package com.ibm.hod5sslight;

import com.ibm.eNetwork.ECL.print.PDTConstants;
import com.ibm.eNetwork.HODUtil.services.config.client.Constants;
import java.io.IOException;
import java.math.BigInteger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:habeansnlv2.jar:com/ibm/hod5sslight/SSLServer.class */
public class SSLServer extends SSLConnection {
    static final int CERT_VERIFY = 32;
    static BigInteger[] RSAKey64;
    static BigInteger[] RSAKey128;

    private static synchronized BigInteger[] getEphemeralRSAKey(int i) {
        if (i == 64) {
            if (RSAKey64 != null) {
                return RSAKey64;
            }
            BigInteger[] rsaKey = CL.rsaKey(64, true, true);
            RSAKey64 = rsaKey;
            return rsaKey;
        }
        if (RSAKey128 != null) {
            return RSAKey128;
        }
        BigInteger[] rsaKey2 = CL.rsaKey(128, true, true);
        RSAKey128 = rsaKey2;
        return rsaKey2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.ibm.hod5sslight.SSLConnection
    public synchronized int install(SSLContext sSLContext) {
        if (sSLContext != null && this.handshake_state != 2) {
            return 0;
        }
        this.state = 0;
        this.handshake_state = 2;
        if (sSLContext == null) {
            return 0;
        }
        if (this.session != null) {
            SSLSession.uninstall(this.session, this, false);
            this.session = null;
        }
        this.context = sSLContext;
        return sendHelloRequest();
    }

    @Override // com.ibm.hod5sslight.SSLConnection
    int alert(int i, int i2) {
        if (this.context.debug) {
            System.out.println("SSLServer: alert.");
        }
        if (i2 != 41) {
            return 40;
        }
        try {
            if ((4 & this.handshake_state) == 0 || !this.context.handleNoPeerAuthentication(this.corr)) {
                return 40;
            }
            this.handshake_state = 8;
            return 0;
        } catch (Exception e) {
            this.exception = e;
            return 40;
        }
    }

    @Override // com.ibm.hod5sslight.SSLConnection
    int handshake(byte[] bArr, byte b, int i, int i2, int i3) {
        if (this.context.debug) {
            System.out.println(new StringBuffer(">> handshakeV").append(i3 == 0 ? 2 : 3).append(" type = ").append((int) b).toString());
        }
        switch (b) {
            case 1:
                if ((2 & this.handshake_state) != 0) {
                    return clientHello(bArr, i, i2, i3);
                }
                return 10;
            case 11:
                if ((4 & this.handshake_state) != 0) {
                    return clientCertificate(bArr, i, i2);
                }
                return 10;
            case 15:
                if ((32 & this.handshake_state) != 0) {
                    return clientCertificateVerify(bArr, i, i2);
                }
                return 10;
            case 16:
                if ((8 & this.handshake_state) != 0) {
                    return clientKeyExchange(bArr, i, i2);
                }
                return 10;
            case 20:
                if ((16 & this.handshake_state) == 0) {
                    return 10;
                }
                int finished = finished(bArr, i, i2);
                if (finished != 0) {
                    return finished;
                }
                SSLSession.install(this.session, this);
                reset();
                this.handshake_state = 2;
                return 0;
            default:
                return 10;
        }
    }

    private int clientCertificateVerify(byte[] bArr, int i, int i2) {
        if (this.context.debug) {
            System.out.println(">> clientCertificateVerify.");
        }
        SSLCert sSLCert = this.session.peer_cert;
        int i3 = i + 4;
        int i4 = i2 - 4;
        int i5 = i4;
        if (i4 > 2) {
            int i6 = sSLCert.alg == 1 ? sSLCert.keyL : bArr[i3] == 48 ? i5 : i5 - 2;
            int i7 = i6;
            if (i6 == i5 - 2) {
                i5 = CL.msbf2(bArr, i3);
                i3 += 2;
            }
            if (i5 == i7) {
                byte[] handshakeHash = handshakeHash(null, null, 0, sSLCert.alg == 1);
                try {
                    if (sSLCert.verifySignature(handshakeHash, 0, handshakeHash.length, (sSLCert.alg != 0 || i5 == 40) ? 16777216 : 0, bArr, i3, i5)) {
                        reg(bArr, i, i2);
                        this.handshake_state = 1;
                        update();
                        return 0;
                    }
                } catch (Exception e) {
                    this.exception = e;
                }
                return this.version == 769 ? 51 : 40;
            }
        }
        return this.version == 769 ? 50 : 47;
    }

