package com.novell.service.security.net.ssl;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.PublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/novell/service/security/net/ssl/CertificateVerify.class */
public class CertificateVerify extends HandshakeMessage {
    byte[] sigBytes;
    SHA sha2;
    SHA sha;
    MD5 md52;
    MD5 md5;
    SSLState state;

    public String toString() {
        return new StringBuffer("MD5 = ").append(this.md5).append(", SHA = ").append(this.sha).toString();
    }

    @Override // com.novell.service.security.net.ssl.HandshakeMessage, com.novell.service.security.net.ssl.Streamable
    public void output(OutputStream outputStream) throws IOException {
        if (this.sigBytes == null) {
            computeSigBytes();
        }
        Utils.output24bit(length() - 3, outputStream);
        Utils.outputShort((short) this.sigBytes.length, outputStream);
        outputStream.write(this.sigBytes);
    }

    @Override // com.novell.service.security.net.ssl.HandshakeMessage, com.novell.service.security.net.ssl.Streamable
    public int length() {
        if (this.sigBytes == null) {
            try {
                computeSigBytes();
            } catch (IOException e) {
                e.printStackTrace();
                return 5;
            }
        }
        return 5 + this.sigBytes.length;
    }

    @Override // com.novell.service.security.net.ssl.HandshakeMessage, com.novell.service.security.net.ssl.Streamable
    public void input(InputStream inputStream) throws IOException {
        Utils.input24bit(inputStream);
        this.sigBytes = new byte[Utils.inputShort(inputStream)];
        Utils.inputByteArray(this.sigBytes, inputStream);
        try {
            PublicKey publicKey = this.state.clientCert.getPublicKey();
            if (publicKey.getAlgorithm().equals("RSA")) {
                f fVar = new f(2);
                fVar.a((h) publicKey);
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(fVar.b(this.sigBytes));
                byte[] bArr = new byte[16];
                byte[] bArr2 = new byte[20];
                Utils.inputByteArray(bArr, byteArrayInputStream);
                Utils.inputByteArray(bArr2, byteArrayInputStream);
                if (!this.md5.isEqual(bArr) || !this.sha.isEqual(bArr2)) {
                    throw new CipherException("Invalid signature");
                }
                return;
            }
            if (!publicKey.getAlgorithm().equals("DSA")) {
                throw new AuthenticationException(new StringBuffer("Unknown signature algorithm ").append(publicKey.getAlgorithm()).toString());
            }
            byte[] bArr3 = new byte[40];
            Utils.setArray(bArr3, (byte) 92);
            java.security.Signature signature = java.security.Signature.getInstance("DSA");
            signature.initVerify(publicKey);
            signature.update(this.state.masterSecret);
            signature.update(bArr3);
            signature.update(this.sha2.digestBits);
            if (!signature.verify(this.sigBytes)) {
                throw new CipherException("Invalid signature");
            }
        } catch (Exception e) {
            this.state.socket.sendAlert(2, 40);
            this.state.socket.abort();
            throw new IOException(e.toString());
        }
    }

    void computeSigBytes() throws IOException {
        try {
            PrivateKey privateKey = this.state.clientCert.getPrivateKey();
            if (privateKey.getAlgorithm().equals("RSA")) {
                f fVar = new f(2);
                fVar.b((j) privateKey);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(this.md5.digestBits);
                byteArrayOutputStream.write(this.sha.digestBits);
                this.sigBytes = fVar.c(byteArrayOutputStream.toByteArray());
                return;
            }
            if (!privateKey.getAlgorithm().equals("DSA")) {
                throw new AuthenticationException(new StringBuffer("Unknown signature algorithm ").append(privateKey.getAlgorithm()).toString());
            }
            byte[] bArr = new byte[40];
            Utils.setArray(bArr, (byte) 92);
            java.security.Signature signature = java.security.Signature.getInstance("DSA");
            signature.initSign(privateKey);
            signature.update(this.state.masterSecret);
            signature.update(bArr);
            signature.update(this.sha2.digestBits);
            this.sigBytes = signature.sign();
        } catch (Exception e) {
            throw new IOException(e.toString());
        }
    }

    public CertificateVerify(SSLState sSLState) {
        this.state = sSLState;
        byte[] bArr = new byte[48];
        byte[] bArr2 = new byte[48];
        Utils.setArray(bArr, (byte) 54);
        Utils.setArray(bArr2, (byte) 92);
        this.md52 = (MD5) this.state.md5Handshake.clone();
        this.md5 = new MD5();
        this.md52.update(this.state.masterSecret);
        this.md52.update(bArr);
        this.md52.computeCurrent();
        this.md5.update(this.state.masterSecret);
        this.md5.update(bArr2);
        this.md5.update(this.md52.digestBits);
        this.md5.computeCurrent();
        byte[] bArr3 = new byte[40];
        byte[] bArr4 = new byte[40];
        Utils.setArray(bArr3, (byte) 54);
        Utils.setArray(bArr4, (byte) 92);
        this.sha2 = (SHA) this.state.shaHandshake.clone();
        this.sha = new SHA();
        this.sha2.update(this.state.masterSecret);
        this.sha2.update(bArr3);
        this.sha2.computeCurrent();
        this.sha.update(this.state.masterSecret);
        this.sha.update(bArr4);
        this.sha.update(this.sha2.digestBits);
        this.sha.computeCurrent();
    }
}
