package com.novell.service.security.net.ssl;

import com.novell.service.security.net.SecureSocketNotification;
import java.io.BufferedOutputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.util.Properties;
import sun.security.x509.X500Name;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/novell/service/security/net/ssl/SSLSocketImpl.class */
public class SSLSocketImpl {
    protected boolean EnableSessionCreation = true;
    protected boolean IsClient;
    OutputStream dataOutputStream;
    RecordInputStream dataStream;
    RecordInputStream handshakeStream;
    RecordInputStream alertStream;
    RecordInputStream ccsStream;
    boolean V3Enabled;
    boolean V2Enabled;
    ProtocolAbstraction AlternateProtocol;
    boolean UseV2Hello;
    SSLHandshakeMulticaster Multicaster;
    boolean NextSessionIDSet;
    SessionID NextSessionID;
    Properties Prop;
    OutputStream super_OutputStream;
    InputStream super_InputStream;
    Socket WrappingSocket;
    Socket TheSocket;
    OutputStream os;
    MyPushbackInputStream is;
    SSLParams par;
    SSLState state;

    boolean useV2Hello() throws IOException {
        int read = this.is.read();
        if (read == -1) {
            abort();
            throw new IOException("End of input");
        }
        this.is.unread(read);
        return (read == 22 || read == 21) ? false : true;
    }

    boolean supportedClientCS(short s) {
        for (short s2 : this.state.params.getClientCipherSuites()) {
            if (s2 == s) {
                return true;
            }
        }
        return false;
    }

    public synchronized void startHandshake() throws IOException {
        if (this.AlternateProtocol != null) {
            this.AlternateProtocol.startHandshake();
        } else if (this.state != null) {
            renegotiate();
        } else {
            if (this.par == null) {
                throw new IOException("Parameters not initialized");
            }
            initialize(false, this.par);
        }
    }

    public void setUseClientMode(boolean z) {
        this.IsClient = z;
    }

    public void setNextHandshakeSessionId(byte[] bArr) {
        if (!this.IsClient) {
            throw new RuntimeException("setNextHandshakeSessionId must be called on client sockets");
        }
        if (this.AlternateProtocol != null) {
            throw new RuntimeException("setNextHandshakeSessionId must be called prior to handshake for SSLv2");
        }
        if (bArr == null) {
            this.NextSessionID = null;
        } else {
            this.NextSessionID = new SessionID((byte[]) bArr.clone());
        }
        this.NextSessionIDSet = true;
    }

    public void setEnabledCipherSuites(String[] strArr) {
        this.par.cipherSuites = CipherSuiteMapper.stringToShort(strArr);
    }

