandshakeHash handshakeHash;
    String identificationProtocol;
    HandshakeInStream input;
    boolean invalidated;
    private boolean isClient;
    boolean isInitialHandshake;
    CipherSuite.KeyExchange keyExchange;
    Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
    private boolean needCertVerify;
    HandshakeOutStream output;
    Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
    ProtocolVersion protocolVersion;
    boolean resumingSession;
    boolean secureRenegotiation;
    byte[] serverVerifyData;
    SSLSessionImpl session;
    SSLContextImpl sslContext;
    int state;
    private SecretKey svrMacSecret;
    private IvParameterSpec svrWriteIV;
    private SecretKey svrWriteKey;
    RandomCookie svr_random;
    private volatile boolean taskDelegated;
    private volatile Exception thrown;
    private Object thrownLock;
    static final Debug debug = Debug.getInstance("ssl");
    static final boolean allowUnsafeRenegotiation = Debug.getBooleanProperty("sun.security.ssl.allowUnsafeRenegotiation", false);
    static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty("sun.security.ssl.allowLegacyHelloMessages", true);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class DelegatedTask<E> implements Runnable {
        private PrivilegedExceptionAction<E> pea;

        DelegatedTask(PrivilegedExceptionAction<E> privilegedExceptionAction) {
            this.pea = privilegedExceptionAction;
        }

        @Override // java.lang.Runnable
        public void run() {
            synchronized (Handshaker.this.engine) {
                try {
                    AccessController.doPrivileged(this.pea, Handshaker.this.engine.getAcc());
                } catch (RuntimeException e) {
                    Handshaker.this.thrown = e;
                } catch (PrivilegedActionException e2) {
                    Handshaker.this.thrown = e2.getException();
                }
                Handshaker.this.delegatedTask = null;
                Handshaker.this.taskDelegated = false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLEngineImpl sSLEngineImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2) {
        this.algorithmConstraints = null;
        this.conn = null;
        this.engine = null;
        this.taskDelegated = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.thrownLock = new Object();
        this.engine = sSLEngineImpl;
        init(sSLContextImpl, protocolList, z, z2, protocolVersion, z3, z4, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2) {
        this.algorithmConstraints = null;
        this.conn = null;
        this.engine = null;
        this.taskDelegated = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.thrownLock = new Object();
        this.conn = sSLSocketImpl;
        init(sSLContextImpl, protocolList, z, z2, protocolVersion, z3, z4, bArr, bArr2);
    }

    private SecretKey calculateMasterSecret(SecretKey secretKey, ProtocolVersion protocolVersion) {
        String str;
        CipherSuite.PRF prf;
        if (debug != null && Debug.isOn("keygen")) {
            HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
            System.out.println("SESSION KEYGEN:");
            System.out.println("PreMaster Secret:");
            printHex(hexDumpEncoder, secretKey.getEncoded());
        }
        if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
            str = "SunTls12MasterSecret";
            prf = this.cipherSuite.prfAlg;
        } else {
            str = "SunTlsMasterSecret";
            prf = CipherSuite.PRF.P_NONE;
        }
        AlgorithmParameterSpec tlsMasterSecretParameterSpec = new TlsMasterSecretParameterSpec(secretKey, this.protocolVersion.major, this.protocolVersion.minor, this.clnt_random.random_bytes, this.svr_random.random_bytes, prf.getPRFHashAlg(), prf.getPRFHashLength(), prf.getPRFBlockSize());
        try {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(str);
            keyGenerator.init(tlsMasterSecretParameterSpec);
            TlsMasterSecret generateKey = keyGenerator.generateKey();
            if (protocolVersion == null || !(generateKey instanceof TlsMasterSecret)) {
                return generateKey;
            }
            TlsMasterSecret tlsMasterSecret = generateKey;
            int majorVersion = tlsMasterSecret.getMajorVersion();
            int minorVersion = tlsMasterSecret.getMinorVersion();
            if (majorVersion < 0 || minorVersion < 0) {
                return generateKey;
            }
            ProtocolVersion valueOf = ProtocolVersion.valueOf(majorVersion, minorVersion);
            boolean z = valueOf.v != protocolVersion.v;
            if (z && protocolVersion.v <= ProtocolVersion.TLS10.v) {
                z = valueOf.v != this.protocolVersion.v;
            }
            if (!z) {
                return generateKey;
            }
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("RSA PreMasterSecret version error: expected" + this.protocolVersion + " or " + protocolVersion + ", decrypted: " + valueOf);
                System.out.println("Generating new random premaster secret");
            }
            return calculateMasterSecret(RSAClientKeyExchange.generateDummySecret(protocolVersion), null);
        } catch (GeneralSecurityException e) {
            if (!secretKey.getAlgorithm().equals("TlsRsaPremasterSecret")) {
                throw new ProviderException(e);
            }
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("RSA master secret generation error:");
                e.printStackTrace(System.out);
                System.out.println("Generating new random premaster secret");
            }
            return calculateMasterSecret(protocolVersion != null ? RSAClientKeyExchange.generateDummySecret(protocolVersion) : RSAClientKeyExchange.generateDummySecret(this.protocolVersion), null);
        }
    }

