package crysec.SSL;

import crysec.Arcfour;
import crysec.BlockCipher;
import crysec.HMAC;
import crysec.MD5;
import crysec.MessageDigest;
import crysec.RandomBitsSource;
import crysec.SHA;
import crysec.SymmetricCipher;
import crysec.Utils;
import java.io.ByteArrayOutputStream;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:crysec/SSL/SSLState.class */
public final class SSLState {
    public SSLSocket socket;
    public SSLParams params;
    public boolean client;
    public ProtocolVersion version;
    public ProtocolVersion latestVersion;
    public boolean resumed;
    public boolean handshakeInProgress;
    public boolean expectingCCS;
    public boolean closed;
    public boolean closeSent;
    public boolean aborted;
    public boolean renegotiated;
    public boolean gotServerHello;
    public byte[] inSeqNum;
    public byte[] outSeqNum;
    public int compressionMethod;
    public static final int NULL = 0;
    public static final int MD5 = 1;
    public static final int SHA = 2;
    public static final int ANON = 0;
    public static final int RSA = 1;
    public static final int[] hashSize = {0, 16, 20};
    public static byte[][] pad1 = new byte[3];
    public static byte[][] pad2 = new byte[3];
    public short cipherSuite;
    public SymmetricCipher clientCipher;
    public SymmetricCipher serverCipher;
    public int keyExchange;
    public int serverCertType;
    public int MACalgorithm;
    public int keyMaterial;
    public int expKeyMaterial;
    public int IVsize;
    public boolean isExportable;
    public byte[] sessionID;
    public byte[] masterSecret;
    public byte[] clientMACsecret;
    public byte[] serverMACsecret;
    public byte[] clientKey;
    public byte[] serverKey;
    public byte[] clientIV;
    public byte[] serverIV;
    public SymmetricCipher readCipher;
    public SymmetricCipher writeCipher;
    public byte[] readMACsecret;
    public byte[] writeMACsecret;
    public int readMACalg;
    public int writeMACalg;
    public byte[] serverRandom;
    public byte[] clientRandom;
    public ServerKeyExchange skx;
    public SSLCertificate serverCert;
    public byte[] preMasterSecret;
    public RandomBitsSource rng;
    public GenericCipher writeFragment;
    public GenericCipher readFragment;
    public ByteArrayOutputStream messageBuf;
    public MessageDigest[][] readMACalgs;
    public MessageDigest[][] writeMACalgs;
    public byte[] md5HashClient;
    public byte[] shaHashClient;
    public byte[] md5HashServer;
    public byte[] shaHashServer;
    public HMAC readHMAC;
    public HMAC writeHMAC;
    public byte[] verifyDataClient;
    public byte[] verifyDataServer;
    public byte[] csRandom;
    public byte[] scRandom;
    static final byte[] clientFinal;
    static final byte[] serverFinal;

    static {
        pad1[1] = new byte[48];
        pad2[1] = new byte[48];
        Utils.setArray(pad1[1], (byte) 54);
        Utils.setArray(pad2[1], (byte) 92);
        pad1[2] = new byte[40];
        pad2[2] = new byte[40];
        Utils.setArray(pad1[2], (byte) 54);
        Utils.setArray(pad2[2], (byte) 92);
        clientFinal = new byte[]{67, 76, 78, 84};
        serverFinal = new byte[]{83, 82, 86, 82};
    }

    public SSLState(SSLSocket sSLSocket, boolean z) throws SSLException {
        this(sSLSocket, z, new SSLParams());
    }