    protected void serverInit2(short[] sArr, SessionID sessionID) throws IOException {
        try {
            this.state.handshakeInProgress = true;
            this.state.finishedReceived = false;
            this.state.clientCert = null;
            this.state.skx = null;
            boolean z = false;
            SessionParams sessionParams = null;
            if (SSLParams.sessionCache != null && SSLParams.sessionCache.containsKey(sessionID)) {
                sessionParams = (SessionParams) SSLParams.sessionCache.get(sessionID);
                if (containsCS(sArr, sessionParams.cipherSuite) && containsCS(this.state.params.getServerCipherSuites(), sessionParams.cipherSuite)) {
                    z = true;
                    this.state.setSessionParams(sessionParams);
                }
            }
            if (z) {
                ServerHello serverHello = new ServerHello(this.state.currentCS.cipherSuite, this.state.sessionID, this.state.rng);
                this.state.serverRandom = serverHello.random;
                sendHandshake(2, serverHello);
                this.state.computeSecrets();
                sendChangeCipherSpec();
                this.state.finishHandshake();
                sendHandshake(20, new Finished(this.state, false));
                getChangeCipherSpec();
                this.state.finishHandshake();
                if (getHandshake().msgType.type != 20) {
                    sendAlert(2, 10);
                    abort();
                    throw new IOException("Unexpected message");
                }
                this.state.finishedReceived = true;
                if (sessionParams != null) {
                    sessionParams.touch();
                }
            } else {
                if (!this.par.EnableSessionCreation) {
                    throw new IOException("Session creation disabled");
                }
                this.state.sessionID = new SessionID(this.state.rng);
                int serverCipherSuite = serverCipherSuite(sArr);
                if (serverCipherSuite == -1) {
                    SecureSocketNotification notificationObject = this.state.getNotificationObject();
                    if (notificationObject != null) {
                        notificationObject.notification(268500992);
                    }
                    sendAlert(2, 40);
                    abort();
                    throw new IOException("Unsupported ciphersuites requested");
                }
                ServerHello serverHello2 = new ServerHello((short) serverCipherSuite, this.state.sessionID, this.state.rng);
                this.state.serverRandom = serverHello2.random;
                this.state.currentCS = new CipherSpec(serverHello2.cipherSuite);
                sendHandshake(2, serverHello2);
                if (this.state.currentCS.serverCertType != 0) {
                    if (this.state.serverCert == null) {
                        abort();
                        throw new IOException("No server certificate set");
                    }
                    if (this.state.currentCS.serverCertType == 1 && !this.state.serverCert.getPublicKey().getAlgorithm().equals("RSA")) {
                        abort();
                        throw new IOException(new StringBuffer("RSA server certificate expected, ").append(this.state.serverCert.getPublicKey().getAlgorithm()).append(" present").toString());
                    }
                    if (this.state.currentCS.serverCertType == 3 && !this.state.serverCert.getPublicKey().getAlgorithm().equals("DSA")) {
                        abort();
                        throw new IOException(new StringBuffer("DSA server certificate expected, ").append(this.state.serverCert.getPublicKey().getAlgorithm()).append(" present").toString());
                    }
                    sendHandshake(11, this.state.serverCert);
                }
                if (this.state.currentCS.keyExchange == 2) {
                    ServerKeyExchange serverKeyExchange = new ServerKeyExchange(this.state.rng, this.state.params.dhModulus, this.state.params.dhGenerator, this.state);
                    this.state.skx = serverKeyExchange;
                    sendHandshake(12, serverKeyExchange);
                }
                if (this.state.currentCS.keyExchange == 1 && this.state.tempKey != null) {
                    ServerKeyExchange serverKeyExchange2 = new ServerKeyExchange(this.state.tempKey.i(), this.state);
                    this.state.skx = serverKeyExchange2;
                    sendHandshake(12, serverKeyExchange2);
                }
                if (this.state.params.requestClientCert && this.state.currentCS.serverCertType != 0) {
                    X500Name[] x500NameArr = null;
                    X500Name[] acceptedIssuers = this.par.Wallet.getAcceptedIssuers();
                    if (acceptedIssuers != null) {
                        x500NameArr = new X500Name[acceptedIssuers.length];
                        for (int i = 0; i < acceptedIssuers.length; i++) {
                            x500NameArr[i] = acceptedIssuers[i];
                        }
                    }
                    sendHandshake(13, new CertificateRequest(x500NameArr));
                }
                sendHandshake(14, new ServerHelloDone());
                Handshake handshake = getHandshake();
                if (handshake.msgType.type == 11 && this.state.params.requestClientCert && this.state.currentCS.serverCertType != 0) {
                    this.state.clientCert = (SSLCertificate) handshake.body;
                    if (!this.state.serverCert.getPublicKey().getAlgorithm().equals("RSA") && !this.state.serverCert.getPublicKey().getAlgorithm().equals("DSA")) {
                        sendAlert(2, 43);
                        abort();
                        throw new IOException(new StringBuffer("Certificate of type ").append(this.state.serverCert.getPublicKey().getAlgorithm()).append(" was received instead of RSA or DSA").toString());
                    }
                    Handshake handshake2 = getHandshake();
                    if (handshake2.msgType.type != 16) {
                        sendAlert(2, 10);
                        abort();
                        throw new IOException("Unexpected message");
                    }
                    ClientKeyExchange clientKeyExchange = (ClientKeyExchange) handshake2.body;
                    this.state.preMasterSecret = clientKeyExchange.preMasterSecret();
                    clientKeyExchange.erasePMS();
                    this.state.computeMasterSecret();
                    if (getHandshake().msgType.type != 15) {
                        sendAlert(2, 10);
                        abort();
                        throw new IOException("Unexpected message");
                    }
                } else {
                    if (handshake.msgType.type != 16) {
                        sendAlert(2, 10);
                        abort();
                        throw new IOException("Unexpected message");
                    }
                    ClientKeyExchange clientKeyExchange2 = (ClientKeyExchange) handshake.body;
                    this.state.preMasterSecret = clientKeyExchange2.preMasterSecret();
                    clientKeyExchange2.erasePMS();
                    this.state.computeMasterSecret();
                }
                this.state.computeSecrets();
                getChangeCipherSpec();
                this.state.finishHandshake();
                if (getHandshake().msgType.type != 20) {
                    sendAlert(2, 10);
                    abort();
                    throw new IOException("Unexpected message");
                }
                this.state.finishedReceived = true;
                sendChangeCipherSpec();
                this.state.finishHandshake();
                sendHandshake(20, new Finished(this.state, false));
            }
            if (!z) {
                this.state.cacheSession();
            }
            this.state.handshakeInProgress = false;
            this.state.md5Handshake.init();
            this.state.shaHandshake.init();
            postHandshakeStuff();
        } catch (IOException e) {
            abort();
            throw e;
        }
    }

