package sun.security.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.MessageDigestSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.DHPublicKeySpec;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLProtocolException;
import javax.security.auth.x500.X500Principal;
import sun.security.internal.spec.TlsPrfParameterSpec;
import sun.security.ssl.CipherSuite;
import sun.security.util.KeyUtil;

/* loaded from: input_file:sun/security/ssl/HandshakeMessage.class */
public abstract class HandshakeMessage {
    static final byte ht_hello_request = 0;
    static final byte ht_client_hello = 1;
    static final byte ht_server_hello = 2;
    static final byte ht_certificate = 11;
    static final byte ht_server_key_exchange = 12;
    static final byte ht_certificate_request = 13;
    static final byte ht_server_hello_done = 14;
    static final byte ht_certificate_verify = 15;
    static final byte ht_client_key_exchange = 16;
    static final byte ht_finished = 20;
    public static final Debug debug = Debug.getInstance("ssl");
    static final byte[] MD5_pad1 = genPad(54, 48);
    static final byte[] MD5_pad2 = genPad(92, 48);
    static final byte[] SHA_pad1 = genPad(54, 40);
    static final byte[] SHA_pad2 = genPad(92, 40);

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$CertificateMsg.class */
    static final class CertificateMsg extends HandshakeMessage {
        private X509Certificate[] chain;
        private List<byte[]> encodedChain;
        private int messageLength;

        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return HandshakeMessage.ht_certificate;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateMsg(X509Certificate[] x509CertificateArr) {
            this.chain = x509CertificateArr;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateMsg(HandshakeInStream handshakeInStream) throws IOException {
            int int24 = handshakeInStream.getInt24();
            ArrayList arrayList = new ArrayList(4);
            CertificateFactory certificateFactory = HandshakeMessage.ht_hello_request;
            while (int24 > 0) {
                byte[] bytes24 = handshakeInStream.getBytes24();
                int24 -= 3 + bytes24.length;
                if (certificateFactory == null) {
                    try {
                        certificateFactory = CertificateFactory.getInstance("X.509");
                    } catch (CertificateException e) {
                        throw ((SSLProtocolException) new SSLProtocolException(e.getMessage()).initCause(e));
                    }
                }
                arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(bytes24)));
            }
            this.chain = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            if (this.encodedChain == null) {
                this.messageLength = 3;
                this.encodedChain = new ArrayList(this.chain.length);
                try {
                    X509Certificate[] x509CertificateArr = this.chain;
                    int length = x509CertificateArr.length;
                    for (int i = HandshakeMessage.ht_hello_request; i < length; i += HandshakeMessage.ht_client_hello) {
                        byte[] encoded = x509CertificateArr[i].getEncoded();
                        this.encodedChain.add(encoded);
                        this.messageLength += encoded.length + 3;
                    }
                } catch (CertificateEncodingException e) {
                    this.encodedChain = null;
                    throw new RuntimeException("Could not encode certificates", e);
                }
            }
            return this.messageLength;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt24(messageLength() - 3);
            Iterator<byte[]> it = this.encodedChain.iterator();
            while (it.hasNext()) {
                handshakeOutStream.putBytes24(it.next());
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** Certificate chain");
            if (this.chain.length == 0) {
                printStream.println("<Empty>");
            } else if (debug != null && Debug.isOn("verbose")) {
                for (int i = HandshakeMessage.ht_hello_request; i < this.chain.length; i += HandshakeMessage.ht_client_hello) {
                    printStream.println("chain [" + i + "] = " + this.chain[i]);
                }
            }
            printStream.println("***");
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public X509Certificate[] getCertificateChain() {
            return (X509Certificate[]) this.chain.clone();
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$CertificateRequest.class */
    static final class CertificateRequest extends HandshakeMessage {
        static final int cct_rsa_fixed_dh = 3;
        static final int cct_dss_fixed_dh = 4;
        static final int cct_rsa_ephemeral_dh = 5;
        static final int cct_dss_ephemeral_dh = 6;
        static final int cct_rsa_fixed_ecdh = 65;
        static final int cct_ecdsa_fixed_ecdh = 66;
        byte[] types;
        DistinguishedName[] authorities;
        ProtocolVersion protocolVersion;
        private Collection<SignatureAndHashAlgorithm> algorithms;
        private int algorithmsLen;
        static final int cct_rsa_sign = 1;
        static final int cct_dss_sign = 2;
        private static final byte[] TYPES_NO_ECC = {cct_rsa_sign, cct_dss_sign};
        static final int cct_ecdsa_sign = 64;
        private static final byte[] TYPES_ECC = {cct_rsa_sign, cct_dss_sign, cct_ecdsa_sign};

