package com.ibm.sslight;

import com.ibm.ctg.client.GatewayRequest;
import com.sssw.b2b.xpath.axes.WalkerFactory;
import java.io.IOException;

/* loaded from: input_file:com/ibm/sslight/SSLClient.class */
class SSLClient extends SSLConnection {
    static final int CERT_REQ = 32;
    static final int HELLO_REQ = 64;
    static final int HELLO_DONE = 128;
    private int server_port;
    private boolean auth;

    @Override // com.ibm.sslight.SSLConnection
    int install(boolean z) {
        if (z && this.handshake_state != 64) {
            return 0;
        }
        this.handshake_state = 2;
        if (!z || !SSLSession.reinstall(this.session, this)) {
            this.session = SSLSession.allocate(this.context.context_id, this.context.cm_list, this.context.cs_list, this.sock.getInetAddress().getAddress(), this.server_port, this.context.timeout[1]);
        }
        return sendClientHello();
    }

    @Override // com.ibm.sslight.SSLConnection
    boolean uninstall(boolean z) {
        return SSLSession.uninstall(this.session, this, z);
    }

    @Override // com.ibm.sslight.SSLConnection
    int alert(byte b, byte b2) {
        sendAlert((byte) 2, (byte) 40);
        return -1;
    }

    @Override // com.ibm.sslight.SSLConnection
    int handshake(byte[] bArr, byte b, int i, int i2, int i3) {
        switch (b) {
            case 0:
                if ((64 & this.handshake_state) != 0) {
                    return reopen();
                }
                return 0;
            case 2:
                if ((2 & this.handshake_state) != 0) {
                    return serverHello(bArr, i, i2);
                }
                break;
            case 11:
                if ((4 & this.handshake_state) != 0) {
                    return serverCertificate(bArr, i, i2);
                }
                break;
            case 12:
                if ((8 & this.handshake_state) != 0) {
                    return serverKeyExchange(bArr, i, i2);
                }
                break;
            case 13:
                if ((32 & this.handshake_state) != 0) {
                    return serverCertificateRequest(bArr, i, i2);
                }
                break;
            case 14:
                if ((128 & this.handshake_state) != 0) {
                    return serverHelloDone(bArr, i, i2);
                }
                break;
            case 20:
                if ((16 & this.handshake_state) != 0) {
                    if (finished(bArr, i, i2) != 0) {
                        return -1;
                    }
                    SSLSession.install(this.session, this);
                    reset();
                    this.handshake_state = 64;
                    return 0;
                }
                break;
        }
        this.ssl_e = new SSLException(2, SSLException.PROTOCOLVIOLATION, bArr, i, i2);
        sendAlert((byte) 2, (byte) 10);
        return -1;
    }

    /* JADX WARN: Code restructure failed: missing block: B:34:0x0125, code lost:
    
        if ((r11.key_exchange[0].length - (r11.key_exchange[0][0] == 0 ? 1 : 0)) <= 64) goto L41;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int serverKeyExchange(byte[] r12, int r13, int r14) {
        /*
            Method dump skipped, instructions count: 570
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.sslight.SSLClient.serverKeyExchange(byte[], int, int):int");
    }

    private int serverHelloDone(byte[] bArr, int i, int i2) {
        register(bArr, i, i2);
        if (this.auth) {
            if (this.conn_cert == null) {
                if (sendAlert((byte) 1, (byte) 41) == -1) {
                    return -1;
                }
            } else if (sendCertificate() == -1) {
                return -1;
            }
        }
        if (sendClientKeyExchange() != 0) {
            return -1;
        }
        if (this.conn_cert != null && sendCertificateVerify() == -1) {
            return -1;
        }
        update();
        this.handshake_state = 1;
        return sendFinished(true);
    }

