package weblogic.security.SSL;

import java.io.BufferedOutputStream;
import java.io.DataInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InterruptedIOException;
import java.io.OutputStream;
import java.io.PushbackInputStream;
import java.net.InetAddress;
import java.net.ProtocolException;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import weblogic.net.http.HttpURLConnection;
import weblogic.net.http.HttpUnauthorizedException;
import weblogic.security.Utils;
import weblogic.security.acl.internal.Security;
import weblogic.security.audit.Audit;
import weblogic.socket.SSLFilter;
import weblogic.utils.Hex;
import weblogic.utils.StringUtils;
import weblogic.utils.io.ChunkedInputStream;

/* loaded from: input_file:weblogic.jar:weblogic/security/SSL/SSLSocket.class */
public class SSLSocket extends Socket {
    static final int MAX_TRIES = 3;
    Socket socket;
    SSLState state;
    SSLParams par;
    PushbackInputStream is;
    OutputStream os;
    private boolean isClient;
    SSLFilter muxerFilter;
    ChunkedInputStream muxerIS;
    static String proxyAuthStr = null;
    RecordInputStream ccsStream;
    RecordInputStream alertStream;
    RecordInputStream handshakeStream;
    RecordInputStream dataStream;
    boolean forceClose;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:weblogic.jar:weblogic/security/SSL/SSLSocket$WLPushbackInputStream.class */
    public class WLPushbackInputStream extends PushbackInputStream {
        protected int pushBackWL;
        private final SSLSocket this$0;

        public WLPushbackInputStream(SSLSocket sSLSocket, InputStream inputStream) {
            super(inputStream);
            this.this$0 = sSLSocket;
            this.pushBackWL = -1;
        }

        @Override // java.io.PushbackInputStream, java.io.FilterInputStream, java.io.InputStream
        public int read() throws IOException {
            int i = this.pushBackWL;
            if (i != -1) {
                this.pushBackWL = -1;
            } else {
                i = this.in.read();
            }
            return i;
        }

        @Override // java.io.PushbackInputStream, java.io.FilterInputStream, java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            if (this.pushBackWL == -1) {
                return this.in.read(bArr, i, i2);
            }
            if (i2 == 0) {
                return 0;
            }
            bArr[i] = (byte) this.pushBackWL;
            this.pushBackWL = -1;
            return 1;
        }

        @Override // java.io.PushbackInputStream
        public void unread(int i) throws IOException {
            if (this.pushBackWL == -1) {
                this.pushBackWL = i;
            } else {
                if (SSLState.debug) {
                    SSLState.println("Attempt to unread more than one character!");
                }
                throw new IOException("Attempt to unread more than one character!");
            }
        }

        @Override // java.io.PushbackInputStream, java.io.FilterInputStream, java.io.InputStream
        public int available() throws IOException {
            return this.pushBackWL == -1 ? this.in.available() : this.in.available() + 1;
        }
    }

    public SSLFilter getSSLFilter() {
        return this.muxerFilter;
    }

    public SSLSocket(String str, int i) throws UnknownHostException, IOException {
        this(str, i, new SSLParams());
    }

    public SSLSocket(Socket socket) throws IOException {
        this.forceClose = false;
        initialize(socket, true, new SSLParams());
    }

    public SSLSocket(String str, int i, SSLParams sSLParams) throws UnknownHostException, IOException {
        this(InetAddress.getByName(str), i, sSLParams);
    }

