package com.certicom.tls.record.handshake;

import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.interfaceimpl.ProtocolVersion;
import com.certicom.tls.interfaceimpl.TLSSystem;
import com.certicom.tls.provider.Cipher;
import com.certicom.tls.provider.Signature;
import com.certicom.tls.record.Util;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import weblogic.security.utils.SSLSetup;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic.jar:com/certicom/tls/record/handshake/MessageCertificateVerify.class */
public final class MessageCertificateVerify extends HandshakeMessage implements CryptoNames {
    private HandshakeHandler handler;
    private ByteArrayInputStream signature;

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageCertificateVerify(HandshakeHandler handshakeHandler) {
        this.handler = handshakeHandler;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageCertificateVerify(ByteArrayInputStream byteArrayInputStream) throws IOException {
        this.signature = byteArrayInputStream;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ByteArrayInputStream getSignature() {
        return this.signature;
    }

    @Override // com.certicom.tls.record.handshake.HandshakeMessage
    void initMessage() {
        byte[] rsaNCipherSignHandshakeMessageHashes;
        X509Certificate[] clientCertChain = this.handler.getClientCertChain();
        String algorithm = clientCertChain[0].getPublicKey().getAlgorithm();
        PrivateKey privateKey = this.handler.getCertificateSupport().getPrivateKey(clientCertChain[0]);
        ProtocolVersion protocolVersion = this.handler.getProtocolVersion();
        if (algorithm.indexOf(CryptoNames.EC) >= 0) {
            try {
                Signature signature = Signature.getInstance(CryptoNames.ECDSA);
                signature.initSign(privateKey, TLSSystem.getRandomNumberGenerator());
                if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 1) {
                    signature.update(this.handler.getSHA1Digest());
                } else if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 0) {
                    signature.update(this.handler.getSHA1Digest());
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                Util.writeBytesLength16(signature.sign(), byteArrayOutputStream);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                initBuffer(byteArray.length);
                this.buffer.write(byteArray);
                return;
            } catch (IOException e) {
                SSLSetup.debug(3, e, "exception is getting eaten");
                if (SSLSetup.getDebugEaten()) {
                    SSLSetup.debug(3, e, "........... Eating Exception ..........");
                    return;
                }
                return;
            } catch (InvalidKeyException e2) {
                SSLSetup.debug(3, e2, "exception is getting eaten");
                if (SSLSetup.getDebugEaten()) {
                    SSLSetup.debug(3, e2, "........... Eating Exception ..........");
                    return;
                }
                return;
            } catch (NoSuchAlgorithmException e3) {
                SSLSetup.debug(3, e3, "exception is getting eaten");
                if (SSLSetup.getDebugEaten()) {
                    SSLSetup.debug(3, e3, "........... Eating Exception ..........");
                    return;
                }
                return;
            } catch (SignatureException e4) {
                SSLSetup.debug(3, e4, "exception is getting eaten");
                if (SSLSetup.getDebugEaten()) {
                    SSLSetup.debug(3, e4, "........... Eating Exception ..........");
                    return;
                }
                return;
            }
        }
        if (!algorithm.equals("RSA")) {
            if (algorithm.equals("DSA")) {
                try {
                    byte[] bArr = null;
                    if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 1) {
                        bArr = this.handler.getSHA1Digest();
                    } else if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 0) {
                        bArr = this.handler.getV3CertificateVerifySHAHash(this.handler.getSHAClone());
                    }
                    Signature signature2 = Signature.getInstance(CryptoNames.RawDSA);
                    signature2.initSign(privateKey, TLSSystem.getRandomNumberGenerator());
                    signature2.update(bArr);
                    ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                    Util.writeBytesLength16(signature2.sign(), byteArrayOutputStream2);
                    byte[] byteArray2 = byteArrayOutputStream2.toByteArray();
                    initBuffer(byteArray2.length);
                    this.buffer.write(byteArray2);
                    return;
                } catch (IOException e5) {
                    SSLSetup.debug(3, e5, "exception is getting eaten");
                    if (SSLSetup.getDebugEaten()) {
                        SSLSetup.debug(3, e5, "........... Eating Exception ..........");
