package gnu.javax.net.ssl.provider;

import gnu.classpath.debug.Component;
import gnu.classpath.debug.SystemLogger;
import gnu.java.security.action.GetSecurityPropertyAction;
import gnu.java.security.prng.IRandom;
import gnu.java.security.prng.LimitReachedException;
import gnu.java.security.util.ByteArray;
import gnu.javax.security.auth.callback.CertificateCallback;
import gnu.javax.security.auth.callback.DefaultCallbackHandler;
import java.nio.ByteBuffer;
import java.security.AccessController;
import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.logging.Level;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;

/* loaded from: input_file:gnu/javax/net/ssl/provider/AbstractHandshake.class */
public abstract class AbstractHandshake {
    protected static final SystemLogger logger;
    protected static final byte[] SERVER_FINISHED;
    protected static final byte[] CLIENT_FINISHED;
    private static final byte[] KEY_EXPANSION;
    private static final byte[] MASTER_SECRET;
    private static final byte[] CLIENT_WRITE_KEY;
    private static final byte[] SERVER_WRITE_KEY;
    private static final byte[] IV_BLOCK;
    private static final byte[] SENDER_CLIENT;
    private static final byte[] SENDER_SERVER;
    protected static final byte[] PAD1;
    protected static final byte[] PAD2;
    protected ByteBuffer handshakeBuffer;
    protected int handshakeOffset;
    protected final SSLEngineImpl engine;
    protected KeyAgreement keyAgreement;
    protected byte[] preMasterSecret;
    protected InputSecurityParameters inParams;
    protected OutputSecurityParameters outParams;
    protected Random serverRandom;
    protected Random clientRandom;
    protected CompressionMethod compression;
    static final /* synthetic */ boolean $assertionsDisabled;
    protected MessageDigest sha = MessageDigest.getInstance("SHA-1");
    protected MessageDigest md5 = MessageDigest.getInstance("MD5");
    protected LinkedList<DelegatedTask> tasks = new LinkedList<>();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:gnu/javax/net/ssl/provider/AbstractHandshake$CertVerifier.class */
    public class CertVerifier extends DelegatedTask {
        private final boolean clientSide;
        private final X509Certificate[] chain;
        private boolean verified;

        /* JADX INFO: Access modifiers changed from: protected */
        public CertVerifier(boolean z, X509Certificate[] x509CertificateArr) {
            this.clientSide = z;
            this.chain = x509CertificateArr;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean verified() {
            return this.verified;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v33, types: [javax.security.auth.callback.CallbackHandler] */
        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        protected void implRun() {
            X509TrustManager x509TrustManager = AbstractHandshake.this.engine.contextImpl.trustManager;
            if (this.clientSide) {
                try {
                    x509TrustManager.checkServerTrusted(this.chain, null);
                    this.verified = true;
                } catch (CertificateException e) {
                    AbstractHandshake.logger.log((Level) Component.SSL_DELEGATED_TASK, "cert verify", (Throwable) e);
                    DefaultCallbackHandler defaultCallbackHandler = new DefaultCallbackHandler();
                    try {
                        defaultCallbackHandler = (CallbackHandler) ((ClassLoader) AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>() { // from class: gnu.javax.net.ssl.provider.AbstractHandshake.CertVerifier.1
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedExceptionAction
                            public ClassLoader run() throws Exception {
                                return ClassLoader.getSystemClassLoader();
                            }
                        })).loadClass((String) AccessController.doPrivileged(new GetSecurityPropertyAction("jessie.certificate.handler"))).newInstance();
                    } catch (Exception e2) {
                        AbstractHandshake.logger.log((Level) Component.SSL_DELEGATED_TASK, "callback handler loading", (Throwable) e2);
                    }
                    CertificateCallback certificateCallback = new CertificateCallback(this.chain[0], "The server's certificate could not be verified. There is no proof that this server is who it claims to be, or that their certificate is valid. Do you wish to continue connecting? ");
                    try {
                        defaultCallbackHandler.handle(new Callback[]{certificateCallback});
                        this.verified = certificateCallback.getSelectedIndex() == 0;
                    } catch (Exception e3) {
                        AbstractHandshake.logger.log((Level) Component.SSL_DELEGATED_TASK, "callback handler exception", (Throwable) e3);
                        this.verified = false;
                    }
                }
            } else {
                try {
                    x509TrustManager.checkClientTrusted(this.chain, null);
                } catch (CertificateException unused) {
                    this.verified = false;
                }
            }
            if (this.verified) {
                AbstractHandshake.this.engine.session().setPeerVerified(true);
            }
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/AbstractHandshake$DHE_PSKGen.class */
    protected class DHE_PSKGen extends DelegatedTask {
        private final DHPublicKey dhKey;
        private final SecretKey psKey;
        private final boolean isClient;

