package com.ibm.ctgsslight;

import com.ibm.ctg.client.EPIRequest;
import com.ibm.ctg.client.GatewayReturnCodes;
import com.ibm.ims.ico.IMSXAProperties;
import java.io.IOException;
import java.math.BigInteger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:install/taderc99V60.zip:cicseci5101/connectorModule/ctgclient.jar:com/ibm/ctgsslight/SSLServer.class */
public class SSLServer extends SSLConnection {
    static final String JSKREL = new String("src/com/ibm/ctgsslight/src/SSLServer.java, Java_SSL.SSLight, jsk5a, jsk5a000906");
    static final String FILEVER = new String("1.21");
    static final String BUILDDATE = new String("00/09/14 07:29:59");
    static final int CERT_VERIFY = 32;
    static BigInteger[] RSAKey64;
    static BigInteger[] RSAKey128;

    private static synchronized BigInteger[] getEphemeralRSAKey(boolean z) {
        if (z) {
            if (RSAKey64 == null) {
                RSAKey64 = Util.util28(64, true, true);
            }
            return RSAKey64;
        }
        if (RSAKey128 == null) {
            RSAKey128 = Util.util28(128, true, true);
        }
        return RSAKey128;
    }

    @Override // com.ibm.ctgsslight.SSLConnection
    int install(boolean z) {
        if (z && this.handshake_state != 2) {
            return 0;
        }
        this.handshake_state = 2;
        if (z) {
            return sendHelloRequest();
        }
        return 0;
    }

    @Override // com.ibm.ctgsslight.SSLConnection
    boolean uninstall(boolean z) {
        return SSLSession.uninstall(this.session, this, z);
    }

    @Override // com.ibm.ctgsslight.SSLConnection
    int alert(byte b, byte b2) {
        if (b2 == 41 && this.context.handleNoPeerCertificate(this.correlator)) {
            return 0;
        }
        sendAlert((byte) 2, (byte) 40);
        return -1;
    }

    @Override // com.ibm.ctgsslight.SSLConnection
    int handshake(byte[] bArr, byte b, int i, int i2, int i3) {
        switch (b) {
            case 1:
                if ((2 & this.handshake_state) != 0) {
                    return clientHello(bArr, i, i2, i3);
                }
                break;
            case 11:
                if ((4 & this.handshake_state) != 0) {
                    return clientCertificate(bArr, i, i2);
                }
                break;
            case 15:
                if ((32 & this.handshake_state) != 0) {
                    return clientCertificateVerify(bArr, i, i2);
                }
                break;
            case 16:
                if ((8 & this.handshake_state) != 0) {
                    return clientKeyExchange(bArr, i, i2);
                }
                break;
            case 20:
                if ((16 & this.handshake_state) != 0) {
                    if (finished(bArr, i, i2) != 0) {
                        return -1;
                    }
                    SSLSession.install(this.session, this);
                    reset();
                    this.handshake_state = 2;
                    return 0;
                }
                break;
        }
        this.ssl_e = new SSLException(2, SSLException.PROTOCOLVIOLATION, bArr, i, i2);
        sendAlert((byte) 2, (byte) 10);
        return -1;
    }

    private int clientCertificateVerify(byte[] bArr, int i, int i2) {
        byte[] util23;
        boolean z;
        SSLCert sSLCert = this.session.peer_cert[0];
        int i3 = i2 - 4;
        int i4 = i + 4;
        int i5 = sSLCert.alg == 1 ? 1 : 0;
        int i6 = 47;
        byte[] bArr2 = new byte[20 + (i5 * 16)];
        handshakeHash(null, bArr2, 0, i5);
        if ((i5 == 1 ? sSLCert.keyL : 40) == i3 - 2) {
            i3 = Util.msbf(bArr, i4, 2);
            i4 += 2;
        }
        if (i5 == 1 && i3 == sSLCert.keyL && (util23 = Util.util23(false, 1, sSLCert.BigIntegerKey(), bArr, i4, i3)) != null && util23.length == 36) {
            int i7 = 0;
            int i8 = 0;
            int i9 = 36;
            while (true) {
                i9--;
                if (i9 < 0) {
                    z = true;
                    break;
                }
                int i10 = i7;
                i7++;
                int i11 = i8;
                i8++;
                if (util23[i10] != bArr2[i11]) {
                    z = false;
                    break;
                }
            }
            i6 = z ? 0 : 40;
        }
        if (i6 != 0) {
            this.ssl_e = new SSLException(2, SSLException.COULDNOTVALIDATESIGNATURE);
            sendAlert((byte) 2, (byte) i6);
            return -1;
        }
        this.handshake_state = 1;
        update();
        register(bArr, i, i2);
        return 0;
    }