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateRequest(X509Certificate[] x509CertificateArr, CipherSuite.KeyExchange keyExchange, Collection<SignatureAndHashAlgorithm> collection, ProtocolVersion protocolVersion) throws IOException {
            this.protocolVersion = protocolVersion;
            this.authorities = new DistinguishedName[x509CertificateArr.length];
            for (int i = HandshakeMessage.ht_hello_request; i < x509CertificateArr.length; i += cct_rsa_sign) {
                this.authorities[i] = new DistinguishedName(x509CertificateArr[i].getSubjectX500Principal());
            }
            this.types = JsseJce.isEcAvailable() ? TYPES_ECC : TYPES_NO_ECC;
            if (protocolVersion.v < ProtocolVersion.TLS12.v) {
                this.algorithms = new ArrayList();
                this.algorithmsLen = HandshakeMessage.ht_hello_request;
            } else {
                if (collection == null || collection.isEmpty()) {
                    throw new SSLProtocolException("No supported signature algorithms");
                }
                this.algorithms = new ArrayList(collection);
                this.algorithmsLen = SignatureAndHashAlgorithm.sizeInRecord() * this.algorithms.size();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateRequest(HandshakeInStream handshakeInStream, ProtocolVersion protocolVersion) throws IOException {
            this.protocolVersion = protocolVersion;
            this.types = handshakeInStream.getBytes8();
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                this.algorithmsLen = handshakeInStream.getInt16();
                if (this.algorithmsLen < cct_dss_sign) {
                    throw new SSLProtocolException("Invalid supported_signature_algorithms field: " + this.algorithmsLen);
                }
                this.algorithms = new ArrayList();
                int i = this.algorithmsLen;
                int i2 = HandshakeMessage.ht_hello_request;
                while (i > cct_rsa_sign) {
                    int int8 = handshakeInStream.getInt8();
                    int int82 = handshakeInStream.getInt8();
                    i2 += cct_rsa_sign;
                    this.algorithms.add(SignatureAndHashAlgorithm.valueOf(int8, int82, i2));
                    i -= 2;
                }
                if (i != 0) {
                    throw new SSLProtocolException("Invalid supported_signature_algorithms field. remains: " + i);
                }
            } else {
                this.algorithms = new ArrayList();
                this.algorithmsLen = HandshakeMessage.ht_hello_request;
            }
            int int16 = handshakeInStream.getInt16();
            ArrayList arrayList = new ArrayList();
            while (int16 >= cct_rsa_fixed_dh) {
                DistinguishedName distinguishedName = new DistinguishedName(handshakeInStream);
                arrayList.add(distinguishedName);
                int16 -= distinguishedName.length();
            }
            if (int16 != 0) {
                throw new SSLProtocolException("Bad CertificateRequest DN length: " + int16);
            }
            this.authorities = (DistinguishedName[]) arrayList.toArray(new DistinguishedName[arrayList.size()]);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public X500Principal[] getAuthorities() throws IOException {
            X500Principal[] x500PrincipalArr = new X500Principal[this.authorities.length];
            for (int i = HandshakeMessage.ht_hello_request; i < this.authorities.length; i += cct_rsa_sign) {
                x500PrincipalArr[i] = this.authorities[i].getX500Principal();
            }
            return x500PrincipalArr;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Collection<SignatureAndHashAlgorithm> getSignAlgorithms() {
            return this.algorithms;
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return HandshakeMessage.ht_certificate_request;
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            int length = cct_rsa_sign + this.types.length + cct_dss_sign;
            if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                length += this.algorithmsLen + cct_dss_sign;
            }
            for (int i = HandshakeMessage.ht_hello_request; i < this.authorities.length; i += cct_rsa_sign) {
                length += this.authorities[i].length();
            }
            return length;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes8(this.types);
            if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                handshakeOutStream.putInt16(this.algorithmsLen);
                for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.algorithms) {
                    handshakeOutStream.putInt8(signatureAndHashAlgorithm.getHashValue());
                    handshakeOutStream.putInt8(signatureAndHashAlgorithm.getSignatureValue());
                }
            }
            int i = HandshakeMessage.ht_hello_request;
            for (int i2 = HandshakeMessage.ht_hello_request; i2 < this.authorities.length; i2 += cct_rsa_sign) {
                i += this.authorities[i2].length();
            }
            handshakeOutStream.putInt16(i);
            for (int i3 = HandshakeMessage.ht_hello_request; i3 < this.authorities.length; i3 += cct_rsa_sign) {
                this.authorities[i3].send(handshakeOutStream);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** CertificateRequest");
            if (debug == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("Cert Types: ");
            for (int i = HandshakeMessage.ht_hello_request; i < this.types.length; i += cct_rsa_sign) {
                switch (this.types[i]) {
                    case cct_rsa_sign /* 1 */:
                        printStream.print("RSA");
                        break;
                    case cct_dss_sign /* 2 */:
                        printStream.print("DSS");
                        break;
                    case cct_rsa_fixed_dh /* 3 */:
                        printStream.print("Fixed DH (RSA sig)");
                        break;
                    case cct_dss_fixed_dh /* 4 */:
                        printStream.print("Fixed DH (DSS sig)");
                        break;
                    case 5:
                        printStream.print("Ephemeral DH (RSA sig)");
                        break;
                    case cct_dss_ephemeral_dh /* 6 */:
                        printStream.print("Ephemeral DH (DSS sig)");
                        break;
                    case cct_ecdsa_sign /* 64 */:
                        printStream.print("ECDSA");
                        break;
                    case cct_rsa_fixed_ecdh /* 65 */:
                        printStream.print("Fixed ECDH (RSA sig)");
                        break;
                    case cct_ecdsa_fixed_ecdh /* 66 */:
                        printStream.print("Fixed ECDH (ECDSA sig)");
                        break;
                    default:
                        printStream.print("Type-" + (this.types[i] & 255));
                        break;
                }
                if (i != this.types.length - cct_rsa_sign) {
                    printStream.print(", ");
                }
            }
            printStream.println();
            if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                StringBuffer stringBuffer = new StringBuffer();
                boolean z = HandshakeMessage.ht_hello_request;
                for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : this.algorithms) {
                    if (z) {
                        stringBuffer.append(", " + signatureAndHashAlgorithm.getAlgorithmName());
                    } else {
                        stringBuffer.append(signatureAndHashAlgorithm.getAlgorithmName());
                        z = cct_rsa_sign;
                    }
                }
                printStream.println("Supported Signature Algorithms: " + ((Object) stringBuffer));
            }
            printStream.println("Cert Authorities:");
            if (this.authorities.length == 0) {
                printStream.println("<Empty>");
                return;
            }
            for (int i2 = HandshakeMessage.ht_hello_request; i2 < this.authorities.length; i2 += cct_rsa_sign) {
                this.authorities[i2].print(printStream);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$CertificateVerify.class */
    public static final class CertificateVerify extends HandshakeMessage {
        private byte[] signature;
        ProtocolVersion protocolVersion;
        private SignatureAndHashAlgorithm preferableSignatureAlgorithm;
        private static final Class<?> delegate;
        private static final Field spiField;
        private static final Object NULL_OBJECT;
        private static final Map<Class<?>, Object> methodCache;