    public SSLSocket(InetAddress inetAddress, int i, SSLParams sSLParams) throws UnknownHostException, IOException {
        Socket socket;
        String readLine;
        this.forceClose = false;
        boolean z = sSLParams.debug;
        if (sSLParams.proxyHost == null) {
            socket = new Socket(inetAddress, i);
            if (z) {
                System.out.println("SSLSocket::without proxy since ssl.proxyHost not defined.");
            }
        } else {
            if (proxyAuthStr == null) {
                try {
                    proxyAuthStr = HttpURLConnection.getAuthInfo(sSLParams.proxyHost, sSLParams.proxyPort, "Basic");
                    proxyAuthStr = new StringBuffer().append("Proxy-Authorization: ").append(proxyAuthStr).toString();
                    if (z) {
                        System.out.println(new StringBuffer().append("SSLSocket: proxyAuthStr = ").append(proxyAuthStr).toString());
                    }
                } catch (HttpUnauthorizedException e) {
                }
            }
            int i2 = 0;
            if (z) {
                System.out.println(new StringBuffer().append("Tunneling SSL via proxy: ").append(sSLParams.proxyHost).append(":").append(sSLParams.proxyPort).toString());
            }
            while (true) {
                socket = new Socket(sSLParams.proxyHost, sSLParams.proxyPort);
                String stringBuffer = proxyAuthStr == null ? new StringBuffer().append("CONNECT ").append(inetAddress.getHostAddress()).append(":").append(i).append(" HTTP/1.0\r\n\r\n").toString() : new StringBuffer().append("CONNECT ").append(inetAddress.getHostAddress()).append(":").append(i).append(" HTTP/1.0\r\n").append(proxyAuthStr).append("\r\n\r\n").toString();
                if (z) {
                    System.out.println(new StringBuffer().append("SSLSocket::").append(stringBuffer).toString());
                }
                socket.getOutputStream().write(stringBuffer.getBytes());
                DataInputStream dataInputStream = new DataInputStream(socket.getInputStream());
                String readLine2 = dataInputStream.readLine();
                if (readLine2 == null) {
                    socket.close();
                    throw new IOException("No data when attempting to read from Proxy Server, more than likely the Proxy Server closed the socket.  Check Proxy Server error log.");
                }
                if (z) {
                    System.out.println(new StringBuffer().append("First line: ").append(readLine2).toString());
                }
                String[] splitCompletely = StringUtils.splitCompletely(readLine2);
                if (splitCompletely.length < 2) {
                    socket.close();
                    throw new ProtocolException(new StringBuffer().append("unrecognized response from SSL proxy: '").append(readLine2).append("'").toString());
                }
                if (!splitCompletely[0].equals("HTTP/1.0") && !splitCompletely[0].equals("HTTP/1.1")) {
                    socket.close();
                    throw new ProtocolException(new StringBuffer().append("unrecognized response from SSL proxy: '").append(readLine2).append("'").toString());
                }
                if (splitCompletely[1].equals("200")) {
                    do {
                        readLine = dataInputStream.readLine();
                        if (readLine == null) {
                            break;
                        }
                    } while (readLine.length() > 0);
                    if (z) {
                        System.out.println("success");
                    }
                } else {
                    if (!splitCompletely[1].equals("407")) {
                        throw new ProtocolException(new StringBuffer().append("unrecognized response from SSL proxy: '").append(readLine2).append("'").toString());
                    }
                    if (i2 > 3) {
                        throw new ProtocolException(new StringBuffer().append("Server redirected too many times (").append(i2).append(")").toString());
                    }
                    while (true) {
                        String readLine3 = dataInputStream.readLine();
                        if (readLine3 != null && readLine3.length() > 0) {
                            String[] split = StringUtils.split(readLine3, ':');
                            if (split[0].equalsIgnoreCase("Proxy-Authenticate")) {
                                if (z) {
                                    System.out.println(new StringBuffer().append(split[0]).append(": ").append(split[1]).toString());
                                }
                                proxyAuthStr = HttpURLConnection.getAuthInfo(sSLParams.proxyHost, sSLParams.proxyPort, split[1]);
                                if (proxyAuthStr == null) {
                                    throw new HttpUnauthorizedException("Proxy Authentication required (407)");
                                }
                                proxyAuthStr = new StringBuffer().append("Proxy-Authorization: ").append(proxyAuthStr).toString();
                                if (z) {
                                    System.out.println(proxyAuthStr);
                                }
                            }
                        }
                    }
                    i2++;
                }
            }
        }
        if (z) {
            SSLState.println(new StringBuffer().append("Connected to ").append(inetAddress).append(" ").append(i).toString());
        }
        initialize(socket, true, sSLParams);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSocket(Socket socket, SSLParams sSLParams) throws IOException {
        this.forceClose = false;
        this.socket = socket;
        this.par = sSLParams;
    }

    public void performAcceptHandshake() throws IOException {
        if (this.par != null && this.state == null) {
            initialize(this.socket, false, this.par);
        } else {
            if (SSLState.debug) {
                SSLState.println("performAcceptHandshake() must be invoked onuninitialized sockets");
            }
            throw new IOException("performAcceptHandshake() must be invoked onuninitialized sockets");
        }
    }

    protected void initialize(Socket socket, boolean z, SSLParams sSLParams) throws IOException {
        if (SSLState.debug) {
            SSLState.println("SSLSocket initialize");
        }
        this.ccsStream = new RecordInputStream(this, 20);
        this.alertStream = new RecordInputStream(this, 21);
        this.handshakeStream = new RecordInputStream(this, 22);
        this.dataStream = new RecordInputStream(this, 23);
        this.isClient = z;
        this.socket = socket;
        this.muxerFilter = new SSLFilter(socket.getInputStream(), this);
        this.muxerIS = this.muxerFilter.getInputStream();
        this.is = new WLPushbackInputStream(this, this.muxerIS);
        this.os = new BufferedOutputStream(socket.getOutputStream(), 4048);
        this.state = new SSLState(this, z, sSLParams);
        if (this.isClient) {
            clientInit();
        } else {
            serverInit();
        }
    }