        /* JADX INFO: Access modifiers changed from: protected */
        public DHE_PSKGen(DHPublicKey dHPublicKey, SecretKey secretKey, boolean z) {
            this.dhKey = dHPublicKey;
            this.psKey = secretKey;
            this.isClient = z;
        }

        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        protected void implRun() throws Throwable {
            byte[] bArr;
            AbstractHandshake.this.keyAgreement.doPhase(this.dhKey, true);
            byte[] generateSecret = AbstractHandshake.this.keyAgreement.generateSecret();
            if (this.psKey != null) {
                bArr = this.psKey.getEncoded();
            } else {
                bArr = new byte[8];
                AbstractHandshake.this.engine.session().random().nextBytes(bArr);
            }
            AbstractHandshake.this.preMasterSecret = new byte[generateSecret.length + bArr.length + 4];
            AbstractHandshake.this.preMasterSecret[0] = (byte) (generateSecret.length >>> 8);
            AbstractHandshake.this.preMasterSecret[1] = (byte) generateSecret.length;
            System.arraycopy(generateSecret, 0, AbstractHandshake.this.preMasterSecret, 2, generateSecret.length);
            AbstractHandshake.this.preMasterSecret[generateSecret.length + 2] = (byte) (bArr.length >>> 8);
            AbstractHandshake.this.preMasterSecret[generateSecret.length + 3] = (byte) bArr.length;
            System.arraycopy(bArr, 0, AbstractHandshake.this.preMasterSecret, generateSecret.length + 4, bArr.length);
            AbstractHandshake.this.generateMasterSecret(AbstractHandshake.this.clientRandom, AbstractHandshake.this.serverRandom, AbstractHandshake.this.engine.session());
            AbstractHandshake.this.setupSecurityParameters(AbstractHandshake.this.generateKeys(AbstractHandshake.this.clientRandom, AbstractHandshake.this.serverRandom, AbstractHandshake.this.engine.session()), this.isClient, AbstractHandshake.this.engine, AbstractHandshake.this.compression);
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/AbstractHandshake$DHPhase.class */
    protected class DHPhase extends DelegatedTask {
        private final DHPublicKey key;
        private final boolean full;

        /* JADX INFO: Access modifiers changed from: protected */
        public DHPhase(AbstractHandshake abstractHandshake, DHPublicKey dHPublicKey) {
            this(dHPublicKey, true);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public DHPhase(DHPublicKey dHPublicKey, boolean z) {
            this.key = dHPublicKey;
            this.full = z;
        }

        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        protected void implRun() throws InvalidKeyException, SSLException {
            AbstractHandshake.this.keyAgreement.doPhase(this.key, true);
            AbstractHandshake.this.preMasterSecret = AbstractHandshake.this.keyAgreement.generateSecret();
            if (this.full) {
                AbstractHandshake.this.generateMasterSecret(AbstractHandshake.this.clientRandom, AbstractHandshake.this.serverRandom, AbstractHandshake.this.engine.session());
                AbstractHandshake.this.setupSecurityParameters(AbstractHandshake.this.generateKeys(AbstractHandshake.this.clientRandom, AbstractHandshake.this.serverRandom, AbstractHandshake.this.engine.session()), AbstractHandshake.this.engine.getUseClientMode(), AbstractHandshake.this.engine, AbstractHandshake.this.compression);
            }
        }
    }