    private <T> void delegateTask(PrivilegedExceptionAction<T> privilegedExceptionAction) {
        this.delegatedTask = new DelegatedTask(privilegedExceptionAction);
        this.taskDelegated = false;
        this.thrown = null;
    }

    private void init(SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2) {
        if (debug != null && Debug.isOn("handshake")) {
            System.out.println("Allow unsafe renegotiation: " + allowUnsafeRenegotiation + "\nAllow legacy hello messages: " + allowLegacyHelloMessages + "\nIs initial handshake: " + z3 + "\nIs secure renegotiation: " + z4);
        }
        this.sslContext = sSLContextImpl;
        this.isClient = z2;
        this.needCertVerify = z;
        this.activeProtocolVersion = protocolVersion;
        this.isInitialHandshake = z3;
        this.secureRenegotiation = z4;
        this.clientVerifyData = bArr;
        this.serverVerifyData = bArr2;
        this.enableNewSession = true;
        this.invalidated = false;
        setCipherSuite(CipherSuite.C_NULL);
        setEnabledProtocols(protocolList);
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            this.algorithmConstraints = new SSLAlgorithmConstraints(sSLSocketImpl, true);
        } else {
            this.algorithmConstraints = new SSLAlgorithmConstraints(this.engine, true);
        }
        this.state = -2;
    }

    private static void printHex(HexDumpEncoder hexDumpEncoder, byte[] bArr) {
        if (bArr == null) {
            System.out.println("(key bytes not available)");
        } else {
            try {
                hexDumpEncoder.encodeBuffer(bArr, System.out);
            } catch (IOException unused) {
            }
        }
    }