    protected void clientInit() throws IOException {
        try {
            this.state.handshakeInProgress = true;
            this.state.finishedReceived = false;
            if (this.state.sessionID == null) {
                this.state.sessionID = Security.getThreadSSLClientInfo().getSessionID();
                SessionParams sessionParams = Security.getThreadSSLClientInfo().getSessionParams();
                if (sessionParams != null) {
                    this.state.setSessionParams(sessionParams);
                    if (SSLState.debug) {
                        SSLState.println(new StringBuffer().append("Attempting to reuse cached sessionID: ").append(this.state.sessionID).toString());
                    }
                }
            } else {
                this.state.md5Handshake.reset();
                this.state.shaHandshake.reset();
                if (SSLState.debug) {
                    SSLState.println("Resetting session state for new handshake");
                }
            }
            if (this.state.params.useV2Hello && this.state.sessionID == null) {
                V2ClientHello v2ClientHello = new V2ClientHello(this.state.params.clientCipherSuites, this.state.rng, this.state.sessionID, this.state);
                this.state.clientRandom = v2ClientHello.getRandom();
                v2ClientHello.output(this.os);
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("V2 client hello sent: ").append(v2ClientHello).toString());
                }
            } else {
                ClientHello clientHello = new ClientHello(this.state.params.clientCipherSuites, this.state.rng, this.state.sessionID);
                this.state.clientRandom = clientHello.random;
                sendHandshake(1, clientHello);
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("V3 client hello sent: ").append(clientHello).toString());
                }
            }
            this.os.flush();
            Handshake handshake = getHandshake();
            if (SSLState.debug) {
                SSLState.println(new StringBuffer().append("Received ").append(handshake).append(" of message type ").append(handshake.msgType.type).toString());
            }
            if (handshake.msgType.type != 2) {
                sendAlert(2, 10);
                Throwable iOException = new IOException(new StringBuffer().append("Unexpected message - expected 2  received ").append(handshake.msgType.type).toString());
                abort(iOException);
                throw iOException;
            }
            ServerHello serverHello = (ServerHello) handshake.body;
            this.state.serverRandom = serverHello.random;
            if (SSLState.debug) {
                SSLState.println(new StringBuffer().append("state.sessionID = ").append(this.state.sessionID).append("\n\t sh.sessionID = ").append(serverHello.sessionID).append("\n\t state.currentCS.cipherSuite = ").append((int) this.state.currentCS.cipherSuite).append("\n\t sh.cipherSuite = ").append((int) serverHello.cipherSuite).toString());
            }
            if (this.state.sessionID == null || serverHello.sessionID.id.length == 0 || !this.state.sessionID.equals(serverHello.sessionID) || serverHello.cipherSuite != this.state.currentCS.cipherSuite) {
                this.state.sessionID = serverHello.sessionID;
                if (!supportedClientCS(serverHello.cipherSuite)) {
                    sendAlert(2, 40);
                    Throwable iOException2 = new IOException("Unsupported ciphersuite requested");
                    abort(iOException2);
                    throw iOException2;
                }
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Using ciphersuite ").append((int) serverHello.cipherSuite).toString());
                }
                this.state.currentCS = new CipherSpec(serverHello.cipherSuite);
                ClientKeyExchange clientKeyExchange = null;
                boolean z = false;
                while (handshake.msgType.type != 14) {
                    handshake = getHandshake();
                    if (SSLState.debug) {
                        SSLState.println(new StringBuffer().append("Received ").append(handshake).append(" of message type ").append(handshake.msgType.type).toString());
                    }
                    switch (handshake.msgType.type) {
                        case 11:
                            if (SSLState.debug) {
                                SSLState.println("Received Server Certificate");
                            }
                            this.state.serverCert = (SSLCertificate) handshake.body;
                            break;
                        case 12:
                            if (this.state.currentCS.keyExchange != 1 || this.state.serverCert != null) {
                                if (SSLState.debug) {
                                    SSLState.println("Received ServerKeyExchange");
                                }
                                this.state.skx = (ServerKeyExchange) handshake.body;
                                break;
                            } else {
                                sendAlert(2, 40);
                                Throwable iOException3 = new IOException("ServerKeyExchange received before certificate");
                                abort(iOException3);
                                throw iOException3;
                            }
                            break;
                        case 13:
                            if (SSLState.debug) {
                                SSLState.println("Received Certificate Request");
                            }
                            z = true;
                            break;
                        case 14:
                            break;
                        default:
                            sendAlert(2, 10);
                            Throwable iOException4 = new IOException(new StringBuffer().append("Unexpected message - received message type ").append(handshake.msgType.type).toString());
                            abort(iOException4);
                            if (SSLState.debug) {
                                SSLState.println(new StringBuffer().append("Unexpected message - received message type ").append(handshake.msgType.type).toString());
                            }
                            throw iOException4;
                    }
                }
                if (this.state.currentCS.keyExchange == 1 && this.state.serverCert == null) {
                    sendAlert(2, 40);
                    Throwable iOException5 = new IOException("No certificate was received from server");
                    abort(iOException5);
                    if (SSLState.debug) {
                        SSLState.println("No certificate was received from server");
                    }
                    throw iOException5;
                }
                if (this.state.serverCert != null) {
                    if (this.state.params.getHostnameVerifier() != null) {
                        if (SSLState.debug) {
                            SSLState.println("Using programmatic HostnameVerifier instead of  default or command line specified");
                        }
                        if (!this.state.params.getHostnameVerifier().verify(getInetAddress(), this.state.serverCert.leafCert())) {
                            sendAlert(2, 40);
                            Throwable iOException6 = new IOException("Server Certificate SubjectDN CommonName received does not match Server hostname");
                            abort(iOException6);
                            throw iOException6;
                        }
                    } else if (!HostnameVerification.verify(getInetAddress(), this.state.serverCert.leafCert())) {
                        sendAlert(2, 40);
                        Throwable iOException7 = new IOException("Server Certificate SubjectDN CommonName received does not match Server hostname");
                        abort(iOException7);
                        throw iOException7;
                    }
                    if (SSLState.debug) {
                        SSLState.println("Server Certificate matches hostname");
                    }
                }
                if (z) {
                    if (this.state.clientCert == null) {
                        if (SSLState.debug) {
                            SSLState.println("No client certificate to send");
                        }
                        sendAlert(1, 41);
                    } else {
                        sendHandshake(11, this.state.clientCert);
                    }
                }
                if (this.state.serverCert != null) {
                    try {
                        this.state.params.checkServerCert(this.state.serverCert);
                        clientKeyExchange = new ClientKeyExchange(this.state.serverCert, this.state.rng, this.state);
                        if (clientKeyExchange == null) {
                            sendAlert(2, 40);
                            Throwable iOException8 = new IOException("ClientKeyExchange not received");
                            abort(iOException8);
                            throw iOException8;
                        }
                    } catch (Throwable th) {
                        if (clientKeyExchange != null) {
                            throw th;
                        }
                        sendAlert(2, 40);
                        Throwable iOException9 = new IOException("ClientKeyExchange not received");
                        abort(iOException9);
                        throw iOException9;
                    }
                } else {
                    if (this.state.skx == null) {
                        sendAlert(2, 40);
                        Throwable iOException10 = new IOException("Handshake failure: no certificate or server key exchange received");
                        abort(iOException10);
                        if (SSLState.debug) {
                            SSLState.println("Handshake failure: no certificate or server key exchange received");
                        }
                        throw iOException10;
                    }
                    clientKeyExchange = new ClientKeyExchange(this.state.skx, this.state.rng, this.state);
                }
                sendHandshake(16, clientKeyExchange);
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("--ClientKeyExchange sent: ").append(clientKeyExchange).toString());
                }
                this.state.preMasterSecret = clientKeyExchange.preMasterSecret();
                clientKeyExchange.erasePMS();
                this.state.computeMasterSecret();
                if (z && this.state.clientCert != null) {
                    HandshakeMessage certificateVerify = new CertificateVerify(this.state);
                    sendHandshake(15, certificateVerify);
                    if (SSLState.debug) {
                        SSLState.println(new StringBuffer().append("--CertificateVerify sent: ").append(certificateVerify).toString());
                    }
                }
                this.state.computeSecrets();
                sendChangeCipherSpec();
                if (SSLState.debug) {
                    SSLState.println("--ChangeCipherSpec sent");
                }
                this.state.finishHandshake();
                sendHandshake(20, new Finished(this.state, true));
                if (SSLState.debug) {
                    SSLState.println("--Finished sent");
                }
                getChangeCipherSpec();
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("--ChangeCipherSpec received\ncipherSpec = ").append(this.state.currentCS).toString());
                }
                this.state.finishHandshake();
                Handshake handshake2 = getHandshake();
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Received ").append(handshake2).toString());
                }
                if (handshake2.msgType.type != 20) {
                    sendAlert(2, 10);
                    Throwable iOException11 = new IOException(new StringBuffer().append("Unexpected message - expected 20 received ").append(handshake2.msgType.type).toString());
                    abort(iOException11);
                    throw iOException11;
                }
                this.state.finishedReceived = true;
                SSLClientInfo threadSSLClientInfo = Security.getThreadSSLClientInfo();
                threadSSLClientInfo.setSessionID(this.state.sessionID);
                threadSSLClientInfo.setSessionParams(this.state.getSessionParams());
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Storing new sessionID ").append(this.state.sessionID).toString());
                }
            } else {
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Resuming session ").append(this.state.sessionID).toString());
                    SSLState.println(new StringBuffer().append("Using session params ").append(this.state.getSessionParams()).toString());
                }
                this.state.currentCS = new CipherSpec(serverHello.cipherSuite);
                this.state.computeSecrets();
                getChangeCipherSpec();
                if (SSLState.debug) {
                    SSLState.println("--ChangeCipherSpec received");
                }
                this.state.finishHandshake();
                Handshake handshake3 = getHandshake();
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Received ").append(handshake3).toString());
                }
                if (handshake3.msgType.type != 20) {
                    sendAlert(2, 10);
                    Throwable iOException12 = new IOException(new StringBuffer().append("Unexpected message - expected 20received ").append(handshake3.msgType.type).toString());
                    abort(iOException12);
                    throw iOException12;
                }
                this.state.finishedReceived = true;
                sendChangeCipherSpec();
                if (SSLState.debug) {
                    SSLState.println("--ChangeCipherSpec sent");
                    SSLState.println(new StringBuffer().append("cipherSpec = ").append(this.state.currentCS).toString());
                }
                this.state.finishHandshake();
                sendHandshake(20, new Finished(this.state, true));
                if (SSLState.debug) {
                    SSLState.println("--Finished sent");
                }
            }
            this.state.handshakeInProgress = false;
            this.state.md5Handshake.reset();
            this.state.shaHandshake.reset();
        } catch (IOException e) {
            abort(e);
            SSLState.println(e.getMessage());
            throw e;
        }
    }

