package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProviderException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSocket;
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialSpec;
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
import sun.security.ssl.CipherSuite;
import sun.security.ssl.HandshakeMessage;
import sun.security.util.HexDumpEncoder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/java.base-2018-12-19.jar:META-INF/modules/java.base/classes/sun/security/ssl/Handshaker.class */
public abstract class Handshaker {
    ProtocolVersion protocolVersion;
    ProtocolVersion activeProtocolVersion;
    boolean secureRenegotiation;
    byte[] clientVerifyData;
    byte[] serverVerifyData;
    boolean isInitialHandshake;
    private ProtocolList enabledProtocols;
    private CipherSuiteList enabledCipherSuites;
    String identificationProtocol;
    AlgorithmConstraints algorithmConstraints;
    private Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
    Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
    private ProtocolList activeProtocols;
    private CipherSuiteList activeCipherSuites;
    List<SNIServerName> serverNames;
    Collection<SNIMatcher> sniMatchers;
    String[] localApl;
    String applicationProtocol;
    BiFunction<SSLEngine, List<String>, String> appProtocolSelectorSSLEngine;
    BiFunction<SSLSocket, List<String>, String> appProtocolSelectorSSLSocket;
    int maximumPacketSize;
    private boolean isClient;
    private boolean needCertVerify;
    SSLSocketImpl conn;
    SSLEngineImpl engine;
    HandshakeHash handshakeHash;
    HandshakeInStream input;
    HandshakeOutStream output;
    SSLContextImpl sslContext;
    RandomCookie clnt_random;
    RandomCookie svr_random;
    SSLSessionImpl session;
    HandshakeStateManager handshakeState;
    boolean clientHelloDelivered;
    boolean serverHelloRequested;
    boolean handshakeActivated;
    boolean handshakeFinished;
    CipherSuite cipherSuite;
    CipherSuite.KeyExchange keyExchange;
    boolean resumingSession;
    boolean enableNewSession;
    boolean preferLocalCipherSuites;
    private SecretKey clntWriteKey;
    private SecretKey svrWriteKey;
    private IvParameterSpec clntWriteIV;
    private IvParameterSpec svrWriteIV;
    private SecretKey clntMacSecret;
    private SecretKey svrMacSecret;
    private volatile boolean taskDelegated;
    private volatile DelegatedTask<?> delegatedTask;
    private volatile Exception thrown;
    private Object thrownLock;
    static final boolean useExtendedMasterSecret;
    boolean requestedToUseEMS;
    boolean invalidated;
    final boolean isDTLS;
    static final Debug debug = Debug.getInstance("ssl");
    static final boolean allowUnsafeRenegotiation = Debug.getBooleanProperty("sun.security.ssl.allowUnsafeRenegotiation", false);
    static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty("sun.security.ssl.allowLegacyHelloMessages", true);
    static final boolean rejectClientInitiatedRenego = Debug.getBooleanProperty("jdk.tls.rejectClientInitiatedRenegotiation", false);
    static final boolean allowLegacyResumption = Debug.getBooleanProperty("jdk.tls.allowLegacyResumption", true);
    static final boolean allowLegacyMasterSecret = Debug.getBooleanProperty("jdk.tls.allowLegacyMasterSecret", true);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/java.base-2018-12-19.jar:META-INF/modules/java.base/classes/sun/security/ssl/Handshaker$DelegatedTask.class */
    public class DelegatedTask<E> implements Runnable {
        private PrivilegedExceptionAction<E> pea;

        DelegatedTask(PrivilegedExceptionAction<E> privilegedExceptionAction) {
            this.pea = privilegedExceptionAction;
        }