    private int serverCertificate(byte[] bArr, int i, int i2) {
        if (certificate(bArr, i, i2) == -1) {
            return -1;
        }
        SSLCert sSLCert = this.session.peer_cert[0];
        int i3 = SSLConnection.cipherSuite[this.session.cipher_suite & 255];
        int i4 = i3 >>> 16;
        boolean z = false;
        while (true) {
            if ((i4 & 127) != 1 || sSLCert.alg != 1) {
                if ((i4 & 127) == 2 && sSLCert.alg != 1) {
                    z = true;
                    break;
                }
                int i5 = i4 >>> 8;
                i4 = i5;
                if (i5 == 0) {
                    break;
                }
            } else {
                z = true;
                if ((i3 & WalkerFactory.BITS_RESERVED) == 256 && ((i3 & GatewayRequest.ERROR_BASE) == 0 || sSLCert.keyL <= 64)) {
                    z = 2;
                }
            }
        }
        if (z) {
            this.handshake_state = z ? 40 : 168;
            register(bArr, i, i2);
            return 0;
        }
        this.ssl_e = new SSLException(2, 1004);
        sendAlert((byte) 2, (byte) 47);
        return -1;
    }

    private int serverCertificateRequest(byte[] bArr, int i, int i2) {
        int i3;
        if (this.session.peer_cert == null) {
            this.ssl_e = new SSLException(2, SSLException.CLIENTAUTHENTICATIONINVALIDWITHANONYMOUSSERVER);
            sendAlert((byte) 2, (byte) 40);
            return -1;
        }
        int i4 = i2 - 4;
        int i5 = i + 4;
        int i6 = 0;
        int i7 = SSLConnection.cipherSuite[this.session.cipher_suite & 255];
        try {
            if (i4 <= 1) {
                throw new SSLException(1, SSLException.LENGTHTOOLONG, bArr, i, i2, i5 - i);
            }
            int i8 = i5 + 1;
            byte b = bArr[i5];
            int i9 = i4 - 1;
            if (b <= 0 || b > 255 || i9 <= b) {
                throw new SSLException(1, SSLException.LENGTHTOOLONG, bArr, i, i2, i8 - i);
            }
            int i10 = 0;
            do {
                byte b2 = bArr[i8 + i10];
                if (!((i7 & WalkerFactory.BITS_RESERVED) == 256 && (b2 == 1 || b2 == 2)) && ((i7 & WalkerFactory.BITS_RESERVED) != 768 || (!(this.session.peer_cert[0].alg == 1 && b2 == 1) && (this.session.peer_cert[0].alg == 1 || b2 != 2)))) {
                    throw new SSLException(2, SSLException.SERVERREQUESTNOTCONSISTENTWITHSELECTEDCIPHERSUITE);
                }
                if (i10 < 4) {
                    i6 |= b2 << (8 * i10);
                }
                i10++;
            } while (i10 < b);
            int i11 = i8 + b;
            int i12 = i9 - b;
            if (i12 < 5 || i12 - 2 > 65535 || ((int) Util.msbf(bArr, i11, 2)) != i3) {
                throw new SSLException(1, SSLException.LENGTHTOOSHORT, bArr, i, i2, i11 - i);
            }
            Object[] objArr = (Object[]) this.context.getCert(i6, bArr, i11 + 2, i3);
            if (objArr != null) {
                this.conn_cert = (SSLCert[]) objArr[0];
                this.conn_key = (byte[][]) objArr[1];
            }
            this.auth = true;
            this.handshake_state = 128;
            register(bArr, i, i2);
            return 0;
        } catch (SSLException e) {
            this.ssl_e = e;
            sendAlert((byte) 2, (byte) 47);
            return -1;
        } catch (Exception e2) {
            this.ssl_e = new SSLException(8, SSLException.EXCEPTIONOCCURRED, e2);
            sendAlert((byte) 2, (byte) 47);
            return -1;
        }
    }