    private int clientCertificate(byte[] bArr, int i, int i2) {
        if (this.context.debug) {
            System.out.println(">> clientCertificate.");
        }
        int certificate = certificate(bArr, i, i2);
        if (certificate != 0) {
            return certificate;
        }
        if ((SSLConnection.getCS(this.session.cipher_suite) & 3840) != 256 && this.session.peer_cert != null) {
            if ((this.session.site_cert.alg == 1) ^ (this.session.peer_cert.alg == 1)) {
                return 40;
            }
        }
        reg(bArr, i, i2);
        this.handshake_state = 8;
        return 0;
    }

    private int clientKeyExchange(byte[] bArr, int i, int i2) {
        if (this.context.debug) {
            System.out.println(">> clientKeyExchange.");
        }
        byte[] bArr2 = null;
        int i3 = i + 4;
        if ((SSLConnection.getCS(this.session.cipher_suite) & 3840) == 256) {
            int bitLength = this.key_exchange != null ? (this.key_exchange[0].bitLength() + 7) / 8 : this.session.site_cert.keyL;
            int i4 = i2 - 4;
            int i5 = i4;
            if (i4 > bitLength) {
                i5 = CL.msbf2(bArr, i3);
                i3 += 2;
            }
            if (i5 == bitLength) {
                try {
                    bArr2 = this.key_exchange != null ? CL.rsa(false, 2, this.key_exchange, bArr, i3, bitLength) : this.session.site_cert.decrypt(bArr, i3, bitLength);
                    if (bArr2 == null || bArr2.length != 48 || bArr2[0] != 3) {
                        bArr2 = new byte[48];
                    }
                } catch (Exception e) {
                    this.exception = e;
                    return 40;
                }
            }
        }
        this.key_exchange = null;
        if (bArr2 == null) {
            return 47;
        }
        this.session.master_secret = prf(bArr2, 4, this.random[0], this.random[1], 48, 0);
        reg(bArr, i, i2);
        if (this.session.peer_cert != null) {
            this.handshake_state = 32;
            return 0;
        }
        this.handshake_state = 1;
        update();
        return 0;
    }

    /* JADX WARN: Code restructure failed: missing block: B:100:0x0336, code lost:
    
        if (r0 != 0) goto L192;
     */
    /* JADX WARN: Code restructure failed: missing block: B:102:0x0339, code lost:
    
        r22 = 22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:105:0x0322, code lost:
    
        r5 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:106:0x0340, code lost:
    
        r11.session = new com.ibm.hod5sslight.SSLSession(r11.context.context_id, r25, r26, r11.peer, r11.context.timeout[1]);
        r11.session.version = r11.version;
        r11.session.site_cert = r28;
     */
    /* JADX WARN: Code restructure failed: missing block: B:107:0x0386, code lost:
    
        if (r11.context.handleSession(r11.corr, r11.session) != false) goto L126;
     */
    /* JADX WARN: Code restructure failed: missing block: B:108:0x0389, code lost:
    
        return 40;
     */
    /* JADX WARN: Code restructure failed: missing block: B:75:0x02ad, code lost:
    
        if (r0[r1] == 0) goto L97;
     */
    /* JADX WARN: Code restructure failed: missing block: B:93:0x0307, code lost:
    
        if (r0 != 0) goto L113;
     */
    /* JADX WARN: Code restructure failed: missing block: B:94:0x030a, code lost:
    
        r0 = r11.context;
        r1 = r11.corr;
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x031b, code lost:
    
        if ((r23 & 127) != 1) goto L116;
     */
    /* JADX WARN: Code restructure failed: missing block: B:96:0x031e, code lost:
    
        r5 = 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:97:0x0323, code lost:
    
        r0 = r0.getPrivateCertificate(r1, null, 0, 0, r5, r27);
        r28 = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x032b, code lost:
    
        if (r0 != null) goto L191;
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x032e, code lost:
    
        r0 = r23 >>> 8;
        r23 = r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int clientHello(byte[] r12, int r13, int r14, int r15) {
        /*
            Method dump skipped, instructions count: 1154
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.hod5sslight.SSLServer.clientHello(byte[], int, int, int):int");
    }