    public SSLState(SSLSocket sSLSocket, boolean z, SSLParams sSLParams) throws SSLException {
        this.compressionMethod = 0;
        this.socket = sSLSocket;
        this.client = z;
        this.renegotiated = false;
        this.aborted = false;
        this.closeSent = false;
        this.closed = false;
        this.expectingCCS = false;
        this.gotServerHello = false;
        this.handshakeInProgress = false;
        this.inSeqNum = new byte[8];
        Utils.setArray(this.inSeqNum, (byte) 0);
        this.outSeqNum = new byte[8];
        Utils.setArray(this.outSeqNum, (byte) 0);
        this.version = new ProtocolVersion(sSLParams.getAllowSSL3(), sSLParams.getAllowTLS1());
        setCipherSuite(0);
        byte[] bArr = new byte[0];
        this.clientMACsecret = bArr;
        this.serverMACsecret = bArr;
        this.clientKey = bArr;
        this.serverKey = bArr;
        enableReadCipher();
        enableWriteCipher();
        setParams(sSLParams);
        this.readMACalgs = new MessageDigest[3][2];
        this.writeMACalgs = new MessageDigest[3][2];
        this.writeFragment = new GenericCipher(this);
        this.readFragment = new GenericCipher(this);
        this.messageBuf = new ByteArrayOutputStream();
    }

    public void computeMasterSecret() {
        this.masterSecret = new byte[48];
        if (this.version.equals(ProtocolVersion.TLS1)) {
            PRF.generate(this.preMasterSecret, "master secret", this.csRandom, this.masterSecret);
        } else {
            for (int i = 0; i < 3; i++) {
                MD5 md5 = new MD5();
                SHA sha = new SHA();
                for (int i2 = 0; i2 < i + 1; i2++) {
                    sha.update((byte) (65 + i));
                }
                sha.update(this.preMasterSecret);
                sha.update(this.clientRandom);
                sha.update(this.serverRandom);
                sha.computeCurrent();
                md5.update(this.preMasterSecret);
                md5.update(sha.digestBits);
                md5.computeCurrent();
                System.arraycopy(md5.digestBits, 0, this.masterSecret, i * 16, 16);
            }
        }
        Utils.setArray(this.preMasterSecret, (byte) 0);
    }

    public void computeRandoms() {
        this.csRandom = new byte[64];
        this.scRandom = new byte[64];
        System.arraycopy(this.clientRandom, 0, this.csRandom, 0, 32);
        System.arraycopy(this.serverRandom, 0, this.csRandom, 32, 32);
        System.arraycopy(this.serverRandom, 0, this.scRandom, 0, 32);
        System.arraycopy(this.clientRandom, 0, this.scRandom, 32, 32);
    }