    static {
        $assertionsDisabled = !AbstractHandshake.class.desiredAssertionStatus();
        logger = SystemLogger.SYSTEM;
        SERVER_FINISHED = new byte[]{115, 101, 114, 118, 101, 114, 32, 102, 105, 110, 105, 115, 104, 101, 100};
        CLIENT_FINISHED = new byte[]{99, 108, 105, 101, 110, 116, 32, 102, 105, 110, 105, 115, 104, 101, 100};
        KEY_EXPANSION = new byte[]{107, 101, 121, 32, 101, 120, 112, 97, 110, 115, 105, 111, 110};
        MASTER_SECRET = new byte[]{109, 97, 115, 116, 101, 114, 32, 115, 101, 99, 114, 101, 116};
        CLIENT_WRITE_KEY = new byte[]{99, 108, 105, 101, 110, 116, 32, 119, 114, 105, 116, 101, 32, 107, 101, 121};
        SERVER_WRITE_KEY = new byte[]{115, 101, 114, 118, 101, 114, 32, 119, 114, 105, 116, 101, 32, 107, 101, 121};
        IV_BLOCK = new byte[]{73, 86, 32, 98, 108, 111, 99, 107};
        SENDER_CLIENT = new byte[]{67, 76, 78, 84};
        SENDER_SERVER = new byte[]{83, 82, 86, 82};
        PAD1 = new byte[48];
        PAD2 = new byte[48];
        Arrays.fill(PAD1, (byte) 54);
        Arrays.fill(PAD2, (byte) 92);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractHandshake(SSLEngineImpl sSLEngineImpl) throws NoSuchAlgorithmException {
        this.engine = sSLEngineImpl;
    }

    public final SSLEngineResult.HandshakeStatus handleInput(ByteBuffer byteBuffer) throws SSLException {
        if (!this.tasks.isEmpty()) {
            return SSLEngineResult.HandshakeStatus.NEED_TASK;
        }
        SSLEngineResult.HandshakeStatus status = status();
        if (status != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            return status;
        }
        if (!pollHandshake(byteBuffer)) {
            return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
        }
        while (hasMessage() && status != SSLEngineResult.HandshakeStatus.NEED_WRAP) {
            int i = this.handshakeOffset;
            status = implHandleInput();
            int i2 = this.handshakeOffset - i;
            if (i2 != 0 && doHash()) {
                logger.logv(Component.SSL_HANDSHAKE, "hashing output\n{0}", Util.hexDump((ByteBuffer) this.handshakeBuffer.duplicate().position(i).limit(i + i2), " >> "));
                this.sha.update((ByteBuffer) this.handshakeBuffer.duplicate().position(i).limit(i + i2));
                this.md5.update((ByteBuffer) this.handshakeBuffer.duplicate().position(i).limit(i + i2));
            }
        }
        return status;
    }

    protected abstract SSLEngineResult.HandshakeStatus implHandleInput() throws SSLException;

    public final SSLEngineResult.HandshakeStatus handleOutput(ByteBuffer byteBuffer) throws SSLException {
        if (!this.tasks.isEmpty()) {
            return SSLEngineResult.HandshakeStatus.NEED_TASK;
        }
        int position = byteBuffer.position();
        SSLEngineResult.HandshakeStatus implHandleOutput = implHandleOutput(byteBuffer);
        if (doHash()) {
            logger.logv(Component.SSL_HANDSHAKE, "hashing output:\n{0}", Util.hexDump((ByteBuffer) byteBuffer.duplicate().flip().position(position), " >> "));
            this.sha.update((ByteBuffer) byteBuffer.duplicate().flip().position(position));
            this.md5.update((ByteBuffer) byteBuffer.duplicate().flip().position(position));
        }
        return implHandleOutput;
    }

