package gnu.javax.net.ssl.provider;

import gnu.classpath.debug.Component;
import gnu.java.security.action.GetSecurityPropertyAction;
import gnu.javax.crypto.key.dh.GnuDHPublicKey;
import gnu.javax.net.ssl.AbstractSessionContext;
import gnu.javax.net.ssl.Session;
import gnu.javax.net.ssl.provider.AbstractHandshake;
import gnu.javax.net.ssl.provider.Alert;
import gnu.javax.net.ssl.provider.CertificateRequest;
import gnu.javax.net.ssl.provider.Extension;
import gnu.javax.net.ssl.provider.Handshake;
import java.nio.ByteBuffer;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:gnu/javax/net/ssl/provider/ClientHandshake.class */
public class ClientHandshake extends AbstractHandshake {
    private State state;
    private ByteBuffer outBuffer;
    private boolean continuedSession;
    private SessionImpl continued;
    private KeyPair dhPair;
    private String keyAlias;
    private PrivateKey privateKey;
    private MaxFragmentLength maxFragmentLengthSent;
    private boolean truncatedHMacSent;
    private ProtocolVersion sentVersion;
    private AbstractHandshake.CertVerifier certVerifier;
    private ParamsVerifier paramsVerifier;
    private DelegatedTask keyExchange;
    private CertLoader certLoader;
    private GenCertVerify genCertVerify;
    private static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type;
    private static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$ClientHandshake$State;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ClientHandshake$CertLoader.class */
    class CertLoader extends DelegatedTask {
        private final List<String> keyTypes;
        private final List<X500Principal> issuers;

        CertLoader(List<String> list, List<X500Principal> list2) {
            this.keyTypes = list;
            this.issuers = list2;
        }

        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        public void implRun() {
            X509ExtendedKeyManager x509ExtendedKeyManager = ClientHandshake.this.engine.contextImpl.keyManager;
            if (x509ExtendedKeyManager == null) {
                return;
            }
            ClientHandshake.this.keyAlias = x509ExtendedKeyManager.chooseEngineClientAlias((String[]) this.keyTypes.toArray(new String[this.keyTypes.size()]), (Principal[]) this.issuers.toArray(new X500Principal[this.issuers.size()]), ClientHandshake.this.engine);
            ClientHandshake.this.engine.session().setLocalCertificates(x509ExtendedKeyManager.getCertificateChain(ClientHandshake.this.keyAlias));
            ClientHandshake.this.privateKey = x509ExtendedKeyManager.getPrivateKey(ClientHandshake.this.keyAlias);
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ClientHandshake$ClientDHGen.class */
    class ClientDHGen extends DelegatedTask {
        private final DHPublicKey serverKey;
        private final DHParameterSpec params;
        private final boolean full;

        ClientDHGen(DHPublicKey dHPublicKey, DHParameterSpec dHParameterSpec, boolean z) {
            this.serverKey = dHPublicKey;
            this.params = dHParameterSpec;
            this.full = z;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v20 */
        /* JADX WARN: Type inference failed for: r0v21, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v22 */
        /* JADX WARN: Type inference failed for: r0v30 */
        /* JADX WARN: Type inference failed for: r0v31 */
        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        public void implRun() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, SSLException {
            ClientHandshake.logger.log(Component.SSL_DELEGATED_TASK, "running client DH phase");
            if (ClientHandshake.this.paramsVerifier != null) {
                ParamsVerifier paramsVerifier = ClientHandshake.this.paramsVerifier;
                synchronized (paramsVerifier) {
                    ?? r0 = paramsVerifier;
                    while (!ClientHandshake.this.paramsVerifier.hasRun()) {
                        try {
                            ParamsVerifier paramsVerifier2 = ClientHandshake.this.paramsVerifier;
                            paramsVerifier2.wait(500L);
                            r0 = paramsVerifier2;
                        } catch (InterruptedException unused) {
                        }
                    }
                    r0 = paramsVerifier;
                }
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
            keyPairGenerator.initialize(this.params, ClientHandshake.this.engine.session().random());
            ClientHandshake.this.dhPair = keyPairGenerator.generateKeyPair();
            ClientHandshake.logger.logv(Component.SSL_KEY_EXCHANGE, "client keys public:{0} private:{1}", ClientHandshake.this.dhPair.getPublic(), ClientHandshake.this.dhPair.getPrivate());
            ClientHandshake.this.initDiffieHellman((DHPrivateKey) ClientHandshake.this.dhPair.getPrivate(), ClientHandshake.this.engine.session().random());
            AbstractHandshake.DHPhase dHPhase = new AbstractHandshake.DHPhase(this.serverKey, this.full);
            dHPhase.run();
            if (dHPhase.thrown() != null) {
                throw new SSLException(dHPhase.thrown());
            }
        }