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateVerify(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, PrivateKey privateKey, SecretKey secretKey, SecureRandom secureRandom, SignatureAndHashAlgorithm signatureAndHashAlgorithm) throws GeneralSecurityException {
            Signature signature;
            this.preferableSignatureAlgorithm = null;
            this.protocolVersion = protocolVersion;
            String algorithm = privateKey.getAlgorithm();
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                this.preferableSignatureAlgorithm = signatureAndHashAlgorithm;
                signature = JsseJce.getSignature(signatureAndHashAlgorithm.getAlgorithmName());
            } else {
                signature = getSignature(protocolVersion, algorithm);
            }
            signature.initSign(privateKey, secureRandom);
            updateSignature(signature, protocolVersion, handshakeHash, algorithm, secretKey);
            this.signature = signature.sign();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CertificateVerify(HandshakeInStream handshakeInStream, Collection<SignatureAndHashAlgorithm> collection, ProtocolVersion protocolVersion) throws IOException {
            this.preferableSignatureAlgorithm = null;
            this.protocolVersion = protocolVersion;
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                this.preferableSignatureAlgorithm = SignatureAndHashAlgorithm.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8(), HandshakeMessage.ht_hello_request);
                if (!collection.contains(this.preferableSignatureAlgorithm)) {
                    throw new SSLHandshakeException("Unsupported SignatureAndHashAlgorithm in CertificateVerify message: " + this.preferableSignatureAlgorithm);
                }
            }
            this.signature = handshakeInStream.getBytes16();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SignatureAndHashAlgorithm getPreferableSignatureAlgorithm() {
            return this.preferableSignatureAlgorithm;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean verify(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, PublicKey publicKey, SecretKey secretKey) throws GeneralSecurityException {
            String algorithm = publicKey.getAlgorithm();
            Signature signature = protocolVersion.v >= ProtocolVersion.TLS12.v ? JsseJce.getSignature(this.preferableSignatureAlgorithm.getAlgorithmName()) : getSignature(protocolVersion, algorithm);
            signature.initVerify(publicKey);
            updateSignature(signature, protocolVersion, handshakeHash, algorithm, secretKey);
            return signature.verify(this.signature);
        }

        private static Signature getSignature(ProtocolVersion protocolVersion, String str) throws GeneralSecurityException {
            boolean z = -1;
            switch (str.hashCode()) {
                case 2206:
                    if (str.equals("EC")) {
                        z = HandshakeMessage.ht_server_hello;
                        break;
                    }
                    break;
                case 67986:
                    if (str.equals("DSA")) {
                        z = HandshakeMessage.ht_client_hello;
                        break;
                    }
                    break;
                case 81440:
                    if (str.equals("RSA")) {
                        z = HandshakeMessage.ht_hello_request;
                        break;
                    }
                    break;
            }
            switch (z) {
                case HandshakeMessage.ht_hello_request /* 0 */:
                    return RSASignature.getInternalInstance();
                case HandshakeMessage.ht_client_hello /* 1 */:
                    return JsseJce.getSignature("RawDSA");
                case HandshakeMessage.ht_server_hello /* 2 */:
                    return JsseJce.getSignature("NONEwithECDSA");
                default:
                    throw new SignatureException("Unrecognized algorithm: " + str);
            }
        }

        private static void updateSignature(Signature signature, ProtocolVersion protocolVersion, HandshakeHash handshakeHash, String str, SecretKey secretKey) throws SignatureException {
            if (!str.equals("RSA")) {
                if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                    signature.update(handshakeHash.getAllHandshakeMessages());
                    return;
                }
                MessageDigest sHAClone = handshakeHash.getSHAClone();
                if (protocolVersion.v < ProtocolVersion.TLS10.v) {
                    updateDigest(sHAClone, SHA_pad1, SHA_pad2, secretKey);
                }
                signature.update(sHAClone.digest());
                return;
            }
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                signature.update(handshakeHash.getAllHandshakeMessages());
                return;
            }
            MessageDigest mD5Clone = handshakeHash.getMD5Clone();
            MessageDigest sHAClone2 = handshakeHash.getSHAClone();
            if (protocolVersion.v < ProtocolVersion.TLS10.v) {
                updateDigest(mD5Clone, MD5_pad1, MD5_pad2, secretKey);
                updateDigest(sHAClone2, SHA_pad1, SHA_pad2, secretKey);
            }
            RSASignature.setHashes(signature, mD5Clone, sHAClone2);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void updateDigest(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, SecretKey secretKey) {
            byte[] encoded = "RAW".equals(secretKey.getFormat()) ? secretKey.getEncoded() : null;
            if (encoded != null) {
                messageDigest.update(encoded);
            } else {
                digestKey(messageDigest, secretKey);
            }
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            if (encoded != null) {
                messageDigest.update(encoded);
            } else {
                digestKey(messageDigest, secretKey);
            }
            messageDigest.update(bArr2);
            messageDigest.update(digest);
        }

        private static void makeAccessible(final AccessibleObject accessibleObject) {
            AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: sun.security.ssl.HandshakeMessage.CertificateVerify.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    accessibleObject.setAccessible(true);
                    return null;
                }
            });
        }

        private static void digestKey(MessageDigest messageDigest, SecretKey secretKey) {
            try {
                if (messageDigest.getClass() != delegate) {
                    throw new Exception("Digest is not a MessageDigestSpi");
                }
                MessageDigestSpi messageDigestSpi = (MessageDigestSpi) spiField.get(messageDigest);
                Class<?> cls = messageDigestSpi.getClass();
                Object obj = methodCache.get(cls);
                if (obj == null) {
                    try {
                        obj = cls.getDeclaredMethod("implUpdate", SecretKey.class);
                        makeAccessible((Method) obj);
                    } catch (NoSuchMethodException e) {
                        obj = NULL_OBJECT;
                    }
                    methodCache.put(cls, obj);
                }
                if (obj == NULL_OBJECT) {
                    throw new Exception("Digest does not support implUpdate(SecretKey)");
                }
                ((Method) obj).invoke(messageDigestSpi, secretKey);
            } catch (Exception e2) {
                throw new RuntimeException("Could not obtain encoded key and MessageDigest cannot digest key", e2);
            }
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return HandshakeMessage.ht_certificate_verify;
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            int i = HandshakeMessage.ht_server_hello;
            if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                i += SignatureAndHashAlgorithm.sizeInRecord();
            }
            return i + this.signature.length;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                handshakeOutStream.putInt8(this.preferableSignatureAlgorithm.getHashValue());
                handshakeOutStream.putInt8(this.preferableSignatureAlgorithm.getSignatureValue());
            }
            handshakeOutStream.putBytes16(this.signature);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** CertificateVerify");
            if (debug == null || !Debug.isOn("verbose") || this.protocolVersion.v < ProtocolVersion.TLS12.v) {
                return;
            }
            printStream.println("Signature Algorithm " + this.preferableSignatureAlgorithm.getAlgorithmName());
        }