    protected abstract SSLEngineResult.HandshakeStatus implHandleOutput(ByteBuffer byteBuffer) throws SSLException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public final InputSecurityParameters getInputParams() throws SSLException {
        checkKeyExchange();
        return this.inParams;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final OutputSecurityParameters getOutputParams() throws SSLException {
        checkKeyExchange();
        return this.outParams;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Runnable getTask() {
        if (this.tasks.isEmpty()) {
            return null;
        }
        return this.tasks.removeFirst();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract SSLEngineResult.HandshakeStatus status();

    abstract void checkKeyExchange() throws SSLException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void handleV2Hello(ByteBuffer byteBuffer) throws SSLException;

    protected boolean pollHandshake(ByteBuffer byteBuffer) {
        if (this.handshakeBuffer == null || this.handshakeBuffer.remaining() < byteBuffer.remaining()) {
            reallocateBuffer((this.handshakeBuffer == null ? 0 : this.handshakeBuffer.position() - this.handshakeOffset) + byteBuffer.remaining());
        }
        logger.logv(Component.SSL_HANDSHAKE, "inserting {0} into {1}", byteBuffer, this.handshakeBuffer);
        this.handshakeBuffer.put(byteBuffer);
        return hasMessage();
    }

    protected boolean doHash() {
        return true;
    }

    protected boolean hasMessage() {
        if (this.handshakeBuffer == null) {
            return false;
        }
        ByteBuffer duplicate = this.handshakeBuffer.duplicate();
        duplicate.flip();
        duplicate.position(this.handshakeOffset);
        logger.logv(Component.SSL_HANDSHAKE, "current buffer: {0}; test buffer {1}", this.handshakeBuffer, duplicate);
        if (duplicate.remaining() < 4) {
            return false;
        }
        Handshake handshake = new Handshake(duplicate.slice());
        logger.logv(Component.SSL_HANDSHAKE, "handshake len:{0} remaining:{1}", Integer.valueOf(handshake.length()), Integer.valueOf(duplicate.remaining()));
        return handshake.length() <= duplicate.remaining() - 4;
    }