    private void setVersionSE(ProtocolVersion protocolVersion) {
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.setVersion(protocolVersion);
        } else {
            this.engine.setVersion(protocolVersion);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void throwSSLException(String str, Throwable th) throws SSLException {
        SSLException sSLException = new SSLException(str);
        sSLException.initCause(th);
        throw sSLException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void activate(ProtocolVersion protocolVersion) throws IOException {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        if (this.activeProtocols.collection().isEmpty() || this.activeProtocols.max.v == ProtocolVersion.NONE.v) {
            throw new SSLHandshakeException("No appropriate protocol");
        }
        if (this.activeCipherSuites == null) {
            this.activeCipherSuites = getActiveCipherSuites();
        }
        if (this.activeCipherSuites.collection().isEmpty()) {
            throw new SSLHandshakeException("No appropriate cipher suite");
        }
        if (this.isInitialHandshake) {
            this.protocolVersion = this.activeProtocols.max;
        } else {
            this.protocolVersion = this.activeProtocolVersion;
        }
        if (protocolVersion == null || protocolVersion.v == ProtocolVersion.NONE.v) {
            protocolVersion = this.activeProtocols.helloVersion;
        }
        this.handshakeHash = new HandshakeHash(!this.isClient, this.needCertVerify, SignatureAndHashAlgorithm.getHashAlgorithmNames(getLocalSupportedSignAlgs()));
        this.input = new HandshakeInStream(this.handshakeHash);
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            this.output = new HandshakeOutStream(this.protocolVersion, protocolVersion, this.handshakeHash, sSLSocketImpl);
            this.conn.getAppInputStream().r.setHandshakeHash(this.handshakeHash);
            this.conn.getAppInputStream().r.setHelloVersion(protocolVersion);
            this.conn.getAppOutputStream().r.setHelloVersion(protocolVersion);
        } else {
            this.output = new HandshakeOutStream(this.protocolVersion, protocolVersion, this.handshakeHash, this.engine);
            this.engine.inputRecord.setHandshakeHash(this.handshakeHash);
            this.engine.inputRecord.setHelloVersion(protocolVersion);
            this.engine.outputRecord.setHelloVersion(protocolVersion);
        }
        this.state = -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean activated() {
        return this.state >= -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void calculateConnectionKeys(SecretKey secretKey) {
        String str;
        CipherSuite.PRF prf;
        TlsKeyMaterialSpec generateKey;
        int i = this.cipherSuite.macAlg.size;
        boolean z = this.cipherSuite.exportable;
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        int i2 = z ? bulkCipher.expandedKeySize : 0;
        if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
            str = "SunTls12KeyMaterial";
            prf = this.cipherSuite.prfAlg;
        } else {
            str = "SunTlsKeyMaterial";
            prf = CipherSuite.PRF.P_NONE;
        }
        AlgorithmParameterSpec tlsKeyMaterialParameterSpec = new TlsKeyMaterialParameterSpec(secretKey, this.protocolVersion.major, this.protocolVersion.minor, this.clnt_random.random_bytes, this.svr_random.random_bytes, bulkCipher.algorithm, bulkCipher.keySize, i2, bulkCipher.ivSize, i, prf.getPRFHashAlg(), prf.getPRFHashLength(), prf.getPRFBlockSize());
        try {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(str);
            keyGenerator.init(tlsKeyMaterialParameterSpec);
            generateKey = keyGenerator.generateKey();
        } catch (GeneralSecurityException e) {
            e = e;
        }
        try {
            this.clntWriteKey = generateKey.getClientCipherKey();
            this.svrWriteKey = generateKey.getServerCipherKey();
            this.clntWriteIV = generateKey.getClientIv();
            this.svrWriteIV = generateKey.getServerIv();
            this.clntMacSecret = generateKey.getClientMacKey();
            this.svrMacSecret = generateKey.getServerMacKey();
            if (debug == null || !Debug.isOn("keygen")) {
                return;
            }
            synchronized (System.out) {
                HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
                System.out.println("CONNECTION KEYGEN:");
                System.out.println("Client Nonce:");
                printHex(hexDumpEncoder, this.clnt_random.random_bytes);
                System.out.println("Server Nonce:");
                printHex(hexDumpEncoder, this.svr_random.random_bytes);
                System.out.println("Master Secret:");
                printHex(hexDumpEncoder, secretKey.getEncoded());
                System.out.println("Client MAC write Secret:");
                printHex(hexDumpEncoder, this.clntMacSecret.getEncoded());
                System.out.println("Server MAC write Secret:");
                printHex(hexDumpEncoder, this.svrMacSecret.getEncoded());
                if (this.clntWriteKey != null) {
                    System.out.println("Client write key:");
                    printHex(hexDumpEncoder, this.clntWriteKey.getEncoded());
                    System.out.println("Server write key:");
                    printHex(hexDumpEncoder, this.svrWriteKey.getEncoded());
                } else {
                    System.out.println("... no encryption keys used");
                }
                if (this.clntWriteIV != null) {
                    System.out.println("Client write IV:");
                    printHex(hexDumpEncoder, this.clntWriteIV.getIV());
                    System.out.println("Server write IV:");
                    printHex(hexDumpEncoder, this.svrWriteIV.getIV());
                } else if (this.protocolVersion.v >= ProtocolVersion.TLS11.v) {
                    System.out.println("... no IV derived for this protocol");
                } else {
                    System.out.println("... no IV used for this cipher");
                }
                System.out.flush();
            }
        } catch (GeneralSecurityException e2) {
            e = e2;
            throw new ProviderException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void calculateKeys(SecretKey secretKey, ProtocolVersion protocolVersion) {
        SecretKey calculateMasterSecret = calculateMasterSecret(secretKey, protocolVersion);
        this.session.setMasterSecret(calculateMasterSecret);
        calculateConnectionKeys(calculateMasterSecret);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkThrown() throws SSLException {
        synchronized (this.thrownLock) {
            if (this.thrown != null) {
                String message = this.thrown.getMessage();
                if (message == null) {
                    message = "Delegated task threw Exception/Error";
                }
                Exception exc = this.thrown;
                this.thrown = null;
                if (exc instanceof RuntimeException) {
                    throw ((RuntimeException) new RuntimeException(message).initCause(exc));
                }
                if (exc instanceof SSLHandshakeException) {
                    throw ((SSLHandshakeException) new SSLHandshakeException(message).initCause(exc));
                }
                if (exc instanceof SSLKeyException) {
                    throw ((SSLKeyException) new SSLKeyException(message).initCause(exc));
                }
                if (exc instanceof SSLPeerUnverifiedException) {
                    throw ((SSLPeerUnverifiedException) new SSLPeerUnverifiedException(message).initCause(exc));
                }
                if (!(exc instanceof SSLProtocolException)) {
                    throw ((SSLException) new SSLException(message).initCause(exc));
                }
                throw ((SSLProtocolException) new SSLProtocolException(message).initCause(exc));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, String str) throws IOException {
        fatalSE(b, str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, String str, Throwable th) throws IOException {
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.fatal(b, str, th);
        } else {
            this.engine.fatal(b, str, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, Throwable th) throws IOException {
        fatalSE(b, null, th);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlContext getAccSE() {
        SSLSocketImpl sSLSocketImpl = this.conn;
        return sSLSocketImpl != null ? sSLSocketImpl.getAcc() : this.engine.getAcc();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherSuiteList getActiveCipherSuites() {
        if (this.activeCipherSuites == null) {
            if (this.activeProtocols == null) {
                this.activeProtocols = getActiveProtocols();
            }
            ArrayList arrayList = new ArrayList();
            if (!this.activeProtocols.collection().isEmpty() && this.activeProtocols.min.v != ProtocolVersion.NONE.v) {
                for (CipherSuite cipherSuite : this.enabledCipherSuites.collection()) {
                    if (cipherSuite.obsoleted <= this.activeProtocols.min.v || cipherSuite.supported > this.activeProtocols.max.v) {
                        if (debug != null && Debug.isOn("verbose")) {
                            if (cipherSuite.obsoleted <= this.activeProtocols.min.v) {
                                System.out.println("Ignoring obsoleted cipher suite: " + cipherSuite);
                            } else {
                                System.out.println("Ignoring unsupported cipher suite: " + cipherSuite);
                            }
                        }
                    } else if (this.algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cipherSuite.name, null)) {
                        arrayList.add(cipherSuite);
                    }
                }
            }
            this.activeCipherSuites = new CipherSuiteList(arrayList);
        }
        return this.activeCipherSuites;
    }