    protected void serverInit() throws IOException {
        try {
            this.par.setupServerCertificate();
            this.state.serverCert = this.par.serverCert;
            this.state.handshakeInProgress = true;
            this.state.finishedReceived = false;
            this.state.md5Handshake.init();
            this.state.shaHandshake.init();
            if (useV2Hello()) {
                V2ClientHello v2ClientHello = new V2ClientHello(this.state);
                v2ClientHello.input(this.is);
                if (v2ClientHello.version.major != 3) {
                    abort();
                    throw new IOException("Client does not support SSL3");
                }
                this.state.clientRandom = v2ClientHello.getRandom();
                serverInit2(v2ClientHello.cipherSpecs, v2ClientHello.getSessionID());
                return;
            }
            Handshake handshake = getHandshake();
            if (handshake.msgType.type != 1) {
                sendAlert(2, 10);
                abort();
                throw new IOException("Unexpected message");
            }
            ClientHello clientHello = (ClientHello) handshake.body;
            this.state.clientRandom = clientHello.random;
            serverInit2(clientHello.cipherSuites, clientHello.sessionID);
        } catch (IOException e) {
            abort();
            throw e;
        }
    }

    int serverCipherSuite(short[] sArr) throws IOException {
        short[] serverCipherSuites = this.state.params.getServerCipherSuites();
        for (int i = 0; i < sArr.length; i++) {
            for (short s : serverCipherSuites) {
                if (sArr[i] == s) {
                    return sArr[i] & 65535;
                }
            }
        }
        return -1;
    }

    protected void sendRecord(SSLPlaintext sSLPlaintext) throws IOException {
        new SSLCiphertext(sSLPlaintext, this.state).output(this.os);
        this.os.flush();
        this.state.outSeqNum++;
    }

    protected void sendHandshake(int i, HandshakeMessage handshakeMessage) throws IOException {
        byte[] bytes = Utils.toBytes(new Handshake(i, handshakeMessage, this.state));
        this.state.md5Handshake.update(bytes);
        this.state.shaHandshake.update(bytes);
        this.state.md5Handshake.computeCurrent();
        this.state.shaHandshake.computeCurrent();
        sendRecord(new SSLPlaintext(22, bytes));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendData(byte[] bArr, int i, int i2) throws IOException {
        if (i2 == 0) {
            return;
        }
        sendRecord(new SSLPlaintext(23, bArr, i, i2));
    }

    void sendData(byte[] bArr) throws IOException {
        sendData(bArr, 0, bArr.length);
    }

    void sendData(String str) throws IOException {
        sendData(str.getBytes());
    }

    protected void sendChangeCipherSpec() throws IOException {
        sendRecord(new SSLPlaintext(20, Utils.toBytes(new ChangeCipherSpec())));
        this.state.outSeqNum = 0L;
        this.state.enableWriteCipher();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendAlert(int i, int i2) throws IOException {
        sendRecord(new SSLPlaintext(21, Utils.toBytes(new Alert(i, i2))));
    }

    public void renegotiate() throws IOException {
        try {
            if (this.IsClient) {
                this.state.setParams(this.par, null);
                this.state.sessionID = null;
                clientInit();
            } else {
                sendHandshake(0, new HelloRequest());
                this.state.md5Handshake.init();
                this.state.shaHandshake.init();
                this.state.renegotiated = false;
                while (!this.state.renegotiated) {
                    this.handshakeStream.getData();
                }
            }
        } catch (IOException e) {
            abort();
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processHandshakes() throws IOException {
        Handshake handshake = new Handshake(this.state);
        while (this.handshakeStream.available() > 0) {
            handshake.input(this.handshakeStream);
            processHandshake(handshake);
        }
    }