        DHPublicKey serverKey() {
            return this.serverKey;
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class */
    class GenCertVerify extends DelegatedTask {
        private final MessageDigest md5;
        private final MessageDigest sha;
        private byte[] signed;

        GenCertVerify(MessageDigest messageDigest, MessageDigest messageDigest2) {
            try {
                this.md5 = (MessageDigest) messageDigest.clone();
                this.sha = (MessageDigest) messageDigest2.clone();
            } catch (CloneNotSupportedException e) {
                throw new Error(e);
            }
        }

        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        public void implRun() throws InvalidKeyException, NoSuchAlgorithmException, SignatureException {
            byte[] genV3CertificateVerify = ClientHandshake.this.engine.session().version == ProtocolVersion.SSL_3 ? ClientHandshake.this.genV3CertificateVerify(this.md5, this.sha, ClientHandshake.this.engine.session()) : ClientHandshake.this.engine.session().suite.signatureAlgorithm() == SignatureAlgorithm.RSA ? Util.concat(this.md5.digest(), this.sha.digest()) : this.sha.digest();
            java.security.Signature signature = java.security.Signature.getInstance(ClientHandshake.this.engine.session().suite.signatureAlgorithm().name());
            signature.initSign(ClientHandshake.this.privateKey);
            signature.update(genV3CertificateVerify);
            this.signed = signature.sign();
        }

        byte[] signed() {
            return this.signed;
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ClientHandshake$ParamsVerifier.class */
    class ParamsVerifier extends DelegatedTask {
        private final ByteBuffer paramsBuffer;
        private final byte[] signature;
        private boolean verified;

        ParamsVerifier(ByteBuffer byteBuffer, byte[] bArr) {
            this.paramsBuffer = byteBuffer;
            this.signature = bArr;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v11 */
        /* JADX WARN: Type inference failed for: r0v12, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v14 */
        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        public void implRun() throws InvalidKeyException, NoSuchAlgorithmException, SSLPeerUnverifiedException, SignatureException {
            java.security.Signature signature = java.security.Signature.getInstance(ClientHandshake.this.engine.session().suite.signatureAlgorithm().algorithm());
            signature.initVerify(ClientHandshake.this.engine.session().getPeerCertificates()[0]);
            signature.update(this.paramsBuffer);
            this.verified = signature.verify(this.signature);
            ?? r0 = this;
            synchronized (r0) {
                notifyAll();
                r0 = r0;
            }
        }

        boolean verified() {
            return this.verified;
        }
    }

    /* loaded from: input_file:gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class */
    class RSAGen extends DelegatedTask {
        private byte[] encryptedPreMasterSecret;
        private final boolean full;

