package com.certicom.tls.record.handshake;

import com.certicom.locale.Resources;
import com.certicom.tls.ciphersuite.CipherSuite;
import com.certicom.tls.ciphersuite.CipherSuiteSupport;
import com.certicom.tls.ciphersuite.CipherSuites;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.interfaceimpl.ProtocolVersions;
import com.certicom.tls.interfaceimpl.TLSSystem;
import com.certicom.tls.provider.Cipher;
import com.certicom.tls.record.Util;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Vector;
import weblogic.security.utils.SSLSetup;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic.jar:com/certicom/tls/record/handshake/MessageClientMasterKey.class */
public final class MessageClientMasterKey extends HandshakeMessage {
    private HandshakeHandler handler;
    private PublicKey peerKey;
    private byte[] secret;
    private int cipher;
    private byte[] clear_key;
    private byte[] encrypted_key;
    private byte[] iv_key;

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageClientMasterKey(HandshakeHandler handshakeHandler, PublicKey publicKey) {
        this.clear_key = null;
        this.encrypted_key = null;
        this.iv_key = null;
        this.handler = handshakeHandler;
        this.peerKey = publicKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageClientMasterKey(ByteArrayInputStream byteArrayInputStream) throws IOException, IllegalArgumentException {
        this.clear_key = null;
        this.encrypted_key = null;
        this.iv_key = null;
        this.cipher = MapCipher.mapCipherToTLS(Util.readUInt24(byteArrayInputStream));
        CipherSuite cipherSuite = CipherSuites.TLS_NULL_WITH_NULL_NULL;
        try {
            CipherSuiteSupport.getCipherSuite(this.cipher);
        } catch (NoSuchAlgorithmException e) {
            handleError();
        }
        int readUInt16 = Util.readUInt16(byteArrayInputStream);
        int readUInt162 = Util.readUInt16(byteArrayInputStream);
        int readUInt163 = Util.readUInt16(byteArrayInputStream);
        this.clear_key = new byte[readUInt16];
        Util.readFully(this.clear_key, byteArrayInputStream);
        this.encrypted_key = new byte[readUInt162];
        Util.readFully(this.encrypted_key, byteArrayInputStream);
        this.iv_key = new byte[readUInt163];
        Util.readFully(this.iv_key, byteArrayInputStream);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientMasterKey(HandshakeHandler handshakeHandler, PrivateKey privateKey) throws IOException, IllegalArgumentException, InvalidKeyException {
        boolean z = false;
        CipherSuite cipherSuite = CipherSuites.TLS_NULL_WITH_NULL_NULL;
        try {
            cipherSuite = CipherSuiteSupport.getCipherSuite(this.cipher);
        } catch (NoSuchAlgorithmException e) {
            handleError();
        }
        Vector enabledCipherSuitesVector = handshakeHandler.getConnectionImpl().getEnabledCipherSuitesVector();
        int i = 0;
        while (true) {
            if (i >= enabledCipherSuitesVector.size()) {
                break;
            }
            if (enabledCipherSuitesVector.contains(cipherSuite)) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            handleError();
        }
        int cipherKeyLength = cipherSuite.getCipherKeyLength() - cipherSuite.getCipherKeyMaterialLength();
        if ((cipherSuite.equals(CipherSuites.TLS_RSA_WITH_RC4_128_MD5) && this.clear_key.length != 0) || (cipherSuite.equals(CipherSuites.TLS_RSA_EXPORT_WITH_RC4_40_MD5) && this.clear_key.length != cipherKeyLength)) {
            handshakeHandler.fireSSL2ErrorException(new StringBuffer().append(Resources.getMessage("244")).append(Resources.getMessage("247")).toString());
        }
        if (this.encrypted_key.length != (((RSAPrivateKey) privateKey).getModulus().bitLength() + 7) / 8) {
            handshakeHandler.fireSSL2ErrorException(new StringBuffer().append(Resources.getMessage("244")).append(Resources.getMessage("248")).toString());
        }
        if (this.iv_key.length != 0) {
            handshakeHandler.fireSSL2ErrorException(new StringBuffer().append(Resources.getMessage("244")).append(Resources.getMessage("249")).toString());
        }
        byte[] bArr = null;
        try {
            Cipher cipher = Cipher.getInstance(CryptoNames.RSA_PKCS1);
            cipher.init(2, privateKey, TLSSystem.getRandomNumberGenerator());
            bArr = cipher.doFinal(this.encrypted_key, 0, this.encrypted_key.length);
        } catch (NoSuchAlgorithmException e2) {
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e2, "........... Eating Exception ..........");
            }
        }
        handshakeHandler.getProtocolVersion();
        byte[] removePKCS1Padding = handshakeHandler.removePKCS1Padding(bArr);
        if (this.clear_key.length + removePKCS1Padding.length != cipherSuite.getCipherKeyLength()) {
            handshakeHandler.fireSSL2ErrorException(new StringBuffer().append(Resources.getMessage("244")).append(Resources.getMessage("250")).toString());
        }
        this.secret = new byte[this.clear_key.length + removePKCS1Padding.length + this.iv_key.length];
        System.arraycopy(this.clear_key, 0, this.secret, 0, this.clear_key.length);
        System.arraycopy(removePKCS1Padding, 0, this.secret, this.clear_key.length, removePKCS1Padding.length);
        System.arraycopy(this.iv_key, 0, this.secret, this.clear_key.length + removePKCS1Padding.length, this.iv_key.length);
        handshakeHandler.setPremasterSecret(this.secret);
        handshakeHandler.setMasterSecret(this.secret);
    }

