package cfca.sadk.tls.sun.security.ssl;

import cfca.sadk.tls.sun.security.ssl.message.Finished;
import cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage;
import cfca.sadk.tls.sun.security.ssl.prf.HashPRF;
import cfca.sadk.tls.sun.security.ssl.prf.TlsKeyMaterialParameters;
import cfca.sadk.tls.sun.security.ssl.prf.TlsKeyMaterials;
import cfca.sadk.tls.sun.security.ssl.prf.TlsMasterSecretParameters;
import cfca.sadk.tls.sun.security.ssl.sec.CipherBox;
import cfca.sadk.tls.sun.security.ssl.sec.CipherBulk;
import cfca.sadk.tls.sun.security.ssl.sec.CipherMode;
import cfca.sadk.tls.sun.security.ssl.sec.CipherSuite;
import cfca.sadk.tls.sun.security.ssl.sec.HandshakeHash;
import cfca.sadk.tls.sun.security.ssl.sec.MAC;
import cfca.sadk.tls.sun.security.ssl.sec.SSLAlgorithmConstraints;
import cfca.sadk.tls.sun.security.ssl.sec.SSLCredentials;
import cfca.sadk.tls.sun.security.ssl.sec.SignatureAndHashAlgorithm;
import cfca.sadk.tls.sun.security.util.GMSSLConstants;
import cfca.sadk.tls.sun.security.validator.GMAlgorithmConstraints;
import cfca.sadk.tls.sun.security.validator.GMCryptoPrimitive;
import cfca.sadk.tls.util.Hex;
import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProviderException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/Handshaker.class */
public abstract class Handshaker {
    static final boolean allowUnsafeRenegotiation = GMSSLConstants.allowUnsafeRenegotiation;
    static final boolean allowLegacyHelloMessages = GMSSLConstants.allowLegacyHelloMessages;
    static final boolean rejectClientInitiatedRenego = GMSSLConstants.rejectClientInitiatedRenego;
    boolean secureRenegotiation;
    boolean isInitialHandshake;
    private boolean isClient;
    private boolean needCertVerify;
    boolean resumingSession;
    boolean enableNewSession;
    boolean invalidated;
    byte[] clientVerifyData;
    byte[] serverVerifyData;
    ProtocolVersion beingProtocolVersion;
    ProtocolVersion activeProtocolVersion;
    private ProtocolList enabledProtocols;
    private ProtocolList activeProtocols;
    private CipherSuiteList enabledCipherSuites;
    private CipherSuiteList activeCipherSuites;
    String identificationProtocol;
    GMAlgorithmConstraints algorithmConstraints;
    List<SignatureAndHashAlgorithm> localSupportedSignAlgs;
    List<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
    HandshakeInStream in;
    HandshakeOutStream out;
    HandshakeHash handshakeHash;
    RandomCookie clientRandom;
    RandomCookie serverRandom;
    SSLContextImpl context;
    SSLSessionImpl session;
    SSLSocketImpl conn;
    SSLEngineImpl engine;
    int state;
    CipherSuite cipherSuite;
    boolean preferLocalCipherSuites;
    private ConnectionKeys clientConnectionKeys;
    private ConnectionKeys serverConnectionKeys;
    private volatile boolean delegatedTaskFlag;
    private volatile DelegatedTask<?> delegatedTask;
    private volatile Exception thrown;
    private Object thrownLock;
    SSLCredentials signerCredentials;
    SSLCredentials cipherCredentials;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/Handshaker$DelegatedTask.class */
    public class DelegatedTask<E> implements Runnable {
        private PrivilegedExceptionAction<E> pea;

        DelegatedTask(PrivilegedExceptionAction<E> privilegedExceptionAction) {
            this.pea = privilegedExceptionAction;
        }