        @Override // java.lang.Runnable
        public void run() {
            synchronized (Handshaker.this.engine) {
                try {
                    try {
                        AccessController.doPrivileged(this.pea, Handshaker.this.engine.getAcc());
                    } catch (PrivilegedActionException e) {
                        Handshaker.this.thrown = e.getException();
                    }
                } catch (RuntimeException e2) {
                    Handshaker.this.thrown = e2;
                }
                Handshaker.this.delegatedTask = null;
                Handshaker.this.taskDelegated = false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2) {
        this.algorithmConstraints = null;
        this.serverNames = Collections.emptyList();
        this.sniMatchers = Collections.emptyList();
        this.localApl = null;
        this.applicationProtocol = null;
        this.appProtocolSelectorSSLEngine = null;
        this.appProtocolSelectorSSLSocket = null;
        this.maximumPacketSize = 0;
        this.conn = null;
        this.engine = null;
        this.preferLocalCipherSuites = false;
        this.taskDelegated = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.thrownLock = new Object();
        this.requestedToUseEMS = false;
        this.conn = sSLSocketImpl;
        this.isDTLS = false;
        init(sSLContextImpl, protocolList, z, z2, protocolVersion, z3, z4, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLEngineImpl sSLEngineImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2, boolean z5) {
        this.algorithmConstraints = null;
        this.serverNames = Collections.emptyList();
        this.sniMatchers = Collections.emptyList();
        this.localApl = null;
        this.applicationProtocol = null;
        this.appProtocolSelectorSSLEngine = null;
        this.appProtocolSelectorSSLSocket = null;
        this.maximumPacketSize = 0;
        this.conn = null;
        this.engine = null;
        this.preferLocalCipherSuites = false;
        this.taskDelegated = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.thrownLock = new Object();
        this.requestedToUseEMS = false;
        this.engine = sSLEngineImpl;
        this.isDTLS = z5;
        init(sSLContextImpl, protocolList, z, z2, protocolVersion, z3, z4, bArr, bArr2);
    }

    private void init(SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2) {
        if (debug != null && Debug.isOn("handshake")) {
            System.out.println("Allow unsafe renegotiation: " + allowUnsafeRenegotiation + "\nAllow legacy hello messages: " + allowLegacyHelloMessages + "\nIs initial handshake: " + z3 + "\nIs secure renegotiation: " + z4);
        }
        this.sslContext = sSLContextImpl;
        this.isClient = z2;
        this.needCertVerify = z;
        this.activeProtocolVersion = protocolVersion;
        this.isInitialHandshake = z3;
        this.secureRenegotiation = z4;
        this.clientVerifyData = bArr;
        this.serverVerifyData = bArr2;
        this.enableNewSession = true;
        this.invalidated = false;
        this.handshakeState = new HandshakeStateManager(this.isDTLS);
        this.clientHelloDelivered = false;
        this.serverHelloRequested = false;
        this.handshakeActivated = false;
        this.handshakeFinished = false;
        setCipherSuite(CipherSuite.C_NULL);
        setEnabledProtocols(protocolList);
        if (this.conn != null) {
            this.algorithmConstraints = new SSLAlgorithmConstraints((SSLSocket) this.conn, true);
        } else {
            this.algorithmConstraints = new SSLAlgorithmConstraints((SSLEngine) this.engine, true);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, String str) throws IOException {
        fatalSE(b, str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, Throwable th) throws IOException {
        fatalSE(b, null, th);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fatalSE(byte b, String str, Throwable th) throws IOException {
        if (this.conn != null) {
            this.conn.fatal(b, str, th);
        } else {
            this.engine.fatal(b, str, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void warningSE(byte b) {
        if (this.conn != null) {
            this.conn.warning(b);
        } else {
            this.engine.warning(b);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHostSE() {
        return this.conn != null ? this.conn.getHost() : this.engine.getPeerHost();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getHostAddressSE() {
        return this.conn != null ? this.conn.getInetAddress().getHostAddress() : this.engine.getPeerHost();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getPortSE() {
        return this.conn != null ? this.conn.getPort() : this.engine.getPeerPort();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getLocalPortSE() {
        if (this.conn != null) {
            return this.conn.getLocalPort();
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlContext getAccSE() {
        return this.conn != null ? this.conn.getAcc() : this.engine.getAcc();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getEndpointIdentificationAlgorithmSE() {
        return (this.conn != null ? this.conn.getSSLParameters() : this.engine.getSSLParameters()).getEndpointIdentificationAlgorithm();
    }

    private void setVersionSE(ProtocolVersion protocolVersion) {
        if (this.conn != null) {
            this.conn.setVersion(protocolVersion);
        } else {
            this.engine.setVersion(protocolVersion);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setVersion(ProtocolVersion protocolVersion) {
        this.protocolVersion = protocolVersion;
        setVersionSE(protocolVersion);
    }

    void setEnabledProtocols(ProtocolList protocolList) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.enabledProtocols = protocolList;
    }

    void setEnabledCipherSuites(CipherSuiteList cipherSuiteList) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.enabledCipherSuites = cipherSuiteList;
    }