        RSAGen(ClientHandshake clientHandshake) {
            this(true);
        }

        RSAGen(boolean z) {
            this.full = z;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v47 */
        /* JADX WARN: Type inference failed for: r0v48, types: [java.lang.Throwable] */
        /* JADX WARN: Type inference failed for: r0v49 */
        /* JADX WARN: Type inference failed for: r0v57 */
        /* JADX WARN: Type inference failed for: r0v58 */
        @Override // gnu.javax.net.ssl.provider.DelegatedTask
        public void implRun() throws BadPaddingException, IllegalBlockSizeException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, SSLException {
            boolean[] keyUsage;
            if (ClientHandshake.this.certVerifier != null) {
                AbstractHandshake.CertVerifier certVerifier = ClientHandshake.this.certVerifier;
                synchronized (certVerifier) {
                    ?? r0 = certVerifier;
                    while (!ClientHandshake.this.certVerifier.hasRun()) {
                        try {
                            AbstractHandshake.CertVerifier certVerifier2 = ClientHandshake.this.certVerifier;
                            certVerifier2.wait(500L);
                            r0 = certVerifier2;
                        } catch (InterruptedException unused) {
                        }
                    }
                    r0 = certVerifier;
                }
            }
            ClientHandshake.this.preMasterSecret = new byte[48];
            ClientHandshake.this.engine.session().random().nextBytes(ClientHandshake.this.preMasterSecret);
            ClientHandshake.this.preMasterSecret[0] = (byte) ClientHandshake.this.sentVersion.major();
            ClientHandshake.this.preMasterSecret[1] = (byte) ClientHandshake.this.sentVersion.minor();
            Cipher cipher = Cipher.getInstance("RSA");
            java.security.cert.Certificate certificate = ClientHandshake.this.engine.session().getPeerCertificates()[0];
            if ((certificate instanceof X509Certificate) && (keyUsage = ((X509Certificate) certificate).getKeyUsage()) != null && !keyUsage[2]) {
                throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment");
            }
            cipher.init(1, certificate.getPublicKey());
            this.encryptedPreMasterSecret = cipher.doFinal(ClientHandshake.this.preMasterSecret);
            if (this.full) {
                ClientHandshake.this.generateMasterSecret(ClientHandshake.this.clientRandom, ClientHandshake.this.serverRandom, ClientHandshake.this.engine.session());
                ClientHandshake.this.setupSecurityParameters(ClientHandshake.this.generateKeys(ClientHandshake.this.clientRandom, ClientHandshake.this.serverRandom, ClientHandshake.this.engine.session()), true, ClientHandshake.this.engine, ClientHandshake.this.compression);
            }
        }

        byte[] encryptedSecret() {
            return this.encryptedPreMasterSecret;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:gnu/javax/net/ssl/provider/ClientHandshake$State.class */
    public enum State {
        WRITE_CLIENT_HELLO(false, true),
        READ_SERVER_HELLO(true, false),
        READ_CERTIFICATE(true, false),
        READ_SERVER_KEY_EXCHANGE(true, false),
        READ_CERTIFICATE_REQUEST(true, false),
        READ_SERVER_HELLO_DONE(true, false),
        WRITE_CERTIFICATE(false, true),
        WRITE_CLIENT_KEY_EXCHANGE(false, true),
        WRITE_CERTIFICATE_VERIFY(false, true),
        WRITE_FINISHED(false, true),
        READ_FINISHED(true, false),
        DONE(false, false);

        private final boolean isWriteState;
        private final boolean isReadState;

        State(boolean z, boolean z2) {
            this.isReadState = z;
            this.isWriteState = z2;
        }

        boolean isReadState() {
            return this.isReadState;
        }

        boolean isWriteState() {
            return this.isWriteState;
        }

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static State[] valuesCustom() {
            State[] valuesCustom = values();
            int length = valuesCustom.length;
            State[] stateArr = new State[length];
            System.arraycopy(valuesCustom, 0, stateArr, 0, length);
            return stateArr;
        }
    }

    static {
        $assertionsDisabled = !ClientHandshake.class.desiredAssertionStatus();
    }

    public ClientHandshake(SSLEngineImpl sSLEngineImpl) throws NoSuchAlgorithmException {
        super(sSLEngineImpl);
        this.state = State.WRITE_CLIENT_HELLO;
        this.continuedSession = false;
    }

