package COM.claymoresystems.ptls;

import COM.claymoresystems.sslg.SSLPolicyInt;
import COM.claymoresystems.util.Util;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.util.Hashtable;
import java.util.Vector;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/puretls.jar:COM/claymoresystems/ptls/SSLHandshakeServer.class */
public class SSLHandshakeServer extends SSLHandshake {
    public final int SSL_HS_WAIT_FOR_CLIENT_HELLO = 1;
    public final int SSL_HS_WAIT_FOR_CERTIFICATE = 2;
    public final int SSL_HS_WAIT_FOR_CLIENT_KEY_EXCHANGE = 3;
    public final int SSL_HS_WAIT_FOR_CERTIFICATE_VERIFY = 4;
    public final int SSL_HS_SEND_HELLO_REQUEST = 5;
    private static final int SSL2_CK_RC4_128_WITH_MD5 = 65664;
    private static final int SSL2_CK_RC4_128_EXPORT40_WITH_MD5 = 131200;
    private static final int SSL2_CK_RC2_128_CBC_WITH_MD5 = 65664;
    private static final int SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 131200;
    private static final int SSL2_CK_IDEA_128_CBC_WITH_MD5 = 327808;
    private static final int SSL2_CK_DES_64_CBC_WITH_MD5 = 393344;
    private static final int SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 = 393344;
    boolean resume;
    boolean clientAuth;
    SSLSessionData possibleResume;
    Vector offered_cipher_suites;
    Vector offered_compression_methods;
    private static Hashtable _v2_v3_cipher_suite_map = new Hashtable();

    static {
        _v2_v3_cipher_suite_map.put(new Integer(65664), new Integer(4));
        _v2_v3_cipher_suite_map.put(new Integer(131200), new Integer(3));
        _v2_v3_cipher_suite_map.put(new Integer(131200), new Integer(6));
    }

    public SSLHandshakeServer(SSLConn sSLConn) {
        super(sSLConn);
        this.SSL_HS_WAIT_FOR_CLIENT_HELLO = 1;
        this.SSL_HS_WAIT_FOR_CERTIFICATE = 2;
        this.SSL_HS_WAIT_FOR_CLIENT_KEY_EXCHANGE = 3;
        this.SSL_HS_WAIT_FOR_CERTIFICATE_VERIFY = 4;
        this.SSL_HS_SEND_HELLO_REQUEST = 5;
        this.resume = false;
        this.clientAuth = false;
        this.possibleResume = null;
        stateChange(this._conn.write_cipher_state == null ? 1 : 5);
        this.client = false;
    }

    @Override // COM.claymoresystems.ptls.SSLHandshake
    protected void filterCipherSuites(PrivateKey privateKey, SSLPolicyInt sSLPolicyInt) {
        String algorithm = privateKey.getAlgorithm();
        this.cipher_suites = new Vector();
        short[] cipherSuites = this._conn.getPolicy().getCipherSuites();
        for (int i = 0; i < cipherSuites.length; i++) {
            SSLCipherSuite findCipherSuite = SSLCipherSuite.findCipherSuite(cipherSuites[i]);
            if (findCipherSuite == null) {
                SSLDebug.debug(16, new StringBuffer("Rejecting unrecognized cipher suite").append((int) cipherSuites[i]).toString());
            } else if (findCipherSuite.getSignatureAlgBase().equals(algorithm)) {
                SSLDebug.debug(16, new StringBuffer("Accepting cipher suite: ").append(findCipherSuite.getName()).toString());
                this.cipher_suites.addElement(findCipherSuite);
            } else {
                SSLDebug.debug(16, new StringBuffer("Rejecting cipher suite: ").append(findCipherSuite.getName()).append(" -- incompatible with signature algorithm ").append(algorithm).toString());
            }
        }
    }

    @Override // COM.claymoresystems.ptls.SSLHandshake
    public void handshakeContinue() throws IOException {
        InputStream inputStream = null;
        int i = -1;
        boolean z = false;
        SSLHandshakeHdr sSLHandshakeHdr = new SSLHandshakeHdr();
        if (this.state == 5) {
            sendHelloRequest();
            stateChange(1);
        }
        if (this.state == 1) {
            int read = this._conn.sock_in.read();
            this._conn.sock_in.unread(read);
            if (read != 22) {
                if (this._conn.read_cipher_state != null) {
                    this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
                }
                z = true;
                i = 255;
            }
        }
        if (!z) {
            inputStream = recvHandshakeMsg(this._conn, sSLHandshakeHdr);
            i = sSLHandshakeHdr.ct.value;
            SSLConn.debug(4, new StringBuffer("Processing handshake message of type ").append(i).toString());
        }
        switch (i) {
            case 1:
                stateAssert(1);
                recvSSLv3ClientHello(inputStream);
                this.resume = false;
                if (this.possibleResume != null) {
                    if (this._conn.getPolicy().requireClientAuthP() && this.possibleResume.getPeerCertificateChain() == null) {
                        this.resume = false;
                    } else {
                        restoreSession(this.possibleResume);
                        this.resume = true;
                    }
                }
                sendServerPhase1();
                this._conn.sock_out.flush();
                return;
            case 11:
                stateAssert(2);
                recvCertificate(inputStream);
                stateChange(3);
                return;
            case 15:
                stateAssert(4);
                recvCertificateVerify(inputStream);
                stateChange(20);
                return;
            case 16:
                stateAssert(3);
                recvClientKeyExchange(inputStream);
                stateChange(this.clientAuth ? 4 : 20);
                return;
            case 20:
                stateAssert(21);
                recvFinished(inputStream);
                if (!this.resume) {
                    sendChangeCipherSpec();
                    sendFinished();
                }
                storeSession(Util.toHex(this.session_id));
                stateChange(255);
                return;
            case 255:
                stateAssert(1);
                recvSSLv2ClientHello(this._conn.sock_in);
                this.resume = false;
                sendServerPhase1();
                this._conn.sock_out.flush();
                return;
            default:
                this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
                return;
        }
    }