    ProtocolList getActiveProtocols() {
        if (this.activeProtocols == null) {
            ArrayList arrayList = new ArrayList(4);
            for (ProtocolVersion protocolVersion : this.enabledProtocols.collection()) {
                boolean z = false;
                Iterator it = this.enabledCipherSuites.collection().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    CipherSuite cipherSuite = (CipherSuite) it.next();
                    if (cipherSuite.isAvailable() && cipherSuite.obsoleted > protocolVersion.v && cipherSuite.supported <= protocolVersion.v) {
                        if (this.algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cipherSuite.name, null)) {
                            arrayList.add(protocolVersion);
                            z = true;
                            break;
                        }
                        if (debug != null && Debug.isOn("verbose")) {
                            System.out.println("Ignoring disabled cipher suite: " + cipherSuite + " for " + protocolVersion);
                        }
                    } else if (debug != null && Debug.isOn("verbose")) {
                        System.out.println("Ignoring unsupported cipher suite: " + cipherSuite + " for " + protocolVersion);
                    }
                }
                if (!z && debug != null && Debug.isOn("handshake")) {
                    System.out.println("No available cipher suite for " + protocolVersion);
                }
            }
            this.activeProtocols = new ProtocolList(arrayList);
        }
        return this.activeProtocols;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getClientVerifyData() {
        return this.clientVerifyData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHostAddressSE() {
        SSLSocketImpl sSLSocketImpl = this.conn;
        return sSLSocketImpl != null ? sSLSocketImpl.getInetAddress().getHostAddress() : this.engine.getPeerHost();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHostSE() {
        SSLSocketImpl sSLSocketImpl = this.conn;
        return sSLSocketImpl != null ? sSLSocketImpl.getHost() : this.engine.getPeerHost();
    }

    abstract HandshakeMessage getKickstartMessage() throws SSLException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getLocalPortSE() {
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.getLocalPort();
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<SignatureAndHashAlgorithm> getLocalSupportedSignAlgs() {
        if (this.localSupportedSignAlgs == null) {
            this.localSupportedSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms(this.algorithmConstraints);
        }
        return this.localSupportedSignAlgs;
    }