    protected void serverInit() throws IOException {
        try {
            this.state.handshakeInProgress = true;
            this.state.finishedReceived = false;
            this.state.md5Handshake.reset();
            this.state.shaHandshake.reset();
            if (useV2Hello()) {
                if (SSLState.debug) {
                    SSLState.println("Client is not using V3 hello");
                }
                V2ClientHello v2ClientHello = new V2ClientHello(this.state);
                v2ClientHello.input(this.is);
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Received ").append(v2ClientHello).toString());
                }
                if (v2ClientHello.version.major != 3) {
                    IOException iOException = new IOException("Client does not support SSL3");
                    abort(iOException);
                    throw iOException;
                }
                this.state.clientRandom = v2ClientHello.getRandom();
                serverInit2(v2ClientHello.getCipherSuites(), v2ClientHello.getSessionID());
            } else {
                if (SSLState.debug) {
                    SSLState.println("Client is using V3 hello");
                }
                Handshake handshake = getHandshake();
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Received ").append(handshake).toString());
                }
                if (handshake.msgType.type != 1) {
                    sendAlert(2, 10);
                    IOException iOException2 = new IOException(new StringBuffer().append("Unexpected message - expected type 1received type ").append(handshake.msgType.type).toString());
                    abort(iOException2);
                    throw iOException2;
                }
                ClientHello clientHello = (ClientHello) handshake.body;
                this.state.clientRandom = clientHello.random;
                serverInit2(clientHello.cipherSuites, clientHello.sessionID);
            }
        } catch (IOException e) {
            abort(e);
            throw e;
        }
    }