    public void computeSecrets() {
        byte[] bArr;
        int i = hashSize[this.MACalgorithm];
        int i2 = this.keyMaterial;
        int i3 = this.expKeyMaterial;
        int i4 = this.IVsize;
        boolean z = this.isExportable;
        this.clientMACsecret = new byte[i];
        this.serverMACsecret = new byte[i];
        this.clientKey = new byte[i2];
        this.serverKey = new byte[i2];
        this.clientIV = new byte[i4];
        this.serverIV = new byte[i4];
        if (this.version.equals(ProtocolVersion.TLS1)) {
            bArr = new byte[2 * (i + i2 + (z ? 0 : i4))];
            PRF.generate(this.masterSecret, "key expansion", this.scRandom, bArr);
        } else {
            int i5 = (((2 * ((i + i2) + (z ? 0 : i4))) - 1) / 16) + 1;
            bArr = new byte[i5 * 16];
            for (int i6 = 0; i6 < i5; i6++) {
                MD5 md5 = new MD5();
                SHA sha = new SHA();
                for (int i7 = 0; i7 < i6 + 1; i7++) {
                    sha.update((byte) (65 + i6));
                }
                sha.update(this.masterSecret);
                sha.update(this.serverRandom);
                sha.update(this.clientRandom);
                sha.computeCurrent();
                md5.update(this.masterSecret);
                md5.update(sha.digestBits);
                md5.computeCurrent();
                System.arraycopy(md5.digestBits, 0, bArr, i6 * 16, 16);
            }
        }
        System.arraycopy(bArr, 0, this.clientMACsecret, 0, i);
        System.arraycopy(bArr, i, this.serverMACsecret, 0, i);
        System.arraycopy(bArr, 2 * i, this.clientKey, 0, i2);
        System.arraycopy(bArr, (2 * i) + i2, this.serverKey, 0, i2);
        if (!z) {
            System.arraycopy(bArr, 2 * (i + i2), this.clientIV, 0, i4);
            System.arraycopy(bArr, (2 * (i + i2)) + i4, this.serverIV, 0, i4);
        } else if (this.version.equals(ProtocolVersion.TLS1)) {
            byte[] bArr2 = new byte[2 * i4];
            PRF.generate(new byte[0], "IV block", this.csRandom, bArr2);
            System.arraycopy(bArr2, 0, this.clientIV, 0, i4);
            System.arraycopy(bArr2, i4, this.serverIV, 0, i4);
        } else {
            MD5 md52 = new MD5();
            md52.update(this.clientRandom);
            md52.update(this.serverRandom);
            md52.computeCurrent();
            System.arraycopy(md52.digestBits, 0, this.clientIV, 0, i4);
            MD5 md53 = new MD5();
            md53.update(this.serverRandom);
            md53.update(this.clientRandom);
            md53.computeCurrent();
            System.arraycopy(md53.digestBits, 0, this.serverIV, 0, i4);
        }
        if (z) {
            if (this.version.equals(ProtocolVersion.TLS1)) {
                byte[] bArr3 = new byte[i3];
                PRF.generate(this.clientKey, "client write key", this.csRandom, bArr3);
                this.clientKey = bArr3;
                byte[] bArr4 = new byte[i3];
                PRF.generate(this.serverKey, "server write key", this.csRandom, bArr4);
                this.serverKey = bArr4;
                return;
            }
            MD5 md54 = new MD5();
            md54.update(this.clientKey);
            md54.update(this.clientRandom);
            md54.update(this.serverRandom);
            md54.computeCurrent();
            this.clientKey = new byte[i3];
            System.arraycopy(md54.digestBits, 0, this.clientKey, 0, i3);
            MD5 md55 = new MD5();
            md55.update(this.serverKey);
            md55.update(this.serverRandom);
            md55.update(this.clientRandom);
            md55.computeCurrent();
            this.serverKey = new byte[i3];
            System.arraycopy(md55.digestBits, 0, this.serverKey, 0, i3);
        }
    }

    public void enableReadCipher() {
        this.readCipher = this.serverCipher;
        if (this.readCipher != null) {
            this.readCipher.setKey(this.serverKey);
            if ((this.readCipher instanceof BlockCipher) && ((BlockCipher) this.readCipher).getMode() == 1) {
                ((BlockCipher) this.readCipher).setIV(this.serverIV);
            }
        }
        this.readMACalg = this.MACalgorithm;
        this.readMACsecret = this.serverMACsecret;
        if (this.version.equals(ProtocolVersion.TLS1)) {
            if (this.readMACalg == 1) {
                this.readHMAC = new HMAC(1, this.readMACsecret);
                return;
            } else {
                if (this.readMACalg == 2) {
                    this.readHMAC = new HMAC(2, this.readMACsecret);
                    return;
                }
                return;
            }
        }
        if (this.readMACalg == 1 && this.readMACalgs[1][0] == null) {
            this.readMACalgs[1][0] = new MD5();
            this.readMACalgs[1][1] = new MD5();
        } else if (this.readMACalg == 2 && this.readMACalgs[2][0] == null) {
            this.readMACalgs[2][0] = new SHA();
            this.readMACalgs[2][1] = new SHA();
        }
    }

