package by.avest.net.tls;

import by.avest.crypto.avcryptj.BelPRDBelT;
import by.avest.net.tls.Handshake;
import by.avest.net.tls.SSLSocket;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.FilterInputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.crypto.tls.ExporterLabel;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:by/avest/net/tls/HandshakeExecutor.class */
public abstract class HandshakeExecutor {
    static final String SIGN_ALG_BHF_BDS = "AvBhfWithAvBds";
    static final String SIGN_ALG_BHF_BIGN = "AvBhfWithBign";
    static final String HASH_ALG_BHF = "AvBhf";
    static final String HASH_ALG_BELT = "BelT";
    private static final int FINISH_DIGEST_LEN = 12;
    protected SSLSocket socket;
    protected SSLSession session;
    private RecordInputStream recordIn;
    private RecordOutputStream recordOut;
    private HandshakeInputStream inStream;
    private BufferedRecordOutput outBuffer;
    private ByteArrayOutputStream handshakeMsgsBuffer;
    protected InputStream handshakeIn;
    protected OutputStream handshakeOut;
    private X509TrustManager trustManager;
    private X509KeyManager keyManager;
    protected Random clientRandom;
    protected Random serverRandom;
    protected SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
    public static final int TLSCIPHERTEXT_MAX_LEN = 18437;
    static final boolean allowUnsafeRenegotiation = Boolean.parseBoolean(System.getProperty("sun.security.ssl.allowUnsafeRenegotiation", "false"));
    static final boolean allowLegacyHelloMessages = Boolean.parseBoolean(System.getProperty("sun.security.ssl.allowLegacyHelloMessages", "true"));
    static final String KEY_ALG_OID_BIGN = "1.2.112.0.2.0.34.101.45.2.1";
    protected static final String[] DEFAULT_KEY_TYPES = {"1.3.6.1.4.1.12656.1.38", "AvBds", "1.3.6.1.4.1.12656.1.35", "AvBdsHash", "1.3.6.1.4.1.12656.1.33", "AvCompoundBds", "1.3.6.1.4.1.12656.1.37", "AvCompoundBdsHash", "1.2.112.0.2.0.1176.2.2.1", "Bds", "1.2.112.0.2.0.1176.2.2.2", "BdsHash", "1.2.112.0.2.0.1176.2.2.3", "CompoundBds", "1.2.112.0.2.0.1176.2.2.4", "CompoundBdsHash", KEY_ALG_OID_BIGN, "Bign"};

    /* loaded from: input_file:by/avest/net/tls/HandshakeExecutor$BufferedRecordOutput.class */
    private class BufferedRecordOutput extends BufferedOutputStream {
        private BufferedRecordOutput() {
            super(new OutputStream() { // from class: by.avest.net.tls.HandshakeExecutor.BufferedRecordOutput.1
                @Override // java.io.OutputStream
                public void write(int i) throws IOException {
                    HandshakeExecutor.this.recordOut.write(ContentType.HANDSHAKE, i);
                }

                @Override // java.io.OutputStream
                public void write(byte[] bArr) throws IOException {
                    HandshakeExecutor.this.recordOut.write(ContentType.HANDSHAKE, bArr);
                }

                @Override // java.io.OutputStream
                public void write(byte[] bArr, int i, int i2) throws IOException {
                    HandshakeExecutor.this.recordOut.write(ContentType.HANDSHAKE, bArr, i, i2);
                }
            });
        }
    }

    /* loaded from: input_file:by/avest/net/tls/HandshakeExecutor$HandshakeInputStream.class */
    private class HandshakeInputStream extends InputStream {
        private HandshakeInputStream() {
        }

        @Override // java.io.InputStream
        public int read() throws IOException {
            return HandshakeExecutor.this.recordIn.read(ContentType.HANDSHAKE);
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr) throws IOException {
            return HandshakeExecutor.this.recordIn.read(ContentType.HANDSHAKE, bArr);
        }

        @Override // java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            return HandshakeExecutor.this.recordIn.read(ContentType.HANDSHAKE, bArr, i, i2);
        }
    }

    /* loaded from: input_file:by/avest/net/tls/HandshakeExecutor$HandshakeMsgsBufferInputStream.class */
    private class HandshakeMsgsBufferInputStream extends FilterInputStream {
        private HandshakeMsgsBufferInputStream() {
            super(HandshakeExecutor.this.inStream);
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read() throws IOException {
            int read = super.read();
            if (read != -1) {
                HandshakeExecutor.this.handshakeMsgsBuffer.write(read);
            }
            return read;
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            int read = super.read(bArr, i, i2);
            if (read > 0) {
                HandshakeExecutor.this.handshakeMsgsBuffer.write(bArr, i, read);
            }
            return read;
        }
    }