    private void reallocateBuffer(int i) {
        int i2;
        if ((this.handshakeBuffer == null ? -1 : this.handshakeBuffer.capacity() - (this.handshakeBuffer.limit() - this.handshakeOffset)) >= i) {
            if (this.handshakeOffset > 0) {
                this.handshakeBuffer.flip().position(this.handshakeOffset);
                this.handshakeBuffer.compact();
                this.handshakeOffset = 0;
                return;
            }
            return;
        }
        int i3 = 1024;
        while (true) {
            i2 = i3;
            if (i2 >= i) {
                break;
            } else {
                i3 = i2 << 1;
            }
        }
        ByteBuffer allocate = ByteBuffer.allocate(i2);
        if (this.handshakeBuffer != null) {
            this.handshakeBuffer.flip();
            this.handshakeBuffer.position(this.handshakeOffset);
            allocate.put(this.handshakeBuffer);
        }
        this.handshakeBuffer = allocate;
        this.handshakeOffset = 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] genV3CertificateVerify(MessageDigest messageDigest, MessageDigest messageDigest2, SessionImpl sessionImpl) {
        byte[] bArr = null;
        if (sessionImpl.suite.signatureAlgorithm() == SignatureAlgorithm.RSA) {
            messageDigest.update(sessionImpl.privateData.masterSecret);
            messageDigest.update(PAD1, 0, 48);
            byte[] digest = messageDigest.digest();
            messageDigest.reset();
            messageDigest.update(sessionImpl.privateData.masterSecret);
            messageDigest.update(PAD2, 0, 48);
            messageDigest.update(digest);
            bArr = messageDigest.digest();
        }
        messageDigest2.update(sessionImpl.privateData.masterSecret);
        messageDigest2.update(PAD1, 0, 40);
        byte[] digest2 = messageDigest2.digest();
        messageDigest2.reset();
        messageDigest2.update(sessionImpl.privateData.masterSecret);
        messageDigest2.update(PAD2, 0, 40);
        messageDigest2.update(digest2);
        byte[] digest3 = messageDigest2.digest();
        return bArr != null ? Util.concat(bArr, digest3) : digest3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [byte[], byte[][]] */
    public byte[][] generateKeys(Random random, Random random2, SessionImpl sessionImpl) {
        IRandom tLSRandom;
        int i = 20;
        if (sessionImpl.suite.macAlgorithm() == MacAlgorithm.MD5) {
            i = 16;
        }
        int i2 = 0;
        if (sessionImpl.suite.cipherAlgorithm() == CipherAlgorithm.DES || sessionImpl.suite.cipherAlgorithm() == CipherAlgorithm.DESede) {
            i2 = 8;
        }
        if (sessionImpl.suite.cipherAlgorithm() == CipherAlgorithm.AES) {
            i2 = 16;
        }
        int keyLength = sessionImpl.suite.keyLength();
        ?? r0 = {new byte[i], new byte[i], new byte[keyLength], new byte[keyLength], new byte[i2], new byte[i2]};
        if (sessionImpl.version == ProtocolVersion.SSL_3) {
            byte[] bArr = new byte[random.length() + random2.length()];
            random2.buffer().get(bArr, 0, random2.length());
            random.buffer().get(bArr, random2.length(), random.length());
            tLSRandom = new SSLRandom();
            Map hashMap = new HashMap(2);
            hashMap.put("jessie.sslprng.secret", sessionImpl.privateData.masterSecret);
            hashMap.put("jessie.sslprng.seed", bArr);
            tLSRandom.init(hashMap);
        } else {
            byte[] bArr2 = new byte[KEY_EXPANSION.length + random.length() + random2.length()];
            System.arraycopy(KEY_EXPANSION, 0, bArr2, 0, KEY_EXPANSION.length);
            random2.buffer().get(bArr2, KEY_EXPANSION.length, random2.length());
            random.buffer().get(bArr2, KEY_EXPANSION.length + random2.length(), random.length());
            tLSRandom = new TLSRandom();
            Map hashMap2 = new HashMap(2);
            hashMap2.put("jessie.tls.prng.secret", sessionImpl.privateData.masterSecret);
            hashMap2.put("jessie.tls.prng.seed", bArr2);
            tLSRandom.init(hashMap2);
        }
        try {
            tLSRandom.nextBytes(r0[0], 0, r0[0].length);
            tLSRandom.nextBytes(r0[1], 0, r0[1].length);
            tLSRandom.nextBytes(r0[2], 0, r0[2].length);
            tLSRandom.nextBytes(r0[3], 0, r0[3].length);
            if (!sessionImpl.suite.isExportable()) {
                tLSRandom.nextBytes(r0[4], 0, r0[4].length);
                tLSRandom.nextBytes(r0[5], 0, r0[5].length);
