package com.novell.service.security.net.ssl;

import com.novell.service.security.net.SecureSocketNotification;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Properties;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/novell/service/security/net/ssl/SSLv2SocketImpl.class */
public class SSLv2SocketImpl implements ProtocolAbstraction {
    private V2ClientHello ClientHello;
    private int MACSize;
    private int ReadSerial;
    private byte[] ReadKey;
    private byte[] WriteKey;
    private MessageDigest ReadDigest;
    private MessageDigest WriteDigest;
    private SymmetricCipher ReadCipher;
    private SymmetricCipher WriteCipher;
    private SessionParams SessionParams;
    private InputStream SocketInputStream;
    private OutputStream SocketOutputStream;
    private SSLv2RecordInputStream InputStream;
    private SSLv2RecordOutputStream OutputStream;
    private SSLSocketImpl SocketImpl;
    private Properties Prop;
    private int WriteSerial = 1;
    private int Count = 0;

    @Override // com.novell.service.security.net.ssl.ProtocolAbstraction
    public synchronized void startHandshake() throws IOException {
        if (this.OutputStream == null) {
            this.OutputStream = new SSLv2RecordOutputStream(this, this.SocketOutputStream);
            this.InputStream = new SSLv2RecordInputStream(this, this.SocketInputStream);
            performHandshake();
            this.SocketImpl.postHandshakeStuff();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendRecord(byte[] bArr, int i, int i2) throws IOException {
        try {
            if (this.WriteCipher != null) {
                int c = this.WriteCipher.c();
                int i3 = this.MACSize + i2;
                int i4 = c == 1 ? i3 : (((i3 + c) - 1) / c) * c;
                byte[] bArr2 = new byte[i4];
                System.arraycopy(bArr, 0, bArr2, this.MACSize, i2);
                this.WriteDigest.init();
                this.WriteDigest.update(this.WriteKey);
                this.WriteDigest.update(bArr2, this.MACSize, i4 - this.MACSize);
                this.WriteDigest.update(this.WriteSerial);
                this.WriteDigest.computeCurrent();
                System.arraycopy(this.WriteDigest.digestBits, 0, bArr2, 0, this.MACSize);
                this.OutputStream.writeRecord(this.WriteCipher.c(bArr2), i4 - i3);
            } else if (i == 0 && i2 == bArr.length) {
                this.OutputStream.writeRecord(bArr, 0);
            } else {
                byte[] bArr3 = new byte[i2];
                System.arraycopy(bArr, i, bArr3, 0, i2);
                this.OutputStream.writeRecord(bArr3, 0);
            }
            this.WriteSerial++;
        } catch (Throwable th) {
            abort();
            if (th instanceof IOException) {
                throw ((IOException) th);
            }
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            if (!(th instanceof Error)) {
                throw new IOException(th.toString());
            }
            throw ((Error) th);
        }
    }

    void sendRecord(byte[] bArr) throws IOException {
        sendRecord(bArr, 0, bArr.length);
    }

    private void sendEvent(int i) {
        SecureSocketNotification notificationObject = getNotificationObject();
        if (notificationObject != null) {
            if (i == 1) {
                notificationObject.notification(268500992);
            } else {
                notificationObject.notification(268566528);
            }
        }
    }