    Collection<SignatureAndHashAlgorithm> getPeerSupportedSignAlgs() {
        return this.peerSupportedSignAlgs;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getPortSE() {
        SSLSocketImpl sSLSocketImpl = this.conn;
        return sSLSocketImpl != null ? sSLSocketImpl.getPort() : this.engine.getPeerPort();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRawHostnameSE() {
        SSLSocketImpl sSLSocketImpl = this.conn;
        return sSLSocketImpl != null ? sSLSocketImpl.getRawHostname() : this.engine.getPeerHost();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getServerVerifyData() {
        return this.serverVerifyData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSessionImpl getSession() {
        return this.session;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DelegatedTask getTask() {
        if (this.taskDelegated) {
            return null;
        }
        this.taskDelegated = true;
        return this.delegatedTask;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void handshakeAlert(byte b) throws SSLProtocolException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isDone() {
        return this.state == 20;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLoopbackSE() {
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            return sSLSocketImpl.getInetAddress().isLoopbackAddress();
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isNegotiable(CipherSuite cipherSuite) {
        if (this.activeCipherSuites == null) {
            this.activeCipherSuites = getActiveCipherSuites();
        }
        return this.activeCipherSuites.contains(cipherSuite) && cipherSuite.isNegotiable();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isNegotiable(ProtocolVersion protocolVersion) {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        return this.activeProtocols.contains(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSecureRenegotiation() {
        return this.secureRenegotiation;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void kickstart() throws IOException {
        if (this.state >= 0) {
            return;
        }
        HandshakeMessage kickstartMessage = getKickstartMessage();
        if (debug != null && Debug.isOn("handshake")) {
            kickstartMessage.print(System.out);
        }
        kickstartMessage.write(this.output);
        this.output.flush();
        this.state = kickstartMessage.messageType();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherBox newReadCipher() throws NoSuchAlgorithmException {
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        if (this.isClient) {
            CipherBox newCipher = bulkCipher.newCipher(this.protocolVersion, this.svrWriteKey, this.svrWriteIV, this.sslContext.getSecureRandom(), false);
            this.svrWriteKey = null;
            this.svrWriteIV = null;
            return newCipher;
        }
        CipherBox newCipher2 = bulkCipher.newCipher(this.protocolVersion, this.clntWriteKey, this.clntWriteIV, this.sslContext.getSecureRandom(), false);
        this.clntWriteKey = null;
        this.clntWriteIV = null;
        return newCipher2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MAC newReadMAC() throws NoSuchAlgorithmException, InvalidKeyException {
        CipherSuite.MacAlg macAlg = this.cipherSuite.macAlg;
        if (this.isClient) {
            MAC newMac = macAlg.newMac(this.protocolVersion, this.svrMacSecret);
            this.svrMacSecret = null;
            return newMac;
        }
        MAC newMac2 = macAlg.newMac(this.protocolVersion, this.clntMacSecret);
        this.clntMacSecret = null;
        return newMac2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherBox newWriteCipher() throws NoSuchAlgorithmException {
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        if (this.isClient) {
            CipherBox newCipher = bulkCipher.newCipher(this.protocolVersion, this.clntWriteKey, this.clntWriteIV, this.sslContext.getSecureRandom(), true);
            this.clntWriteKey = null;
            this.clntWriteIV = null;
            return newCipher;
        }
        CipherBox newCipher2 = bulkCipher.newCipher(this.protocolVersion, this.svrWriteKey, this.svrWriteIV, this.sslContext.getSecureRandom(), true);
        this.svrWriteKey = null;
        this.svrWriteIV = null;
        return newCipher2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MAC newWriteMAC() throws NoSuchAlgorithmException, InvalidKeyException {
        CipherSuite.MacAlg macAlg = this.cipherSuite.macAlg;
        if (this.isClient) {
            MAC newMac = macAlg.newMac(this.protocolVersion, this.clntMacSecret);
            this.clntMacSecret = null;
            return newMac;
        }
        MAC newMac2 = macAlg.newMac(this.protocolVersion, this.svrMacSecret);
        this.svrMacSecret = null;
        return newMac2;
    }