    private void handleError() throws IOException {
        this.handler.write(new MessageSSL2Error(1));
        this.handler.flush();
        this.handler.handleSSL2Error(2, 1);
    }

    @Override // com.certicom.tls.record.handshake.HandshakeMessage
    void initMessage() {
        byte[] doFinal;
        try {
            CipherSuite pendingCipherSuite = this.handler.getPendingCipherSuite();
            this.handler.getProtocolVersion();
            this.cipher = pendingCipherSuite.getTag();
            int mapCipherToSSL2 = MapCipher.mapCipherToSSL2(this.cipher);
            int cipherKeyLength = pendingCipherSuite.getCipherKeyLength();
            int cipherKeyMaterialLength = pendingCipherSuite.getCipherKeyMaterialLength();
            int i = cipherKeyLength - cipherKeyMaterialLength;
            int bitLength = (((RSAPublicKey) this.peerKey).getModulus().bitLength() + 7) / 8;
            byte[] bArr = new byte[cipherKeyLength + 0];
            TLSSystem.getRandomNumberGenerator().nextBytes(bArr);
            this.handler.setPremasterSecret(bArr);
            this.handler.generateMasterSecret();
            byte[] bArr2 = new byte[i];
            System.arraycopy(bArr, 0, bArr2, 0, i);
            byte[] bArr3 = new byte[cipherKeyMaterialLength];
            System.arraycopy(bArr, i, bArr3, 0, cipherKeyMaterialLength);
            initBufferVersion2(9 + i + bitLength + 0);
            Util.writeUInt24(mapCipherToSSL2, this.buffer);
            Util.writeUInt16(i, this.buffer);
            Util.writeUInt16(bitLength, this.buffer);
            Util.writeUInt16(0, this.buffer);
            this.buffer.write(bArr2);
            if (this.handler.getHelloProtocol().equals(ProtocolVersions.SSL20)) {
                Cipher cipher = Cipher.getInstance(CryptoNames.RSA_PKCS1);
                cipher.init(1, this.peerKey, TLSSystem.getRandomNumberGenerator());
                doFinal = cipher.doFinal(bArr3, 0, bArr3.length);
            } else {
                byte[] addPKCS1Type2Padding = this.handler.addPKCS1Type2Padding(bitLength, bArr3);
                Cipher cipher2 = Cipher.getInstance(CryptoNames.RSA_RAW);
                cipher2.init(1, this.peerKey, TLSSystem.getRandomNumberGenerator());
                doFinal = cipher2.doFinal(addPKCS1Type2Padding, 0, addPKCS1Type2Padding.length);
            }
            this.buffer.write(doFinal);
            byte[] bArr4 = new byte[0];
            System.arraycopy(bArr, cipherKeyLength, bArr4, 0, 0);
            this.buffer.write(bArr4);
        } catch (IOException e) {
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e, "........... Eating Exception ..........");
            }
        } catch (InvalidKeyException e2) {
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e2, "........... Eating Exception ..........");
            }
        } catch (NoSuchAlgorithmException e3) {
            if (SSLSetup.getDebugEaten()) {
                SSLSetup.debug(3, e3, "........... Eating Exception ..........");
            }
        }
    }

    byte[] getSecret() {
        return this.secret;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getCipherSuiteTag() {
        return this.cipher;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.certicom.tls.record.handshake.HandshakeMessage
    public int getHandshakeType() {
        return 2;
    }

    @Override // com.certicom.tls.record.handshake.HandshakeMessage, com.certicom.tls.record.Message
    public int getMessageType() {
        return 0;
    }
}
