package com.enterprisedt.net.puretls;

import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.net.puretls.crypto.Blindable;
import com.enterprisedt.net.puretls.crypto.DHPrivateKey;
import com.enterprisedt.net.puretls.crypto.DHPublicKey;
import com.enterprisedt.net.puretls.crypto.PKCS1Pad;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.Key;
import xjava.security.Cipher;
import xjava.security.interfaces.CryptixRSAPrivateKey;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: SSLClientKeyExchange.java */
/* loaded from: input_file:com/enterprisedt/net/puretls/i.class */
public class i extends v {
    ae a = new ae(-65535);

    @Override // com.enterprisedt.net.puretls.v
    public int a(j jVar, OutputStream outputStream) throws IOException {
        switch (jVar.A.o.c()) {
            case 1:
                DHPublicKey dHPublicKey = (DHPublicKey) jVar.A.s;
                DHPrivateKey dHPrivateKey = DHPrivateKey.getInstance();
                dHPrivateKey.initPrivateKey(dHPublicKey.getg(), dHPublicKey.getp(), jVar.A.j);
                this.a.b = dHPrivateKey.getYBytes();
                jVar.A.p = dHPrivateKey.keyAgree(dHPublicKey, true);
                return this.a.a(jVar, outputStream);
            case 2:
                try {
                    jVar.A.p = new byte[48];
                    jVar.A.j.nextBytes(jVar.A.p);
                    jVar.A.p[0] = 3;
                    jVar.A.p[1] = (byte) (jVar.c & 255);
                    Cipher cipher = Cipher.getInstance("RSA", Cryptix.PROVIDER_NAME);
                    if (jVar.A.s == null) {
                        jVar.A.s = jVar.A.r;
                    }
                    cipher.initEncrypt(jVar.A.s);
                    byte[] pkcs1PadBuf = PKCS1Pad.pkcs1PadBuf(jVar.A.j, jVar.A.p, jVar.A.s);
                    SSLDebug.debug(8, "RSA input", pkcs1PadBuf);
                    byte[] crypt = cipher.crypt(pkcs1PadBuf);
                    this.a.b = crypt;
                    SSLDebug.debug(8, "PreMasterSecret", jVar.A.p);
                    SSLDebug.debug(8, "EncryptedPreMasterSecret", crypt);
                    if (jVar.b >= 769) {
                        return this.a.a(jVar, outputStream);
                    }
                    outputStream.write(crypt);
                    if (crypt != null) {
                        return crypt.length;
                    }
                    return 0;
                } catch (Exception e) {
                    e.printStackTrace();
                    throw new InternalError(e.toString());
                }
            default:
                throw new InternalError("Inconsistent algorithm");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.enterprisedt.net.puretls.v
    public int a(j jVar, InputStream inputStream) throws IOException {
        int read;
        byte[] bArr;
        Key key;
        Key key2;
        switch (jVar.A.o.c()) {
            case 1:
                read = this.a.a(jVar, inputStream);
                jVar.A.s = new DHPublicKey(new BigInteger(1, this.a.b));
                jVar.A.p = jVar.A.t.keyAgree((DHPublicKey) jVar.A.s, false);
                break;
            case 2:
                if (jVar.b >= 769) {
                    read = this.a.a(jVar, inputStream);
                    bArr = this.a.b;
                } else {
                    byte[] bArr2 = new byte[512];
                    read = inputStream.read(bArr2);
                    if (read < 0) {
                        throw new SSLException("Short RSA key");
                    }
                    bArr = new byte[read];
                    System.arraycopy(bArr2, 0, bArr, 0, read);
                }
                try {
                    Cipher cipher = Cipher.getInstance("RSABlind", Cryptix.PROVIDER_NAME);
                    if (jVar.A.u == null) {
                        key = jVar.d.c();
                        key2 = jVar.d.d();
                    } else {
                        key = jVar.A.u;
                        key2 = jVar.A.v;
                    }
                    cipher.initDecrypt(key);
                    ((Blindable) cipher).setBlindingInfo(jVar.A.j, (CryptixRSAPublicKey) key2);
                    byte[] crypt = cipher.crypt(bArr);
                    jVar.A.p = PKCS1Pad.pkcs1UnpadBuf(crypt, 1, (CryptixRSAPrivateKey) key);
                    if (jVar.A.p.length == 48) {
                        SSLDebug.debug(8, new StringBuffer().append("Checking client offered version against RSA block for rollback ").append(jVar.A.w).toString());
                        if (jVar.A.p[0] != ((jVar.A.w >> 8) & 255) || jVar.A.p[1] != (jVar.A.w & 255)) {
                            if (jVar.A.p[0] != 3 || jVar.A.p[1] != 0 || jVar.A.w != 769 || jVar.b != 768) {
                                throw new Exception("Bad PMS version number");
                            }
                            SSLDebug.debug(8, "Accepting rollback to SSLv3 from TLS since this is a common SSLv3/TLS bug");
                        }
                        break;
                    } else {
                        throw new Exception("Bad PMS length");
                    }
                } catch (Exception e) {
                    jVar.A.p = new byte[48];
                    SSLDebug.debug(8, "Bad padding. Randomizing PMS");
                    jVar.d.h.nextBytes(jVar.A.p);
                    break;
                }
            default:
                throw new InternalError("Inconsistent algorithm");
        }
        return read;
    }
}