    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    protected SSLEngineResult.HandshakeStatus implHandleInput() throws SSLException {
        if (this.state == State.DONE) {
            return SSLEngineResult.HandshakeStatus.FINISHED;
        }
        if (this.state.isWriteState() || (this.outBuffer != null && this.outBuffer.hasRemaining())) {
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }
        ByteBuffer duplicate = this.handshakeBuffer.duplicate();
        duplicate.flip();
        duplicate.position(this.handshakeOffset);
        Handshake handshake = new Handshake(duplicate.slice(), this.engine.session().suite, this.engine.session().version);
        logger.logv(Component.SSL_HANDSHAKE, "processing in state {0}:\n{1}", this.state, handshake);
        switch ($SWITCH_TABLE$gnu$javax$net$ssl$provider$ClientHandshake$State()[this.state.ordinal()]) {
            case 2:
                if (handshake.type() == Handshake.Type.SERVER_HELLO) {
                    ServerHello serverHello = (ServerHello) handshake.body();
                    this.serverRandom = serverHello.random().copy();
                    this.engine.session().suite = serverHello.cipherSuite();
                    this.engine.session().version = serverHello.version();
                    this.compression = serverHello.compressionMethod();
                    Session.ID id = new Session.ID(serverHello.sessionId());
                    if (this.continued != null && this.continued.id().equals(id)) {
                        this.continuedSession = true;
                        this.engine.setSession(this.continued);
                    } else if (this.engine.getEnableSessionCreation()) {
                        ((AbstractSessionContext) this.engine.contextImpl.engineGetClientSessionContext()).put(this.engine.session());
                    }
                    ExtensionList extensions = serverHello.extensions();
                    if (extensions != null) {
                        Iterator<Extension> it = extensions.iterator();
                        while (it.hasNext()) {
                            Extension next = it.next();
                            Extension.Type type = next.type();
                            if (type != null) {
                                switch ($SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type()[type.ordinal()]) {
                                    case 2:
                                        MaxFragmentLength maxFragmentLength = (MaxFragmentLength) next.value();
                                        if (this.maxFragmentLengthSent != maxFragmentLength) {
                                            break;
                                        } else {
                                            this.engine.session().setApplicationBufferSize(maxFragmentLength.maxLength());
                                            break;
                                        }
                                    case 5:
                                        if (!this.truncatedHMacSent) {
                                            break;
                                        } else {
                                            this.engine.session().setTruncatedMac(true);
                                            break;
                                        }
                                }
                            }
                        }
                    }
                    KeyExchangeAlgorithm keyExchangeAlgorithm = this.engine.session().suite.keyExchangeAlgorithm();
                    if (!this.continuedSession) {
                        if (keyExchangeAlgorithm != KeyExchangeAlgorithm.RSA && keyExchangeAlgorithm != KeyExchangeAlgorithm.DH_DSS && keyExchangeAlgorithm != KeyExchangeAlgorithm.DH_RSA && keyExchangeAlgorithm != KeyExchangeAlgorithm.DHE_DSS && keyExchangeAlgorithm != KeyExchangeAlgorithm.DHE_RSA && keyExchangeAlgorithm != KeyExchangeAlgorithm.RSA_PSK) {
                            if (keyExchangeAlgorithm != KeyExchangeAlgorithm.DH_anon && keyExchangeAlgorithm != KeyExchangeAlgorithm.PSK && keyExchangeAlgorithm != KeyExchangeAlgorithm.DHE_PSK) {
                                this.state = State.READ_CERTIFICATE_REQUEST;
                                break;
                            } else {
                                this.state = State.READ_SERVER_KEY_EXCHANGE;
                                break;
                            }
                        } else {
                            this.state = State.READ_CERTIFICATE;
                            break;
                        }
                    } else {
                        setupSecurityParameters(generateKeys(this.clientRandom, this.serverRandom, this.engine.session()), true, this.engine, this.compression);
