package ice.ssl;

import ice.crypto.DHKeyAgreement;
import ice.crypto.DHKeyPairGenerator;
import ice.crypto.DHParameterSpec;
import ice.crypto.DHPublicKey;
import ice.crypto.RSAPublicKey;
import ice.debug.Debug;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: OEAB */
/* loaded from: input_file:ice/ssl/ClientKeyExchange.class */
public final class ClientKeyExchange extends ClientHandshake {
    private HandshakeState I;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientKeyExchange(SessionState sessionState, ConnectionState connectionState, HandshakeState handshakeState) {
        super(16, sessionState, connectionState);
        this.I = handshakeState;
        if (handshakeState.keyExchange == 1 || handshakeState.keyExchange == 1) {
            this.length = ((((RSAPublicKey) sessionState.serverPublicKey).getModulus().bitLength() - 1) / 8) + 1;
            return;
        }
        if ((handshakeState.keyExchange == 7 || handshakeState.keyExchange == 6 || handshakeState.keyExchange == 9 || handshakeState.keyExchange == 8) && Debug.trace) {
            Debug.trace("WARNING: I don't know how to calculate the length field !");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // ice.ssl.ClientHandshake
    public byte[] toByteArray() throws IOException {
        byte[] bArr = new byte[0];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = null;
        byteArrayOutputStream.write(super.toByteArray());
        if (this.I.clientCertificate != null && (this.I.keyExchange == 3 || this.I.keyExchange == 2 || this.I.keyExchange == 5 || this.I.keyExchange == 4)) {
            DHPublicKey dHPublicKey = (DHPublicKey) this.I.clientCertificate.getPublicKey();
            DHPublicKey dHPublicKey2 = (DHPublicKey) this.sesState.serverPublicKey;
            DHParameterSpec params = dHPublicKey.getParams();
            DHParameterSpec params2 = dHPublicKey2.getParams();
            if (params.getL() == params2.getL() && params.getP().equals(params2.getP()) && params.getG().equals(params2.getG())) {
                DHKeyAgreement dHKeyAgreement = new DHKeyAgreement();
                try {
                    dHKeyAgreement.engineInit(SSLSocket.getCertificateCallback().supplyPrivateKey(this.I.clientCertificate), Util.getSecureRandom());
                    dHKeyAgreement.engineDoPhase(dHPublicKey2, true);
                } catch (InvalidKeyException e) {
                    if (Debug.ex) {
                        Debug.ex(e);
                    }
                    if (Debug.trace) {
                        Debug.trace("WARNING: Invalid Key in DH key agreement");
                    }
                }
                bArr2 = dHKeyAgreement.engineGenerateSecret();
            }
        }
        if (this.I.keyExchange == 1 || this.I.keyExchange == 1) {
            bArr2 = new byte[48];
            bArr2[0] = (byte) Util.majorVersion(this.sesState.nowProto);
            bArr2[1] = (byte) Util.minorVersion(this.sesState.nowProto);
            Util.secureRandom(bArr2, 2, 46);
            byteArrayOutputStream.write(Util.encryptRSAPKCS1(bArr2, this.sesState.serverPublicKey));
        } else if (bArr2 == null && (this.I.keyExchange == 7 || this.I.keyExchange == 6 || this.I.keyExchange == 9 || this.I.keyExchange == 8 || this.I.keyExchange == 3 || this.I.keyExchange == 2 || this.I.keyExchange == 5 || this.I.keyExchange == 4)) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
                ((DHKeyPairGenerator) keyPairGenerator).init(((DHPublicKey) this.sesState.serverPublicKey).getParams());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                byteArrayOutputStream.write(((DHPublicKey) generateKeyPair.getPublic()).getY().toByteArray());
                DHKeyAgreement dHKeyAgreement2 = new DHKeyAgreement();
                try {
                    dHKeyAgreement2.engineInit(generateKeyPair.getPrivate(), Util.getSecureRandom());
                    dHKeyAgreement2.engineDoPhase(this.sesState.serverPublicKey, true);
                } catch (InvalidKeyException e2) {
                    if (Debug.ex) {
                        Debug.ex(e2);
                    }
                    if (Debug.trace) {
                        Debug.trace("WARNING: Invalid Key in DH key agreement");
                    }
                }
                bArr2 = dHKeyAgreement2.engineGenerateSecret();
            } catch (NoSuchAlgorithmException e3) {
                throw new SecurityException("Key agreement algorithm DH not found");
            }
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.close();
        I(bArr2);
        return byteArray;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void I(byte[] bArr) {
        if (this.sesState.nowProto != 2) {
            this.sesState.masterSecret = Util.prf(48, bArr, "master secret", Util.concat(this.conState.clientRandom, this.conState.serverRandom));
            return;
        }
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance("MD5");
            MessageDigest messageDigest2 = MessageDigest.getInstance("SHA");
            byte[] bArr2 = {new byte[]{65}, new byte[]{66, 66}, new byte[]{67, 67, 67}};
            for (int i = 0; i < 3; i++) {
                messageDigest2.reset();
                messageDigest2.update(bArr2[i]);
                messageDigest2.update(bArr);
                messageDigest2.update(this.conState.clientRandom);
                messageDigest2.update(this.conState.serverRandom);
                byte[] digest = messageDigest2.digest();
                messageDigest.reset();
                messageDigest.update(bArr);
                messageDigest.update(digest);
                System.arraycopy(messageDigest.digest(), 0, this.sesState.masterSecret, i * 16, 16);
            }
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException(new StringBuffer().append("Algorithm not found : ").append(messageDigest == null ? "MD5" : "SHA").append(" digest").toString());
        }
    }
}