    void processLoop() throws IOException {
        while (this.input.available() >= 4) {
            this.input.mark(4);
            byte int8 = (byte) this.input.getInt8();
            int int24 = this.input.getInt24();
            if (this.input.available() < int24) {
                this.input.reset();
                return;
            } else if (int8 == 0) {
                this.input.reset();
                processMessage(int8, int24);
                this.input.ignore(int24 + 4);
            } else {
                this.input.mark(int24);
                processMessage(int8, int24);
                this.input.digestNow();
            }
        }
    }

    abstract void processMessage(byte b, int i) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void process_record(InputRecord inputRecord, boolean z) throws IOException {
        checkThrown();
        this.input.incomingRecord(inputRecord);
        if (this.conn != null || z) {
            processLoop();
        } else {
            delegateTask(new PrivilegedExceptionAction<Void>() { // from class: sun.security.ssl.Handshaker.1
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    Handshaker.this.processLoop();
                    return null;
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion selectProtocolVersion(ProtocolVersion protocolVersion) {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        return this.activeProtocols.selectProtocolVersion(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendChangeCipherSpec(HandshakeMessage.Finished finished, boolean z) throws IOException {
        this.output.flush();
        OutputRecord outputRecord = this.conn != null ? new OutputRecord((byte) 20) : new EngineOutputRecord((byte) 20, this.engine);
        outputRecord.setVersion(this.protocolVersion);
        outputRecord.write(1);
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.writeLock.lock();
            try {
                this.conn.writeRecord(outputRecord);
                this.conn.changeWriteCiphers();
                sendNextProtocol(NextProtoNego.get((SSLSocket) this.conn));
                HandshakeMessage.Finished updateFinished = updateFinished(finished);
                if (debug != null && Debug.isOn("handshake")) {
                    updateFinished.print(System.out);
                }
                updateFinished.write(this.output);
                this.output.flush();
                return;
            } finally {
                this.conn.writeLock.unlock();
            }
        }
        synchronized (this.engine.writeLock) {
            this.engine.writeRecord((EngineOutputRecord) outputRecord);
            this.engine.changeWriteCiphers();
            sendNextProtocol(NextProtoNego.get(this.engine));
            HandshakeMessage.Finished updateFinished2 = updateFinished(finished);
            if (debug != null && Debug.isOn("handshake")) {
                updateFinished2.print(System.out);
            }
            updateFinished2.write(this.output);
            if (z) {
                this.output.setFinishedMsg();
            }
            this.output.flush();
        }
    }

    void sendNextProtocol(NextProtoNego.Provider provider) throws IOException {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.algorithmConstraints = new SSLAlgorithmConstraints(algorithmConstraints);
        this.localSupportedSignAlgs = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCipherSuite(CipherSuite cipherSuite) {
        this.cipherSuite = cipherSuite;
        this.keyExchange = cipherSuite.keyExchange;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEnableSessionCreation(boolean z) {
        this.enableNewSession = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEnabledCipherSuites(CipherSuiteList cipherSuiteList) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.enabledCipherSuites = cipherSuiteList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEnabledProtocols(ProtocolList protocolList) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.enabledProtocols = protocolList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHandshakeSessionSE(SSLSessionImpl sSLSessionImpl) {
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.setHandshakeSession(sSLSessionImpl);
        } else {
            this.engine.setHandshakeSession(sSLSessionImpl);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setIdentificationProtocol(String str) {
        this.identificationProtocol = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPeerSupportedSignAlgs(Collection<SignatureAndHashAlgorithm> collection) {
        this.peerSupportedSignAlgs = new ArrayList(collection);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setVersion(ProtocolVersion protocolVersion) {
        this.protocolVersion = protocolVersion;
        setVersionSE(protocolVersion);
        this.output.r.setVersion(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean started() {
        return this.state >= 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean taskOutstanding() {
        return this.delegatedTask != null;
    }

    HandshakeMessage.Finished updateFinished(HandshakeMessage.Finished finished) {
        return finished;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void warningSE(byte b) {
        SSLSocketImpl sSLSocketImpl = this.conn;
        if (sSLSocketImpl != null) {
            sSLSocketImpl.warning(b);
        } else {
            this.engine.warning(b);
        }
    }
}