    void serverInit2(short[] sArr, SessionID sessionID) throws IOException {
        try {
            this.state.handshakeInProgress = true;
            this.state.finishedReceived = false;
            boolean z = false;
            if (SSLState.debug) {
                SSLState.println(new StringBuffer().append("Checking whether ").append(sessionID).append(" is in cache").toString());
            }
            SessionParams cachedSession = this.state.getCachedSession(sessionID);
            if (cachedSession != null) {
                if (SSLState.debug) {
                    SSLState.println("Session in cache");
                }
                if (containsCS(sArr, cachedSession.cipherSuite)) {
                    z = true;
                    if (SSLState.debug) {
                        SSLState.println(new StringBuffer().append("Using session params ").append(cachedSession).toString());
                    }
                    if (cachedSession.peerCertificate != null) {
                        cachedSession.peerCertificate.state = this.state;
                    }
                    this.state.setSessionParams(cachedSession);
                }
            }
            if (!z) {
                this.state.sessionID = new SessionID(this.state.rng);
                if (SSLState.debug) {
                    SSLState.println("Using new session params");
                }
            }
            if (z) {
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("--Resuming session ").append(this.state.sessionID).toString());
                }
                ServerHello serverHello = new ServerHello(this.state.currentCS.cipherSuite, this.state.sessionID, this.state.rng);
                this.state.serverRandom = serverHello.random;
                sendHandshake(2, serverHello);
                if (SSLState.debug) {
                    SSLState.println("--Server hello sent");
                }
                this.state.computeSecrets();
                sendChangeCipherSpec();
                if (SSLState.debug) {
                    SSLState.println("--ChangeCipherSpec sent");
                }
                this.state.finishHandshake();
                sendHandshake(20, new Finished(this.state, false));
                if (SSLState.debug) {
                    SSLState.println("--Finished sent");
                }
                getChangeCipherSpec();
                if (SSLState.debug) {
                    SSLState.println("--ChangeCipherSpec received");
                    SSLState.println(new StringBuffer().append("cipherSpec = ").append(this.state.currentCS).toString());
                }
                this.state.finishHandshake();
                Handshake handshake = getHandshake();
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Received ").append(handshake).toString());
                }
                if (handshake.msgType.type != 20) {
                    sendAlert(2, 10);
                    Throwable iOException = new IOException(new StringBuffer().append("Unexpected message - expected Finished received ").append(handshake.msgType.type).toString());
                    abort(iOException);
                    throw iOException;
                }
                this.state.finishedReceived = true;
            } else {
                int serverCipherSuite = serverCipherSuite(sArr);
                if (serverCipherSuite == -1) {
                    sendAlert(2, 40);
                    Throwable iOException2 = new IOException("Unsupported ciphersuites requested");
                    abort(iOException2);
                    throw iOException2;
                }
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Using ciphersuite ").append(serverCipherSuite).toString());
                }
                ServerHello serverHello2 = new ServerHello((short) serverCipherSuite, this.state.sessionID, this.state.rng);
                this.state.serverRandom = serverHello2.random;
                this.state.currentCS = new CipherSpec(serverHello2.cipherSuite);
                sendHandshake(2, serverHello2);
                if (SSLState.debug) {
                    SSLState.println("--Server hello sent");
                }
                this.state.serverCert = this.state.params.getServerCert();
                if (this.state.currentCS.keyExchange == 2) {
                    ServerKeyExchange serverKeyExchange = new ServerKeyExchange(this.state.rng, true, this.state);
                    this.state.skx = serverKeyExchange;
                    sendHandshake(12, serverKeyExchange);
                    if (SSLState.debug) {
                        SSLState.println("--Server key exchange sent");
                    }
                } else {
                    if (SSLState.debug) {
                        SSLState.println(new StringBuffer().append("serverCert = ").append(this.state.serverCert).toString());
                    }
                    sendHandshake(11, this.state.serverCert);
                    if (SSLState.debug) {
                        SSLState.println("--Server certificate sent");
                    }
                    if (this.state.currentCS.isExportable && this.state.serverCert.getPrivateKey().modulusLength() > 65) {
                        if (SSLState.debug) {
                            SSLState.println(new StringBuffer().append("Detected need to send extra server key exchange for cipher suite=").append(this.state.currentCS).append(", and private key modulus length=").append(this.state.serverCert.getPrivateKey().modulusLength()).toString());
                        }
                        ServerKeyExchange serverKeyExchange2 = new ServerKeyExchange(this.state);
                        this.state.skx = serverKeyExchange2;
                        sendHandshake(12, serverKeyExchange2);
                        if (SSLState.debug) {
                            SSLState.println("--Server key exchange sent");
                        }
                    }
                }
                if (this.state.params.needClientCert() && this.state.currentCS.keyExchange != 2) {
                    sendHandshake(13, new CertificateRequest(this.state.params.getClientRootCAs()));
                }
                sendHandshake(14, new ServerHelloDone());
                if (SSLState.debug) {
                    SSLState.println("--ServerHelloDone sent");
                }
                Handshake handshake2 = getHandshake();
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Received ").append(handshake2).toString());
                }
                if (handshake2.msgType.type == 11 && this.state.params.needClientCert() && this.state.currentCS.keyExchange != 2) {
                    this.state.clientCert = this.state.params.patchChain((SSLCertificate) handshake2.body);
                    Handshake handshake3 = getHandshake();
                    if (SSLState.debug) {
                        SSLState.println(new StringBuffer().append("Received ").append(handshake3).toString());
                    }
                    if (handshake3.msgType.type != 16) {
                        sendAlert(2, 10);
                        Throwable iOException3 = new IOException(new StringBuffer().append("Unexpected message - expected ClientKeyExchange received ").append(handshake3.msgType.type).toString());
                        abort(iOException3);
                        throw iOException3;
                    }
                    ClientKeyExchange clientKeyExchange = (ClientKeyExchange) handshake3.body;
                    this.state.preMasterSecret = clientKeyExchange.preMasterSecret();
                    clientKeyExchange.erasePMS();
                    this.state.computeMasterSecret();
                    Handshake handshake4 = getHandshake();
                    if (SSLState.debug) {
                        SSLState.println(new StringBuffer().append("Received ").append(handshake4).toString());
                    }
                    if (handshake4.msgType.type != 15) {
                        sendAlert(2, 10);
                        Throwable iOException4 = new IOException(new StringBuffer().append("Unexpected message - expected CertificateVerify received ").append(handshake4.msgType.type).toString());
                        abort(iOException4);
                        throw iOException4;
                    }
                } else {
                    if (handshake2.msgType.type != 16) {
                        sendAlert(2, 10);
                        Throwable iOException5 = new IOException(new StringBuffer().append("Unexpected message - expected ClientKeyExchange received ").append(handshake2.msgType.type).toString());
                        abort(iOException5);
                        throw iOException5;
                    }
                    ClientKeyExchange clientKeyExchange2 = (ClientKeyExchange) handshake2.body;
                    this.state.preMasterSecret = clientKeyExchange2.preMasterSecret();
                    clientKeyExchange2.erasePMS();
                    this.state.computeMasterSecret();
                }
                if (this.state.params.enforceClientCert) {
                    if (this.state.clientCert == null) {
                        Audit.certificateInvalid("SSL", this.state.socket, null);
                        sendAlert(2, 41);
                        Throwable iOException6 = new IOException("required client certificate missing");
                        abort(iOException6);
                        throw iOException6;
                    }
                    if (!this.state.clientCert.rootCAvalid(this.state.params.rootCAfingerprints)) {
                        Audit.rootCAInvalid("SSL", this.state.socket, this.state.clientCert.rootCA());
                        sendAlert(2, 42);
                        Throwable iOException7 = new IOException(new StringBuffer().append("client certificate not trusted: ").append(this.state.clientCert).toString());
                        abort(iOException7);
                        if (SSLState.debug) {
                            SSLState.println(new StringBuffer().append("client certificate not trusted: ").append(this.state.clientCert).toString());
                        }
                        throw iOException7;
                    }
                }
                this.state.computeSecrets();
                getChangeCipherSpec();
                if (SSLState.debug) {
                    SSLState.println("--ChangeCipherSpec received");
                }
                this.state.finishHandshake();
                Handshake handshake5 = getHandshake();
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Received ").append(handshake5).toString());
                }
                if (handshake5.msgType.type != 20) {
                    sendAlert(2, 10);
                    Throwable iOException8 = new IOException(new StringBuffer().append("Unexpected message - expected Finished received ").append(handshake5.msgType.type).toString());
                    abort(iOException8);
                    throw iOException8;
                }
                this.state.finishedReceived = true;
                sendChangeCipherSpec();
                if (SSLState.debug) {
                    SSLState.println("--ChangeCipherSpec sent");
                }
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("cipherSpec = ").append(this.state.currentCS).toString());
                }
                this.state.finishHandshake();
                sendHandshake(20, new Finished(this.state, false));
                if (SSLState.debug) {
                    SSLState.println("--Finished sent");
                }
                this.state.cacheSession();
            }
            this.state.handshakeInProgress = false;
            this.state.md5Handshake.reset();
            this.state.shaHandshake.reset();
        } catch (IOException e) {
            if (SSLState.debug) {
                SSLState.println(e.getMessage());
            }
            abort(e);
            throw e;
        }
    }