    private void performHandshake() throws IOException {
        SSLv2Message_ServerHello sSLv2Message_ServerHello = null;
        try {
            SSLv2Message message = getMessage();
            if (!(message instanceof SSLv2Message_ServerHello)) {
                throw new IOException("Server hello expected");
            }
            SSLv2Message_ServerHello sSLv2Message_ServerHello2 = (SSLv2Message_ServerHello) message;
            SessionID sessionID = sSLv2Message_ServerHello2.SessionID;
            if (sSLv2Message_ServerHello2.SessionIDHit) {
                this.SessionParams.touch();
            } else {
                this.SessionParams = null;
                int[] iArr = sSLv2Message_ServerHello2.CipherKinds;
                int[] iArr2 = this.ClientHello.cipherKinds;
                int i = 0;
                for (int i2 = 0; i == 0 && i2 < iArr2.length; i2++) {
                    int i3 = iArr2[i2];
                    if (CipherSpec.isCipherKind(i3)) {
                        for (int i4 = 0; i == 0 && i4 < iArr.length; i4++) {
                            if (i3 == iArr[i4]) {
                                i = i3;
                            }
                        }
                    }
                }
                if (i == 0) {
                    sendEvent(1);
                    throw new IOException("No common cipher suites");
                }
                CipherSpec cipherSpec = new CipherSpec(CipherSpec.cipherKindToCipherSpec(i));
                SSLCertificate sSLCertificate = new SSLCertificate(this.SocketImpl.state);
                sSLCertificate.certificateList.addElement(sSLv2Message_ServerHello2.Certificate);
                this.SocketImpl.state.serverCert = sSLCertificate;
                this.SocketImpl.state.sessionID = null;
                this.SocketImpl.state.currentCS = cipherSpec;
                sSLCertificate.verify();
                SSLv2Message_ClientMasterKey sSLv2Message_ClientMasterKey = new SSLv2Message_ClientMasterKey(this.SocketImpl.state.rng, sSLv2Message_ServerHello2.Certificate, cipherSpec);
                sendRecord(sSLv2Message_ClientMasterKey.Content);
                this.OutputStream.flush();
                this.SessionParams = new SessionParams();
                this.SessionParams.masterSecret = sSLv2Message_ClientMasterKey.MasterKey;
                if (sSLv2Message_ClientMasterKey.IV.length != 0) {
                    this.SessionParams.v2IV = sSLv2Message_ClientMasterKey.IV;
                }
                this.SessionParams.cipherSuite = cipherSpec.cipherSuite;
                this.SessionParams.peerCertificate = sSLCertificate;
                this.SessionParams.v2Session = true;
            }
            initCrypto(this.SessionParams, this.ClientHello.challenge, sessionID);
            boolean z = false;
            SessionID sessionID2 = null;
            while (sessionID2 == null) {
                SSLv2Message message2 = getMessage();
                if (message2 instanceof SSLv2Message_RequestCertificate) {
                    sendRecord(new SSLv2Message_ErrorMessage(2).Content);
                    getMessage();
                } else if (message2 instanceof SSLv2Message_ServerVerify) {
                    if (!MessageDigest.isEqual(((SSLv2Message_ServerVerify) message2).getChallenge(), this.ClientHello.challenge)) {
                        throw new IOException("Server verify failed");
                    }
                    z = true;
                    sendRecord(new SSLv2Message_ClientFinished(sessionID).Content);
                    this.OutputStream.flush();
                } else if (message2 instanceof SSLv2Message_ServerFinished) {
                    sessionID2 = ((SSLv2Message_ServerFinished) message2).getSessionID();
                }
            }
            if (!z) {
                throw new IOException("Server never verified");
            }
            if (sSLv2Message_ServerHello2.SessionIDHit) {
                this.SessionParams.touch();
                if (!this.SessionParams.sessionID.equals(sessionID2)) {
                    SSLParams.sessionCache.remove(this.SessionParams.sessionID);
                }
            }
            SSLState sSLState = this.SocketImpl.state;
            SessionID sessionID3 = sessionID2;
            this.SessionParams.sessionID = sessionID3;
            sSLState.sessionID = sessionID3;
            SSLParams.sessionCache.put(sessionID2, this.SessionParams);
        } catch (Throwable th) {
            if (0 != 0) {
                SSLParams.sessionCache.remove(sSLv2Message_ServerHello.SessionID);
            }
            try {
                this.SocketImpl.TheSocket.close();
            } catch (Throwable unused) {
            }
            if (th instanceof IOException) {
                throw ((IOException) th);
            }
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            if (!(th instanceof Error)) {
                throw new IOException(th.toString());
            }
            throw ((Error) th);
        }
    }

    private void initCrypto(SessionParams sessionParams, byte[] bArr, SessionID sessionID) {
        CipherSpec cipherSpec = new CipherSpec(sessionParams.cipherSuite);
        this.WriteCipher = cipherSpec.clientCipher;
        this.ReadCipher = cipherSpec.serverCipher;
        if (cipherSpec.MACalgorithm == 1) {
            this.WriteDigest = new MD5();
            this.ReadDigest = new MD5();
            this.MACSize = 16;
        } else {
            this.WriteDigest = new SHA();
            this.ReadDigest = new SHA();
            this.MACSize = 20;
        }
        MD5 md5 = new MD5();
        if (cipherSpec.expKeyMaterial == 16) {
            md5.update(sessionParams.masterSecret);
            md5.update((byte) 48);
            md5.update(bArr);
            md5.update(sessionID.id);
            md5.computeCurrent();
            this.ReadKey = md5.digestBits;
            md5.init();
            md5.update(sessionParams.masterSecret);
            md5.update((byte) 49);
            md5.update(bArr);
            md5.update(sessionID.id);
            md5.computeCurrent();
            this.WriteKey = md5.digestBits;
        } else {
            if (cipherSpec.expKeyMaterial != 8) {
                throw new RuntimeException("Invalid key size");
            }
            md5.update(sessionParams.masterSecret);
            md5.update(bArr);
            md5.update(sessionID.id);
            md5.computeCurrent();
            this.ReadKey = new byte[cipherSpec.expKeyMaterial];
            this.WriteKey = new byte[cipherSpec.expKeyMaterial];
            System.arraycopy(md5.digestBits, 0, this.ReadKey, 0, cipherSpec.expKeyMaterial);
            System.arraycopy(md5.digestBits, cipherSpec.expKeyMaterial, this.WriteKey, 0, cipherSpec.expKeyMaterial);
        }
        this.ReadCipher.c(new SymmetricKey(this.ReadKey));
        this.WriteCipher.c(new SymmetricKey(this.WriteKey));
        if (sessionParams.v2IV == null || !(this.ReadCipher instanceof y)) {
            return;
        }
        try {
            ((y) this.ReadCipher).a(sessionParams.v2IV);
            ((y) this.WriteCipher).a(sessionParams.v2IV);
        } catch (CipherException unused) {
            throw new RuntimeException("Internal error");
        }
    }

