package com.certicom.tls.record.handshake;

import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.interfaceimpl.CertificateSupport;
import com.certicom.tls.interfaceimpl.ProtocolVersion;
import com.certicom.tls.interfaceimpl.TLSSystem;
import com.certicom.tls.provider.Cipher;
import com.certicom.tls.provider.KeyAgreement;
import com.certicom.tls.provider.MessageDigest;
import com.certicom.tls.provider.interfaces.ECPrivateKey;
import com.certicom.tls.provider.interfaces.ECPublicKey;
import com.certicom.tls.provider.spec.DHPrivateKey;
import com.certicom.tls.provider.spec.DHPublicKey;
import com.certicom.tls.record.alert.Alert;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import weblogic.security.utils.SSLSetup;

/* loaded from: input_file:weblogic.jar:com/certicom/tls/record/handshake/ServerStateSentHelloDone.class */
public final class ServerStateSentHelloDone extends HandshakeState implements CryptoNames {
    private PrivateKey kaPrivateKey;
    private X509Certificate[] clientCertChain;
    private MessageDigest md5;
    private MessageDigest sha;
    private PublicKey peerkaPublicKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerStateSentHelloDone(HandshakeHandler handshakeHandler, PrivateKey privateKey) {
        super(handshakeHandler);
        this.clientCertChain = null;
        this.peerkaPublicKey = null;
        this.kaPrivateKey = privateKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.certicom.tls.record.handshake.HandshakeState
    public void handle(HandshakeMessage handshakeMessage) throws IOException {
        switch (handshakeMessage.getHandshakeType()) {
            case 11:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("CERTIFICATE \nEnd");
                }
                MessageCertificate messageCertificate = (MessageCertificate) handshakeMessage;
                this.clientCertChain = messageCertificate.getCertificateChain();
                CertificateSupport certificateSupport = this.handler.getCertificateSupport();
                if (!certificateSupport.isClientTrusted(this.clientCertChain, this.handler.getPendingCipherSuite().getDescription(), this.handler.getProtocolVersion(), this.handler.getConnectionImpl().getCertificateCallbackRef(), this.handler.getConnectionImpl().getReadHandler().getSSLIOContext().getSSLSocket())) {
                    if (this.clientCertChain.length == 0) {
                        this.handler.fireAlert(2, 40);
                    } else {
                        this.handler.fireAlert(2, 42);
                    }
                }
                this.handler.getPendingSession().setPeerCertChain(certificateSupport.completeCertChain(this.clientCertChain));
                int keyAgreementAlgorithm = this.handler.getPendingCipherSuite().getKeyAgreementAlgorithm();
                if ((keyAgreementAlgorithm == 5 || keyAgreementAlgorithm == 12) && this.clientCertChain.length != 0) {
                    this.peerkaPublicKey = messageCertificate.getCertificateChain()[0].getPublicKey();
                    return;
                }
                return;
            case 16:
                if (this.handler.returnDebugFlag()) {
                    System.out.println("CLIENT_KEY_EXCHANGE \nEnd.");
                }
                try {
                    int keyAgreementAlgorithm2 = this.handler.getPendingCipherSuite().getKeyAgreementAlgorithm();
                    if (this.clientCertChain != null) {
                        this.md5 = this.handler.getMD5Clone();
                        this.sha = this.handler.getSHAClone();
                    }
                    if (this.clientCertChain != null && this.clientCertChain.length != 0 && (keyAgreementAlgorithm2 == 5 || keyAgreementAlgorithm2 == 12)) {
                        if (handshakeMessage.getMessageLength() == 4) {
                            this.handler.setECDSA_fixed_ECDHFlag(true);
                        } else if (((MessageClientKeyExchangeECDH) handshakeMessage).getY() == null) {
                            this.handler.setECDSA_fixed_ECDHFlag(true);
                        }