    public void enableWriteCipher() {
        this.writeCipher = this.clientCipher;
        if (this.writeCipher != null) {
            this.writeCipher.setKey(this.clientKey);
            if ((this.writeCipher instanceof BlockCipher) && ((BlockCipher) this.writeCipher).getMode() == 1) {
                ((BlockCipher) this.writeCipher).setIV(this.clientIV);
            }
        }
        this.writeMACalg = this.MACalgorithm;
        this.writeMACsecret = this.clientMACsecret;
        if (this.version.equals(ProtocolVersion.TLS1)) {
            if (this.writeMACalg == 1) {
                this.writeHMAC = new HMAC(1, this.writeMACsecret);
                return;
            } else {
                if (this.writeMACalg == 2) {
                    this.writeHMAC = new HMAC(2, this.writeMACsecret);
                    return;
                }
                return;
            }
        }
        if (this.writeMACalg == 1 && this.writeMACalgs[1][0] == null) {
            this.writeMACalgs[1][0] = new MD5();
            this.writeMACalgs[1][1] = new MD5();
        } else if (this.writeMACalg == 2 && this.writeMACalgs[2][0] == null) {
            this.writeMACalgs[2][0] = new SHA();
            this.writeMACalgs[2][1] = new SHA();
        }
    }

    public void eraseSecrets() {
        Utils.setArray(this.preMasterSecret, (byte) 0);
        Utils.setArray(this.masterSecret, (byte) 0);
        Utils.setArray(this.clientMACsecret, (byte) 0);
        Utils.setArray(this.serverMACsecret, (byte) 0);
        Utils.setArray(this.clientKey, (byte) 0);
        Utils.setArray(this.serverKey, (byte) 0);
        Utils.setArray(this.clientIV, (byte) 0);
        Utils.setArray(this.serverIV, (byte) 0);
        Utils.setArray(this.readMACsecret, (byte) 0);
        Utils.setArray(this.writeMACsecret, (byte) 0);
        if (this.readCipher != null) {
            this.readCipher.erase();
        }
        if (this.writeCipher != null) {
            this.writeCipher.erase();
        }
        this.writeCipher = null;
        this.readCipher = null;
    }

    public void finishHandshake() {
        byte[] byteArray = this.messageBuf.toByteArray();
        if (this.version.equals(ProtocolVersion.TLS1)) {
            MD5 md5 = new MD5();
            SHA sha = new SHA();
            byte[] bArr = new byte[36];
            System.arraycopy(md5.computeDigest(byteArray), 0, bArr, 0, 16);
            System.arraycopy(sha.computeDigest(byteArray), 0, bArr, 16, 20);
            this.verifyDataClient = new byte[12];
            PRF.generate(this.masterSecret, "client finished", bArr, this.verifyDataClient);
            this.verifyDataServer = new byte[12];
            PRF.generate(this.masterSecret, "server finished", bArr, this.verifyDataServer);
            return;
        }
        byte[] bArr2 = new byte[48];
        byte[] bArr3 = new byte[48];
        Utils.setArray(bArr2, (byte) 54);
        Utils.setArray(bArr3, (byte) 92);
        MD5 md52 = new MD5();
        MD5 md53 = new MD5();
        md52.update(byteArray);
        md52.update(clientFinal);
        md52.update(this.masterSecret);
        md52.update(bArr2);
        md52.computeCurrent();
        md53.update(this.masterSecret);
        md53.update(bArr3);
        md53.update(md52.digestBits);
        md53.computeCurrent();
        this.md5HashClient = md53.digestBits;
        MD5 md54 = new MD5();
        MD5 md55 = new MD5();
        md54.update(byteArray);
        md54.update(serverFinal);
        md54.update(this.masterSecret);
        md54.update(bArr2);
        md54.computeCurrent();
        md55.update(this.masterSecret);
        md55.update(bArr3);
        md55.update(md54.digestBits);
        md55.computeCurrent();
        this.md5HashServer = md55.digestBits;
        byte[] bArr4 = new byte[40];
        byte[] bArr5 = new byte[40];
        Utils.setArray(bArr4, (byte) 54);
        Utils.setArray(bArr5, (byte) 92);
        SHA sha2 = new SHA();
        SHA sha3 = new SHA();
        sha2.update(byteArray);
        sha2.update(clientFinal);
        sha2.update(this.masterSecret);
        sha2.update(bArr4);
        sha2.computeCurrent();
        sha3.update(this.masterSecret);
        sha3.update(bArr5);
        sha3.update(sha2.digestBits);
        sha3.computeCurrent();
        this.shaHashClient = sha3.digestBits;
        SHA sha4 = new SHA();
        SHA sha5 = new SHA();
        sha4.update(byteArray);
        sha4.update(serverFinal);
        sha4.update(this.masterSecret);
        sha4.update(bArr4);
        sha4.computeCurrent();
        sha5.update(this.masterSecret);
        sha5.update(bArr5);
        sha5.update(sha4.digestBits);
        sha5.computeCurrent();
        this.shaHashServer = sha5.digestBits;
    }

