package com.enterprisedt.net.puretls;

import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.cryptix.provider.rsa.RawRSAPublicKey;
import com.enterprisedt.net.puretls.crypto.Blindable;
import com.enterprisedt.net.puretls.crypto.DHPublicKey;
import com.enterprisedt.util.debug.Logger;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPublicKey;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class ac extends v {
    private static Logger f = Logger.getLogger("com.enterprisedt.net.puretls.SSLServerKeyExchange");
    k a;
    x b;
    v d;
    ae c = new ae(-65535);
    int e = 0;

    private void a(j jVar, PublicKey publicKey, String str) {
        if (str.equals("RawRSA")) {
            if (publicKey instanceof CryptixRSAPublicKey) {
                return;
            }
            jVar.a(b.p);
        } else {
            if (!str.equals("RawDSA")) {
                throw new InternalError("Unknown Algorithm");
            }
            if (publicKey instanceof DSAPublicKey) {
                return;
            }
            jVar.a(b.p);
        }
    }

    private byte[] a(j jVar, String str, byte[] bArr) {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1", Cryptix.PROVIDER_NAME);
        messageDigest.update(jVar.A.k);
        messageDigest.update(jVar.A.l);
        messageDigest.update(bArr);
        if (!str.equals("RawRSA")) {
            return messageDigest.digest();
        }
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5", Cryptix.PROVIDER_NAME);
        messageDigest2.update(jVar.A.k);
        messageDigest2.update(jVar.A.l);
        messageDigest2.update(bArr);
        byte[] digest = messageDigest2.digest();
        byte[] digest2 = messageDigest.digest();
        byte[] bArr2 = new byte[36];
        System.arraycopy(digest, 0, bArr2, 0, digest.length);
        System.arraycopy(digest2, 0, bArr2, 16, digest2.length);
        return bArr2;
    }

    @Override // com.enterprisedt.net.puretls.v
    public int a(j jVar, InputStream inputStream) {
        int a;
        PublicKey rawRSAPublicKey;
        PublicKey publicKey = jVar.A.r;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (!jVar.A.o.a(publicKey)) {
            jVar.a(b.p);
        }
        switch (jVar.A.o.c()) {
            case 1:
                this.a = new k();
                a = this.a.a(jVar, inputStream);
                this.a.a(jVar, byteArrayOutputStream);
                rawRSAPublicKey = new DHPublicKey(new BigInteger(1, this.a.b.b), new BigInteger(1, this.a.a.b), new BigInteger(1, this.a.c.b));
                break;
            case 2:
                this.b = new x();
                a = this.b.a(jVar, inputStream);
                this.b.a(jVar, byteArrayOutputStream);
                BigInteger bigInteger = new BigInteger(1, this.b.a.b);
                BigInteger bigInteger2 = new BigInteger(1, this.b.b.b);
                if (bigInteger.bitLength() > 512) {
                    jVar.a(b.p);
                }
                rawRSAPublicKey = new RawRSAPublicKey(bigInteger, bigInteger2);
                break;
            default:
                throw new Error("Unknown key exchange algorithm");
        }
        int a2 = this.c.a(jVar, inputStream) + a;
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (byteArray.length != a) {
            throw new InternalError("Inconsistency in param size");
        }
        try {
            String e = jVar.A.o.e();
            Signature signature = Signature.getInstance(e, Cryptix.PROVIDER_NAME);
            f.debug(new StringBuffer().append("encode: alg=").append(e).append(",provider=").append(signature.getProvider().getName()).toString());
            a(jVar, publicKey, e);
            signature.initVerify(publicKey);
            signature.update(a(jVar, e, byteArray));
            SSLDebug.debug(8, "Signed Data", byteArray);
            SSLDebug.debug(8, "Signature Data", this.c.b);
            if (!signature.verify(this.c.b)) {
                jVar.a(b.t);
            }
        } catch (InvalidKeyException e2) {
            jVar.a(b.t, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new InternalError(e3.toString());
        } catch (NoSuchProviderException e4) {
            throw new InternalError(e4.toString());
        } catch (SignatureException e5) {
            jVar.a(b.t, e5);
        }
        jVar.A.s = rawRSAPublicKey;
        return a2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.enterprisedt.net.puretls.v
    public int a(j jVar, OutputStream outputStream) {
        Signature signature;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        switch (jVar.A.o.c()) {
            case 1:
                jVar.A.t = jVar.d.a(jVar.f.dhAlwaysEphemeralP());
                k kVar = new k(jVar.A.t);
                this.a = kVar;
                this.d = kVar;
                break;
            case 2:
                jVar.A.u = jVar.d.e();
                jVar.A.v = jVar.d.f();
                x xVar = new x(jVar.d.f());
                this.b = xVar;
                this.d = xVar;
                break;
            default:
                throw new Error("Unknown key exchange algorithm");
        }
        this.d.a(jVar, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        try {
            PrivateKey c = jVar.d.c();
            String e = jVar.A.o.e();
            if (e.equals("RawDSA")) {
                Signature signature2 = Signature.getInstance(e, Cryptix.PROVIDER_NAME);
                f.debug(new StringBuffer().append("encode: alg=").append(e).append(",provider=").append(signature2.getProvider().getName()).toString());
                signature2.setParameter("SecureRandom", jVar.A.j);
                signature = signature2;
            } else {
                if (!e.equals("RawRSA")) {
                    throw new Exception("Unknown key type");
                }
                Signature signature3 = Signature.getInstance(e, Cryptix.PROVIDER_NAME);
                f.debug(new StringBuffer().append("encode: alg=").append(e).append(",provider=").append(signature3.getProvider().getName()).toString());
                ((Blindable) signature3).setBlindingInfo(jVar.A.j, (CryptixRSAPublicKey) jVar.d.d());
                signature = signature3;
            }
            signature.initSign(c);
            signature.update(a(jVar, e, byteArray));
            byte[] sign = signature.sign();
            SSLDebug.debug(8, "Signed Data", byteArray);
            SSLDebug.debug(8, "Signature Data", sign);
            this.c.b = sign;
            this.e = this.d.a(jVar, outputStream);
            this.e += this.c.a(jVar, outputStream);
            return this.e;
        } catch (Exception e2) {
            throw new InternalError(e2.toString());
        }
    }
}