    void processHandshake(Handshake handshake) throws IOException {
        if (this.state.client && handshake.msgType.type == 0) {
            clientInit();
            return;
        }
        if (this.state.client || handshake.msgType.type != 1) {
            sendAlert(2, 10);
            abort();
            throw new IOException(new StringBuffer("Unexpected handshake message received: ").append(handshake).toString());
        }
        byte[] bytes = Utils.toBytes(handshake);
        this.state.md5Handshake.update(bytes);
        this.state.shaHandshake.update(bytes);
        this.state.md5Handshake.computeCurrent();
        this.state.shaHandshake.computeCurrent();
        this.state.handshakeInProgress = true;
        this.state.finishedReceived = false;
        ClientHello clientHello = (ClientHello) handshake.body;
        this.state.clientRandom = clientHello.random;
        serverInit2(clientHello.cipherSuites, clientHello.sessionID);
        this.state.renegotiated = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processAlerts() throws IOException {
        Alert alert = new Alert();
        if (this.alertStream.available() == 0 && inputAvailable() > 0) {
            this.alertStream.getData();
        }
        while (this.alertStream.available() > 0) {
            alert.input(this.alertStream);
            processAlert(alert);
        }
    }

    void processAlert(Alert alert) throws IOException {
        if (alert.level == 2) {
            SecureSocketNotification notificationObject = this.state.getNotificationObject();
            if (notificationObject != null) {
                if (alert.description == 40 && this.state.handshakeInProgress) {
                    notificationObject.notification(268500992);
                } else {
                    notificationObject.notification(268566528);
                }
            }
            throw new IOException(new StringBuffer("Alert: ").append(alert).toString());
        }
        switch (alert.description) {
            case 0:
                this.state.closed = true;
                if (this.state.closeSent) {
                    return;
                }
                try {
                    sendAlert(1, 0);
                } catch (IOException unused) {
                }
                this.state.closeSent = true;
                return;
            case 41:
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void postHandshakeStuff() {
        getSessionParams().setPeerHost(this.TheSocket.getInetAddress().getHostName());
        SecureSocketNotification notificationObject = this.state.getNotificationObject();
        if (notificationObject != null) {
            notificationObject.notification(SecureSocketNotification.EVENT_AUTH_NOTIFICATION);
        }
        if (this.Multicaster != null) {
            this.Multicaster.handshakeCompleted();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int inputAvailable() {
        if (this.state.closed) {
            return 0;
        }
        try {
            return this.is.available();
        } catch (IOException unused) {
            return 0;
        }
    }

    protected void initialize(boolean z, SSLParams sSLParams) throws IOException {
        boolean z2 = this.IsClient;
        this.ccsStream = new RecordInputStream(this, 20);
        this.alertStream = new RecordInputStream(this, 21);
        this.handshakeStream = new RecordInputStream(this, 22);
        this.dataStream = new RecordInputStream(this, 23);
        this.is = new MyPushbackInputStream(this.super_InputStream);
        this.os = new BufferedOutputStream(this.super_OutputStream, 20480);
        this.state = new SSLState(this, z2, sSLParams);
        if (z2) {
            clientInit();
            this.UseV2Hello = false;
        } else {
            serverInit();
        }
        this.dataOutputStream = new SSLSocketOutputStream(this);
    }

    public boolean getUseClientMode() {
        return this.IsClient;
    }

    public String[] getSupportedCipherSuites() {
        return CipherSuiteMapper.shortToString(CipherSpec.filterCipherSpecs(CipherSuiteMapper.getAllCiphers(), this.V2Enabled, this.V3Enabled));
    }

    SessionParams getSessionParams() {
        if (this.AlternateProtocol != null) {
            return this.AlternateProtocol.getSessionParams();
        }
        if (this.state == null) {
            return null;
        }
        return this.state.getSessionParams();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLPlaintext getRecord() throws IOException {
        SSLCiphertext sSLCiphertext = new SSLCiphertext(this.state);
        try {
            sSLCiphertext.input(this.is);
            this.state.inSeqNum++;
            return new SSLPlaintext(sSLCiphertext);
        } catch (EOFException unused) {
            SecureSocketNotification notificationObject = this.state.getNotificationObject();
            if (notificationObject != null) {
                notificationObject.notification(268959744);
            }
            throw new SocketException("Illegal socket closure by peer");
        }
    }