        @Override // java.lang.Runnable
        public void run() {
            synchronized (Handshaker.this.engine) {
                try {
                    try {
                        AccessController.doPrivileged(this.pea, Handshaker.this.engine.getAcc());
                    } catch (PrivilegedActionException e) {
                        Handshaker.this.thrown = e.getException();
                    }
                } catch (RuntimeException e2) {
                    Handshaker.this.thrown = e2;
                }
                Handshaker.this.delegatedTask = null;
                Handshaker.this.delegatedTaskFlag = false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2) {
        this.algorithmConstraints = null;
        this.conn = null;
        this.engine = null;
        this.preferLocalCipherSuites = false;
        this.clientConnectionKeys = new ConnectionKeys();
        this.serverConnectionKeys = new ConnectionKeys();
        this.delegatedTaskFlag = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.thrownLock = new Object();
        this.signerCredentials = null;
        this.cipherCredentials = null;
        this.conn = sSLSocketImpl;
        init(sSLContextImpl, protocolList, z, z2, protocolVersion, z3, z4, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Handshaker(SSLEngineImpl sSLEngineImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2) {
        this.algorithmConstraints = null;
        this.conn = null;
        this.engine = null;
        this.preferLocalCipherSuites = false;
        this.clientConnectionKeys = new ConnectionKeys();
        this.serverConnectionKeys = new ConnectionKeys();
        this.delegatedTaskFlag = false;
        this.delegatedTask = null;
        this.thrown = null;
        this.thrownLock = new Object();
        this.signerCredentials = null;
        this.cipherCredentials = null;
        this.engine = sSLEngineImpl;
        init(sSLContextImpl, protocolList, z, z2, protocolVersion, z3, z4, bArr, bArr2);
    }

    final void init(SSLContextImpl sSLContextImpl, ProtocolList protocolList, boolean z, boolean z2, ProtocolVersion protocolVersion, boolean z3, boolean z4, byte[] bArr, byte[] bArr2) {
        if (Debugger.handshaker.isDebugEnabled()) {
            Debugger.handshaker.debug("Allow unsafe renegotiation: {}\nAllow legacy hello messages: {}\nIs initial handshake: {}\nIs secure renegotiation: {}", new Object[]{Boolean.valueOf(allowUnsafeRenegotiation), Boolean.valueOf(allowLegacyHelloMessages), Boolean.valueOf(z3), Boolean.valueOf(z4)});
        }
        this.context = sSLContextImpl;
        this.isClient = z2;
        this.needCertVerify = z;
        this.activeProtocolVersion = protocolVersion;
        this.isInitialHandshake = z3;
        this.secureRenegotiation = z4;
        this.clientVerifyData = bArr;
        this.serverVerifyData = bArr2;
        this.enableNewSession = true;
        this.invalidated = false;
        setBeingCipherSuite(CipherSuite.C_NULL);
        setEnabledProtocols(protocolList);
        if (this.conn != null) {
            this.algorithmConstraints = new SSLAlgorithmConstraints(this.conn, true);
        } else {
            this.algorithmConstraints = new SSLAlgorithmConstraints(this.engine, true);
        }
        this.state = -2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void fatalSE(AlertDescription alertDescription, String str) throws IOException {
        fatalSE(alertDescription, str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void fatalSE(AlertDescription alertDescription, Throwable th) throws IOException {
        fatalSE(alertDescription, null, th);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void fatalSE(AlertDescription alertDescription, String str, Throwable th) throws IOException {
        if (this.conn != null) {
            this.conn.fatal(alertDescription, str, th);
        } else {
            this.engine.fatal(alertDescription, str, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void warningSE(AlertDescription alertDescription) {
        if (this.conn != null) {
            this.conn.warning(alertDescription);
        } else {
            this.engine.warning(alertDescription);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getHostSE() {
        String peerHost;
        if (this.conn != null) {
            Debugger.handshaker.debug("ClientHandshaker.kickstart->socketGetHostSE running...");
            long currentTimeMillis = System.currentTimeMillis();
            peerHost = this.conn.getHost();
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            Debugger.handshaker.debug("ClientHandshaker.kickstart->socketGetHostSE finished.costTime->{}", Long.valueOf(currentTimeMillis2));
            if (currentTimeMillis2 > 1000) {
                Debugger.handshaker.warn("ClientHandshaker.kickstart->socketGetHostSE finished.costTime->{}", Long.valueOf(currentTimeMillis2));
            }
        } else {
            Debugger.handshaker.debug("ClientHandshaker.kickstart->engineGetHostSE running...");
            long currentTimeMillis3 = System.currentTimeMillis();
            peerHost = this.engine.getPeerHost();
            long currentTimeMillis4 = System.currentTimeMillis() - currentTimeMillis3;
            Debugger.handshaker.debug("ClientHandshaker.kickstart->engineGetHostSE finished.costTime->{}", Long.valueOf(currentTimeMillis4));
            if (currentTimeMillis4 > 1000) {
                Debugger.handshaker.warn("ClientHandshaker.kickstart->engineGetHostSE finished.costTime->{}", Long.valueOf(currentTimeMillis4));
            }
        }
        return peerHost;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getHostAddressSE() {
        String peerHost;
        if (this.conn != null) {
            Debugger.handshaker.debug("ServerHandshaker.kickstart->socketGetHostAddressSE running...");
            long currentTimeMillis = System.currentTimeMillis();
            peerHost = this.conn.getInetAddress().getHostAddress();
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            Debugger.handshaker.debug("ServerHandshaker.kickstart->socketGetHostAddressSE finished.costTime->{}", Long.valueOf(currentTimeMillis2));
            if (currentTimeMillis2 > 1000) {
                Debugger.handshaker.warn("ServerHandshaker.kickstart->socketGetHostAddressSE finished.costTime->{}", Long.valueOf(currentTimeMillis2));
            }
        } else {
            Debugger.handshaker.debug("ServerHandshaker.kickstart->engineGetHostAddressSE running...");
            long currentTimeMillis3 = System.currentTimeMillis();
            peerHost = this.engine.getPeerHost();
            long currentTimeMillis4 = System.currentTimeMillis() - currentTimeMillis3;
            Debugger.handshaker.debug("ServerHandshaker.kickstart->engineGetHostAddressSE finished.costTime->{}", Long.valueOf(currentTimeMillis4));
            if (currentTimeMillis4 > 1000) {
                Debugger.handshaker.warn("ServerHandshaker.kickstart->engineGetHostAddressSE finished.costTime->{}", Long.valueOf(currentTimeMillis4));
            }
        }
        return peerHost;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int getPortSE() {
        return this.conn != null ? this.conn.getPort() : this.engine.getPeerPort();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int getLocalPortSE() {
        if (this.conn != null) {
            return this.conn.getLocalPort();
        }
        return -1;
    }