    @Override // com.novell.service.security.net.ssl.ProtocolAbstraction
    public void init(SSLSocketImpl sSLSocketImpl, InputStream inputStream, OutputStream outputStream, V2ClientHello v2ClientHello, SessionParams sessionParams, Properties properties) {
        this.SocketImpl = sSLSocketImpl;
        this.SocketInputStream = inputStream;
        this.SocketOutputStream = outputStream;
        this.Prop = properties;
        this.SessionParams = sessionParams;
        this.ClientHello = v2ClientHello;
    }

    @Override // com.novell.service.security.net.ssl.ProtocolAbstraction
    public SessionParams getSessionParams() {
        return this.SessionParams;
    }

    @Override // com.novell.service.security.net.ssl.ProtocolAbstraction
    public OutputStream getOutputStream() throws IOException {
        startHandshake();
        return this.OutputStream;
    }

    private SecureSocketNotification getNotificationObject() {
        SecureSocketNotification notificationObject = this.SocketImpl.par.getNotificationObject();
        if (notificationObject != null) {
            notificationObject.socket = this.SocketImpl.TheSocket;
            notificationObject.sockProps = this.Prop;
            if (this.SessionParams != null) {
                SSLCertificate sSLCertificate = this.SessionParams.peerCertificate;
                if (sSLCertificate != null) {
                    notificationObject.certificateChain = sSLCertificate.getCertChainBytes();
                    notificationObject.subjectDN = sSLCertificate.getSubject();
                }
                SessionID sessionID = this.SessionParams.sessionID;
                if (sessionID != null && sessionID.id != null && sessionID.id.length != 0) {
                    notificationObject.sessionID = sessionID.id;
                }
                if (this.SessionParams.cipherSuite != 0) {
                    notificationObject.cipherSuite = CipherSuiteMapper.shortToString(this.SessionParams.cipherSuite);
                }
            }
        }
        return notificationObject;
    }

    private SSLv2Message getMessage() throws IOException {
        SSLv2Message sSLv2Message = SSLv2Message.get(this.InputStream.getRecord());
        if (sSLv2Message == null) {
            throw new EOFException();
        }
        if (sSLv2Message instanceof SSLv2Message_ErrorMessage) {
            sendEvent(((SSLv2Message_ErrorMessage) sSLv2Message).getCode());
            ((SSLv2Message_ErrorMessage) sSLv2Message).throwException();
        }
        return sSLv2Message;
    }

    @Override // com.novell.service.security.net.ssl.ProtocolAbstraction
    public InputStream getInputStream() throws IOException {
        startHandshake();
        return this.InputStream;
    }

    private void eraseSecrets() {
        this.ReadCipher = null;
        this.WriteCipher = null;
        Utils.setArray(this.WriteKey, (byte) 0);
        Utils.setArray(this.ReadKey, (byte) 0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] decrypt(byte[] bArr, int i) throws IOException {
        try {
            try {
                if (this.ReadCipher == null) {
                    return bArr;
                }
                if (i >= this.ReadCipher.c()) {
                    throw new CipherException("Illegal padding");
                }
                byte[] b = this.ReadCipher.b(bArr);
                this.ReadDigest.init();
                this.ReadDigest.update(this.ReadKey);
                this.ReadDigest.update(b, this.MACSize, b.length - this.MACSize);
                this.ReadDigest.update(this.ReadSerial);
                this.ReadDigest.computeCurrent();
                for (int i2 = 0; i2 < this.ReadDigest.digestBits.length; i2++) {
                    if (this.ReadDigest.digestBits[i2] != b[i2]) {
                        SecureSocketNotification notificationObject = getNotificationObject();
                        if (notificationObject != null) {
                            notificationObject.notification(268697600);
                        }
                        throw new IOException("Bad MAC");
                    }
                }
                byte[] bArr2 = new byte[(b.length - i) - this.MACSize];
                System.arraycopy(b, this.MACSize, bArr2, 0, bArr2.length);
                return bArr2;
            } catch (Throwable th) {
                abort();
                if (th instanceof RuntimeException) {
                    throw ((RuntimeException) th);
                }
                if (th instanceof Error) {
                    throw ((Error) th);
                }
                if (th instanceof IOException) {
                    throw ((IOException) th);
                }
                throw new IOException(th.toString());
            }
        } finally {
            this.ReadSerial++;
        }
    }

    @Override // com.novell.service.security.net.ssl.ProtocolAbstraction
    public void close() {
        eraseSecrets();
    }

    @Override // com.novell.service.security.net.ssl.ProtocolAbstraction
    public void abort() {
        if (this.SessionParams != null && this.SessionParams.sessionID != null) {
            SSLParams.sessionCache.remove(this.SessionParams.sessionID);
        }
        eraseSecrets();
        try {
            this.SocketImpl.TheSocket.close();
        } catch (Throwable unused) {
        }
    }

    SSLv2SocketImpl() {
    }
}