    public OutputStream getOutputStream() throws IOException {
        return this.AlternateProtocol != null ? this.AlternateProtocol.getOutputStream() : this.dataOutputStream;
    }

    private byte[] getNextHandshakeSessionIdFromCache() {
        return SSLParams.sessionCache.findSessionId(this.TheSocket.getInetAddress().getHostName(), this.par.cipherSuites);
    }

    public byte[] getNextHandshakeSessionId() {
        if (!this.IsClient) {
            throw new RuntimeException("getNextHandshakeSessionId must be called on client sockets");
        }
        if (this.AlternateProtocol != null) {
            throw new RuntimeException("getNextHandshakeSessionId must be called prior to handshake for SSLv2");
        }
        if (!this.NextSessionIDSet) {
            return getNextHandshakeSessionIdFromCache();
        }
        if (this.NextSessionID == null) {
            return null;
        }
        return (byte[]) this.NextSessionID.id.clone();
    }

    public InputStream getInputStream() throws IOException {
        if (this.AlternateProtocol != null) {
            return this.AlternateProtocol.getInputStream();
        }
        if (this.dataOutputStream == null) {
            return null;
        }
        return this.dataStream;
    }

    protected Handshake getHandshake() throws IOException {
        Handshake handshake = new Handshake(this.state);
        do {
            handshake.input(this.handshakeStream);
            byte[] bytes = Utils.toBytes(handshake);
            this.state.md5Handshake.update(bytes);
            this.state.shaHandshake.update(bytes);
            this.state.md5Handshake.computeCurrent();
            this.state.shaHandshake.computeCurrent();
            if (this.state.handshakeInProgress) {
                break;
            }
        } while (handshake.msgType.type == 0);
        return handshake;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Socket getExposedSocket() {
        return this.WrappingSocket != null ? this.WrappingSocket : this.TheSocket;
    }

    public String[] getEnabledCipherSuites() {
        return CipherSuiteMapper.shortToString(CipherSpec.filterCipherSpecs(this.par.cipherSuites, this.V2Enabled, this.V3Enabled));
    }

    protected void getChangeCipherSpec() throws IOException {
        new ChangeCipherSpec().input(this.ccsStream);
        this.state.inSeqNum = 0L;
        this.state.enableReadCipher();
    }

    boolean containsCS(short[] sArr, short s) {
        for (short s2 : sArr) {
            if (s2 == s) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void close(boolean z, boolean z2) throws IOException {
        boolean z3;
        if (this.AlternateProtocol != null) {
            this.AlternateProtocol.close();
            return;
        }
        if (this.state == null || this.state.aborted) {
            return;
        }
        try {
            synchronized (this) {
                z3 = this.state.closeSent;
                this.state.closeSent = true;
            }
            if (!z3) {
                try {
                    sendAlert(1, 0);
                } catch (IOException unused) {
                }
            }
            if (z) {
                awaitClose();
            }
            if (!z3 && z2) {
                this.TheSocket.close();
            }
        } finally {
            this.state.eraseSecrets();
        }
    }