    final AccessControlContext getAccSE() {
        return this.conn != null ? this.conn.getAcc() : this.engine.getAcc();
    }

    private final void setVersionSE(ProtocolVersion protocolVersion) {
        if (this.conn != null) {
            this.conn.setVersion(protocolVersion);
        } else {
            this.engine.setVersion(protocolVersion);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setBeingVersion(ProtocolVersion protocolVersion) {
        this.beingProtocolVersion = protocolVersion;
        setVersionSE(protocolVersion);
        this.out.record.setVersion(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setEnabledProtocols(ProtocolList protocolList) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.enabledProtocols = protocolList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setEnabledCipherSuites(CipherSuiteList cipherSuiteList) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.enabledCipherSuites = cipherSuiteList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setAlgorithmConstraints(GMAlgorithmConstraints gMAlgorithmConstraints) {
        this.activeCipherSuites = null;
        this.activeProtocols = null;
        this.algorithmConstraints = new SSLAlgorithmConstraints(gMAlgorithmConstraints);
        this.localSupportedSignAlgs = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final List<SignatureAndHashAlgorithm> getLocalSupportedSignAlgs() {
        if (this.localSupportedSignAlgs == null) {
            this.localSupportedSignAlgs = SignatureAndHashAlgorithm.getSupportedAlgorithms(this.algorithmConstraints);
        }
        return this.localSupportedSignAlgs;
    }

    final void setPeerSupportedSignAlgs(Collection<SignatureAndHashAlgorithm> collection) {
        this.peerSupportedSignAlgs = new ArrayList(collection);
    }