        static {
            try {
                delegate = Class.forName("java.security.MessageDigest$Delegate");
                spiField = delegate.getDeclaredField("digestSpi");
                makeAccessible(spiField);
                NULL_OBJECT = new Object();
                methodCache = new ConcurrentHashMap();
            } catch (Exception e) {
                throw new RuntimeException("Reflection failed", e);
            }
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$ClientHello.class */
    static final class ClientHello extends HandshakeMessage {
        ProtocolVersion protocolVersion;
        RandomCookie clnt_random;
        SessionId sessionId;
        private CipherSuiteList cipherSuites;
        byte[] compression_methods;
        HelloExtensions extensions;
        private static final byte[] NULL_COMPRESSION = {0};

        /* JADX INFO: Access modifiers changed from: package-private */
        public ClientHello(SecureRandom secureRandom, ProtocolVersion protocolVersion, SessionId sessionId, CipherSuiteList cipherSuiteList) {
            this.extensions = new HelloExtensions();
            this.protocolVersion = protocolVersion;
            this.sessionId = sessionId;
            this.cipherSuites = cipherSuiteList;
            this.clnt_random = new RandomCookie(secureRandom);
            this.compression_methods = NULL_COMPRESSION;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ClientHello(HandshakeInStream handshakeInStream, int i) throws IOException {
            this.extensions = new HelloExtensions();
            this.protocolVersion = ProtocolVersion.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8());
            this.clnt_random = new RandomCookie(handshakeInStream);
            this.sessionId = new SessionId(handshakeInStream.getBytes8());
            this.sessionId.checkLength(this.protocolVersion);
            this.cipherSuites = new CipherSuiteList(handshakeInStream);
            this.compression_methods = handshakeInStream.getBytes8();
            if (messageLength() != i) {
                this.extensions = new HelloExtensions(handshakeInStream);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public CipherSuiteList getCipherSuites() {
            return this.cipherSuites;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addRenegotiationInfoExtension(byte[] bArr) {
            this.extensions.add(new RenegotiationInfoExtension(bArr, new byte[HandshakeMessage.ht_hello_request]));
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addSNIExtension(List<SNIServerName> list) {
            try {
                this.extensions.add(new ServerNameExtension(list));
            } catch (IOException e) {
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void addSignatureAlgorithmsExtension(Collection<SignatureAndHashAlgorithm> collection) {
            this.extensions.add(new SignatureAlgorithmsExtension(collection));
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return HandshakeMessage.ht_client_hello;
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            return 38 + this.sessionId.length() + (this.cipherSuites.size() * HandshakeMessage.ht_server_hello) + this.compression_methods.length + this.extensions.length();
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(this.protocolVersion.major);
            handshakeOutStream.putInt8(this.protocolVersion.minor);
            this.clnt_random.send(handshakeOutStream);
            handshakeOutStream.putBytes8(this.sessionId.getId());
            this.cipherSuites.send(handshakeOutStream);
            handshakeOutStream.putBytes8(this.compression_methods);
            this.extensions.send(handshakeOutStream);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** ClientHello, " + this.protocolVersion);
            if (debug == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("RandomCookie:  ");
            this.clnt_random.print(printStream);
            printStream.print("Session ID:  ");
            printStream.println(this.sessionId);
            printStream.println("Cipher Suites: " + this.cipherSuites);
            Debug.println(printStream, "Compression Methods", this.compression_methods);
            this.extensions.print(printStream);
            printStream.println("***");
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$DH_ServerKeyExchange.class */
    static final class DH_ServerKeyExchange extends ServerKeyExchange {
        private static final boolean dhKeyExchangeFix = Debug.getBooleanProperty("com.sun.net.ssl.dhKeyExchangeFix", true);
        private byte[] dh_p;
        private byte[] dh_g;
        private byte[] dh_Ys;
        private byte[] signature;
        ProtocolVersion protocolVersion;
        private SignatureAndHashAlgorithm preferableSignatureAlgorithm;