    void setAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.algorithmConstraints = new SSLAlgorithmConstraints(algorithmConstraints);
        this.localSupportedSignAlgs = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<SignatureAndHashAlgorithm> getLocalSupportedSignAlgs() {
        if (this.localSupportedSignAlgs == null) {
            this.localSupportedSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms(this.algorithmConstraints);
        }
        return this.localSupportedSignAlgs;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPeerSupportedSignAlgs(Collection<SignatureAndHashAlgorithm> collection) {
        this.peerSupportedSignAlgs = new ArrayList(collection);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<SignatureAndHashAlgorithm> getPeerSupportedSignAlgs() {
        return this.peerSupportedSignAlgs;
    }

    void setIdentificationProtocol(String str) {
        this.identificationProtocol = str;
    }

    void setSNIServerNames(List<SNIServerName> list) {
        this.serverNames = list;
    }

    void setSNIMatchers(Collection<SNIMatcher> collection) {
        this.sniMatchers = collection;
    }

    void setMaximumPacketSize(int i) {
        this.maximumPacketSize = i;
    }

    void setApplicationProtocols(String[] strArr) {
        this.localApl = strArr;
    }

    String getHandshakeApplicationProtocol() {
        return this.applicationProtocol;
    }

    void setApplicationProtocolSelectorSSLEngine(BiFunction<SSLEngine, List<String>, String> biFunction) {
        this.appProtocolSelectorSSLEngine = biFunction;
    }

    void setApplicationProtocolSelectorSSLSocket(BiFunction<SSLSocket, List<String>, String> biFunction) {
        this.appProtocolSelectorSSLSocket = biFunction;
    }

    void setUseCipherSuitesOrder(boolean z) {
        this.preferLocalCipherSuites = z;
    }

    void activate(ProtocolVersion protocolVersion) throws IOException {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        if (this.activeProtocols.collection().isEmpty() || this.activeProtocols.max.v == ProtocolVersion.NONE.v) {
            throw new SSLHandshakeException("No appropriate protocol (protocol is disabled or cipher suites are inappropriate)");
        }
        if (this.activeCipherSuites == null) {
            this.activeCipherSuites = getActiveCipherSuites();
        }
        if (this.activeCipherSuites.collection().isEmpty()) {
            throw new SSLHandshakeException("No appropriate cipher suite");
        }
        if (this.isInitialHandshake) {
            this.protocolVersion = this.activeProtocols.max;
        } else {
            this.protocolVersion = this.activeProtocolVersion;
        }
        if (protocolVersion == null || protocolVersion.v == ProtocolVersion.NONE.v) {
            protocolVersion = this.activeProtocols.helloVersion;
        }
        this.handshakeHash = new HandshakeHash(this.needCertVerify);
        if (this.conn != null) {
            this.input = new HandshakeInStream();
            this.output = new HandshakeOutStream(this.conn.outputRecord);
            this.conn.inputRecord.setHandshakeHash(this.handshakeHash);
            this.conn.inputRecord.setHelloVersion(protocolVersion);
            this.conn.outputRecord.setHandshakeHash(this.handshakeHash);
            this.conn.outputRecord.setHelloVersion(protocolVersion);
            this.conn.outputRecord.setVersion(this.protocolVersion);
        } else if (this.engine != null) {
            this.input = new HandshakeInStream();
            this.output = new HandshakeOutStream(this.engine.outputRecord);
            this.engine.inputRecord.setHandshakeHash(this.handshakeHash);
            this.engine.inputRecord.setHelloVersion(protocolVersion);
            this.engine.outputRecord.setHandshakeHash(this.handshakeHash);
            this.engine.outputRecord.setHelloVersion(protocolVersion);
            this.engine.outputRecord.setVersion(this.protocolVersion);
        }
        this.handshakeActivated = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCipherSuite(CipherSuite cipherSuite) {
        this.cipherSuite = cipherSuite;
        this.keyExchange = cipherSuite.keyExchange;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isNegotiable(CipherSuite cipherSuite) {
        if (this.activeCipherSuites == null) {
            this.activeCipherSuites = getActiveCipherSuites();
        }
        return isNegotiable(this.activeCipherSuites, cipherSuite);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final boolean isNegotiable(CipherSuiteList cipherSuiteList, CipherSuite cipherSuite) {
        return cipherSuiteList.contains(cipherSuite) && cipherSuite.isNegotiable();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isNegotiable(ProtocolVersion protocolVersion) {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        return this.activeProtocols.contains(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtocolVersion selectProtocolVersion(ProtocolVersion protocolVersion) {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        return this.activeProtocols.selectProtocolVersion(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherSuiteList getActiveCipherSuites() {
        if (this.activeCipherSuites == null) {
            if (this.activeProtocols == null) {
                this.activeProtocols = getActiveProtocols();
            }
            ArrayList arrayList = new ArrayList();
            if (!this.activeProtocols.collection().isEmpty() && this.activeProtocols.min.v != ProtocolVersion.NONE.v) {
                EnumMap enumMap = new EnumMap(NamedGroupType.class);
                for (CipherSuite cipherSuite : this.enabledCipherSuites.collection()) {
                    if (cipherSuite.isAvailable() && !this.activeProtocols.min.obsoletes(cipherSuite) && this.activeProtocols.max.supports(cipherSuite)) {
                        if (isActivatable(cipherSuite, enumMap)) {
                            arrayList.add(cipherSuite);
                        }
                    } else if (debug != null && Debug.isOn("verbose")) {
                        if (this.activeProtocols.min.obsoletes(cipherSuite)) {
                            System.out.println("Ignoring obsoleted cipher suite: " + ((Object) cipherSuite));
                        } else {
                            System.out.println("Ignoring unsupported cipher suite: " + ((Object) cipherSuite));
                        }
                    }
                }
            }
            this.activeCipherSuites = new CipherSuiteList(arrayList);
        }
        return this.activeCipherSuites;
    }