            } else if (sessionImpl.version == ProtocolVersion.SSL_3) {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                messageDigest.update(random.buffer());
                messageDigest.update(random2.buffer());
                System.arraycopy(messageDigest.digest(), 0, r0[4], 0, r0[4].length);
                messageDigest.reset();
                messageDigest.update(random2.buffer());
                messageDigest.update(random.buffer());
                System.arraycopy(messageDigest.digest(), 0, r0[5], 0, r0[5].length);
                messageDigest.reset();
                messageDigest.update(r0[2]);
                messageDigest.update(random.buffer());
                messageDigest.update(random2.buffer());
                r0[2] = Util.trim(messageDigest.digest(), 8);
                messageDigest.reset();
                messageDigest.update(r0[3]);
                messageDigest.update(random2.buffer());
                messageDigest.update(random.buffer());
                r0[3] = Util.trim(messageDigest.digest(), 8);
            } else {
                TLSRandom tLSRandom2 = new TLSRandom();
                Map hashMap3 = new HashMap(2);
                hashMap3.put("jessie.tls.prng.secret", r0[2]);
                byte[] bArr3 = new byte[CLIENT_WRITE_KEY.length + random.length() + random2.length()];
                System.arraycopy(CLIENT_WRITE_KEY, 0, bArr3, 0, CLIENT_WRITE_KEY.length);
                random.buffer().get(bArr3, CLIENT_WRITE_KEY.length, random.length());
                random2.buffer().get(bArr3, CLIENT_WRITE_KEY.length + random.length(), random2.length());
                hashMap3.put("jessie.tls.prng.seed", bArr3);
                tLSRandom2.init(hashMap3);
                r0[2] = new byte[8];
                tLSRandom2.nextBytes(r0[2], 0, r0[2].length);
                hashMap3.put("jessie.tls.prng.secret", r0[3]);
                byte[] bArr4 = new byte[SERVER_WRITE_KEY.length + random2.length() + random.length()];
                System.arraycopy(SERVER_WRITE_KEY, 0, bArr4, 0, SERVER_WRITE_KEY.length);
                random2.buffer().get(bArr4, SERVER_WRITE_KEY.length, random2.length());
                random.buffer().get(bArr4, SERVER_WRITE_KEY.length + random2.length(), random.length());
                hashMap3.put("jessie.tls.prng.seed", bArr4);
                tLSRandom2.init(hashMap3);
                r0[3] = new byte[8];
                tLSRandom2.nextBytes(r0[3], 0, r0[3].length);
                hashMap3.put("jessie.tls.prng.secret", new byte[0]);
                byte[] bArr5 = new byte[IV_BLOCK.length + random.length() + random2.length()];
                System.arraycopy(IV_BLOCK, 0, bArr5, 0, IV_BLOCK.length);
                random.buffer().get(bArr5, IV_BLOCK.length, random.length());
                random2.buffer().get(bArr5, IV_BLOCK.length + random.length(), random2.length());
                hashMap3.put("jessie.tls.prng.seed", bArr5);
                tLSRandom2.init(hashMap3);
                tLSRandom2.nextBytes(r0[4], 0, r0[4].length);
                tLSRandom2.nextBytes(r0[5], 0, r0[5].length);
            }
            logger.logv(Component.SSL_KEY_EXCHANGE, "keys generated;\n  [0]: {0}\n  [1]: {1}\n  [2]: {2}\n  [3]: {3}\n  [4]: {4}\n  [5]: {5}", Util.toHexString(r0[0], ':'), Util.toHexString(r0[1], ':'), Util.toHexString(r0[2], ':'), Util.toHexString(r0[3], ':'), Util.toHexString(r0[4], ':'), Util.toHexString(r0[5], ':'));
            return r0;
        } catch (LimitReachedException e) {
            throw new Error(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new Error(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ByteBuffer generateFinished(MessageDigest messageDigest, MessageDigest messageDigest2, boolean z, SessionImpl sessionImpl) {
        ByteBuffer allocate;
        if (sessionImpl.version.compareTo(ProtocolVersion.TLS_1) >= 0) {
            allocate = ByteBuffer.allocate(12);
            TLSRandom tLSRandom = new TLSRandom();
            byte[] digest = messageDigest.digest();
            byte[] digest2 = messageDigest2.digest();
            logger.logv(Component.SSL_HANDSHAKE, "finished md5:{0} sha:{1}", Util.toHexString(digest, ':'), Util.toHexString(digest2, ':'));
            byte[] bArr = new byte[CLIENT_FINISHED.length + digest.length + digest2.length];
            if (z) {
                System.arraycopy(CLIENT_FINISHED, 0, bArr, 0, CLIENT_FINISHED.length);
            } else {
                System.arraycopy(SERVER_FINISHED, 0, bArr, 0, SERVER_FINISHED.length);
            }
            System.arraycopy(digest, 0, bArr, CLIENT_FINISHED.length, digest.length);