                        if (!this.handler.getCertificateSupport().validateECDSA_fixed_ECDH(this.handler.getECDSA_fixed_ECDHFlag(), this.clientCertChain, this.handler.getProtocolVersion())) {
                            this.handler.fireAlert(2, 42);
                        }
                    }
                    SecureRandom randomNumberGenerator = TLSSystem.getRandomNumberGenerator();
                    if (keyAgreementAlgorithm2 == 1 || keyAgreementAlgorithm2 == 9 || keyAgreementAlgorithm2 == 2 || keyAgreementAlgorithm2 == 3 || keyAgreementAlgorithm2 == 10 || keyAgreementAlgorithm2 == 11 || keyAgreementAlgorithm2 == 4) {
                        DHPrivateKey dHPrivateKey = (DHPrivateKey) this.kaPrivateKey;
                        MessageClientKeyExchangeDH messageClientKeyExchangeDH = (MessageClientKeyExchangeDH) handshakeMessage;
                        messageClientKeyExchangeDH.getY();
                        DHPublicKey dHPublicKey = new DHPublicKey(messageClientKeyExchangeDH.getY(), dHPrivateKey.getP(), dHPrivateKey.getG());
                        KeyAgreement keyAgreement = KeyAgreement.getInstance(CryptoNames.DIFFIE_HELLMAN);
                        keyAgreement.init(dHPrivateKey, randomNumberGenerator);
                        keyAgreement.doPhase(dHPublicKey, true);
                        this.handler.setPremasterSecret(keyAgreement.generateSecret());
                    }
                    if (keyAgreementAlgorithm2 == 5 || keyAgreementAlgorithm2 == 12) {
                        ECPrivateKey eCPrivateKey = (ECPrivateKey) this.kaPrivateKey;
                        ECPublicKey y = !this.handler.getECDSA_fixed_ECDHFlag() ? ((MessageClientKeyExchangeECDH) handshakeMessage).getY() : (ECPublicKey) this.peerkaPublicKey;
                        KeyAgreement keyAgreement2 = KeyAgreement.getInstance(CryptoNames.ECDH);
                        keyAgreement2.init(eCPrivateKey, randomNumberGenerator);
                        keyAgreement2.doPhase(y, true);
                        byte[] bArr = new byte[20];
                        this.handler.setPremasterSecret(keyAgreement2.generateSecret());
                    }
                    if (keyAgreementAlgorithm2 == 6 || keyAgreementAlgorithm2 == 7 || keyAgreementAlgorithm2 == 8) {
                        byte[] encryptedSecret = ((MessageClientKeyExchangeRSA) handshakeMessage).getEncryptedSecret();
                        Cipher cipher = SSLSetup.getUsingJsafeJCE() ? Cipher.getInstance("RSA") : Cipher.getInstance(CryptoNames.RSA_PKCS1);
                        cipher.init(2, this.kaPrivateKey, randomNumberGenerator);
                        byte[] doFinal = cipher.doFinal(encryptedSecret, 0, encryptedSecret.length);
                        ProtocolVersion protocolVersion = new ProtocolVersion(doFinal[0], doFinal[1]);
                        if (!this.handler.getHandshakeRollBackBug() && !this.handler.getPeerHelloProtocol().equals(protocolVersion)) {
                            this.handler.fireAlert(2, 40);
                        }
                        this.handler.setPremasterSecret(doFinal);
                    }
                    this.handler.generateMasterSecret();
                    this.handler.generateSecurityParameters();
                } catch (CloneNotSupportedException e) {
                    if (SSLSetup.getDebugEaten()) {
                        SSLSetup.debug(3, e, "........... Eating Exception ..........");
                    }
                } catch (InvalidKeyException e2) {
                    if (SSLSetup.getDebugEaten()) {
                        SSLSetup.debug(3, e2, "........... Eating Exception ..........");
                    }
                } catch (NoSuchAlgorithmException e3) {
                    if (SSLSetup.getDebugEaten()) {
                        SSLSetup.debug(3, e3, "........... Eating Exception ..........");
                    }
                }
                this.handler.setState(new ServerStateReceivedClientKeyExchange(this.handler, this.clientCertChain, this.md5, this.sha));
                return;
            default:
                this.handler.fireAlert(new Alert(2, 10));
                return;
        }
    }
}