    public void recvCertificateVerify(InputStream inputStream) throws IOException {
        new SSLCertificateVerify(this._conn, this, false).decode(this._conn, inputStream);
    }

    public void recvClientKeyExchange(InputStream inputStream) throws IOException {
        new SSLClientKeyExchange().decode(this._conn, inputStream);
        computeMasterSecret();
        computeNextCipherStates();
    }

    public void recvSSLv2ClientHello(InputStream inputStream) throws IOException {
        SSLv2ClientHello sSLv2ClientHello = new SSLv2ClientHello();
        sSLv2ClientHello.decode(this._conn, inputStream);
        if (sSLv2ClientHello.client_version.value < 768) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
        this._conn.ssl_version = Util.min(sSLv2ClientHello.client_version.value, this._conn.ssl_version);
        if (sSLv2ClientHello.session_id.length != 0) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
        Vector vector = new Vector();
        for (int i = 0; i < sSLv2ClientHello.cipher_specs.value.size(); i++) {
            SSLuint24 sSLuint24 = (SSLuint24) sSLv2ClientHello.cipher_specs.value.elementAt(i);
            if ((sSLuint24.value & 16711680) == 0) {
                vector.addElement(new SSLuint16(sSLuint24.value));
            } else {
                Integer num = (Integer) _v2_v3_cipher_suite_map.get(new Integer(sSLuint24.value));
                if (num != null) {
                    vector.addElement(new SSLuint16(num.intValue()));
                }
            }
        }
        this.offered_cipher_suites = vector;
        this.offered_compression_methods = new Vector();
        this.offered_compression_methods.addElement(new SSLuint16(0));
        this.client_random = new byte[32];
        if (sSLv2ClientHello.challenge.length > 32) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
        if (sSLv2ClientHello.challenge.length < 16) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
        System.arraycopy(sSLv2ClientHello.challenge.value, 0, this.client_random, 32 - sSLv2ClientHello.challenge.length, sSLv2ClientHello.challenge.length);
        this.hashes.update(sSLv2ClientHello.message_value);
    }

    public void recvSSLv3ClientHello(InputStream inputStream) throws IOException {
        SSLClientHello sSLClientHello = new SSLClientHello();
        sSLClientHello.decode(this._conn, inputStream);
        if (sSLClientHello.client_version.value < 768) {
            this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
        }
        this._conn.ssl_version = Util.min(sSLClientHello.client_version.value, this._conn.ssl_version);
        this.client_random = sSLClientHello.random.value;
        if (sSLClientHello.session_id.value.length != 0) {
            this.possibleResume = findSession(Util.toHex(sSLClientHello.session_id.value));
        }
        this.offered_cipher_suites = sSLClientHello.cipher_suites.value;
        this.offered_compression_methods = sSLClientHello.compression_methods.value;
    }

    public void selectCipherSuite() throws IOException {
        for (int i = 0; i < this.cipher_suites.size(); i++) {
            SSLCipherSuite sSLCipherSuite = (SSLCipherSuite) this.cipher_suites.elementAt(i);
            for (int i2 = 0; i2 < this.offered_cipher_suites.size(); i2++) {
                if (sSLCipherSuite.getValue() == ((SSLuintX) this.offered_cipher_suites.elementAt(i2)).value) {
                    this.cipher_suite = sSLCipherSuite;
                    SSLDebug.debug(64, new StringBuffer("Choosing cipher").append(this.cipher_suite.getName()).toString());
                    return;
                }
            }
        }
        this._conn.alert(SSLAlertX.TLS_ALERT_HANDSHAKE_FAILURE);
    }

    public void sendCertificateRequest() throws IOException {
        sendHandshakeMsg(this._conn, 13, new SSLCertificateRequest());
    }

    public void sendHelloRequest() throws IOException {
        sendHandshakeMsg(this._conn, 0, new SSLHelloRequest(), false);
    }

    public void sendServerHello() throws IOException {
        SSLServerHello sSLServerHello = new SSLServerHello();
        sSLServerHello.server_version.value = this._conn.ssl_version;
        this.rng.nextBytes(this.server_random);
        sSLServerHello.random.value = this.server_random;
        sSLServerHello.session_id.value = this.session_id;
        sSLServerHello.cipher_suite.value = this.cipher_suite.getValue();
        sSLServerHello.compression_method.value = 0;
        sendHandshakeMsg(this._conn, 2, sSLServerHello);
    }

    public void sendServerHelloDone() throws IOException {
        sendHandshakeMsg(this._conn, 14, new SSLServerHelloDone());
    }

    public void sendServerKeyExchange() throws IOException {
        if (this.cipher_suite.requireServerKeyExchangeP(this._conn.ctx.getPrivateKey())) {
            sendHandshakeMsg(this._conn, 12, new SSLServerKeyExchange());
        }
    }

    public void sendServerPhase1() throws IOException {
        if (!this.resume) {
            this.session_id = new byte[32];
            this.rng.nextBytes(this.session_id);
            selectCipherSuite();
        }
        sendServerHello();
        if (this.resume) {
            computeNextCipherStates();
            sendChangeCipherSpec();
            sendFinished();
            stateChange(20);
            return;
        }
        sendCertificate();
        sendServerKeyExchange();
        if (this._conn.getPolicy().requireClientAuthP()) {
            this.clientAuth = true;
            sendCertificateRequest();
            stateChange(2);
        } else {
            stateChange(3);
        }
        sendServerHelloDone();
    }
}