    final List<SignatureAndHashAlgorithm> getPeerSupportedSignAlgs() {
        return this.peerSupportedSignAlgs;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setIdentificationProtocol(String str) {
        this.identificationProtocol = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setUseCipherSuitesOrder(boolean z) {
        this.preferLocalCipherSuites = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void activate(ProtocolVersion protocolVersion) throws IOException {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        if (this.activeProtocols.isEmpty() || this.activeProtocols.max.version == ProtocolVersion.NONE.version) {
            throw new SSLHandshakeException("No appropriate protocol");
        }
        if (this.activeCipherSuites == null) {
            this.activeCipherSuites = getActiveCipherSuites();
        }
        if (this.activeCipherSuites.isEmpty()) {
            throw new SSLHandshakeException("No appropriate cipher suite");
        }
        this.beingProtocolVersion = this.isInitialHandshake ? this.activeProtocols.max : this.activeProtocolVersion;
        if (protocolVersion == null || protocolVersion.version == ProtocolVersion.NONE.version) {
            protocolVersion = this.activeProtocols.helloVersion;
        }
        this.handshakeHash = new HandshakeHash(this.needCertVerify);
        this.in = new HandshakeInStream(this.handshakeHash);
        if (this.conn != null) {
            this.out = new HandshakeOutStream(this.beingProtocolVersion, protocolVersion, this.handshakeHash, this.conn);
        } else {
            this.out = new HandshakeOutStream(this.beingProtocolVersion, protocolVersion, this.handshakeHash, this.engine);
        }
        this.state = -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setBeingCipherSuite(CipherSuite cipherSuite) {
        this.cipherSuite = cipherSuite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean isNegotiable(CipherSuite cipherSuite) {
        if (this.activeCipherSuites == null) {
            this.activeCipherSuites = getActiveCipherSuites();
        }
        return isNegotiable(this.activeCipherSuites, cipherSuite);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final boolean isNegotiable(CipherSuiteList cipherSuiteList, CipherSuite cipherSuite) {
        return cipherSuiteList.contains(cipherSuite) && cipherSuite.isNegotiable();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean isNegotiable(ProtocolVersion protocolVersion) {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        return this.activeProtocols.contains(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final ProtocolVersion selectProtocolVersion(ProtocolVersion protocolVersion) {
        if (this.activeProtocols == null) {
            this.activeProtocols = getActiveProtocols();
        }
        return this.activeProtocols.selectProtocolVersion(protocolVersion);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final CipherSuiteList getActiveCipherSuites() {
        if (this.activeCipherSuites == null) {
            if (this.activeProtocols == null) {
                this.activeProtocols = getActiveProtocols();
            }
            ArrayList arrayList = new ArrayList();
            if (!this.activeProtocols.isEmpty() && this.activeProtocols.min.version != ProtocolVersion.NONE.version) {
                for (CipherSuite cipherSuite : this.enabledCipherSuites.collection()) {
                    if (cipherSuite.obsoleted <= this.activeProtocols.min.version || cipherSuite.supported > this.activeProtocols.max.version) {
                        if (Debugger.handshaker.isDebugEnabled()) {
                            if (cipherSuite.obsoleted <= this.activeProtocols.min.version) {
                                Debugger.handshaker.debug("Ignoring obsoleted cipher suite: {}", cipherSuite);
                            } else {
                                Debugger.handshaker.debug("Ignoring unsupported cipher suite: {}", cipherSuite);
                            }
                        }
                    } else if (this.algorithmConstraints.permits(EnumSet.of(GMCryptoPrimitive.KEY_AGREEMENT), cipherSuite.name, null)) {
                        arrayList.add(cipherSuite);
                    }
                }
            }
            this.activeCipherSuites = new CipherSuiteList(arrayList);
        }
        return this.activeCipherSuites;
    }