    private int serverHello(byte[] bArr, int i, int i2) {
        boolean z;
        int i3 = i2 - 4;
        int i4 = i + 4;
        byte[] bArr2 = null;
        byte b = 0;
        short s = -1;
        if (i3 < 35) {
            this.ssl_e = new SSLException(1, SSLException.LENGTHTOOSHORT, bArr, i, i2);
        } else if (bArr[i4] == 3 && bArr[i4 + 1] == 0) {
            peerRandom(bArr, i4 + 2, 32);
            int i5 = i4 + 34;
            int i6 = i3 - 34;
            int i7 = i5 + 1;
            int i8 = bArr[i5];
            int i9 = i6 - 1;
            if (i8 < 0 || i8 > 32 || i9 < i8) {
                this.ssl_e = new SSLException(1, SSLException.LENGTHTOOLONG, bArr, i, i2, (i7 - i) - 1);
            } else {
                if (i8 > 0) {
                    bArr2 = new byte[i8];
                    System.arraycopy(bArr, i7, bArr2, 0, i8);
                    i7 += i8;
                    i9 -= i8;
                }
                if (i9 == 3) {
                    s = (short) Util.msbf(bArr, i7, 2);
                    int i10 = i9 - 2;
                    b = bArr[i7 + 2] == true ? 1 : 0;
                } else if (i9 > 3) {
                    this.ssl_e = new SSLException(1, SSLException.LENGTHTOOLONG, bArr, i, i2, i7 - i);
                } else if (i9 < 3) {
                    this.ssl_e = new SSLException(1, SSLException.LENGTHTOOSHORT, bArr, i, i2, i7 - i);
                }
            }
        }
        if (s != -1) {
            register(bArr, i, i2);
            try {
                if (this.session.session_id != null) {
                    if (bArr2 != null) {
                        SSLSession sSLSession = this.session;
                        if (sSLSession.session_id != null && sSLSession.session_id.length == bArr2.length) {
                            byte[] bArr3 = sSLSession.session_id;
                            int i11 = 0;
                            int i12 = 0;
                            int length = bArr2.length;
                            while (true) {
                                length--;
                                if (length < 0) {
                                    z = true;
                                    break;
                                }
                                int i13 = i11;
                                i11++;
                                int i14 = i12;
                                i12++;
                                if (bArr3[i13] != bArr2[i14]) {
                                    z = false;
                                    break;
                                }
                            }
                            if (z || 0 != 0) {
                                if (this.session.cipher_suite != s || this.session.compression_method != b || ((SSLConnection.cipherSuite[s & 255] & (-65536)) == 0 && !this.context.handleNoPeerCertificate())) {
                                    throw new SSLException(2, SSLException.REESTABLISHEDSESSIONCIPHERSUITEWRONG);
                                }
                                update();
                                this.handshake_state = 1;
                                return 0;
                            }
                        }
                    }
                    SSLSession.uninstall(this.session, this, false);
                    this.session = new SSLSession(this.context.context_id, this.sock.getInetAddress().getAddress(), this.server_port, this.context.timeout[1]);
                }
                int i15 = 0;
                while (i15 < this.context.cs_list.length && this.context.cs_list[i15] != s) {
                    i15++;
                }
                if (i15 == this.context.cs_list.length) {
                    throw new SSLException(2, SSLException.UNSUPPORTEDCIPHERSUITE, bArr, i, i2);
                }
                if ((SSLConnection.cipherSuite[s & 255] & (-65536)) == 0 && !this.context.handleNoPeerCertificate()) {
                    throw new SSLException(2, SSLException.APPLICATIONREJECTED);
                }
                int i16 = 0;
                while (i16 < this.context.cm_list.length && this.context.cm_list[i16] != b) {
                    i16++;
                }
                if (i16 == this.context.cm_list.length) {
                    throw new SSLException(2, SSLException.UNSUPPORTEDCOMPRESSIONMETHOD, bArr, i, i2);
                }
                this.session.session_id = bArr2;
                this.session.compression_method = b;
                this.session.cipher_suite = s;
                this.handshake_state = (SSLConnection.cipherSuite[s & 255] & (-65536)) != 0 ? 4 : 8;
                return 0;
            } catch (SSLException e) {
                this.ssl_e = e;
            } catch (Exception e2) {
                this.ssl_e = new SSLException(8, SSLException.EXCEPTIONOCCURRED, e2);
            }
        }
        sendAlert((byte) 2, (byte) 47);
        return -1;
    }