    ProtocolList getActiveProtocols() {
        if (this.activeProtocols == null) {
            boolean z = false;
            ArrayList arrayList = new ArrayList(4);
            for (ProtocolVersion protocolVersion : this.enabledProtocols.collection()) {
                if (protocolVersion.v == ProtocolVersion.SSL20Hello.v) {
                    z = true;
                } else if (this.algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), protocolVersion.name, null)) {
                    boolean z2 = false;
                    EnumMap enumMap = new EnumMap(NamedGroupType.class);
                    Iterator<CipherSuite> iterator2 = this.enabledCipherSuites.collection().iterator2();
                    while (true) {
                        if (!iterator2.hasNext()) {
                            break;
                        }
                        CipherSuite next = iterator2.next();
                        if (next.isAvailable() && !protocolVersion.obsoletes(next) && protocolVersion.supports(next)) {
                            if (isActivatable(next, enumMap)) {
                                arrayList.add(protocolVersion);
                                z2 = true;
                                break;
                            }
                        } else if (debug != null && Debug.isOn("verbose")) {
                            System.out.println("Ignoring unsupported cipher suite: " + ((Object) next) + " for " + ((Object) protocolVersion));
                        }
                    }
                    if (!z2 && debug != null && Debug.isOn("handshake")) {
                        System.out.println("No available cipher suite for " + ((Object) protocolVersion));
                    }
                } else if (debug != null && Debug.isOn("verbose")) {
                    System.out.println("Ignoring disabled protocol: " + ((Object) protocolVersion));
                }
            }
            if (!arrayList.isEmpty() && z) {
                arrayList.add(ProtocolVersion.SSL20Hello);
            }
            this.activeProtocols = new ProtocolList((ArrayList<ProtocolVersion>) arrayList);
        }
        return this.activeProtocols;
    }

    private boolean isActivatable(CipherSuite cipherSuite, Map<NamedGroupType, Boolean> map) {
        boolean booleanValue;
        if (!this.algorithmConstraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), cipherSuite.name, null)) {
            if (debug == null || !Debug.isOn("verbose")) {
                return false;
            }
            System.out.println("Ignoring disabled cipher suite: " + ((Object) cipherSuite));
            return false;
        }
        NamedGroupType namedGroupType = cipherSuite.keyExchange.groupType;
        if (namedGroupType == NamedGroupType.NAMED_GROUP_NONE) {
            return true;
        }
        Boolean bool = map.get(namedGroupType);
        if (bool == null) {
            booleanValue = SupportedGroupsExtension.isActivatable(this.algorithmConstraints, namedGroupType);
            map.put(namedGroupType, Boolean.valueOf(booleanValue));
            if (!booleanValue && debug != null && Debug.isOn("verbose")) {
                System.out.println("No activated named group");
            }
        } else {
            booleanValue = bool.booleanValue();
        }
        if (!booleanValue && debug != null && Debug.isOn("verbose")) {
            System.out.println("No active named group, ignore " + ((Object) cipherSuite));
        }
        return booleanValue;
    }

    void setEnableSessionCreation(boolean z) {
        this.enableNewSession = z;
    }