                        this.state = State.READ_FINISHED;
                        break;
                    }
                } else {
                    throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNEXPECTED_MESSAGE));
                }
                break;
            case 3:
                if (handshake.type() != Handshake.Type.CERTIFICATE) {
                    if (this.engine.session().suite.signatureAlgorithm() != SignatureAlgorithm.ANONYMOUS) {
                        throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNEXPECTED_MESSAGE));
                    }
                    this.state = State.READ_SERVER_KEY_EXCHANGE;
                }
                Certificate certificate = (Certificate) handshake.body();
                try {
                    X509Certificate[] x509CertificateArr = (X509Certificate[]) certificate.certificates().toArray(new X509Certificate[0]);
                    this.engine.session().setPeerCertificates(x509CertificateArr);
                    this.certVerifier = new AbstractHandshake.CertVerifier(true, x509CertificateArr);
                    this.tasks.add(this.certVerifier);
                    KeyExchangeAlgorithm keyExchangeAlgorithm2 = this.engine.session().suite.keyExchangeAlgorithm();
                    if (keyExchangeAlgorithm2 != KeyExchangeAlgorithm.RSA && keyExchangeAlgorithm2 != KeyExchangeAlgorithm.RSA_PSK) {
                        this.state = State.READ_SERVER_KEY_EXCHANGE;
                        break;
                    } else {
                        this.keyExchange = new RSAGen(keyExchangeAlgorithm2 == KeyExchangeAlgorithm.RSA);
                        this.tasks.add(this.keyExchange);
                        if (keyExchangeAlgorithm2 != KeyExchangeAlgorithm.RSA) {
                            this.state = State.READ_SERVER_KEY_EXCHANGE;
                            break;
                        } else {
                            this.state = State.READ_CERTIFICATE_REQUEST;
                            break;
                        }
                    }
                } catch (NoSuchAlgorithmException e) {
                    throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNSUPPORTED_CERTIFICATE), e);
                } catch (CertificateException e2) {
                    throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.BAD_CERTIFICATE), e2);
                }
                break;
            case 4:
                CipherSuite cipherSuite = this.engine.session().suite;
                KeyExchangeAlgorithm keyExchangeAlgorithm3 = cipherSuite.keyExchangeAlgorithm();
                if (keyExchangeAlgorithm3 != KeyExchangeAlgorithm.DHE_DSS && keyExchangeAlgorithm3 != KeyExchangeAlgorithm.DHE_RSA && keyExchangeAlgorithm3 != KeyExchangeAlgorithm.DH_anon && keyExchangeAlgorithm3 != KeyExchangeAlgorithm.DHE_PSK && keyExchangeAlgorithm3 != KeyExchangeAlgorithm.PSK && keyExchangeAlgorithm3 != KeyExchangeAlgorithm.RSA_PSK) {
                    throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNEXPECTED_MESSAGE));
                }
                if (handshake.type() == Handshake.Type.SERVER_KEY_EXCHANGE) {
                    ServerKeyExchange serverKeyExchange = (ServerKeyExchange) handshake.body();
                    ByteBuffer byteBuffer = null;
                    if (keyExchangeAlgorithm3 == KeyExchangeAlgorithm.DHE_DSS || keyExchangeAlgorithm3 == KeyExchangeAlgorithm.DHE_RSA || keyExchangeAlgorithm3 == KeyExchangeAlgorithm.DH_anon) {
                        ByteBuffer buffer = ((ServerDHParams) serverKeyExchange.params()).buffer();
                        byteBuffer = ByteBuffer.allocate(buffer.remaining());
                        byteBuffer.put(buffer);
                    }
                    if (cipherSuite.signatureAlgorithm() != SignatureAlgorithm.ANONYMOUS) {
                        this.paramsVerifier = new ParamsVerifier(byteBuffer, serverKeyExchange.signature().signature());
                        this.tasks.add(this.paramsVerifier);
                    }
                    if (keyExchangeAlgorithm3 == KeyExchangeAlgorithm.DHE_DSS || keyExchangeAlgorithm3 == KeyExchangeAlgorithm.DHE_RSA || keyExchangeAlgorithm3 == KeyExchangeAlgorithm.DH_anon) {
                        ServerDHParams serverDHParams = (ServerDHParams) serverKeyExchange.params();
                        this.keyExchange = new ClientDHGen(new GnuDHPublicKey(null, serverDHParams.p(), serverDHParams.g(), serverDHParams.y()), new DHParameterSpec(serverDHParams.p(), serverDHParams.g()), true);
                        this.tasks.add(this.keyExchange);
                    }
                    if (keyExchangeAlgorithm3 == KeyExchangeAlgorithm.DHE_PSK) {