    /* loaded from: input_file:by/avest/net/tls/HandshakeExecutor$HandshakeMsgsBufferOutputStream.class */
    private class HandshakeMsgsBufferOutputStream extends FilterOutputStream {
        private HandshakeMsgsBufferOutputStream() {
            super(HandshakeExecutor.this.outBuffer);
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(int i) throws IOException {
            HandshakeExecutor.this.handshakeMsgsBuffer.write(i);
            super.write(i);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HandshakeExecutor(SSLSocket sSLSocket, RecordInputStream recordInputStream, RecordOutputStream recordOutputStream) {
        this.socket = sSLSocket;
        this.recordIn = recordInputStream;
        this.recordOut = recordOutputStream;
    }

    protected Object clone() throws CloneNotSupportedException {
        throw new CloneNotSupportedException();
    }

    public static HandshakeExecutor getInstance(SSLSocket sSLSocket, RecordInputStream recordInputStream, RecordOutputStream recordOutputStream) throws IOException {
        return sSLSocket.getConnectionEnd().isClient() ? new ClientHandshakeExecutor(sSLSocket, recordInputStream, recordOutputStream) : new ServerHandshakeExecutor(sSLSocket, recordInputStream, recordOutputStream);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init() {
        this.inStream = new HandshakeInputStream();
        this.outBuffer = new BufferedRecordOutput();
        this.handshakeMsgsBuffer = new ByteArrayOutputStream();
        this.handshakeIn = new HandshakeMsgsBufferInputStream();
        this.handshakeOut = new HandshakeMsgsBufferOutputStream();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void fin() throws IOException {
        int sessionTimeout = this.socket.getSessionContext().getSessionTimeout();
        if (sessionTimeout != 0) {
            this.session.restartTimer(TimeUnit.SECONDS.toMillis(sessionTimeout), true);
        }
        this.session.touch();
        this.socket.setSession(this.session);
        if (this.session.getCipherSuiteInt() == CipherSuite.TLS_BDH_BDS_WITH_GOST28147_CFB_BHF) {
            this.socket.initSecurityParameters(this.session, this.clientRandom, this.serverRandom);
            this.socket.initInputSecurityParameters();
            this.socket.initOutputSecurityParameters();
        }
        this.socket.cleanUpSecurityParametersOld();
        this.socket.setConnectionState(SSLSocket.ConnectionState.CURRENT);
        this.socket.getRecordOutput().setMacSize(this.session.getCipherSuiteInt().getMacSize());
        this.socket.setRenewHandshake(false);
        this.socket.notifyHandshakeListeners();
        Util.log("Handshake done.");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void flushOutBuffer() throws IOException {
        this.recordOut.flush();
        if (Util.isDebug()) {
            Util.log("Messages flushed.");
        }
    }

    public abstract void doHandshake() throws IOException;

    public abstract void renewHandshake(TLSText tLSText) throws IOException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendChangeCipherSpec() throws IOException {
        if (Util.isDebug()) {
            Util.log("Send ChangeCipherSpec start.");
        }
        this.recordOut.write(ContentType.CHANGE_CIPHER_SPEC, new byte[]{1});
        if (Util.isDebug()) {
            Util.log("ChangeCipherSpec sent.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void receiveChangeCipherSpec() throws IOException {
        if (Util.isDebug()) {
            Util.log("Receive ChangeCipherSpec start.");
        }
        if (this.recordIn.read(ContentType.CHANGE_CIPHER_SPEC) != 1) {
            throw new SSLHandshakeException("Bad change cipher spec message.");
        }
        if (Util.isDebug()) {
            Util.log("ChangeCipherSpec received.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendFinished(boolean z) throws IOException {
        OutputStream outputStream;
        if (Util.isDebug()) {
            Util.log("Send Finished start.");
        }
        byte[] calcFinishedHash = calcFinishedHash(this.socket.getConnectionEnd().isClient());
        if (calcFinishedHash == null || calcFinishedHash.length == 0) {
            throw new SSLHandshakeException("Unexpectedly empty finished hash value.");
        }
        this.socket.setOwnVerify(calcFinishedHash);
        Finished finished = new Finished(calcFinishedHash);
        Handshake handshake = new Handshake(Handshake.Type.FINISHED, finished);
        if (this.session.getCipherSuiteInt() == CipherSuite.TLS_DHT_BIGN_WITH_BELT_CTR_MAC_HBELT) {
            if ((this.socket.getConnectionEnd().isClient() && !z) || (this.socket.getConnectionEnd().isServer() && z)) {
                this.socket.initSecurityParameters(this.session, this.clientRandom, this.serverRandom);
            }
            if (!this.socket.isRenewHandshake()) {
                this.socket.initInputSecurityParameters();
            }
            this.socket.initOutputSecurityParameters();
            this.recordOut.setState(SSLSocket.ConnectionState.CURRENT);
            outputStream = this.handshakeOut;
        } else {
            outputStream = this.outBuffer;
        }
        handshake.write(outputStream);
        outputStream.flush();
        if (Util.isDebug()) {
            Util.log("Finished sent.");
            Util.log(finished.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v42, types: [java.io.InputStream] */
    public void receiveFinished(boolean z) throws IOException {
        HandshakeInputStream handshakeInputStream;
        if (Util.isDebug()) {
            Util.log("Receive Finished start.");
        }
        if (this.session.getCipherSuiteInt() == CipherSuite.TLS_DHT_BIGN_WITH_BELT_CTR_MAC_HBELT) {
            if ((this.socket.getConnectionEnd().isServer() && !z) || (this.socket.getConnectionEnd().isClient() && z)) {
                this.socket.initSecurityParameters(this.session, this.clientRandom, this.serverRandom);
            }
            this.socket.initInputSecurityParameters();
            if (!this.socket.isRenewHandshake()) {
                this.socket.initOutputSecurityParameters();
            }
            this.recordIn.setState(SSLSocket.ConnectionState.CURRENT);
            handshakeInputStream = this.handshakeIn;
        } else {
            handshakeInputStream = this.inStream;
        }
        byte[] calcFinishedHash = calcFinishedHash(!this.socket.getConnectionEnd().isClient());
        this.socket.setPeerVerify(calcFinishedHash);
        Handshake read = Handshake.read(handshakeInputStream, this.session.getProtocolVersion(), this.session.getCipherSuiteInt());
        if (!(read.getBody() instanceof Finished)) {
            throw new SSLHandshakeException("Handshake message Finished expected.");
        }
        Finished finished = (Finished) read.getBody();
        if (Util.isDebug()) {
            Util.log("Finished received.");
            Util.log(finished.toString());
        }
        verifyFinished(finished.getHashValue(), calcFinishedHash);
    }