    CipherBox newReadCipher() throws NoSuchAlgorithmException {
        CipherBox newCipher;
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        if (this.isClient) {
            newCipher = bulkCipher.newCipher(this.protocolVersion, this.svrWriteKey, this.svrWriteIV, this.sslContext.getSecureRandom(), false);
            this.svrWriteKey = null;
            this.svrWriteIV = null;
        } else {
            newCipher = bulkCipher.newCipher(this.protocolVersion, this.clntWriteKey, this.clntWriteIV, this.sslContext.getSecureRandom(), false);
            this.clntWriteKey = null;
            this.clntWriteIV = null;
        }
        return newCipher;
    }

    CipherBox newWriteCipher() throws NoSuchAlgorithmException {
        CipherBox newCipher;
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        if (this.isClient) {
            newCipher = bulkCipher.newCipher(this.protocolVersion, this.clntWriteKey, this.clntWriteIV, this.sslContext.getSecureRandom(), true);
            this.clntWriteKey = null;
            this.clntWriteIV = null;
        } else {
            newCipher = bulkCipher.newCipher(this.protocolVersion, this.svrWriteKey, this.svrWriteIV, this.sslContext.getSecureRandom(), true);
            this.svrWriteKey = null;
            this.svrWriteIV = null;
        }
        return newCipher;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [sun.security.ssl.Authenticator] */
    Authenticator newReadAuthenticator() throws NoSuchAlgorithmException, InvalidKeyException {
        MAC newMac;
        if (this.cipherSuite.cipher.cipherType == CipherSuite.CipherType.AEAD_CIPHER) {
            newMac = new Authenticator(this.protocolVersion);
        } else {
            CipherSuite.MacAlg macAlg = this.cipherSuite.macAlg;
            if (this.isClient) {
                newMac = macAlg.newMac(this.protocolVersion, this.svrMacSecret);
                this.svrMacSecret = null;
            } else {
                newMac = macAlg.newMac(this.protocolVersion, this.clntMacSecret);
                this.clntMacSecret = null;
            }
        }
        return newMac;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [sun.security.ssl.Authenticator] */
    Authenticator newWriteAuthenticator() throws NoSuchAlgorithmException, InvalidKeyException {
        MAC newMac;
        if (this.cipherSuite.cipher.cipherType == CipherSuite.CipherType.AEAD_CIPHER) {
            newMac = new Authenticator(this.protocolVersion);
        } else {
            CipherSuite.MacAlg macAlg = this.cipherSuite.macAlg;
            if (this.isClient) {
                newMac = macAlg.newMac(this.protocolVersion, this.clntMacSecret);
                this.clntMacSecret = null;
            } else {
                newMac = macAlg.newMac(this.protocolVersion, this.svrMacSecret);
                this.svrMacSecret = null;
            }
        }
        return newMac;
    }

    boolean isDone() {
        return started() && this.handshakeState.isEmpty() && this.handshakeFinished;
    }

    SSLSessionImpl getSession() {
        return this.session;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHandshakeSessionSE(SSLSessionImpl sSLSessionImpl) {
        if (this.conn != null) {
            this.conn.setHandshakeSession(sSLSessionImpl);
        } else {
            this.engine.setHandshakeSession(sSLSessionImpl);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void expectingFinishFlightSE() {
        if (this.conn != null) {
            this.conn.expectingFinishFlight();
        } else {
            this.engine.expectingFinishFlight();
        }
    }

    boolean isSecureRenegotiation() {
        return this.secureRenegotiation;
    }

    byte[] getClientVerifyData() {
        return this.clientVerifyData;
    }

    byte[] getServerVerifyData() {
        return this.serverVerifyData;
    }

    void processRecord(ByteBuffer byteBuffer, boolean z) throws IOException {
        checkThrown();
        this.input.incomingRecord(byteBuffer);
        if (this.conn != null || z) {
            processLoop();
        } else {
            delegateTask(new PrivilegedExceptionAction<Void>() { // from class: sun.security.ssl.Handshaker.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                /* renamed from: run */
                public Void run2() throws Exception {
                    Handshaker.this.processLoop();
                    return null;
                }
            });
        }
    }