            System.arraycopy(digest2, 0, bArr, CLIENT_FINISHED.length + digest.length, digest2.length);
            HashMap hashMap = new HashMap(2);
            hashMap.put("jessie.tls.prng.secret", sessionImpl.privateData.masterSecret);
            hashMap.put("jessie.tls.prng.seed", bArr);
            tLSRandom.init(hashMap);
            byte[] bArr2 = new byte[12];
            tLSRandom.nextBytes(bArr2, 0, bArr2.length);
            allocate.put(bArr2).position(0);
        } else {
            allocate = ByteBuffer.allocate(36);
            messageDigest.update(z ? SENDER_CLIENT : SENDER_SERVER);
            messageDigest.update(sessionImpl.privateData.masterSecret);
            messageDigest.update(PAD1);
            byte[] digest3 = messageDigest.digest();
            messageDigest.reset();
            messageDigest.update(sessionImpl.privateData.masterSecret);
            messageDigest.update(PAD2);
            messageDigest.update(digest3);
            allocate.put(messageDigest.digest());
            messageDigest2.update(z ? SENDER_CLIENT : SENDER_SERVER);
            messageDigest2.update(sessionImpl.privateData.masterSecret);
            messageDigest2.update(PAD1, 0, 40);
            byte[] digest4 = messageDigest2.digest();
            messageDigest2.reset();
            messageDigest2.update(sessionImpl.privateData.masterSecret);
            messageDigest2.update(PAD2, 0, 40);
            messageDigest2.update(digest4);
            allocate.put(messageDigest2.digest()).position(0);
        }
        return allocate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initDiffieHellman(DHPrivateKey dHPrivateKey, SecureRandom secureRandom) throws SSLException {
        try {
            this.keyAgreement = KeyAgreement.getInstance("DH");
            this.keyAgreement.init(dHPrivateKey, secureRandom);
        } catch (InvalidKeyException e) {
            throw new SSLException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SSLException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void generateMasterSecret(Random random, Random random2, SessionImpl sessionImpl) throws SSLException {
        if (!$assertionsDisabled && random == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && random2 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && sessionImpl == null) {
            throw new AssertionError();
        }
        logger.logv(Component.SSL_KEY_EXCHANGE, "preMasterSecret:\n{0}", new ByteArray(this.preMasterSecret));
        if (sessionImpl.version == ProtocolVersion.SSL_3) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                MessageDigest messageDigest2 = MessageDigest.getInstance("SHA");
                sessionImpl.privateData.masterSecret = new byte[48];
                messageDigest2.update((byte) 65);
                messageDigest2.update(this.preMasterSecret);
                messageDigest2.update(random.buffer());
                messageDigest2.update(random2.buffer());
                messageDigest.update(this.preMasterSecret);
                messageDigest.update(messageDigest2.digest());
                messageDigest.digest(sessionImpl.privateData.masterSecret, 0, 16);
                messageDigest2.update((byte) 66);
                messageDigest2.update((byte) 66);
                messageDigest2.update(this.preMasterSecret);
                messageDigest2.update(random.buffer());
                messageDigest2.update(random2.buffer());
                messageDigest.update(this.preMasterSecret);
                messageDigest.update(messageDigest2.digest());
                messageDigest.digest(sessionImpl.privateData.masterSecret, 16, 16);
                messageDigest2.update((byte) 67);
                messageDigest2.update((byte) 67);
                messageDigest2.update((byte) 67);
                messageDigest2.update(this.preMasterSecret);
                messageDigest2.update(random.buffer());
                messageDigest2.update(random2.buffer());
                messageDigest.update(this.preMasterSecret);
                messageDigest.update(messageDigest2.digest());
                messageDigest.digest(sessionImpl.privateData.masterSecret, 32, 16);
            } catch (DigestException e) {
                throw new SSLException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SSLException(e2);
            }
        } else {
            byte[] bArr = new byte[random.length() + random2.length() + MASTER_SECRET.length];
            System.arraycopy(MASTER_SECRET, 0, bArr, 0, MASTER_SECRET.length);