    final ProtocolList getActiveProtocols() {
        if (this.activeProtocols == null) {
            ArrayList arrayList = new ArrayList(4);
            for (ProtocolVersion protocolVersion : this.enabledProtocols.collection()) {
                boolean z = false;
                Iterator<CipherSuite> it = this.enabledCipherSuites.collection().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    CipherSuite next = it.next();
                    if (next.isAvailable() && next.obsoleted > protocolVersion.version && next.supported <= protocolVersion.version) {
                        if (this.algorithmConstraints.permits(EnumSet.of(GMCryptoPrimitive.KEY_AGREEMENT), next.name, null)) {
                            arrayList.add(protocolVersion);
                            z = true;
                            break;
                        }
                        if (Debugger.handshaker.isDebugEnabled()) {
                            Debugger.handshaker.debug("Ignoring disabled cipher suite: " + next + " for " + protocolVersion);
                        }
                    } else if (Debugger.handshaker.isDebugEnabled()) {
                        Debugger.handshaker.debug("Ignoring unsupported cipher suite: " + next + " for " + protocolVersion);
                    }
                }
                if (!z && Debugger.handshaker.isDebugEnabled()) {
                    Debugger.handshaker.debug("No available cipher suite for " + protocolVersion);
                }
            }
            this.activeProtocols = new ProtocolList((ArrayList<ProtocolVersion>) arrayList);
        }
        return this.activeProtocols;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setEnableSessionCreation(boolean z) {
        this.enableNewSession = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final CipherBox newReadCipher() throws NoSuchAlgorithmException {
        return CipherBox.newCipher(this.beingProtocolVersion, this.cipherSuite.cipher, this.isClient ? this.serverConnectionKeys : this.clientConnectionKeys, this.context.getSecureRandom(), false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final CipherBox newWriteCipher() throws NoSuchAlgorithmException {
        return CipherBox.newCipher(this.beingProtocolVersion, this.cipherSuite.cipher, this.isClient ? this.clientConnectionKeys : this.serverConnectionKeys, this.context.getSecureRandom(), true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Authenticator newReadAuthenticator() throws NoSuchAlgorithmException, InvalidKeyException {
        return MAC.newMac(this.cipherSuite.macAlg, this.beingProtocolVersion, this.isClient ? this.serverConnectionKeys : this.clientConnectionKeys);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Authenticator newWriteAuthenticator() throws NoSuchAlgorithmException, InvalidKeyException {
        return MAC.newMac(this.cipherSuite.macAlg, this.beingProtocolVersion, this.isClient ? this.clientConnectionKeys : this.serverConnectionKeys);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean isDone() {
        return this.state == 20;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final SSLSessionImpl getSession() {
        return this.session;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setHandshakeSessionSE(SSLSessionImpl sSLSessionImpl) {
        if (this.conn != null) {
            this.conn.setHandshakeSession(sSLSessionImpl);
        } else {
            this.engine.setHandshakeSession(sSLSessionImpl);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean isSecureRenegotiation() {
        return this.secureRenegotiation;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final byte[] getClientVerifyData() {
        return this.clientVerifyData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final byte[] getServerVerifyData() {
        return this.serverVerifyData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void process_record(InputRecord inputRecord, boolean z) throws IOException {
        checkThrown();
        this.in.incomingRecord(inputRecord);
        if (this.conn != null || z) {
            processLoop();
        } else {
            delegateTask(new PrivilegedExceptionAction<Void>() { // from class: cfca.sadk.tls.sun.security.ssl.Handshaker.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Void run() throws Exception {
                    Handshaker.this.processLoop();
                    return null;
                }
            });
        }
    }

    final void processLoop() throws IOException {
        while (this.in.available() >= 4) {
            this.in.mark(4);
            byte int8 = (byte) this.in.getInt8();
            int int24 = this.in.getInt24();
            if (this.in.available() < int24) {
                this.in.reset();
                return;
            } else if (int8 == 0) {
                this.in.reset();
                processMessage(int8, int24);
                this.in.ignore(4 + int24);
            } else {
                this.in.mark(int24);
                processMessage(int8, int24);
                this.in.digestNow();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean activated() {
        return this.state >= -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean started() {
        return this.state >= 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void kickstart() throws IOException {
        if (this.state >= 0) {
            return;
        }
        Debugger.handshaker.debug("kickstart->running...");
        HandshakeMessage kickstartMessage = getKickstartMessage();
        Debugger.handshaker.debug("kickstart->finished.");
        Debugger.debug(kickstartMessage);
        kickstartMessage.write(this.out);
        this.out.flush();
        this.state = kickstartMessage.messageType();
    }