        /* JADX INFO: Access modifiers changed from: package-private */
        public DH_ServerKeyExchange(DHCrypt dHCrypt, ProtocolVersion protocolVersion) {
            this.protocolVersion = protocolVersion;
            this.preferableSignatureAlgorithm = null;
            setValues(dHCrypt);
            this.signature = null;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public DH_ServerKeyExchange(DHCrypt dHCrypt, PrivateKey privateKey, byte[] bArr, byte[] bArr2, SecureRandom secureRandom, SignatureAndHashAlgorithm signatureAndHashAlgorithm, ProtocolVersion protocolVersion) throws GeneralSecurityException {
            Signature signature;
            this.protocolVersion = protocolVersion;
            setValues(dHCrypt);
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                this.preferableSignatureAlgorithm = signatureAndHashAlgorithm;
                signature = JsseJce.getSignature(signatureAndHashAlgorithm.getAlgorithmName());
            } else {
                this.preferableSignatureAlgorithm = null;
                signature = privateKey.getAlgorithm().equals("DSA") ? JsseJce.getSignature("DSA") : RSASignature.getInstance();
            }
            signature.initSign(privateKey, secureRandom);
            updateSignature(signature, bArr, bArr2);
            this.signature = signature.sign();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public DH_ServerKeyExchange(HandshakeInStream handshakeInStream, ProtocolVersion protocolVersion) throws IOException, GeneralSecurityException {
            this.protocolVersion = protocolVersion;
            this.preferableSignatureAlgorithm = null;
            this.dh_p = handshakeInStream.getBytes16();
            this.dh_g = handshakeInStream.getBytes16();
            this.dh_Ys = handshakeInStream.getBytes16();
            KeyUtil.validate(new DHPublicKeySpec(new BigInteger(HandshakeMessage.ht_client_hello, this.dh_Ys), new BigInteger(HandshakeMessage.ht_client_hello, this.dh_p), new BigInteger(HandshakeMessage.ht_client_hello, this.dh_g)));
            this.signature = null;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public DH_ServerKeyExchange(HandshakeInStream handshakeInStream, PublicKey publicKey, byte[] bArr, byte[] bArr2, int i, Collection<SignatureAndHashAlgorithm> collection, ProtocolVersion protocolVersion) throws IOException, GeneralSecurityException {
            byte[] bArr3;
            Signature rSASignature;
            this.protocolVersion = protocolVersion;
            this.dh_p = handshakeInStream.getBytes16();
            this.dh_g = handshakeInStream.getBytes16();
            this.dh_Ys = handshakeInStream.getBytes16();
            KeyUtil.validate(new DHPublicKeySpec(new BigInteger(HandshakeMessage.ht_client_hello, this.dh_Ys), new BigInteger(HandshakeMessage.ht_client_hello, this.dh_p), new BigInteger(HandshakeMessage.ht_client_hello, this.dh_g)));
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                this.preferableSignatureAlgorithm = SignatureAndHashAlgorithm.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8(), HandshakeMessage.ht_hello_request);
                if (!collection.contains(this.preferableSignatureAlgorithm)) {
                    throw new SSLHandshakeException("Unsupported SignatureAndHashAlgorithm in ServerKeyExchange message: " + this.preferableSignatureAlgorithm);
                }
            } else {
                this.preferableSignatureAlgorithm = null;
            }
            if (dhKeyExchangeFix) {
                bArr3 = handshakeInStream.getBytes16();
            } else {
                bArr3 = new byte[((i - (this.dh_p.length + HandshakeMessage.ht_server_hello)) - (this.dh_g.length + HandshakeMessage.ht_server_hello)) - (this.dh_Ys.length + HandshakeMessage.ht_server_hello)];
                handshakeInStream.read(bArr3);
            }
            String algorithm = publicKey.getAlgorithm();
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                rSASignature = JsseJce.getSignature(this.preferableSignatureAlgorithm.getAlgorithmName());
            } else {
                boolean z = -1;
                switch (algorithm.hashCode()) {
                    case 67986:
                        if (algorithm.equals("DSA")) {
                            z = HandshakeMessage.ht_hello_request;
                            break;
                        }
                        break;
                    case 81440:
                        if (algorithm.equals("RSA")) {
                            z = HandshakeMessage.ht_client_hello;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case HandshakeMessage.ht_hello_request /* 0 */:
                        rSASignature = JsseJce.getSignature("DSA");
                        break;
                    case HandshakeMessage.ht_client_hello /* 1 */:
                        rSASignature = RSASignature.getInstance();
                        break;
                    default:
                        throw new SSLKeyException("neither an RSA or a DSA key: " + algorithm);
                }
            }
            rSASignature.initVerify(publicKey);
            updateSignature(rSASignature, bArr, bArr2);
            if (!rSASignature.verify(bArr3)) {
                throw new SSLKeyException("Server D-H key verification failed");
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public BigInteger getModulus() {
            return new BigInteger(HandshakeMessage.ht_client_hello, this.dh_p);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public BigInteger getBase() {
            return new BigInteger(HandshakeMessage.ht_client_hello, this.dh_g);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public BigInteger getServerPublicKey() {
            return new BigInteger(HandshakeMessage.ht_client_hello, this.dh_Ys);
        }

        private void updateSignature(Signature signature, byte[] bArr, byte[] bArr2) throws SignatureException {
            signature.update(bArr);
            signature.update(bArr2);
            int length = this.dh_p.length;
            signature.update((byte) (length >> 8));
            signature.update((byte) (length & 255));
            signature.update(this.dh_p);
            int length2 = this.dh_g.length;
            signature.update((byte) (length2 >> 8));
            signature.update((byte) (length2 & 255));
            signature.update(this.dh_g);
            int length3 = this.dh_Ys.length;
            signature.update((byte) (length3 >> 8));
            signature.update((byte) (length3 & 255));
            signature.update(this.dh_Ys);
        }

        private void setValues(DHCrypt dHCrypt) {
            this.dh_p = toByteArray(dHCrypt.getModulus());
            this.dh_g = toByteArray(dHCrypt.getBase());
            this.dh_Ys = toByteArray(dHCrypt.getPublicKey());
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            int length = 6 + this.dh_p.length + this.dh_g.length + this.dh_Ys.length;
            if (this.signature != null) {
                if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                    length += SignatureAndHashAlgorithm.sizeInRecord();
                }
                length += this.signature.length;
                if (dhKeyExchangeFix) {
                    length += HandshakeMessage.ht_server_hello;
                }
            }
            return length;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.dh_p);
            handshakeOutStream.putBytes16(this.dh_g);
            handshakeOutStream.putBytes16(this.dh_Ys);
            if (this.signature != null) {
                if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                    handshakeOutStream.putInt8(this.preferableSignatureAlgorithm.getHashValue());
                    handshakeOutStream.putInt8(this.preferableSignatureAlgorithm.getSignatureValue());
                }
                if (dhKeyExchangeFix) {
                    handshakeOutStream.putBytes16(this.signature);
                } else {
                    handshakeOutStream.write(this.signature);
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** Diffie-Hellman ServerKeyExchange");
            if (debug == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.println(printStream, "DH Modulus", this.dh_p);
            Debug.println(printStream, "DH Base", this.dh_g);
            Debug.println(printStream, "Server DH Public Key", this.dh_Ys);
            if (this.signature == null) {
                printStream.println("Anonymous");
                return;
            }
            if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                printStream.println("Signature Algorithm " + this.preferableSignatureAlgorithm.getAlgorithmName());
            }
            printStream.println("Signed with a DSA or RSA public key");
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$DistinguishedName.class */
    static final class DistinguishedName {
        byte[] name;

        DistinguishedName(HandshakeInStream handshakeInStream) throws IOException {
            this.name = handshakeInStream.getBytes16();
        }

        DistinguishedName(X500Principal x500Principal) {
            this.name = x500Principal.getEncoded();
        }

        X500Principal getX500Principal() throws IOException {
            try {
                return new X500Principal(this.name);
            } catch (IllegalArgumentException e) {
                throw ((SSLProtocolException) new SSLProtocolException(e.getMessage()).initCause(e));
            }
        }

        int length() {
            return HandshakeMessage.ht_server_hello + this.name.length;
        }