    protected void sendHandshake(int i, HandshakeMessage handshakeMessage) throws IOException {
        Handshake handshake = new Handshake(i, handshakeMessage, this.state);
        byte[] bytes = Utils.toBytes(handshake);
        this.state.md5Handshake.update(bytes);
        this.state.shaHandshake.update(bytes);
        if (SSLState.debug) {
            SSLState.println(new StringBuffer().append("Sending handshake ").append(handshake).append(" with bytes=\n").append(Hex.dump(bytes)).toString());
            SSLState.println(new StringBuffer().append("Handshake hashes:\n").append(this.state.md5Handshake).append("\n").append(this.state.shaHandshake).toString());
        }
        sendRecord(new SSLPlaintext(22, bytes));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendAlert(int i, int i2) throws IOException {
        if (!this.state.closed) {
            sendRecord(new SSLPlaintext(21, Utils.toBytes(new Alert(i, i2))));
        } else {
            if (SSLState.debug) {
                SSLState.println("Socket Closed");
            }
            throw new IOException("Socket Closed");
        }
    }

    protected void sendChangeCipherSpec() throws IOException {
        sendRecord(new SSLPlaintext(20, Utils.toBytes(new ChangeCipherSpec())));
        this.state.outSeqNum = 0L;
        if (SSLState.debug) {
            SSLState.println("Enabling write cipher");
        }
        this.state.enableWriteCipher();
    }

    void sendData(byte[] bArr) throws IOException {
        sendData(bArr, 0, bArr.length);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendData(byte[] bArr, int i, int i2) throws IOException {
        if (i2 == 0) {
            return;
        }
        sendRecord(new SSLPlaintext(23, bArr, i, i2));
    }