                        ServerDHParams params = ((ServerDHE_PSKParameters) serverKeyExchange.params()).params();
                        this.keyExchange = new ClientDHGen(new GnuDHPublicKey(null, params.p(), params.g(), params.y()), new DHParameterSpec(params.p(), params.g()), false);
                        this.tasks.add(this.keyExchange);
                    }
                    this.state = State.READ_CERTIFICATE_REQUEST;
                    break;
                } else {
                    if (keyExchangeAlgorithm3 != KeyExchangeAlgorithm.RSA_PSK && keyExchangeAlgorithm3 != KeyExchangeAlgorithm.PSK) {
                        throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNEXPECTED_MESSAGE));
                    }
                    this.state = State.READ_CERTIFICATE_REQUEST;
                    return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
                }
                break;
            case 5:
                if (handshake.type() == Handshake.Type.CERTIFICATE_REQUEST) {
                    CertificateRequest certificateRequest = (CertificateRequest) handshake.body();
                    ClientCertificateTypeList types = certificateRequest.types();
                    LinkedList linkedList = new LinkedList();
                    Iterator<CertificateRequest.ClientCertificateType> it2 = types.iterator();
                    while (it2.hasNext()) {
                        linkedList.add(it2.next().name());
                    }
                    X500PrincipalList authorities = certificateRequest.authorities();
                    LinkedList linkedList2 = new LinkedList();
                    Iterator<X500Principal> it3 = authorities.iterator();
                    while (it3.hasNext()) {
                        linkedList2.add(it3.next());
                    }
                    this.certLoader = new CertLoader(linkedList, linkedList2);
                    this.tasks.add(this.certLoader);
                    break;
                } else {
                    this.state = State.READ_SERVER_HELLO_DONE;
                    return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
                }
            case 6:
                if (handshake.type() == Handshake.Type.SERVER_HELLO_DONE) {
                    this.state = State.WRITE_CERTIFICATE;
                    break;
                } else {
                    throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNEXPECTED_MESSAGE));
                }
            case 7:
            case 8:
            case 9:
            case 10:
            default:
                throw new IllegalStateException("invalid state: " + ((Object) this.state));
            case 11:
                if (handshake.type() != Handshake.Type.FINISHED) {
                    throw new AlertException(new Alert(Alert.Level.FATAL, Alert.Description.UNEXPECTED_MESSAGE));
                }
                Finished finished = (Finished) handshake.body();
                try {
                    Finished finished2 = new Finished(generateFinished((MessageDigest) this.md5.clone(), (MessageDigest) this.sha.clone(), false, this.engine.session()), this.engine.session().version);
                    logger.logv(Component.SSL_HANDSHAKE, "clientFinished: {0}", finished2);
                    if (this.engine.session().version == ProtocolVersion.SSL_3) {
                        if (!Arrays.equals(finished2.md5Hash(), finished.md5Hash()) || !Arrays.equals(finished2.shaHash(), finished.shaHash())) {
                            this.engine.session().invalidate();
                            throw new SSLException("session verify failed");
                        }
                    } else if (!Arrays.equals(finished2.verifyData(), finished.verifyData())) {
                        this.engine.session().invalidate();
                        throw new SSLException("session verify failed");
                    }
                    if (!this.continuedSession) {
                        this.state = State.DONE;
                        break;
                    } else {
                        this.engine.changeCipherSpec();
                        this.state = State.WRITE_FINISHED;
                        break;
                    }
                } catch (CloneNotSupportedException e3) {
                    throw new SSLException(e3);
                }
                break;
        }
        this.handshakeOffset += handshake.length() + 4;
        return !this.tasks.isEmpty() ? SSLEngineResult.HandshakeStatus.NEED_TASK : (this.state.isWriteState() || (this.outBuffer != null && this.outBuffer.hasRemaining())) ? SSLEngineResult.HandshakeStatus.NEED_WRAP : this.state.isReadState() ? SSLEngineResult.HandshakeStatus.NEED_UNWRAP : SSLEngineResult.HandshakeStatus.FINISHED;
    }