    abstract HandshakeMessage getKickstartMessage() throws SSLException;

    abstract void processMessage(byte b, int i) throws IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract void handshakeAlert(AlertDescription alertDescription) throws SSLProtocolException;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v44, types: [cfca.sadk.tls.sun.security.ssl.OutputRecord] */
    public final void sendChangeCipherSpec(Finished finished, boolean z) throws IOException {
        this.out.flush();
        EngineOutputRecord outputRecord = this.conn != null ? new OutputRecord((byte) 20) : new EngineOutputRecord((byte) 20, this.engine);
        outputRecord.setVersion(this.beingProtocolVersion);
        outputRecord.write(1);
        if (this.conn == null) {
            synchronized (this.engine.writeLock) {
                this.engine.writeRecord(outputRecord);
                this.engine.changeWriteCiphers();
                Debugger.debug(finished);
                finished.write(this.out);
                if (z) {
                    this.out.setFinishedMsg();
                }
                this.out.flush();
            }
            return;
        }
        this.conn.writeLock.lock();
        try {
            this.conn.writeRecord(outputRecord);
            this.conn.changeWriteCiphers();
            Debugger.debug(finished);
            finished.write(this.out);
            this.out.flush();
            this.conn.writeLock.unlock();
        } catch (Throwable th) {
            this.conn.writeLock.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void calculateKeys(SecretKey secretKey, ProtocolVersion protocolVersion) {
        SecretKey calculateMasterSecret = calculateMasterSecret(secretKey, protocolVersion);
        this.session.setMasterSecret(calculateMasterSecret);
        calculateConnectionKeys(calculateMasterSecret);
    }