    private int sendClientHello() {
        this.out.enable(false);
        byte[] bArr = this.context.cm_list;
        short[] sArr = this.context.cs_list;
        helloRandom();
        byte length = (byte) (this.session.session_id == null ? 0 : this.session.session_id.length);
        int length2 = 35 + length + 2 + (2 * sArr.length) + 1 + bArr.length;
        int register = register(null, 0, 4 + length2);
        int i = register + 4;
        byte[] bArr2 = this.handshake;
        int i2 = i + 1;
        bArr2[i] = 3;
        int i3 = i2 + 1;
        bArr2[i2] = 0;
        System.arraycopy(this.random[0], 0, bArr2, i3, 32);
        int i4 = i3 + 32;
        int i5 = i4 + 1;
        bArr2[i4] = length;
        if (length != 0) {
            System.arraycopy(this.session.session_id, 0, bArr2, i5, length);
            i5 += length;
        }
        int length3 = 2 * sArr.length;
        int i6 = i5;
        int i7 = 2;
        do {
            int i8 = i6;
            i6++;
            i7--;
            bArr2[i8] = (byte) (length3 >>> (i7 * 8));
        } while (i7 > 0);
        int i9 = i5 + 2;
        int i10 = 0;
        while (i10 < sArr.length) {
            short s = sArr[i10];
            int i11 = i9;
            int i12 = 2;
            do {
                int i13 = i11;
                i11++;
                i12--;
                bArr2[i13] = (byte) (s >>> (i12 * 8));
            } while (i12 > 0);
            i10++;
            i9 += 2;
        }
        int i14 = i9;
        int i15 = i9 + 1;
        bArr2[i14] = (byte) bArr.length;
        System.arraycopy(bArr, 0, bArr2, i15, bArr.length);
        int length4 = i15 + bArr.length;
        return sendHandshake((byte) 1, bArr2, register, length2, true);
    }

    private int sendCertificateVerify() {
        int i = this.conn_cert[0].alg == 1 ? 1 : 0;
        byte[] bArr = new byte[(20 * ((i ^ 1) + 1)) + (16 * i)];
        handshakeHash(null, bArr, 0, i);
        if (i == 1) {
            bArr = Util.util23(true, 1, this.conn_key, bArr, 0, 36);
        }
        int register = register(null, 0, bArr.length + 2 + 4);
        int length = bArr.length;
        byte[] bArr2 = this.handshake;
        int i2 = register + 4;
        int i3 = 2;
        do {
            int i4 = i2;
            i2++;
            i3--;
            bArr2[i4] = (byte) (length >>> (i3 * 8));
        } while (i3 > 0);
        System.arraycopy(bArr, 0, this.handshake, register + 6, bArr.length);
        return sendHandshake((byte) 15, this.handshake, register, bArr.length + 2, false) == 0 ? 0 : -1;
    }

    private int sendClientKeyExchange() {
        byte[] bArr = null;
        byte[] bArr2 = null;
        if ((SSLConnection.cipherSuite[this.session.cipher_suite & 255] & WalkerFactory.BITS_RESERVED) == 256) {
            bArr = new byte[48];
            bArr[0] = 3;
            bArr[1] = 0;
            Util.random(bArr, 2, 46);
            bArr2 = Util.util23(true, 2, this.key_exchange == null ? this.session.peer_cert[0].key() : this.key_exchange, bArr, 0, 48);
        }
        int register = register(null, 0, 4 + bArr2.length);
        System.arraycopy(bArr2, 0, this.handshake, register + 4, bArr2.length);
        this.key_exchange = null;
        if (sendHandshake((byte) 16, this.handshake, register, bArr2.length, false) != 0) {
            return -1;
        }
        blockHash(bArr, bArr, 0);
        this.session.master_secret = bArr;
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLClient(SSLSocket sSLSocket, boolean z, SSLContext sSLContext, int i, boolean z2) throws IOException, SSLException {
        this.server_port = i;
        install(sSLSocket, z, 0, sSLContext, z2);
    }
}