    /* JADX WARN: Code restructure failed: missing block: B:100:0x0895, code lost:
    
        return javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
     */
    /* JADX WARN: Code restructure failed: missing block: B:102:0x0899, code lost:
    
        return javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED;
     */
    /* JADX WARN: Code restructure failed: missing block: B:104:0x0887, code lost:
    
        return javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_WRAP;
     */
    /* JADX WARN: Code restructure failed: missing block: B:88:0x0862, code lost:
    
        if (r9.tasks.isEmpty() != false) goto L158;
     */
    /* JADX WARN: Code restructure failed: missing block: B:90:0x0868, code lost:
    
        return javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_TASK;
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x0870, code lost:
    
        if (r9.state.isWriteState() != false) goto L164;
     */
    /* JADX WARN: Code restructure failed: missing block: B:94:0x0877, code lost:
    
        if (r9.outBuffer == null) goto L166;
     */
    /* JADX WARN: Code restructure failed: missing block: B:96:0x0881, code lost:
    
        if (r9.outBuffer.hasRemaining() == false) goto L166;
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x088f, code lost:
    
        if (r9.state.isReadState() == false) goto L170;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:22:0x00b3. Please report as an issue. */
    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected javax.net.ssl.SSLEngineResult.HandshakeStatus implHandleOutput(java.nio.ByteBuffer r10) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 2202
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: gnu.javax.net.ssl.provider.ClientHandshake.implHandleOutput(java.nio.ByteBuffer):javax.net.ssl.SSLEngineResult$HandshakeStatus");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    public SSLEngineResult.HandshakeStatus status() {
        return this.state.isReadState() ? SSLEngineResult.HandshakeStatus.NEED_UNWRAP : this.state.isWriteState() ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.FINISHED;
    }

    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    void checkKeyExchange() throws SSLException {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // gnu.javax.net.ssl.provider.AbstractHandshake
    public void handleV2Hello(ByteBuffer byteBuffer) throws SSLException {
        throw new SSLException("this should be impossible");
    }

    private ProtocolVersion chooseVersion() throws SSLException {
        ProtocolVersion protocolVersion = null;
        for (String str : this.engine.getEnabledProtocols()) {
            try {
                ProtocolVersion forName = ProtocolVersion.forName(str);
                if (protocolVersion == null || protocolVersion.compareTo(forName) < 0) {
                    protocolVersion = forName;
                }
            } catch (Exception unused) {
            }
        }
        if (protocolVersion == null) {
            throw new SSLException("no suitable enabled versions");
        }
        return protocolVersion;
    }

    private List<CipherSuite> getSuites() throws SSLException {
        LinkedList linkedList = new LinkedList();
        for (String str : this.engine.getEnabledCipherSuites()) {
            CipherSuite forName = CipherSuite.forName(str);
            if (forName != null) {
                linkedList.add(forName);
            }
        }
        if (linkedList.isEmpty()) {
            throw new SSLException("no cipher suites enabled");
        }
        return linkedList;
    }

    private List<CompressionMethod> getCompressionMethods() {
        LinkedList linkedList = new LinkedList();
        if (Boolean.valueOf((String) AccessController.doPrivileged(new GetSecurityPropertyAction("jessie.enable.compression"))).booleanValue()) {
            linkedList.add(CompressionMethod.ZLIB);
        }
        linkedList.add(CompressionMethod.NULL);
        return linkedList;
    }

