package com.enterprisedt.net.puretls;

import com.amazonaws.internal.keyvaluestore.KeyProvider18;
import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.net.puretls.crypto.Blindable;
import com.enterprisedt.net.puretls.crypto.DHPrivateKey;
import com.enterprisedt.net.puretls.crypto.DHPublicKey;
import com.enterprisedt.net.puretls.crypto.PKCS1Pad;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import xjava.security.Cipher;
import xjava.security.interfaces.CryptixRSAPrivateKey;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* loaded from: classes.dex */
public class i extends v {
    public ae a = new ae(-65535);

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.enterprisedt.net.puretls.v
    public int a(j jVar, InputStream inputStream) throws IOException {
        int read;
        byte[] bArr;
        PrivateKey privateKey;
        PublicKey publicKey;
        int c = jVar.A.f1966o.c();
        if (c == 1) {
            int a = this.a.a(jVar, inputStream);
            jVar.A.f1970s = new DHPublicKey(new BigInteger(1, this.a.b));
            m mVar = jVar.A;
            mVar.f1967p = mVar.f1971t.keyAgree((DHPublicKey) mVar.f1970s, false);
            return a;
        }
        if (c != 2) {
            throw new InternalError("Inconsistent algorithm");
        }
        if (jVar.b >= 769) {
            read = this.a.a(jVar, inputStream);
            bArr = this.a.b;
        } else {
            byte[] bArr2 = new byte[512];
            read = inputStream.read(bArr2);
            if (read < 0) {
                throw new SSLException("Short RSA key");
            }
            byte[] bArr3 = new byte[read];
            System.arraycopy(bArr2, 0, bArr3, 0, read);
            bArr = bArr3;
        }
        try {
            Cipher cipher = Cipher.getInstance("RSABlind", Cryptix.PROVIDER_NAME);
            if (jVar.A.f1972u == null) {
                privateKey = jVar.f1936d.c();
                publicKey = jVar.f1936d.d();
            } else {
                privateKey = jVar.A.f1972u;
                publicKey = jVar.A.f1973v;
            }
            cipher.initDecrypt(privateKey);
            ((Blindable) cipher).setBlindingInfo(jVar.A.f1961j, (CryptixRSAPublicKey) publicKey);
            byte[] crypt = cipher.crypt(bArr);
            jVar.A.f1967p = PKCS1Pad.pkcs1UnpadBuf(crypt, 1, (CryptixRSAPrivateKey) privateKey);
            if (jVar.A.f1967p.length != 48) {
                throw new Exception("Bad PMS length");
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("Checking client offered version against RSA block for rollback ");
            stringBuffer.append(jVar.A.w);
            SSLDebug.debug(8, stringBuffer.toString());
            if (jVar.A.f1967p[0] == ((jVar.A.w >> 8) & 255) && jVar.A.f1967p[1] == (jVar.A.w & 255)) {
                return read;
            }
            if (jVar.A.f1967p[0] != 3 || jVar.A.f1967p[1] != 0 || jVar.A.w != 769 || jVar.b != 768) {
                throw new Exception("Bad PMS version number");
            }
            SSLDebug.debug(8, "Accepting rollback to SSLv3 from TLS since this is a common SSLv3/TLS bug");
            return read;
        } catch (Exception unused) {
            jVar.A.f1967p = new byte[48];
            SSLDebug.debug(8, "Bad padding. Randomizing PMS");
            jVar.f1936d.f1856h.nextBytes(jVar.A.f1967p);
            return read;
        }
    }

    @Override // com.enterprisedt.net.puretls.v
    public int a(j jVar, OutputStream outputStream) throws IOException {
        int c = jVar.A.f1966o.c();
        if (c == 1) {
            DHPublicKey dHPublicKey = (DHPublicKey) jVar.A.f1970s;
            DHPrivateKey dHPrivateKey = DHPrivateKey.getInstance();
            dHPrivateKey.initPrivateKey(dHPublicKey.getg(), dHPublicKey.getp(), jVar.A.f1961j);
            this.a.b = dHPrivateKey.getYBytes();
            jVar.A.f1967p = dHPrivateKey.keyAgree(dHPublicKey, true);
            return this.a.a(jVar, outputStream);
        }
        if (c != 2) {
            throw new InternalError("Inconsistent algorithm");
        }
        try {
            jVar.A.f1967p = new byte[48];
            jVar.A.f1961j.nextBytes(jVar.A.f1967p);
            jVar.A.f1967p[0] = 3;
            jVar.A.f1967p[1] = (byte) (jVar.c & 255);
            Cipher cipher = Cipher.getInstance(KeyProvider18.KEY_ALGORITHM_RSA, Cryptix.PROVIDER_NAME);
            if (jVar.A.f1970s == null) {
                jVar.A.f1970s = jVar.A.f1969r;
            }
            cipher.initEncrypt(jVar.A.f1970s);
            byte[] pkcs1PadBuf = PKCS1Pad.pkcs1PadBuf(jVar.A.f1961j, jVar.A.f1967p, jVar.A.f1970s);
            SSLDebug.debug(8, "RSA input", pkcs1PadBuf);
            byte[] crypt = cipher.crypt(pkcs1PadBuf);
            this.a.b = crypt;
            SSLDebug.debug(8, "PreMasterSecret", jVar.A.f1967p);
            SSLDebug.debug(8, "EncryptedPreMasterSecret", crypt);
            if (jVar.b >= 769) {
                return this.a.a(jVar, outputStream);
            }
            outputStream.write(crypt);
            if (crypt != null) {
                return crypt.length;
            }
            return 0;
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new InternalError(e2.toString());
        }
    }
}