    void processLoop() throws IOException {
        while (this.input.available() >= 4) {
            this.input.mark(4);
            byte int8 = (byte) this.input.getInt8();
            if (HandshakeMessage.isUnsupported(int8)) {
                throw new SSLProtocolException("Received unsupported or unknown handshake message: " + ((int) int8));
            }
            int int24 = this.input.getInt24();
            if (this.input.available() < int24) {
                this.input.reset();
                return;
            }
            if (int8 == 1) {
                this.clientHelloDelivered = true;
            } else if (int8 == 0) {
                this.serverHelloRequested = true;
            }
            processMessage(int8, int24);
            if (int8 == 20 || int8 == 15) {
                this.handshakeHash.reload();
            }
        }
    }

    boolean activated() {
        return this.handshakeActivated;
    }

    boolean started() {
        return this.serverHelloRequested || this.clientHelloDelivered;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void kickstart() throws IOException {
        if (this.isClient && this.clientHelloDelivered) {
            return;
        }
        if (this.isClient || !this.serverHelloRequested) {
            HandshakeMessage kickstartMessage = getKickstartMessage();
            this.handshakeState.update(kickstartMessage, this.resumingSession);
            if (debug != null && Debug.isOn("handshake")) {
                kickstartMessage.print(System.out);
            }
            kickstartMessage.write(this.output);
            this.output.flush();
            if (kickstartMessage.messageType() == 0) {
                this.serverHelloRequested = true;
            } else {
                this.clientHelloDelivered = true;
            }
        }
    }

    abstract HandshakeMessage getKickstartMessage() throws SSLException;

    abstract void processMessage(byte b, int i) throws IOException;

    abstract void handshakeAlert(byte b) throws SSLProtocolException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendChangeCipherSpec(HandshakeMessage.Finished finished, boolean z) throws IOException {
        this.output.flush();
        if (this.conn != null) {
            this.conn.writeLock.lock();
            try {
                this.handshakeState.changeCipherSpec(false, this.isClient);
                this.conn.changeWriteCiphers();
                if (debug != null && Debug.isOn("handshake")) {
                    finished.print(System.out);
                }
                this.handshakeState.update(finished, this.resumingSession);
                finished.write(this.output);
                this.output.flush();
            } finally {
                this.conn.writeLock.unlock();
            }
        } else {
            synchronized (this.engine.writeLock) {
                this.handshakeState.changeCipherSpec(false, this.isClient);
                this.engine.changeWriteCiphers();
                if (debug != null && Debug.isOn("handshake")) {
                    finished.print(System.out);
                }
                this.handshakeState.update(finished, this.resumingSession);
                finished.write(this.output);
                this.output.flush();
            }
        }
        if (z) {
            this.handshakeFinished = true;
        }
    }

    void receiveChangeCipherSpec() throws IOException {
        this.handshakeState.changeCipherSpec(true, this.isClient);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void calculateKeys(SecretKey secretKey, ProtocolVersion protocolVersion) {
        SecretKey calculateMasterSecret = calculateMasterSecret(secretKey, protocolVersion);
        this.session.setMasterSecret(calculateMasterSecret);
        calculateConnectionKeys(calculateMasterSecret);
    }