                        return;
                    }
                    return;
                } catch (CloneNotSupportedException e6) {
                    SSLSetup.debug(3, e6, "exception is getting eaten");
                    if (SSLSetup.getDebugEaten()) {
                        SSLSetup.debug(3, e6, "........... Eating Exception ..........");
                        return;
                    }
                    return;
                } catch (InvalidKeyException e7) {
                    SSLSetup.debug(3, e7, "exception is getting eaten");
                    if (SSLSetup.getDebugEaten()) {
                        SSLSetup.debug(3, e7, "........... Eating Exception ..........");
                        return;
                    }
                    return;
                } catch (NoSuchAlgorithmException e8) {
                    SSLSetup.debug(3, e8, "exception is getting eaten");
                    if (SSLSetup.getDebugEaten()) {
                        SSLSetup.debug(3, e8, "........... Eating Exception ..........");
                        return;
                    }
                    return;
                } catch (SignatureException e9) {
                    SSLSetup.debug(3, e9, "exception is getting eaten");
                    if (SSLSetup.getDebugEaten()) {
                        SSLSetup.debug(3, e9, "........... Eating Exception ..........");
                        return;
                    }
                    return;
                }
            }
            return;
        }
        try {
            byte[] bArr2 = null;
            byte[] bArr3 = null;
            if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 1) {
                bArr2 = this.handler.getMD5Digest();
                bArr3 = this.handler.getSHA1Digest();
            } else if (protocolVersion.getMajor() == 3 && protocolVersion.getMinor() == 0) {
                bArr2 = this.handler.getV3CertificateVerifyMD5Hash(this.handler.getMD5Clone());
                bArr3 = this.handler.getV3CertificateVerifySHAHash(this.handler.getSHAClone());
            }
            SSLSetup.debug(3, new StringBuffer().append("Private key class is ").append(privateKey.getClass().getName()).toString());
            if (privateKey.getClass().getName().equalsIgnoreCase("com.ncipher.provider.km.KMRSAPrivateCrtKey") || privateKey.getClass().getName().equalsIgnoreCase("com.ncipher.provider.km.KMRSAPrivateKey")) {
                SSLSetup.debug(3, "Using NCipher specific CertificateVerify signature code");
                rsaNCipherSignHandshakeMessageHashes = NCipherAPI.rsaNCipherSignHandshakeMessageHashes(privateKey, bArr2, bArr3, clientCertChain[0].getPublicKey());
            } else {
                SSLSetup.debug(3, "Using standard Certicom CertificateVerify code");
                rsaNCipherSignHandshakeMessageHashes = rsaSignHandshakeMessageHashes(privateKey, bArr2, bArr3);
            }
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            Util.writeBytesLength16(rsaNCipherSignHandshakeMessageHashes, byteArrayOutputStream3);
            byte[] byteArray3 = byteArrayOutputStream3.toByteArray();
            initBuffer(byteArray3.length);
            this.buffer.write(byteArray3);
        } catch (IOException e10) {
            SSLSetup.debug(3, e10, "exception is getting eaten");
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e10, "........... Eating Exception ..........");
            }
        } catch (CloneNotSupportedException e11) {
            SSLSetup.debug(3, e11, "exception is getting eaten");
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e11, "........... Eating Exception ..........");
            }
        } catch (InvalidKeyException e12) {
            SSLSetup.debug(3, e12, "exception is getting eaten");
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e12, "........... Eating Exception ..........");
            }
        } catch (NoSuchAlgorithmException e13) {
            SSLSetup.debug(3, e13, "exception is getting eaten");
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e13, "........... Eating Exception ..........");
            }
        } catch (SignatureException e14) {
            SSLSetup.debug(3, e14, "exception is getting eaten");
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e14, "........... Eating Exception ..........");
            }
        }
    }

    private byte[] rsaSignHandshakeMessageHashes(PrivateKey privateKey, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        byte[] addPKCS1Padding = this.handler.addPKCS1Padding((((RSAPrivateKey) privateKey).getModulus().bitLength() + 7) / 8, bArr3);
        Cipher cipher = SSLSetup.getUsingJsafeJCE() ? Cipher.getInstance("RSAWithNoPad") : Cipher.getInstance(CryptoNames.RSA_RAW);
        cipher.init(1, privateKey, TLSSystem.getRandomNumberGenerator());
        return cipher.doFinal(addPKCS1Padding, 0, addPKCS1Padding.length);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.certicom.tls.record.handshake.HandshakeMessage
    public int getHandshakeType() {
        return 15;
    }
}