        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.name);
        }

        void print(PrintStream printStream) throws IOException {
            printStream.println("<" + new X500Principal(this.name).toString() + ">");
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$ECDH_ServerKeyExchange.class */
    static final class ECDH_ServerKeyExchange extends ServerKeyExchange {
        private static final int CURVE_EXPLICIT_PRIME = 1;
        private static final int CURVE_EXPLICIT_CHAR2 = 2;
        private static final int CURVE_NAMED_CURVE = 3;
        private int curveId;
        private byte[] pointBytes;
        private byte[] signatureBytes;
        private ECPublicKey publicKey;
        ProtocolVersion protocolVersion;
        private SignatureAndHashAlgorithm preferableSignatureAlgorithm;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECDH_ServerKeyExchange(ECDHCrypt eCDHCrypt, PrivateKey privateKey, byte[] bArr, byte[] bArr2, SecureRandom secureRandom, SignatureAndHashAlgorithm signatureAndHashAlgorithm, ProtocolVersion protocolVersion) throws GeneralSecurityException {
            Signature signature;
            this.protocolVersion = protocolVersion;
            this.publicKey = (ECPublicKey) eCDHCrypt.getPublicKey();
            ECParameterSpec params = this.publicKey.getParams();
            this.pointBytes = JsseJce.encodePoint(this.publicKey.getW(), params.getCurve());
            this.curveId = SupportedEllipticCurvesExtension.getCurveIndex(params);
            if (privateKey == null) {
                return;
            }
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                this.preferableSignatureAlgorithm = signatureAndHashAlgorithm;
                signature = JsseJce.getSignature(signatureAndHashAlgorithm.getAlgorithmName());
            } else {
                signature = getSignature(privateKey.getAlgorithm());
            }
            signature.initSign(privateKey);
            updateSignature(signature, bArr, bArr2);
            this.signatureBytes = signature.sign();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECDH_ServerKeyExchange(HandshakeInStream handshakeInStream, PublicKey publicKey, byte[] bArr, byte[] bArr2, Collection<SignatureAndHashAlgorithm> collection, ProtocolVersion protocolVersion) throws IOException, GeneralSecurityException {
            this.protocolVersion = protocolVersion;
            int int8 = handshakeInStream.getInt8();
            if (int8 != CURVE_NAMED_CURVE) {
                throw new SSLHandshakeException("Unsupported ECCurveType: " + int8);
            }
            this.curveId = handshakeInStream.getInt16();
            if (!SupportedEllipticCurvesExtension.isSupported(this.curveId)) {
                throw new SSLHandshakeException("Unsupported curveId: " + this.curveId);
            }
            String curveOid = SupportedEllipticCurvesExtension.getCurveOid(this.curveId);
            if (curveOid == null) {
                throw new SSLHandshakeException("Unknown named curve: " + this.curveId);
            }
            ECParameterSpec eCParameterSpec = JsseJce.getECParameterSpec(curveOid);
            if (eCParameterSpec == null) {
                throw new SSLHandshakeException("Unsupported curve: " + curveOid);
            }
            this.pointBytes = handshakeInStream.getBytes8();
            this.publicKey = (ECPublicKey) JsseJce.getKeyFactory("EC").generatePublic(new ECPublicKeySpec(JsseJce.decodePoint(this.pointBytes, eCParameterSpec.getCurve()), eCParameterSpec));
            if (publicKey == null) {
                return;
            }
            if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
                this.preferableSignatureAlgorithm = SignatureAndHashAlgorithm.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8(), HandshakeMessage.ht_hello_request);
                if (!collection.contains(this.preferableSignatureAlgorithm)) {
                    throw new SSLHandshakeException("Unsupported SignatureAndHashAlgorithm in ServerKeyExchange message: " + this.preferableSignatureAlgorithm);
                }
            }
            this.signatureBytes = handshakeInStream.getBytes16();
            Signature signature = protocolVersion.v >= ProtocolVersion.TLS12.v ? JsseJce.getSignature(this.preferableSignatureAlgorithm.getAlgorithmName()) : getSignature(publicKey.getAlgorithm());
            signature.initVerify(publicKey);
            updateSignature(signature, bArr, bArr2);
            if (!signature.verify(this.signatureBytes)) {
                throw new SSLKeyException("Invalid signature on ECDH server key exchange message");
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ECPublicKey getPublicKey() {
            return this.publicKey;
        }

        private static Signature getSignature(String str) throws NoSuchAlgorithmException {
            boolean z = -1;
            switch (str.hashCode()) {
                case 2206:
                    if (str.equals("EC")) {
                        z = HandshakeMessage.ht_hello_request;
                        break;
                    }
                    break;
                case 81440:
                    if (str.equals("RSA")) {
                        z = CURVE_EXPLICIT_PRIME;
                        break;
                    }
                    break;
            }
            switch (z) {
                case HandshakeMessage.ht_hello_request /* 0 */:
                    return JsseJce.getSignature("SHA1withECDSA");
                case CURVE_EXPLICIT_PRIME /* 1 */:
                    return RSASignature.getInstance();
                default:
                    throw new NoSuchAlgorithmException("neither an RSA or a EC key : " + str);
            }
        }

