package com.claymoresystems.ptls;

import com.claymoresystems.sslg.SSLPolicyInt;
import cryptix.util.core.ArrayUtil;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.util.Vector;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/shentongjdbc-4.0.jar:com/claymoresystems/ptls/SSLHandshakeClient.class */
public class SSLHandshakeClient extends SSLHandshake {
    public final int SSL_HS_HANDSHAKE_START = 0;
    public final int SSL_HS_SENT_CLIENT_HELLO = 1;
    public final int SSL_HS_RECEIVED_SERVER_HELLO = 2;
    public final int SSL_HS_RECEIVED_CERTIFICATE = 3;
    public final int SSL_HS_RECEIVED_SERVER_KEY_EXCHANGE = 4;
    public final int SSL_HS_RECEIVED_CERTIFICATE_REQUEST = 5;
    public final int SSL_HS_RECEIVED_SERVER_HELLO_DONE = 6;
    boolean resume;
    SSLSessionData possibleResume;
    boolean clientAuth;

    public SSLHandshakeClient(SSLConn sSLConn) {
        super(sSLConn);
        this.SSL_HS_HANDSHAKE_START = 0;
        this.SSL_HS_SENT_CLIENT_HELLO = 1;
        this.SSL_HS_RECEIVED_SERVER_HELLO = 2;
        this.SSL_HS_RECEIVED_CERTIFICATE = 3;
        this.SSL_HS_RECEIVED_SERVER_KEY_EXCHANGE = 4;
        this.SSL_HS_RECEIVED_CERTIFICATE_REQUEST = 5;
        this.SSL_HS_RECEIVED_SERVER_HELLO_DONE = 6;
        this.resume = false;
        this.clientAuth = false;
        this.client = true;
    }

    @Override // com.claymoresystems.ptls.SSLHandshake
    protected void filterCipherSuites(PrivateKey privateKey, SSLPolicyInt sSLPolicyInt) {
        this.cipher_suites = new Vector();
        short[] cipherSuites = this._conn.getPolicy().getCipherSuites();
        for (int i = 0; i < cipherSuites.length; i++) {
            SSLCipherSuite findCipherSuite = SSLCipherSuite.findCipherSuite(cipherSuites[i]);
            if (findCipherSuite == null) {
                SSLDebug.debug(16, "Rejecting unrecognized cipher suite" + ((int) cipherSuites[i]));
            } else {
                SSLDebug.debug(16, "Accepting cipher suite: " + findCipherSuite.getName());
                this.cipher_suites.addElement(findCipherSuite);
            }
        }
    }

    @Override // com.claymoresystems.ptls.SSLHandshake
    public void handshakeContinue() throws IOException {
        if (this.state == 0) {
            sendClientHello();
            this.state = 1;
        }
        SSLHandshakeHdr sSLHandshakeHdr = new SSLHandshakeHdr();
        InputStream recvHandshakeMsg = recvHandshakeMsg(this._conn, sSLHandshakeHdr);
        int i = sSLHandshakeHdr.ct.value;
        SSLConn sSLConn = this._conn;
        SSLConn.debug(4, "Processing handshake message of type " + i);
        switch (i) {
            case 2:
                stateAssert(1);
                recvServerHello(recvHandshakeMsg);
                if (!this.resume) {
                    stateChange(2);
                    break;
                } else {
                    stateChange(20);
                    break;
                }
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case 15:
            case 16:
            case 17:
            case 18:
            case 19:
            default:
                this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
                break;
            case 11:
                stateAssert(2);
                recvCertificate(recvHandshakeMsg);
                stateChange(3);
                break;
            case 12:
                stateAssert(3);
                recvServerKeyExchange(recvHandshakeMsg);
                stateChange(4);
                break;
            case 13:
                stateAssert(4, 3);
                recvCertificateRequest(recvHandshakeMsg);
                stateChange(5);
                break;
            case 14:
                stateAssert(3, 4, 5);
                if (this.clientAuth) {
                    sendCertificate();
                }
                sendClientKeyExchange();
                if (this.clientAuth) {
                    sendCertificateVerify();
                }
                sendChangeCipherSpec();
                sendFinished();
                stateChange(20);
                break;
            case 20:
                stateAssert(21);
                recvFinished(recvHandshakeMsg);
                if (this.resume) {
                    sendChangeCipherSpec();
                    sendFinished();
                }
                if (this.session_id.length != 0) {
                    storeSession(sessionLookupKey());
                }
                stateChange(255);
                break;
        }
        if (recvHandshakeMsg.read() != -1) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
    }