    private int sendServerKeyExchange() {
        if (this.context.debug) {
            System.out.println("<< sendServerKeyExchange.");
        }
        int cs = SSLConnection.getCS(this.session.cipher_suite);
        int i = 0;
        int reg = reg(null, 0, 4) + 4;
        do {
            if (i != 1 || (cs & 3840) != 256) {
                byte[] byteArray = this.key_exchange[i].toByteArray();
                int reg2 = reg(null, 0, 2);
                int length = byteArray.length;
                int i2 = byteArray[0] == 0 ? 1 : 0;
                int i3 = i2;
                CL.msbf2(length - i2, this.handshake, reg2);
                reg(byteArray, i3, byteArray.length - i3);
            }
            i++;
        } while (i < 3);
        if (this.session.site_cert != null) {
            byte[] paramHash = paramHash(this.handshake, reg, this.handshake_off - reg, null, 0, this.session.site_cert.alg == 1);
            try {
                byte[] generateSignature = this.session.site_cert.generateSignature(paramHash, 0, paramHash.length, this.session.site_cert.alg == 0 ? 0 : 16777216);
                int reg3 = reg(null, 0, generateSignature.length + 2);
                CL.msbf2(generateSignature.length, this.handshake, reg3);
                System.arraycopy(generateSignature, 0, this.handshake, reg3 + 2, generateSignature.length);
            } catch (Exception e) {
                this.exception = e;
                return 40;
            }
        }
        return sendHandshake(12, this.handshake, reg - 4, this.handshake_off - reg, false);
    }

    private int sendHelloRequest() {
        if (this.context.debug) {
            System.out.println("<< sendHelloRequest.");
        }
        return sendHandshake(0, new byte[4], 0, 0, true);
    }

    private int sendServerHello(byte b, short s) {
        if (this.context.debug) {
            System.out.println("<< sendServerHello.");
            System.out.println(new StringBuffer("SSL version: ").append(this.version >>> 8).append(Constants.SEPARATOR).append((int) ((byte) this.version)).toString());
            System.out.println(SSLContext.getCipherSuite(s));
        }
        helloRandom();
        int length = this.session.session_id != null ? this.session.session_id.length : 0;
        int i = length;
        int i2 = 38 + length;
        int reg = reg(null, 0, 4 + i2);
        int i3 = this.version;
        byte[] bArr = this.handshake;
        CL.msbf2(i3, bArr, reg + 4);
        System.arraycopy(this.random[1], 0, bArr, reg + 6, 32);
        int i4 = reg + 39;
        byte b2 = (byte) i;
        bArr[i4 - 1] = b2;
        if (b2 != 0) {
            System.arraycopy(this.session.session_id, 0, bArr, i4, i);
        }
        CL.msbf2(s, bArr, i4 + i);
        return sendHandshake(2, bArr, reg, i2, false);
    }

    private int sendServerHelloDone() {
        if (this.context.debug) {
            System.out.println("<< sendServerHelloDone.");
        }
        return sendHandshake(14, this.handshake, reg(null, 0, 4), 0, true);
    }

    private int sendCertificateRequest() {
        SSLCert sSLCert;
        if (this.context.debug) {
            System.out.println("<< sendCertificateRequest.");
        }
        int i = 0;
        int reg = reg(null, 0, 8);
        CL.msbf2(PDTConstants.END_HIGHLIGHT_BLINK, this.handshake, reg + 4);
        for (int i2 = 0; i2 < this.context.nTokens; i2++) {
            byte[] acceptedIssuers = this.context.tokens[i2].getAcceptedIssuers();
            if (acceptedIssuers != null) {
                i += acceptedIssuers.length;
                reg(acceptedIssuers, 0, acceptedIssuers.length);
            }
        }
        if (i == 0) {
            SSLCert sSLCert2 = this.session.site_cert;
            do {
                int i3 = this.handshake_off;
                byte[] bArr = sSLCert2.x509;
                int i4 = sSLCert2.iss - 2;
                int i5 = sSLCert2.issL + 2;
                i = i5;
                reg(bArr, i4, i5);
                CL.msbf2(sSLCert2.issL, this.handshake, i3);
                if (sSLCert2 == sSLCert2.signer) {
                    break;
                }
                sSLCert = sSLCert2.signer;
                sSLCert2 = sSLCert;
            } while (sSLCert != null);
        }
        CL.msbf2(i, this.handshake, (this.handshake_off - i) - 2);
        return sendHandshake(13, this.handshake, reg, (this.handshake_off - reg) - 4, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLServer(SSLSocket sSLSocket, boolean z, SSLContext sSLContext, boolean z2) throws IOException, SSLException {
        install(sSLSocket, z, 1, sSLContext, z2);
    }
}