            random.buffer().get(bArr, MASTER_SECRET.length, random.length());
            random2.buffer().get(bArr, MASTER_SECRET.length + random.length(), random2.length());
            TLSRandom tLSRandom = new TLSRandom();
            HashMap hashMap = new HashMap(2);
            hashMap.put("jessie.tls.prng.secret", this.preMasterSecret);
            hashMap.put("jessie.tls.prng.seed", bArr);
            tLSRandom.init(hashMap);
            sessionImpl.privateData.masterSecret = new byte[48];
            tLSRandom.nextBytes(sessionImpl.privateData.masterSecret, 0, 48);
        }
        logger.log(Component.SSL_KEY_EXCHANGE, "master_secret: {0}", new ByteArray(sessionImpl.privateData.masterSecret));
        for (int i = 0; i < this.preMasterSecret.length; i++) {
            this.preMasterSecret[i] = 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupSecurityParameters(byte[][] bArr, boolean z, SSLEngineImpl sSLEngineImpl, CompressionMethod compressionMethod) throws SSLException {
        if (!$assertionsDisabled && bArr.length != 6) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && sSLEngineImpl == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && compressionMethod == null) {
            throw new AssertionError();
        }
        try {
            CipherSuite cipherSuite = sSLEngineImpl.session().suite;
            Cipher cipher = cipherSuite.cipher();
            Mac mac = cipherSuite.mac(sSLEngineImpl.session().version);
            Inflater inflater = compressionMethod == CompressionMethod.ZLIB ? new Inflater() : null;
            cipher.init(2, new SecretKeySpec(bArr[z ? (char) 3 : (char) 2], cipherSuite.cipherAlgorithm().toString()), new IvParameterSpec(bArr[z ? (char) 5 : (char) 4]));
            mac.init(new SecretKeySpec(bArr[z ? (char) 1 : (char) 0], mac.getAlgorithm()));
            this.inParams = new InputSecurityParameters(cipher, mac, inflater, sSLEngineImpl.session(), cipherSuite);
            Cipher cipher2 = cipherSuite.cipher();
            Mac mac2 = cipherSuite.mac(sSLEngineImpl.session().version);
            Deflater deflater = compressionMethod == CompressionMethod.ZLIB ? new Deflater() : null;
            cipher2.init(1, new SecretKeySpec(bArr[z ? (char) 2 : (char) 3], cipherSuite.cipherAlgorithm().toString()), new IvParameterSpec(bArr[z ? (char) 4 : (char) 5]));
            mac2.init(new SecretKeySpec(bArr[z ? (char) 0 : (char) 1], mac2.getAlgorithm()));
            this.outParams = new OutputSecurityParameters(cipher2, mac2, deflater, sSLEngineImpl.session(), cipherSuite);
        } catch (InvalidAlgorithmParameterException e) {
            throw new SSLException(e);
        } catch (InvalidKeyException e2) {
            throw new SSLException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SSLException(e3);
        } catch (NoSuchPaddingException e4) {
            throw new SSLException(e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void generatePSKSecret(String str, byte[] bArr, boolean z) throws SSLException {
        SecretKey secretKey = null;
        try {
            secretKey = this.engine.contextImpl.pskManager.getKey(str);
        } catch (KeyManagementException unused) {
        }
        if (secretKey != null) {
            byte[] encoded = secretKey.getEncoded();
            if (bArr == null) {
                bArr = new byte[encoded.length];
            }
            this.preMasterSecret = new byte[bArr.length + encoded.length + 4];
            this.preMasterSecret[0] = (byte) (bArr.length >>> 8);
            this.preMasterSecret[1] = (byte) bArr.length;
            System.arraycopy(bArr, 0, this.preMasterSecret, 2, bArr.length);
            this.preMasterSecret[bArr.length + 2] = (byte) (encoded.length >>> 8);
            this.preMasterSecret[bArr.length + 3] = (byte) encoded.length;
            System.arraycopy(encoded, 0, this.preMasterSecret, bArr.length + 4, encoded.length);
        } else {
            this.preMasterSecret = new byte[8];
            this.preMasterSecret[1] = 2;
            this.preMasterSecret[5] = 2;
            this.preMasterSecret[6] = (byte) this.engine.session().random().nextInt();
            this.preMasterSecret[7] = (byte) this.engine.session().random().nextInt();
        }
        logger.logv(Component.SSL_KEY_EXCHANGE, "PSK identity {0} key {1}", str, secretKey);
        generateMasterSecret(this.clientRandom, this.serverRandom, this.engine.session());
        setupSecurityParameters(generateKeys(this.clientRandom, this.serverRandom, this.engine.session()), z, this.engine, this.compression);
    }
}