    private SecretKey calculateMasterSecret(SecretKey secretKey, ProtocolVersion protocolVersion) {
        String str;
        CipherSuite.PRF prf;
        TlsMasterSecretParameterSpec tlsMasterSecretParameterSpec;
        byte[] bArr;
        if (debug != null && Debug.isOn("keygen")) {
            HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
            System.out.println("SESSION KEYGEN:");
            System.out.println("PreMaster Secret:");
            printHex(hexDumpEncoder, secretKey.getEncoded());
        }
        byte b = this.protocolVersion.major;
        byte b2 = this.protocolVersion.minor;
        if (this.protocolVersion.isDTLSProtocol()) {
            if (this.protocolVersion.v == ProtocolVersion.DTLS10.v) {
                b = ProtocolVersion.TLS11.major;
                b2 = ProtocolVersion.TLS11.minor;
                str = "SunTlsMasterSecret";
                prf = CipherSuite.PRF.P_NONE;
            } else {
                b = ProtocolVersion.TLS12.major;
                b2 = ProtocolVersion.TLS12.minor;
                str = "SunTls12MasterSecret";
                prf = this.cipherSuite.prfAlg;
            }
        } else if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
            str = "SunTls12MasterSecret";
            prf = this.cipherSuite.prfAlg;
        } else {
            str = "SunTlsMasterSecret";
            prf = CipherSuite.PRF.P_NONE;
        }
        String pRFHashAlg = prf.getPRFHashAlg();
        int pRFHashLength = prf.getPRFHashLength();
        int pRFBlockSize = prf.getPRFBlockSize();
        if (this.session.getUseExtendedMasterSecret()) {
            str = "SunTlsExtendedMasterSecret";
            if (this.protocolVersion.useTLS12PlusSpec()) {
                bArr = this.handshakeHash.getFinishedHash();
            } else {
                bArr = new byte[36];
                try {
                    this.handshakeHash.getMD5Clone().digest(bArr, 0, 16);
                    this.handshakeHash.getSHAClone().digest(bArr, 16, 20);
                } catch (DigestException e) {
                    throw new ProviderException(e);
                }
            }
            tlsMasterSecretParameterSpec = new TlsMasterSecretParameterSpec(secretKey, b & 255, b2 & 255, bArr, pRFHashAlg, pRFHashLength, pRFBlockSize);
        } else {
            tlsMasterSecretParameterSpec = new TlsMasterSecretParameterSpec(secretKey, b & 255, b2 & 255, this.clnt_random.random_bytes, this.svr_random.random_bytes, pRFHashAlg, pRFHashLength, pRFBlockSize);
        }
        try {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(str);
            keyGenerator.init(tlsMasterSecretParameterSpec);
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e2) {
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("RSA master secret generation error:");
                e2.printStackTrace(System.out);
            }
            throw new ProviderException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void calculateConnectionKeys(SecretKey secretKey) {
        String str;
        CipherSuite.PRF prf;
        int i = this.cipherSuite.macAlg.size;
        boolean z = this.cipherSuite.exportable;
        CipherSuite.BulkCipher bulkCipher = this.cipherSuite.cipher;
        int i2 = z ? bulkCipher.expandedKeySize : 0;
        byte b = this.protocolVersion.major;
        byte b2 = this.protocolVersion.minor;
        if (this.protocolVersion.isDTLSProtocol()) {
            if (this.protocolVersion.v == ProtocolVersion.DTLS10.v) {
                b = ProtocolVersion.TLS11.major;
                b2 = ProtocolVersion.TLS11.minor;
                str = "SunTlsKeyMaterial";
                prf = CipherSuite.PRF.P_NONE;
            } else {
                b = ProtocolVersion.TLS12.major;
                b2 = ProtocolVersion.TLS12.minor;
                str = "SunTls12KeyMaterial";
                prf = this.cipherSuite.prfAlg;
            }
        } else if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
            str = "SunTls12KeyMaterial";
            prf = this.cipherSuite.prfAlg;
        } else {
            str = "SunTlsKeyMaterial";
            prf = CipherSuite.PRF.P_NONE;
        }
        String pRFHashAlg = prf.getPRFHashAlg();
        int pRFHashLength = prf.getPRFHashLength();
        int pRFBlockSize = prf.getPRFBlockSize();
        int i3 = bulkCipher.ivSize;
        if (bulkCipher.cipherType == CipherSuite.CipherType.AEAD_CIPHER) {
            i3 = bulkCipher.fixedIvSize;
        } else if (bulkCipher.cipherType == CipherSuite.CipherType.BLOCK_CIPHER && this.protocolVersion.useTLS11PlusSpec()) {
            i3 = 0;
        }
        TlsKeyMaterialParameterSpec tlsKeyMaterialParameterSpec = new TlsKeyMaterialParameterSpec(secretKey, b & 255, b2 & 255, this.clnt_random.random_bytes, this.svr_random.random_bytes, bulkCipher.algorithm, bulkCipher.keySize, i2, i3, i, pRFHashAlg, pRFHashLength, pRFBlockSize);
        try {
            KeyGenerator keyGenerator = JsseJce.getKeyGenerator(str);
            keyGenerator.init(tlsKeyMaterialParameterSpec);
            TlsKeyMaterialSpec tlsKeyMaterialSpec = (TlsKeyMaterialSpec) keyGenerator.generateKey();
            this.clntWriteKey = tlsKeyMaterialSpec.getClientCipherKey();
            this.svrWriteKey = tlsKeyMaterialSpec.getServerCipherKey();
            this.clntWriteIV = tlsKeyMaterialSpec.getClientIv();
            this.svrWriteIV = tlsKeyMaterialSpec.getServerIv();
            this.clntMacSecret = tlsKeyMaterialSpec.getClientMacKey();
            this.svrMacSecret = tlsKeyMaterialSpec.getServerMacKey();
            if (debug == null || !Debug.isOn("keygen")) {
                return;
            }
            synchronized (System.out) {
                HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
                System.out.println("CONNECTION KEYGEN:");
                System.out.println("Client Nonce:");
                printHex(hexDumpEncoder, this.clnt_random.random_bytes);
                System.out.println("Server Nonce:");
                printHex(hexDumpEncoder, this.svr_random.random_bytes);
                System.out.println("Master Secret:");
                printHex(hexDumpEncoder, secretKey.getEncoded());
                if (this.clntMacSecret != null) {
                    System.out.println("Client MAC write Secret:");
                    printHex(hexDumpEncoder, this.clntMacSecret.getEncoded());
                    System.out.println("Server MAC write Secret:");
                    printHex(hexDumpEncoder, this.svrMacSecret.getEncoded());
                } else {
                    System.out.println("... no MAC keys used for this cipher");
                }
                if (this.clntWriteKey != null) {
                    System.out.println("Client write key:");
                    printHex(hexDumpEncoder, this.clntWriteKey.getEncoded());
                    System.out.println("Server write key:");
                    printHex(hexDumpEncoder, this.svrWriteKey.getEncoded());
                } else {
                    System.out.println("... no encryption keys used");
                }
                if (this.clntWriteIV != null) {
                    System.out.println("Client write IV:");
                    printHex(hexDumpEncoder, this.clntWriteIV.getIV());
                    System.out.println("Server write IV:");
                    printHex(hexDumpEncoder, this.svrWriteIV.getIV());
                } else if (this.protocolVersion.useTLS11PlusSpec()) {
                    System.out.println("... no IV derived for this protocol");
                } else {
                    System.out.println("... no IV used for this cipher");
                }
                System.out.flush();
            }
        } catch (GeneralSecurityException e) {
            throw new ProviderException(e);
        }
    }