    private final SecretKey calculateMasterSecret(SecretKey secretKey, ProtocolVersion protocolVersion) {
        if (Debugger.handshaker.isDebugEnabled()) {
            Debugger.handshaker.debug("\nSESSION KEYGEN:\nPreMaster Secret:" + ((CharSequence) Hex.dump("", secretKey.getEncoded())));
        }
        try {
            return new TlsMasterSecretParameters(secretKey, this.beingProtocolVersion.major, this.beingProtocolVersion.minor, this.clientRandom.random, this.serverRandom.random, this.beingProtocolVersion.isChinaTLS11() ? this.cipherSuite.prfAlg : HashPRF.NONE).generateMasterKey();
        } catch (GeneralSecurityException e) {
            Debugger.handshaker.debug("SM2 master secret generation error:", e);
            throw new ProviderException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void calculateConnectionKeys(SecretKey secretKey) {
        int i = this.cipherSuite.macAlg.size;
        boolean z = this.cipherSuite.exportable;
        CipherBulk cipherBulk = this.cipherSuite.cipher;
        int i2 = z ? cipherBulk.expandedKeySize : 0;
        HashPRF hashPRF = this.beingProtocolVersion.isChinaTLS11() ? this.cipherSuite.prfAlg : HashPRF.NONE;
        int i3 = cipherBulk.ivSize;
        if (this.beingProtocolVersion.isTLS11() && cipherBulk.cipherType == CipherMode.BLOCKS) {
            i3 = 0;
        }
        try {
            TlsKeyMaterials generateWorkKeys = new TlsKeyMaterialParameters(secretKey, this.beingProtocolVersion.major, this.beingProtocolVersion.minor, this.clientRandom.random, this.serverRandom.random, cipherBulk.algorithm, cipherBulk.keySize, i2, i3, i, hashPRF).generateWorkKeys();
            this.clientConnectionKeys.writeKey = generateWorkKeys.getClientCipherKey();
            this.serverConnectionKeys.writeKey = generateWorkKeys.getServerCipherKey();
            this.clientConnectionKeys.writeIV = generateWorkKeys.getClientIv();
            this.serverConnectionKeys.writeIV = generateWorkKeys.getServerIv();
            this.clientConnectionKeys.macSecret = generateWorkKeys.getClientMacKey();
            this.serverConnectionKeys.macSecret = generateWorkKeys.getServerMacKey();
            if (Debugger.handshaker.isDebugEnabled()) {
                StringBuilder sb = new StringBuilder();
                sb.append("\nCONNECTION KEYGEN:");
                sb.append("\nClient Nonce:");
                sb.append((CharSequence) Hex.dump("", this.clientRandom.random));
                sb.append("\nServer Nonce:");
                sb.append((CharSequence) Hex.dump("", this.serverRandom.random));
                sb.append("\nMaster Secret:");
                sb.append((CharSequence) Hex.dump("", secretKey.getEncoded()));
                if (this.clientConnectionKeys.macSecret != null) {
                    sb.append("\nClient MAC write Secret:");
                    sb.append((CharSequence) Hex.dump("", this.clientConnectionKeys.macSecret.getEncoded()));
                    sb.append("\nServer MAC write Secret:");
                    sb.append((CharSequence) Hex.dump("", this.serverConnectionKeys.macSecret.getEncoded()));
                } else {
                    sb.append("\n... no MAC keys used for this cipher");
                }
                if (this.clientConnectionKeys.writeKey != null) {
                    sb.append("\nClient write key:");
                    sb.append((CharSequence) Hex.dump("", this.clientConnectionKeys.writeKey.getEncoded()));
                    sb.append("\nServer write key:");
                    sb.append((CharSequence) Hex.dump("", this.serverConnectionKeys.writeKey.getEncoded()));
                } else {
                    sb.append("\n... no encryption keys used");
                }
                if (this.clientConnectionKeys.writeIV != null) {
                    sb.append("\nClient write IV:");
                    sb.append((CharSequence) Hex.dump("", this.clientConnectionKeys.writeIV.getIV()));
                    sb.append("\nServer write IV:");
                    sb.append((CharSequence) Hex.dump("", this.serverConnectionKeys.writeIV.getIV()));
                    return;
                }
                if (this.beingProtocolVersion.isChinaTLS11()) {
                    sb.append("\n... no IV derived for this protocol");
                } else {
                    sb.append("\n... no IV used for this cipher");
                }
            }
        } catch (GeneralSecurityException e) {
            throw new ProviderException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void throwSSLException(String str, Throwable th) throws SSLException {
        SSLException sSLException = new SSLException(str);
        sSLException.initCause(th);
        if (Debugger.handshaker.isDebugEnabled()) {
            th.printStackTrace();
            Debugger.handshaker.error(str, th);
        }
        throw sSLException;
    }

    private <T> void delegateTask(PrivilegedExceptionAction<T> privilegedExceptionAction) {
        this.delegatedTask = new DelegatedTask<>(privilegedExceptionAction);
        this.delegatedTaskFlag = false;
        this.thrown = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DelegatedTask<?> getTask() {
        if (this.delegatedTaskFlag) {
            return null;
        }
        this.delegatedTaskFlag = true;
        return this.delegatedTask;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean taskOutstanding() {
        return this.delegatedTask != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkThrown() throws SSLException {
        synchronized (this.thrownLock) {
            if (this.thrown != null) {
                String message = this.thrown.getMessage();
                if (message == null) {
                    message = "Delegated task threw Exception/Error";
                }
                Exception exc = this.thrown;
                this.thrown = null;
                if (exc instanceof RuntimeException) {
                    throw new RuntimeException(message, exc);
                }
                if (exc instanceof SSLHandshakeException) {
                    throw ((SSLHandshakeException) new SSLHandshakeException(message).initCause(exc));
                }
                if (exc instanceof SSLKeyException) {
                    throw ((SSLKeyException) new SSLKeyException(message).initCause(exc));
                }
                if (exc instanceof SSLPeerUnverifiedException) {
                    throw ((SSLPeerUnverifiedException) new SSLPeerUnverifiedException(message).initCause(exc));
                }
                if (!(exc instanceof SSLProtocolException)) {
                    throw new SSLException(message, exc);
                }
                throw ((SSLProtocolException) new SSLProtocolException(message).initCause(exc));
            }
        }
    }
}