    private void sendClientHello() throws IOException {
        SSLClientHello sSLClientHello = new SSLClientHello();
        byte[] bArr = new byte[0];
        this.possibleResume = findSession(sessionLookupKey());
        sSLClientHello.client_version.value = this._conn.ssl_version;
        makeRandomValue(this.client_random);
        sSLClientHello.random.value = this.client_random;
        if (this.possibleResume == null) {
            sSLClientHello.session_id.value = bArr;
        } else {
            sSLClientHello.session_id.value = this.possibleResume.getSessionID();
        }
        Vector vector = new Vector();
        for (int i = 0; i < this.cipher_suites.size(); i++) {
            vector.addElement(new SSLuint16(((SSLCipherSuite) this.cipher_suites.elementAt(i)).getValue()));
        }
        sSLClientHello.cipher_suites = new SSLvector(-65535, vector);
        Vector vector2 = new Vector();
        vector2.addElement(new SSLuint8(0));
        sSLClientHello.compression_methods = new SSLvector(-255, vector2);
        sendHandshakeMsg(this._conn, 1, sSLClientHello);
        this._conn.sock_out.flush();
    }

    private void recvServerHello(InputStream inputStream) throws IOException {
        SSLServerHello sSLServerHello = new SSLServerHello();
        sSLServerHello.decode(this._conn, inputStream);
        if (sSLServerHello.server_version.value < 768 || sSLServerHello.server_version.value > this._conn.ssl_version) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
        this._conn.ssl_version = sSLServerHello.server_version.value;
        System.arraycopy(sSLServerHello.random.value, 0, this.server_random, 0, 32);
        this.session_id = sSLServerHello.session_id.value;
        SSLDebug.debug(2, "Received Session ID", this.session_id);
        if (this.session_id.length != 0 && this.possibleResume != null && ArrayUtil.areEqual(this.session_id, this.possibleResume.getSessionID())) {
            restoreSession(this.possibleResume);
            if (sSLServerHello.cipher_suite.value != this.cipher_suite.getValue()) {
                this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
            }
            this.resume = true;
            computeNextCipherStates();
            SSLDebug.debug(4, "Resuming...");
            return;
        }
        this.cipher_suite = null;
        int i = 0;
        while (true) {
            if (i >= this.cipher_suites.size()) {
                break;
            }
            SSLCipherSuite sSLCipherSuite = (SSLCipherSuite) this.cipher_suites.elementAt(i);
            if (sSLCipherSuite.getValue() == sSLServerHello.cipher_suite.value) {
                this.cipher_suite = sSLCipherSuite;
                break;
            }
            i++;
        }
        if (this.cipher_suite == null) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
        SSLDebug.debug(64, "Server chose cipher" + this.cipher_suite.getName());
        if (sSLServerHello.compression_method.value != 0) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
    }

    private void recvServerKeyExchange(InputStream inputStream) throws IOException {
        new SSLServerKeyExchange().decode(this._conn, inputStream);
    }

    private void recvCertificateRequest(InputStream inputStream) throws IOException {
        new SSLCertificateRequest().decode(this._conn, inputStream);
        this.clientAuth = true;
    }

    public void sendCertificate() throws IOException {
        Vector certificateChain = this._conn.ctx.getCertificateChain();
        if (certificateChain == null) {
            this.clientAuth = false;
            switch (this._conn.ssl_version) {
                case SSLHandshake.SSL_V3_VERSION /* 768 */:
                    this._conn.sendAlertNoException(SSLAlertX.SSL_ALERT_NO_CERTIFICATE, false);
                    return;
                case SSLHandshake.TLS_V1_VERSION /* 769 */:
                    certificateChain = new Vector();
                    break;
                default:
                    throw new InternalError("Inconsistent version");
            }
        }
        sendCertificate(certificateChain);
    }

    private void sendCertificateVerify() throws IOException {
        sendHandshakeMsg(this._conn, 15, new SSLCertificateVerify(this._conn, this, true));
    }

    private void sendClientKeyExchange() throws IOException {
        sendHandshakeMsg(this._conn, 16, new SSLClientKeyExchange());
        computeMasterSecret();
        computeNextCipherStates();
    }

    private String sessionLookupKey() {
        return this._conn.s.remote_host + ":" + this._conn.s.remote_port;
    }
}