    private void verifyFinished(byte[] bArr, byte[] bArr2) throws SSLHandshakeException {
        if (bArr2 == null) {
            throw new SSLHandshakeException("Unexpectedly null finished hash.");
        }
        if (!Arrays.equals(bArr2, bArr)) {
            throw new SSLHandshakeException("Invalid finished message hash.");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getHandshakeMsgsBuffer() {
        return this.handshakeMsgsBuffer.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509TrustManager getTrustManager() throws SSLHandshakeException {
        if (this.trustManager == null) {
            this.trustManager = chooseTrustManager();
        }
        return this.trustManager;
    }

    private X509TrustManager chooseTrustManager() throws SSLHandshakeException {
        for (TrustManager trustManager : this.socket.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new SSLHandshakeException("No X509TrustManager implementation available.");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509KeyManager getKeyManager() throws SSLHandshakeException {
        if (this.keyManager == null) {
            this.keyManager = chooseKeyManager();
        }
        return this.keyManager;
    }

    private X509KeyManager chooseKeyManager() throws SSLHandshakeException {
        for (KeyManager keyManager : this.socket.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new SSLHandshakeException("No X509KeyManager implementation available.");
    }

    private byte[] calcFinishedHash(boolean z) throws SSLHandshakeException {
        byte[] handshakeMsgsBuffer = getHandshakeMsgsBuffer();
        MessageDigest messageDigest = null;
        try {
            if (this.session.getCipherSuiteInt() == CipherSuite.TLS_BDH_BDS_WITH_GOST28147_CFB_BHF) {
                messageDigest = MessageDigest.getInstance(HASH_ALG_BHF);
            } else if (this.session.getCipherSuiteInt() == CipherSuite.TLS_DHT_BIGN_WITH_BELT_CTR_MAC_HBELT) {
                messageDigest = MessageDigest.getInstance(HASH_ALG_BELT);
            }
            byte[] digest = messageDigest.digest(handshakeMsgsBuffer);
            if (Util.isDebug()) {
                Util.log("Calculated handshake messages hash: " + Util.toHexString(digest, ' '));
            }
            byte[] bArr = null;
            if (this.session.getCipherSuiteInt() == CipherSuite.TLS_BDH_BDS_WITH_GOST28147_CFB_BHF) {
                bArr = new byte[12];
                System.arraycopy(digest, 0, bArr, 0, 12);
            } else if (this.session.getCipherSuiteInt() == CipherSuite.TLS_DHT_BIGN_WITH_BELT_CTR_MAC_HBELT) {
                try {
                    bArr = new BelPRDBelT(this.session.getMasterSecret(), z ? ExporterLabel.client_finished : ExporterLabel.server_finished, digest).next(12);
                } catch (Exception e) {
                    SSLHandshakeException sSLHandshakeException = new SSLHandshakeException(e.getMessage());
                    sSLHandshakeException.initCause(e);
                    throw sSLHandshakeException;
                }
            }
            if (Util.isDebug()) {
                Util.log("Calculated finished hash: " + Util.toHexString(bArr, ' '));
            }
            return bArr;
        } catch (NoSuchAlgorithmException e2) {
            SSLHandshakeException sSLHandshakeException2 = new SSLHandshakeException(e2.getMessage());
            sSLHandshakeException2.initCause(e2);
            throw sSLHandshakeException2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T extends PreMasterSecret<?, ?, ?>> T getMasterSecretGenerator() {
        if (this.session.getPreMasterSecret() == null) {
            this.session.setPreMasterSecret(createMasterSecretGenerator());
        }
        return (T) this.session.getPreMasterSecret();
    }

    public ProtocolVersion getLastRecordProtocolVersion() {
        return this.recordIn.getLastRecordProtocolVersion();
    }

    protected abstract <T extends PreMasterSecret<?, ?, ?>> T createMasterSecretGenerator();
}