    private boolean enableExtensions() {
        return Boolean.valueOf((String) AccessController.doPrivileged(new GetSecurityPropertyAction("jessie.client.enable.extensions"))).booleanValue();
    }

    private MaxFragmentLength maxFragmentLength() {
        String str = (String) AccessController.doPrivileged(new GetSecurityPropertyAction("jessie.client.maxFragmentLength"));
        if (str == null) {
            return null;
        }
        try {
            switch (Integer.parseInt(str)) {
                case 9:
                case 512:
                    return MaxFragmentLength.LEN_2_9;
                case 10:
                case 1024:
                    return MaxFragmentLength.LEN_2_10;
                case 11:
                case 2048:
                    return MaxFragmentLength.LEN_2_11;
                case 12:
                case 4096:
                    return MaxFragmentLength.LEN_2_12;
                default:
                    return null;
            }
        } catch (NumberFormatException unused) {
            return null;
        }
    }

    private boolean truncatedHMac() {
        return Boolean.valueOf((String) AccessController.doPrivileged(new GetSecurityPropertyAction("jessie.client.truncatedHMac"))).booleanValue();
    }

    private String getPSKIdentity() {
        return (String) AccessController.doPrivileged(new GetSecurityPropertyAction("jessie.client.psk.identity"));
    }

    static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type() {
        int[] iArr = $SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[Extension.Type.valuesCustom().length];
        try {
            iArr2[Extension.Type.CERT_TYPE.ordinal()] = 8;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[Extension.Type.CLIENT_CERTIFICATE_URL.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[Extension.Type.MAX_FRAGMENT_LENGTH.ordinal()] = 2;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[Extension.Type.SERVER_NAME.ordinal()] = 1;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[Extension.Type.SRP.ordinal()] = 7;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[Extension.Type.STATUS_REQUEST.ordinal()] = 6;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[Extension.Type.TRUNCATED_HMAC.ordinal()] = 5;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[Extension.Type.TRUSTED_CA_KEYS.ordinal()] = 4;
        } catch (NoSuchFieldError unused8) {
        }
        $SWITCH_TABLE$gnu$javax$net$ssl$provider$Extension$Type = iArr2;
        return iArr2;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$gnu$javax$net$ssl$provider$ClientHandshake$State() {
        int[] iArr = $SWITCH_TABLE$gnu$javax$net$ssl$provider$ClientHandshake$State;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[State.valuesCustom().length];
        try {
            iArr2[State.DONE.ordinal()] = 12;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[State.READ_CERTIFICATE.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[State.READ_CERTIFICATE_REQUEST.ordinal()] = 5;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[State.READ_FINISHED.ordinal()] = 11;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[State.READ_SERVER_HELLO.ordinal()] = 2;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[State.READ_SERVER_HELLO_DONE.ordinal()] = 6;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[State.READ_SERVER_KEY_EXCHANGE.ordinal()] = 4;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[State.WRITE_CERTIFICATE.ordinal()] = 7;
        } catch (NoSuchFieldError unused8) {
        }
        try {
            iArr2[State.WRITE_CERTIFICATE_VERIFY.ordinal()] = 9;
        } catch (NoSuchFieldError unused9) {
        }
        try {
            iArr2[State.WRITE_CLIENT_HELLO.ordinal()] = 1;
        } catch (NoSuchFieldError unused10) {
        }
        try {
            iArr2[State.WRITE_CLIENT_KEY_EXCHANGE.ordinal()] = 8;
        } catch (NoSuchFieldError unused11) {
        }
        try {
            iArr2[State.WRITE_FINISHED.ordinal()] = 10;
        } catch (NoSuchFieldError unused12) {
        }
        $SWITCH_TABLE$gnu$javax$net$ssl$provider$ClientHandshake$State = iArr2;
        return iArr2;
    }
}