        private void updateSignature(Signature signature, byte[] bArr, byte[] bArr2) throws SignatureException {
            signature.update(bArr);
            signature.update(bArr2);
            signature.update((byte) 3);
            signature.update((byte) (this.curveId >> 8));
            signature.update((byte) this.curveId);
            signature.update((byte) this.pointBytes.length);
            signature.update(this.pointBytes);
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            int i = HandshakeMessage.ht_hello_request;
            if (this.signatureBytes != null) {
                i = CURVE_EXPLICIT_CHAR2 + this.signatureBytes.length;
                if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                    i += SignatureAndHashAlgorithm.sizeInRecord();
                }
            }
            return 4 + this.pointBytes.length + i;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(CURVE_NAMED_CURVE);
            handshakeOutStream.putInt16(this.curveId);
            handshakeOutStream.putBytes8(this.pointBytes);
            if (this.signatureBytes != null) {
                if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                    handshakeOutStream.putInt8(this.preferableSignatureAlgorithm.getHashValue());
                    handshakeOutStream.putInt8(this.preferableSignatureAlgorithm.getSignatureValue());
                }
                handshakeOutStream.putBytes16(this.signatureBytes);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** ECDH ServerKeyExchange");
            if (debug == null || !Debug.isOn("verbose")) {
                return;
            }
            if (this.signatureBytes == null) {
                printStream.println("Anonymous");
            } else if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                printStream.println("Signature Algorithm " + this.preferableSignatureAlgorithm.getAlgorithmName());
            }
            printStream.println("Server key: " + this.publicKey);
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$Finished.class */
    static final class Finished extends HandshakeMessage {
        static final int CLIENT = 1;
        static final int SERVER = 2;
        private static final byte[] SSL_CLIENT = {67, 76, 78, 84};
        private static final byte[] SSL_SERVER = {83, 82, 86, 82};
        private byte[] verifyData;
        private ProtocolVersion protocolVersion;
        private CipherSuite cipherSuite;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Finished(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, int i, SecretKey secretKey, CipherSuite cipherSuite) {
            this.protocolVersion = protocolVersion;
            this.cipherSuite = cipherSuite;
            this.verifyData = getFinished(handshakeHash, i, secretKey);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Finished(ProtocolVersion protocolVersion, HandshakeInStream handshakeInStream, CipherSuite cipherSuite) throws IOException {
            this.protocolVersion = protocolVersion;
            this.cipherSuite = cipherSuite;
            this.verifyData = new byte[protocolVersion.v >= ProtocolVersion.TLS10.v ? HandshakeMessage.ht_server_key_exchange : 36];
            handshakeInStream.read(this.verifyData);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean verify(HandshakeHash handshakeHash, int i, SecretKey secretKey) {
            return MessageDigest.isEqual(getFinished(handshakeHash, i, secretKey), this.verifyData);
        }

        private byte[] getFinished(HandshakeHash handshakeHash, int i, SecretKey secretKey) {
            byte[] bArr;
            String str;
            byte[] bArr2;
            String str2;
            CipherSuite.PRF prf;
            if (i == CLIENT) {
                bArr = SSL_CLIENT;
                str = "client finished";
            } else {
                if (i != SERVER) {
                    throw new RuntimeException("Invalid sender: " + i);
                }
                bArr = SSL_SERVER;
                str = "server finished";
            }
            if (this.protocolVersion.v < ProtocolVersion.TLS10.v) {
                MessageDigest mD5Clone = handshakeHash.getMD5Clone();
                MessageDigest sHAClone = handshakeHash.getSHAClone();
                updateDigest(mD5Clone, bArr, MD5_pad1, MD5_pad2, secretKey);
                updateDigest(sHAClone, bArr, SHA_pad1, SHA_pad2, secretKey);
                byte[] bArr3 = new byte[36];
                try {
                    mD5Clone.digest(bArr3, HandshakeMessage.ht_hello_request, HandshakeMessage.ht_client_key_exchange);
                    sHAClone.digest(bArr3, HandshakeMessage.ht_client_key_exchange, 20);
                    return bArr3;
                } catch (DigestException e) {
                    throw new RuntimeException("Digest failed", e);
                }
            }
            try {
                if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                    bArr2 = handshakeHash.getFinishedHash();
                    str2 = "SunTls12Prf";
                    prf = this.cipherSuite.prfAlg;
                } else {
                    MessageDigest mD5Clone2 = handshakeHash.getMD5Clone();
                    MessageDigest sHAClone2 = handshakeHash.getSHAClone();
                    bArr2 = new byte[36];
                    mD5Clone2.digest(bArr2, HandshakeMessage.ht_hello_request, HandshakeMessage.ht_client_key_exchange);
                    sHAClone2.digest(bArr2, HandshakeMessage.ht_client_key_exchange, 20);
                    str2 = "SunTlsPrf";
                    prf = CipherSuite.PRF.P_NONE;
                }
                AlgorithmParameterSpec tlsPrfParameterSpec = new TlsPrfParameterSpec(secretKey, str, bArr2, HandshakeMessage.ht_server_key_exchange, prf.getPRFHashAlg(), prf.getPRFHashLength(), prf.getPRFBlockSize());
                KeyGenerator keyGenerator = JsseJce.getKeyGenerator(str2);
                keyGenerator.init(tlsPrfParameterSpec);
                SecretKey generateKey = keyGenerator.generateKey();
                if ("RAW".equals(generateKey.getFormat())) {
                    return generateKey.getEncoded();
                }
                throw new ProviderException("Invalid PRF output, format must be RAW. Format received: " + generateKey.getFormat());
            } catch (GeneralSecurityException e2) {
                throw new RuntimeException("PRF failed", e2);
            }
        }

        private static void updateDigest(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, byte[] bArr3, SecretKey secretKey) {
            messageDigest.update(bArr);
            CertificateVerify.updateDigest(messageDigest, bArr2, bArr3, secretKey);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getVerifyData() {
            return this.verifyData;
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return 20;
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            return this.verifyData.length;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.write(this.verifyData);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** Finished");
            if (debug == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.println(printStream, "verify_data", this.verifyData);
            printStream.println("***");
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$HelloRequest.class */
    static final class HelloRequest extends HandshakeMessage {
        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return HandshakeMessage.ht_hello_request;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public HelloRequest() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public HelloRequest(HandshakeInStream handshakeInStream) throws IOException {
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            return HandshakeMessage.ht_hello_request;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** HelloRequest (empty)");
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$RSA_ServerKeyExchange.class */
    static final class RSA_ServerKeyExchange extends ServerKeyExchange {
        private byte[] rsa_modulus;
        private byte[] rsa_exponent;
        private Signature signature;
        private byte[] signatureBytes;