    private static void printHex(HexDumpEncoder hexDumpEncoder, byte[] bArr) {
        if (bArr == null) {
            System.out.println("(key bytes not available)");
        } else {
            try {
                hexDumpEncoder.encodeBuffer(bArr, System.out);
            } catch (IOException e) {
            }
        }
    }

    private <T> void delegateTask(PrivilegedExceptionAction<T> privilegedExceptionAction) {
        this.delegatedTask = new DelegatedTask<>(privilegedExceptionAction);
        this.taskDelegated = false;
        this.thrown = null;
    }

    DelegatedTask<?> getTask() {
        if (this.taskDelegated) {
            return null;
        }
        this.taskDelegated = true;
        return this.delegatedTask;
    }

    boolean taskOutstanding() {
        return this.delegatedTask != null;
    }

    void checkThrown() throws SSLException {
        synchronized (this.thrownLock) {
            if (this.thrown != null) {
                String message = this.thrown.getMessage();
                if (message == null) {
                    message = "Delegated task threw Exception/Error";
                }
                Exception exc = this.thrown;
                this.thrown = null;
                if (exc instanceof RuntimeException) {
                    throw new RuntimeException(message, exc);
                }
                if (exc instanceof SSLHandshakeException) {
                    throw ((SSLHandshakeException) new SSLHandshakeException(message).initCause(exc));
                }
                if (exc instanceof SSLKeyException) {
                    throw ((SSLKeyException) new SSLKeyException(message).initCause(exc));
                }
                if (exc instanceof SSLPeerUnverifiedException) {
                    throw ((SSLPeerUnverifiedException) new SSLPeerUnverifiedException(message).initCause(exc));
                }
                if (!(exc instanceof SSLProtocolException)) {
                    throw new SSLException(message, exc);
                }
                throw ((SSLProtocolException) new SSLProtocolException(message).initCause(exc));
            }
        }
    }

    static {
        boolean z = true;
        try {
            JsseJce.getKeyGenerator("SunTlsExtendedMasterSecret");
        } catch (NoSuchAlgorithmException e) {
            z = false;
        }
        if (z) {
            useExtendedMasterSecret = Debug.getBooleanProperty("jdk.tls.useExtendedMasterSecret", true);
        } else {
            useExtendedMasterSecret = false;
        }
    }
}