    public SessionParams getSessionParams() {
        SessionParams sessionParams = new SessionParams();
        sessionParams.sessionID = this.sessionID;
        sessionParams.protocolVersion = this.version;
        sessionParams.peerCertificate = this.serverCert;
        sessionParams.cipherSuite = this.cipherSuite;
        sessionParams.masterSecret = new byte[this.masterSecret.length];
        System.arraycopy(this.masterSecret, 0, sessionParams.masterSecret, 0, this.masterSecret.length);
        return sessionParams;
    }

    public void setCipherSuite(int i) {
        this.cipherSuite = (short) i;
        if (this.cipherSuite == 0) {
            this.isExportable = true;
            this.MACalgorithm = 0;
            this.keyExchange = 0;
            this.serverCertType = 0;
            this.IVsize = 0;
            this.keyMaterial = 0;
            this.expKeyMaterial = 0;
            this.clientCipher = null;
            this.serverCipher = null;
            return;
        }
        if (this.cipherSuite == 3) {
            this.isExportable = true;
            this.serverCertType = 1;
            this.keyExchange = 1;
            this.MACalgorithm = 1;
            this.keyMaterial = 5;
            this.expKeyMaterial = 16;
            this.IVsize = 0;
            this.clientCipher = new Arcfour();
            this.serverCipher = new Arcfour();
            return;
        }
        if (this.cipherSuite == 4) {
            this.isExportable = false;
            this.serverCertType = 1;
            this.keyExchange = 1;
            this.MACalgorithm = 1;
            this.keyMaterial = 16;
            this.expKeyMaterial = 16;
            this.IVsize = 0;
            this.clientCipher = new Arcfour();
            this.serverCipher = new Arcfour();
            return;
        }
        if (this.cipherSuite == 5) {
            this.isExportable = false;
            this.serverCertType = 1;
            this.keyExchange = 1;
            this.MACalgorithm = 2;
            this.keyMaterial = 16;
            this.expKeyMaterial = 16;
            this.IVsize = 0;
            this.clientCipher = new Arcfour();
            this.serverCipher = new Arcfour();
        }
    }

    public void setParams(SSLParams sSLParams) {
        this.params = sSLParams;
        if (this.params.getRNG() != null) {
            this.rng = this.params.getRNG();
        }
        if (this.rng == null) {
            this.rng = RandomBitsSource.getDefault();
        }
        if (this.params.getSessionParams() != null) {
            setSessionParams(this.params.getSessionParams());
        }
    }

    public void setSessionParams(SessionParams sessionParams) {
        this.sessionID = sessionParams.sessionID;
        this.version = sessionParams.protocolVersion;
        this.serverCert = sessionParams.peerCertificate;
        setCipherSuite(sessionParams.cipherSuite);
        this.masterSecret = new byte[sessionParams.masterSecret.length];
        System.arraycopy(sessionParams.masterSecret, 0, this.masterSecret, 0, this.masterSecret.length);
    }
}