        private void updateSignature(byte[] bArr, byte[] bArr2) throws SignatureException {
            this.signature.update(bArr);
            this.signature.update(bArr2);
            int length = this.rsa_modulus.length;
            this.signature.update((byte) (length >> 8));
            this.signature.update((byte) (length & 255));
            this.signature.update(this.rsa_modulus);
            int length2 = this.rsa_exponent.length;
            this.signature.update((byte) (length2 >> 8));
            this.signature.update((byte) (length2 & 255));
            this.signature.update(this.rsa_exponent);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public RSA_ServerKeyExchange(PublicKey publicKey, PrivateKey privateKey, RandomCookie randomCookie, RandomCookie randomCookie2, SecureRandom secureRandom) throws GeneralSecurityException {
            RSAPublicKeySpec rSAPublicKeySpec = JsseJce.getRSAPublicKeySpec(publicKey);
            this.rsa_modulus = toByteArray(rSAPublicKeySpec.getModulus());
            this.rsa_exponent = toByteArray(rSAPublicKeySpec.getPublicExponent());
            this.signature = RSASignature.getInstance();
            this.signature.initSign(privateKey, secureRandom);
            updateSignature(randomCookie.random_bytes, randomCookie2.random_bytes);
            this.signatureBytes = this.signature.sign();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public RSA_ServerKeyExchange(HandshakeInStream handshakeInStream) throws IOException, NoSuchAlgorithmException {
            this.signature = RSASignature.getInstance();
            this.rsa_modulus = handshakeInStream.getBytes16();
            this.rsa_exponent = handshakeInStream.getBytes16();
            this.signatureBytes = handshakeInStream.getBytes16();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public PublicKey getPublicKey() {
            try {
                return JsseJce.getKeyFactory("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(HandshakeMessage.ht_client_hello, this.rsa_modulus), new BigInteger(HandshakeMessage.ht_client_hello, this.rsa_exponent)));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean verify(PublicKey publicKey, RandomCookie randomCookie, RandomCookie randomCookie2) throws GeneralSecurityException {
            this.signature.initVerify(publicKey);
            updateSignature(randomCookie.random_bytes, randomCookie2.random_bytes);
            return this.signature.verify(this.signatureBytes);
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            return 6 + this.rsa_modulus.length + this.rsa_exponent.length + this.signatureBytes.length;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.rsa_modulus);
            handshakeOutStream.putBytes16(this.rsa_exponent);
            handshakeOutStream.putBytes16(this.signatureBytes);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** RSA ServerKeyExchange");
            if (debug == null || !Debug.isOn("verbose")) {
                return;
            }
            Debug.println(printStream, "RSA Modulus", this.rsa_modulus);
            Debug.println(printStream, "RSA Public Exponent", this.rsa_exponent);
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$ServerHello.class */
    static final class ServerHello extends HandshakeMessage {
        ProtocolVersion protocolVersion;
        RandomCookie svr_random;
        SessionId sessionId;
        CipherSuite cipherSuite;
        byte compression_method;
        HelloExtensions extensions;

        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return HandshakeMessage.ht_server_hello;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerHello() {
            this.extensions = new HelloExtensions();
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerHello(HandshakeInStream handshakeInStream, int i) throws IOException {
            this.extensions = new HelloExtensions();
            this.protocolVersion = ProtocolVersion.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8());
            this.svr_random = new RandomCookie(handshakeInStream);
            this.sessionId = new SessionId(handshakeInStream.getBytes8());
            this.sessionId.checkLength(this.protocolVersion);
            this.cipherSuite = CipherSuite.valueOf(handshakeInStream.getInt8(), handshakeInStream.getInt8());
            this.compression_method = (byte) handshakeInStream.getInt8();
            if (messageLength() != i) {
                this.extensions = new HelloExtensions(handshakeInStream);
            }
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            return 38 + this.sessionId.length() + this.extensions.length();
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putInt8(this.protocolVersion.major);
            handshakeOutStream.putInt8(this.protocolVersion.minor);
            this.svr_random.send(handshakeOutStream);
            handshakeOutStream.putBytes8(this.sessionId.getId());
            handshakeOutStream.putInt8(this.cipherSuite.id >> 8);
            handshakeOutStream.putInt8(this.cipherSuite.id & 255);
            handshakeOutStream.putInt8(this.compression_method);
            this.extensions.send(handshakeOutStream);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** ServerHello, " + this.protocolVersion);
            if (debug == null || !Debug.isOn("verbose")) {
                return;
            }
            printStream.print("RandomCookie:  ");
            this.svr_random.print(printStream);
            printStream.print("Session ID:  ");
            printStream.println(this.sessionId);
            printStream.println("Cipher Suite: " + this.cipherSuite);
            printStream.println("Compression Method: " + ((int) this.compression_method));
            this.extensions.print(printStream);
            printStream.println("***");
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$ServerHelloDone.class */
    static final class ServerHelloDone extends HandshakeMessage {
        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return HandshakeMessage.ht_server_hello_done;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerHelloDone() {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerHelloDone(HandshakeInStream handshakeInStream) {
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageLength() {
            return HandshakeMessage.ht_hello_request;
        }

        @Override // sun.security.ssl.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // sun.security.ssl.HandshakeMessage
        public void print(PrintStream printStream) throws IOException {
            printStream.println("*** ServerHelloDone");
        }
    }

    /* loaded from: input_file:sun/security/ssl/HandshakeMessage$ServerKeyExchange.class */
    static abstract class ServerKeyExchange extends HandshakeMessage {
        ServerKeyExchange() {
        }

        @Override // sun.security.ssl.HandshakeMessage
        int messageType() {
            return HandshakeMessage.ht_server_key_exchange;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] toByteArray(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length > ht_client_hello && byteArray[ht_hello_request] == 0) {
            int length = byteArray.length - ht_client_hello;
            byte[] bArr = new byte[length];
            System.arraycopy(byteArray, ht_client_hello, bArr, ht_hello_request, length);
            byteArray = bArr;
        }
        return byteArray;
    }

    private static byte[] genPad(int i, int i2) {
        byte[] bArr = new byte[i2];
        Arrays.fill(bArr, (byte) i);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void write(HandshakeOutStream handshakeOutStream) throws IOException {
        int messageLength = messageLength();
        if (messageLength >= 16777216) {
            throw new SSLException("Handshake message too big, type = " + messageType() + ", len = " + messageLength);
        }
        handshakeOutStream.write(messageType());
        handshakeOutStream.putInt24(messageLength);
        send(handshakeOutStream);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract int messageType();

    abstract int messageLength();

    abstract void send(HandshakeOutStream handshakeOutStream) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void print(PrintStream printStream) throws IOException;
}