    void sendData(String str) throws IOException {
        byte[] bArr = new byte[str.length()];
        str.getBytes(0, str.length(), bArr, 0);
        sendData(bArr);
    }

    protected void sendRecord(SSLPlaintext sSLPlaintext) throws IOException {
        if (this.state.closed) {
            if (SSLState.debug) {
                SSLState.println("Socket Closed");
            }
            throw new IOException("Socket Closed");
        }
        SSLCiphertext sSLCiphertext = new SSLCiphertext(sSLPlaintext, this.state);
        synchronized (this.os) {
            sSLCiphertext.output(this.os);
            this.os.flush();
        }
        this.state.outSeqNum++;
    }

    private boolean hasSSLRecord() {
        int peek = this.muxerIS.peek(3);
        int peek2 = this.muxerIS.peek(4);
        return (peek == -1 || peek2 == -1 || (((peek & 255) << 8) | (peek2 & 255)) + 5 > this.muxerIS.available()) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLPlaintext getRecord() throws IOException {
        if (this.muxerFilter.isActivated() && !hasSSLRecord()) {
            throw new InterruptedIOException();
        }
        SSLCiphertext sSLCiphertext = new SSLCiphertext(this.state);
        sSLCiphertext.input(this.is);
        this.state.inSeqNum++;
        return new SSLPlaintext(sSLCiphertext);
    }

    protected Handshake getHandshake() throws IOException {
        Handshake handshake = new Handshake(this.state);
        do {
            handshake.input(this.handshakeStream);
            byte[] bytes = Utils.toBytes(handshake);
            this.state.md5Handshake.update(bytes);
            this.state.shaHandshake.update(bytes);
            if (SSLState.debug) {
                SSLState.println(new StringBuffer().append("Getting handshake ").append(handshake).append(" with bytes=\n").append(Hex.dump(bytes)).toString());
                SSLState.println(new StringBuffer().append("Handshake hashes:\n").append(this.state.md5Handshake).append("\n").append(this.state.shaHandshake).toString());
            }
            if (this.state.handshakeInProgress) {
                break;
            }
        } while (handshake.msgType.type == 0);
        return handshake;
    }

    protected void getChangeCipherSpec() throws IOException {
        new ChangeCipherSpec().input(this.ccsStream);
        this.state.inSeqNum = 0L;
        if (SSLState.debug) {
            SSLState.println("Enabling read cipher");
        }
        this.state.enableReadCipher();
    }

    public void ensureForceClose() {
        this.forceClose = true;
    }

    @Override // java.net.Socket, java.io.Closeable, java.lang.AutoCloseable
    public synchronized void close() throws IOException {
        close(false);
    }

    public synchronized void close(boolean z) throws IOException {
        try {
            if (!this.forceClose && !this.state.closeSent) {
                this.state.closeSent = true;
                try {
                    sendAlert(1, 0);
                } catch (IOException e) {
                }
            }
            this.socket.close();
            this.state.eraseSecrets();
            this.ccsStream = null;
            this.alertStream = null;
            this.handshakeStream = null;
            this.dataStream = null;
            this.par = null;
            this.is = null;
            this.os = null;
            this.muxerFilter = null;
            this.muxerIS = null;
        } catch (Throwable th) {
            this.state.eraseSecrets();
            this.ccsStream = null;
            this.alertStream = null;
            this.handshakeStream = null;
            this.dataStream = null;
            this.par = null;
            this.is = null;
            this.os = null;
            this.muxerFilter = null;
            this.muxerIS = null;
            throw th;
        }
    }

    @Override // java.net.Socket
    public InputStream getInputStream() throws IOException {
        if (this.state == null) {
            performAcceptHandshake();
        }
        return this.dataStream;
    }

    @Override // java.net.Socket
    public OutputStream getOutputStream() {
        return new SSLSocketOutputStream(this);
    }

    @Override // java.net.Socket
    public InetAddress getInetAddress() {
        return this.socket.getInetAddress();
    }

    @Override // java.net.Socket
    public int getPort() {
        return this.socket.getPort();
    }

    @Override // java.net.Socket
    public InetAddress getLocalAddress() {
        return this.socket.getLocalAddress();
    }

    @Override // java.net.Socket
    public int getLocalPort() {
        return this.socket.getLocalPort();
    }

    @Override // java.net.Socket
    public void setTcpNoDelay(boolean z) throws SocketException {
        this.socket.setTcpNoDelay(z);
    }

    @Override // java.net.Socket
    public boolean getTcpNoDelay() throws SocketException {
        return this.socket.getTcpNoDelay();
    }

    @Override // java.net.Socket
    public void setSoTimeout(int i) throws SocketException {
        this.socket.setSoTimeout(i);
    }

    @Override // java.net.Socket
    public int getSoTimeout() throws SocketException {
        return this.socket.getSoTimeout();
    }

    @Override // java.net.Socket
    public void setSoLinger(boolean z, int i) throws SocketException {
        this.socket.setSoLinger(z, i);
    }