    protected void clientInit() throws IOException {
        Handshake handshake;
        Handshake handshake2;
        try {
            this.state.handshakeInProgress = true;
            this.state.finishedReceived = false;
            this.state.md5Handshake.init();
            this.state.shaHandshake.init();
            this.state.serverCert = null;
            this.state.skx = null;
            SessionParams sessionParams = null;
            SessionID sessionID = null;
            if (this.NextSessionIDSet) {
                sessionID = this.NextSessionID;
            } else {
                byte[] nextHandshakeSessionIdFromCache = getNextHandshakeSessionIdFromCache();
                if (nextHandshakeSessionIdFromCache != null) {
                    sessionID = new SessionID(nextHandshakeSessionIdFromCache);
                }
            }
            if (sessionID != null) {
                sessionParams = (SessionParams) SSLParams.sessionCache.get(sessionID);
                if (sessionParams != null && !containsCS(this.state.params.getClientCipherSuites(), sessionParams.cipherSuite)) {
                    sessionParams = null;
                }
                if (sessionParams != null && !sessionParams.v2Session) {
                    this.UseV2Hello = false;
                }
            }
            if (sessionParams == null && !this.par.EnableSessionCreation) {
                throw new IOException("Session creation disabled");
            }
            if (this.UseV2Hello) {
                V2ClientHello v2ClientHello = new V2ClientHello(this.V3Enabled ? 3 : 0, this.V3Enabled ? 0 : 2, CipherSpec.filterCipherSpecs(this.state.params.getClientCipherSuites(), this.V2Enabled, this.V3Enabled), this.state.rng, sessionParams == null ? null : sessionID, this.state);
                this.state.clientRandom = v2ClientHello.getRandom();
                v2ClientHello.output(this.os);
                this.os.flush();
                if (useV2Hello()) {
                    try {
                        if (!this.V2Enabled) {
                            throw new IOException("v2 not enabled");
                        }
                        this.AlternateProtocol = (ProtocolAbstraction) Class.forName("com.novell.service.security.net.ssl.SSLv2SocketImpl").newInstance();
                        this.AlternateProtocol.init(this, this.is, this.os, v2ClientHello, sessionParams, this.Prop);
                        this.AlternateProtocol.startHandshake();
                        return;
                    } catch (Exception e) {
                        try {
                            this.TheSocket.close();
                        } catch (Exception unused) {
                        }
                        if (!(e instanceof IOException)) {
                            throw new IOException(new StringBuffer("V2 protocol cannot be loaded: ").append(e).toString());
                        }
                        throw ((IOException) e);
                    }
                }
            } else {
                ClientHello clientHello = new ClientHello(CipherSpec.filterCipherSpecs(this.state.params.getClientCipherSuites(), false, true), this.state.rng, sessionParams == null ? null : sessionID);
                this.state.clientRandom = clientHello.random;
                sendHandshake(1, clientHello);
            }
            do {
                handshake = getHandshake();
                handshake2 = handshake;
            } while (handshake.msgType.type == 0);
            if (handshake2.msgType.type != 2) {
                sendAlert(2, 10);
                abort();
                throw new IOException("Unexpected message");
            }
            ServerHello serverHello = (ServerHello) handshake2.body;
            this.state.serverRandom = serverHello.random;
            this.state.sessionID = serverHello.sessionID;
            if (sessionParams != null && sessionID.equals(serverHello.sessionID) && serverHello.cipherSuite == sessionParams.cipherSuite) {
                this.state.setSessionParams(sessionParams);
                this.state.currentCS = new CipherSpec(serverHello.cipherSuite);
                this.state.computeSecrets();
                getChangeCipherSpec();
                this.state.finishHandshake();
                if (getHandshake().msgType.type != 20) {
                    sendAlert(2, 10);
                    abort();
                    throw new IOException("Unexpected message");
                }
                this.state.finishedReceived = true;
                sendChangeCipherSpec();
                this.state.finishHandshake();
                sendHandshake(20, new Finished(this.state, true));
                sessionParams.touch();
            } else {
                if (!supportedClientCS(serverHello.cipherSuite)) {
                    sendAlert(2, 40);
                    abort();
                    throw new IOException("Unsupported ciphersuite requested");
                }
                this.state.currentCS = new CipherSpec(serverHello.cipherSuite);
                boolean z = false;
                X500Name[] x500NameArr = null;
                while (handshake2.msgType.type != 14) {
                    handshake2 = getHandshake();
                    switch (handshake2.msgType.type) {
                        case 11:
                            this.state.serverCert = (SSLCertificate) handshake2.body;
                            switch (this.state.currentCS.serverCertType) {
                                case 0:
                                    sendAlert(2, 10);
                                    abort();
                                    throw new IOException("An anonymous server sent a certificate");
                                case 1:
                                    if (!this.state.serverCert.getPublicKey().getAlgorithm().equals("RSA")) {
                                        sendAlert(2, 43);
                                        abort();
                                        throw new IOException(new StringBuffer("Certificate of type ").append(this.state.serverCert.getPublicKey().getAlgorithm()).append(" was received instead of RSA").toString());
                                    }
                                    break;
                                case 3:
                                    if (!this.state.serverCert.getPublicKey().getAlgorithm().equals("DSA")) {
                                        sendAlert(2, 43);
                                        abort();
                                        throw new IOException(new StringBuffer("Certificate of type ").append(this.state.serverCert.getPublicKey().getAlgorithm()).append(" was received instead of DSA").toString());
                                    }
                                    break;
                            }
                        case 12:
                            if (this.state.currentCS.serverCertType != 0 && this.state.serverCert == null) {
                                sendAlert(2, 40);
                                abort();
                                throw new IOException("ServerKeyExchange received before certificate");
                            }
                            this.state.skx = (ServerKeyExchange) handshake2.body;
                            break;
                            break;
                        case 13:
                            if (this.state.currentCS.serverCertType != 0) {
                                z = true;
                                x500NameArr = ((CertificateRequest) handshake2.body).CAs;
                                break;
                            } else {
                                sendAlert(2, 40);
                                abort();
                                throw new IOException("An anonymous server requesting client certificate");
                            }
                        case 14:
                            break;
                        default:
                            sendAlert(2, 10);
                            abort();
                            throw new IOException("Unexpected message");
                    }
                }
                if (this.state.currentCS.serverCertType != 0 && this.state.serverCert == null) {
                    sendAlert(2, 40);
                    abort();
                    throw new IOException("No certificate was received");
                }
                if (z) {
                    this.par.setupClientCertificate(x500NameArr);
                    this.state.clientCert = this.par.clientCert;
                    if (this.state.clientCert == null) {
                        sendAlert(1, 41);
                    } else {
                        sendHandshake(11, this.state.clientCert);
                    }
                }
                if (this.state.currentCS.keyExchange == 2 && this.state.skx == null) {
                    sendAlert(2, 40);
                    abort();
                    throw new IOException("No serverKeyExchange was received for DH");
                }
                ClientKeyExchange clientKeyExchange = this.state.currentCS.keyExchange == 2 ? new ClientKeyExchange(this.state.skx, this.state.rng, this.state) : new ClientKeyExchange(this.state.serverCert, this.state.rng, this.state);
                sendHandshake(16, clientKeyExchange);
                this.state.preMasterSecret = clientKeyExchange.preMasterSecret();
                clientKeyExchange.erasePMS();
                this.state.computeMasterSecret();
                if (z && this.state.clientCert != null) {
                    sendHandshake(15, new CertificateVerify(this.state));
                }
                this.state.computeSecrets();
                sendChangeCipherSpec();
                this.state.finishHandshake();
                sendHandshake(20, new Finished(this.state, true));
                getChangeCipherSpec();
                this.state.finishHandshake();
                if (getHandshake().msgType.type != 20) {
                    sendAlert(2, 10);
                    abort();
                    throw new IOException("Unexpected message");
                }
                this.state.finishedReceived = true;
                this.state.cacheSession();
            }
            this.state.handshakeInProgress = false;
            this.state.md5Handshake.init();
            this.state.shaHandshake.init();
            postHandshakeStuff();
        } catch (IOException e2) {
            abort();
            throw e2;
        }
    }

