package com.enterprisedt.net.puretls;

import com.amazonaws.internal.keyvaluestore.KeyProvider18;
import com.enterprisedt.bouncycastle.tls.TlsUtils;
import com.enterprisedt.bouncycastle.tls.crypto.TlsSecret;
import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.net.puretls.crypto.Blindable;
import com.enterprisedt.net.puretls.crypto.DHPrivateKey;
import com.enterprisedt.net.puretls.crypto.DHPublicKey;
import com.enterprisedt.net.puretls.crypto.PKCS1Pad;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import xjava.security.Cipher;
import xjava.security.interfaces.CryptixRSAPrivateKey;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class i extends r {

    /* renamed from: a, reason: collision with root package name */
    public z f13972a = new z(-65535);

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.enterprisedt.net.puretls.r
    public int a(j jVar, InputStream inputStream) throws IOException {
        int read;
        byte[] bArr;
        PublicKey publicKey;
        int c10 = jVar.A.f13803m.c();
        if (c10 == 1) {
            int a10 = this.f13972a.a(jVar, inputStream);
            jVar.A.f13811u = new DHPublicKey(new BigInteger(1, this.f13972a.f14074b));
            SSLHandshake sSLHandshake = jVar.A;
            sSLHandshake.f13807q = sSLHandshake.f13812v.keyAgree((DHPublicKey) sSLHandshake.f13811u, false);
            return a10;
        }
        if (c10 != 2) {
            throw new InternalError("Inconsistent algorithm");
        }
        if (jVar.f13974b >= 769) {
            read = this.f13972a.a(jVar, inputStream);
            bArr = this.f13972a.f14074b;
        } else {
            byte[] bArr2 = new byte[512];
            read = inputStream.read(bArr2);
            if (read < 0) {
                throw new SSLException("Short RSA key");
            }
            byte[] bArr3 = new byte[read];
            System.arraycopy(bArr2, 0, bArr3, 0, read);
            bArr = bArr3;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSABlind", Cryptix.PROVIDER_NAME);
            SSLHandshake sSLHandshake2 = jVar.A;
            PrivateKey privateKey = sSLHandshake2.f13813w;
            if (privateKey == null) {
                privateKey = jVar.f13976d.c();
                publicKey = jVar.f13976d.d();
            } else {
                publicKey = sSLHandshake2.f13814x;
            }
            cipher.initDecrypt(privateKey);
            ((Blindable) cipher).setBlindingInfo(jVar.A.f13798h, (CryptixRSAPublicKey) publicKey);
            jVar.A.f13807q = PKCS1Pad.pkcs1UnpadBuf(cipher.crypt(bArr), 1, (CryptixRSAPrivateKey) privateKey);
            if (jVar.A.f13807q.length != 48) {
                throw new Exception("Bad PMS length");
            }
            SSLDebug.debug(8, "Checking client offered version against RSA block for rollback " + jVar.A.f13815y);
            SSLHandshake sSLHandshake3 = jVar.A;
            byte[] bArr4 = sSLHandshake3.f13807q;
            byte b10 = bArr4[0];
            int i10 = sSLHandshake3.f13815y;
            if (b10 == ((i10 >> 8) & 255) && bArr4[1] == (i10 & 255)) {
                return read;
            }
            if (b10 != 3 || bArr4[1] != 0 || i10 != 769 || jVar.f13974b != 768) {
                throw new Exception("Bad PMS version number");
            }
            SSLDebug.debug(8, "Accepting rollback to SSLv3 from TLS since this is a common SSLv3/TLS bug");
            return read;
        } catch (Exception unused) {
            jVar.A.f13807q = new byte[48];
            SSLDebug.debug(8, "Bad padding. Randomizing PMS");
            jVar.f13976d.f13781h.nextBytes(jVar.A.f13807q);
            return read;
        }
    }

    @Override // com.enterprisedt.net.puretls.r
    public int a(j jVar, OutputStream outputStream) throws IOException {
        int c10 = jVar.A.f13803m.c();
        if (c10 == 1) {
            DHPublicKey dHPublicKey = (DHPublicKey) jVar.A.f13811u;
            DHPrivateKey dHPrivateKey = DHPrivateKey.getInstance();
            dHPrivateKey.initPrivateKey(dHPublicKey.getg(), dHPublicKey.getp(), jVar.A.f13798h);
            this.f13972a.f14074b = dHPrivateKey.getYBytes();
            jVar.A.f13807q = dHPrivateKey.keyAgree(dHPublicKey, true);
            return this.f13972a.a(jVar, outputStream);
        }
        if (c10 != 2) {
            if (c10 != 3) {
                throw new InternalError("Inconsistent algorithm");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            TlsUtils.writeOpaque8(jVar.A.f13809s.generateEphemeral(), byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            outputStream.write(byteArray);
            TlsSecret calculateSecret = jVar.A.f13809s.calculateSecret();
            jVar.A.f13807q = calculateSecret.extract();
            return byteArray.length;
        }
        try {
            SSLHandshake sSLHandshake = jVar.A;
            byte[] bArr = new byte[48];
            sSLHandshake.f13807q = bArr;
            sSLHandshake.f13798h.nextBytes(bArr);
            byte[] bArr2 = jVar.A.f13807q;
            bArr2[0] = 3;
            bArr2[1] = (byte) (jVar.f13975c & 255);
            Cipher cipher = Cipher.getInstance(KeyProvider18.KEY_ALGORITHM_RSA, Cryptix.PROVIDER_NAME);
            SSLHandshake sSLHandshake2 = jVar.A;
            if (sSLHandshake2.f13811u == null) {
                sSLHandshake2.f13811u = sSLHandshake2.f13810t;
            }
            cipher.initEncrypt(sSLHandshake2.f13811u);
            SSLHandshake sSLHandshake3 = jVar.A;
            byte[] pkcs1PadBuf = PKCS1Pad.pkcs1PadBuf(sSLHandshake3.f13798h, sSLHandshake3.f13807q, sSLHandshake3.f13811u);
            SSLDebug.debug(8, "RSA input", pkcs1PadBuf);
            byte[] crypt = cipher.crypt(pkcs1PadBuf);
            this.f13972a.f14074b = crypt;
            SSLDebug.debug(8, "PreMasterSecret", jVar.A.f13807q);
            SSLDebug.debug(8, "EncryptedPreMasterSecret", crypt);
            if (jVar.f13974b >= 769) {
                return this.f13972a.a(jVar, outputStream);
            }
            outputStream.write(crypt);
            if (crypt != null) {
                return crypt.length;
            }
            return 0;
        } catch (Exception e10) {
            e10.printStackTrace();
            throw new InternalError(e10.toString());
        }
    }
}