    @Override // java.net.Socket
    public int getSoLinger() throws SocketException {
        return this.socket.getSoLinger();
    }

    public Socket getSocket() {
        return this.socket;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processAlerts() throws IOException {
        try {
            if (this.alertStream.availableNoRead() == 0 && inputAvailable() > 0) {
                this.alertStream.getData();
            }
            Alert alert = new Alert();
            while (this.alertStream.available() > 0) {
                if (SSLState.debug) {
                    SSLState.println(new StringBuffer().append("Available on alertStream: ").append(this.alertStream.available()).toString());
                }
                alert.input(this.alertStream);
                processAlert(alert);
            }
        } catch (EOFException e) {
            Alert alert2 = new Alert();
            if (this.alertStream.availableNoRead() != 2) {
                throw new EOFException();
            }
            alert2.input(this.alertStream);
            processAlert(alert2);
        }
    }

    void processAlert(Alert alert) throws IOException {
        if (alert.level == 2) {
            throw new IOException(new StringBuffer().append("Alert: ").append(alert).toString());
        }
        if (SSLState.debug) {
            SSLState.println(new StringBuffer().append("Received alert ").append(alert).toString());
        }
        switch (alert.description) {
            case 0:
                this.state.closed = true;
                if (this.state.closeSent) {
                    return;
                }
                try {
                    sendAlert(1, 0);
                } catch (IOException e) {
                }
                this.state.closeSent = true;
                return;
            case 41:
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processHandshakes() throws IOException {
        Handshake handshake = new Handshake(this.state);
        while (this.handshakeStream.available() > 0) {
            handshake.input(this.handshakeStream);
            processHandshake(handshake);
        }
    }

    void processHandshake(Handshake handshake) throws IOException {
        SSLState.println(new StringBuffer().append("Received ").append(handshake).toString());
        if (this.state.client && handshake.msgType.type == 0) {
            clientInit();
            return;
        }
        if (this.state.client || handshake.msgType.type != 1) {
            sendAlert(2, 10);
            IOException iOException = new IOException(new StringBuffer().append("Unexpected handshake message received: ").append(handshake).toString());
            abort(iOException);
            if (SSLState.debug) {
                SSLState.println(new StringBuffer().append("Unexpected handshake message received: ").append(handshake).toString());
            }
            throw iOException;
        }
        byte[] bytes = Utils.toBytes(handshake);
        this.state.md5Handshake.update(bytes);
        this.state.shaHandshake.update(bytes);
        if (SSLState.debug) {
            SSLState.println(new StringBuffer().append("Processing handshake ").append(handshake).append(" with bytes=\n").append(Hex.dump(bytes)).toString());
            SSLState.println(new StringBuffer().append("Handshake hashes:\n").append(this.state.md5Handshake).append("\n").append(this.state.shaHandshake).toString());
        }
        this.state.handshakeInProgress = true;
        this.state.finishedReceived = false;
        this.state.skx = null;
        ClientHello clientHello = (ClientHello) handshake.body;
        this.state.clientRandom = clientHello.random;
        serverInit2(clientHello.cipherSuites, clientHello.sessionID);
        this.state.renegotiated = true;
    }

    public void awaitClose() throws IOException {
        new Alert();
        while (!this.state.closed) {
            SSLPlaintext record = getRecord();
            if (record.type.type == 21) {
                this.alertStream.addData(record.fragment);
                processAlerts();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void abort(Throwable th) throws IOException {
        if (SSLState.debug || this.isClient) {
            SSLState.println("Aborting session");
            SSLState.println(th.getMessage());
        }
        this.state.removeSessionFromCache();
        this.state.closed = true;
        this.socket.close();
        this.state.eraseSecrets();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int inputAvailable() {
        if (this.state.closed) {
            return 0;
        }
        try {
            return this.is.available();
        } catch (IOException e) {
            return 0;
        }
    }

    public SSLCertificate getServerCert() {
        return this.state.serverCert;
    }

    public SSLCertificate getClientCert() {
        return this.state.clientCert;
    }

    public SessionParams getSessionParams() {
        return this.state.getSessionParams();
    }

    public SSLParams getParams() {
        return this.state.params;
    }

    int serverCipherSuite(short[] sArr) throws IOException {
        for (int i = 0; i < sArr.length; i++) {
            for (int i2 = 0; i2 < this.state.params.serverCipherSuites.length; i2++) {
                if (sArr[i] == this.state.params.serverCipherSuites[i2]) {
                    return sArr[i] & 65535;
                }
            }
        }
        return -1;
    }

    boolean supportedClientCS(short s) {
        for (int i = 0; i < this.state.params.clientCipherSuites.length; i++) {
            if (this.state.params.clientCipherSuites[i] == s) {
                return true;
            }
        }
        return false;
    }

    boolean containsCS(short[] sArr, short s) {
        for (short s2 : sArr) {
            if (s2 == s) {
                return true;
            }
        }
        return false;
    }

    boolean useV2Hello() throws IOException {
        int read = this.is.read();
        if (read != -1) {
            this.is.unread(read);
            return read != 22;
        }
        if (SSLState.debug) {
            SSLState.println("End of input");
        }
        throw new IOException("End of input");
    }

    public void renegotiate(SSLParams sSLParams) throws IOException {
        try {
            this.state.setParams(sSLParams);
            this.state.sessionID = null;
            this.state.params.useV2Hello = false;
            if (this.state.client) {
                clientInit();
            } else {
                sendHandshake(0, new HelloRequest());
                this.state.md5Handshake.reset();
                this.state.shaHandshake.reset();
                if (SSLState.debug) {
                    SSLState.println("--Hello request sent");
                }
                this.state.renegotiated = false;
                while (!this.state.renegotiated) {
                    this.handshakeStream.getData();
                }
            }
        } catch (IOException e) {
            abort(e);
            throw e;
        }
    }

    @Override // java.net.Socket
    public String toString() {
        return new StringBuffer().append("Socket[addr=").append(getInetAddress().getHostAddress()).append(",port=").append(getPort()).append(",localport=").append(getLocalPort()).append("}").toString();
    }
}