    public void awaitClose() throws IOException {
        new Alert();
        while (!this.state.closed) {
            SSLPlaintext record = getRecord();
            if (record.type.type == 21) {
                this.alertStream.addData(record.fragment);
                processAlerts();
            }
        }
    }

    public void abort() throws IOException {
        if (this.AlternateProtocol != null) {
            this.AlternateProtocol.abort();
        } else {
            if (this.state.aborted) {
                return;
            }
            this.state.removeSession();
            this.state.eraseSecrets();
            this.state.aborted = true;
            this.TheSocket.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSocketImpl(Socket socket, InputStream inputStream, OutputStream outputStream, SSLParams sSLParams, boolean z, Properties properties) throws IOException, UnknownHostException {
        this.TheSocket = socket;
        this.super_InputStream = inputStream;
        this.super_OutputStream = outputStream;
        this.par = sSLParams;
        if (sSLParams == null) {
            this.par = new SSLParams(properties);
        }
        this.IsClient = z;
        this.Prop = properties;
        this.V3Enabled = SSLProperties.parseBooleanProperty(this.Prop.getProperty(SSLProperties.PROP_ENABLE_V3), true);
        this.V2Enabled = SSLProperties.parseBooleanProperty(this.Prop.getProperty(SSLProperties.PROP_ENABLE_V2), true) && CipherSpec.isV2Available();
        this.UseV2Hello = SSLProperties.parseBooleanProperty(this.Prop.getProperty(SSLProperties.PROP_USE_V2HELLO), true);
        if (!this.V2Enabled && !this.V3Enabled) {
            throw new IllegalArgumentException("V2 and V3 cannot both be disabled");
        }
        if (!this.V3Enabled && !this.UseV2Hello) {
            throw new IllegalArgumentException("V2 client_hello must be enabled when V3 is disabled");
        }
    }
}