    private int clientCertificate(byte[] bArr, int i, int i2) {
        if (certificate(bArr, i, i2) == -1) {
            return -1;
        }
        if ((SSLConnection.cipherSuite[this.session.cipher_suite & 255] & IMSXAProperties.RRS_RC_ATR_NOT_AVAILABLE) != 256) {
            if ((this.conn_cert[0].alg == 1) ^ (this.session.peer_cert[0].alg == 1)) {
                this.ssl_e = new SSLException(2, SSLException.CIPHERSUITEANDCERTIFICATEPUBLICKEYALGINCOMPATIBLE);
                sendAlert((byte) 2, (byte) 40);
                return -1;
            }
        }
        this.handshake_state = 8;
        register(bArr, i, i2);
        return 0;
    }

    private int clientKeyExchange(byte[] bArr, int i, int i2) {
        byte[] bArr2 = null;
        if ((SSLConnection.cipherSuite[this.session.cipher_suite & 255] & IMSXAProperties.RRS_RC_ATR_NOT_AVAILABLE) == 256) {
            BigInteger[] bigIntegerArr = this.key_exchange != null ? this.key_exchange : this.conn_key;
            int bitLength = (bigIntegerArr[0].bitLength() + 7) / 8;
            if (i2 - 4 == bitLength) {
                bArr2 = Util.util23(false, 2, bigIntegerArr, bArr, i + 4, bitLength);
                if (bArr2 == null) {
                    this.ssl_e = new SSLException(1, SSLException.SIGNATUREFORMATINCORRECT, bArr, i, i2);
                    this.fail_handshake = true;
                    bArr2 = new byte[48];
                } else if (bArr2.length != 48) {
                    this.ssl_e = new SSLException(1, SSLException.LENGTHTOOSHORT, bArr2, 0, bArr2.length);
                    this.fail_handshake = true;
                    byte[] bArr3 = new byte[48];
                    System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length > 48 ? 48 : bArr2.length);
                    bArr2 = bArr3;
                } else if (bArr2[0] != 3 || bArr2[1] != 0) {
                    this.ssl_e = new SSLException(1, SSLException.UNSUPPORTEDVERSION, bArr2, 0, 2);
                    this.fail_handshake = true;
                }
            } else {
                this.ssl_e = new SSLException(2, SSLException.SIGNATURELENGTHINCORRECT, bArr, i, i2);
            }
        }
        this.key_exchange = null;
        if (bArr2 == null) {
            sendAlert((byte) 2, (byte) 47);
            return -1;
        }
        byte[] bArr4 = new byte[48];
        blockHash(bArr2, bArr4, 0);
        this.session.master_secret = bArr4;
        if (this.session.peer_cert != null) {
            this.handshake_state = 32;
        } else {
            this.handshake_state = 1;
            update();
        }
        register(bArr, i, i2);
        return 0;
    }

    private int clientHello(byte[] bArr, int i, int i2, int i3) {
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        short[] sArr = null;
        if (i3 == 3) {
            int i4 = i2 - 4;
            int i5 = i + 4;
            if (i4 < 35) {
                this.ssl_e = new SSLException(1, SSLException.LENGTHTOOSHORT, bArr, i, i2);
            } else {
                if (bArr[i5] != 3 || bArr[i5 + 1] != 0) {
                    this.ssl_e = new SSLException(1, SSLException.UNSUPPORTEDVERSION, bArr, i, i2, i5 - i);
                    sendAlert((byte) 2, (byte) 40);
                    return -1;
                }
                int i6 = i5 + 2;
                peerRandom(bArr, i6, 32);
                int i7 = i6 + 32;
                int i8 = i4 - 34;
                int i9 = i7 + 1;
                int i10 = bArr[i7];
                int i11 = i8 - 1;
                if (i10 < 0 || i10 > 32 || i11 < i10) {
                    this.ssl_e = new SSLException(1, SSLException.LENGTHTOOSHORT, bArr, i, i2, i9 - i);
                } else {
                    if (i10 > 0) {
                        bArr2 = new byte[i10];
                        System.arraycopy(bArr, i9, bArr2, 0, i10);
                        i9 += i10;
                        i11 -= i10;
                    }
                    if (i11 >= 2) {
                        int msbf = Util.msbf(bArr, i9, 2);
                        int i12 = i9 + 2;
                        int i13 = i11 - 2;
                        if (msbf % 2 != 0 || msbf < 2 || msbf > 65535 || i13 < msbf) {
                            this.ssl_e = new SSLException(1, SSLException.LENGTHTOOSHORT, bArr, i, i2, i12 - i);
                        } else {
                            sArr = new short[msbf / 2];
                            int i14 = 0;
                            while (i14 < msbf / 2) {
                                sArr[i14] = (short) Util.msbf(bArr, i12, 2);
                                i14++;
                                i12 += 2;
                            }
                            int i15 = i13 - msbf;
                            if (i15 >= 1) {
                                int i16 = i12;
                                int i17 = i12 + 1;
                                int i18 = bArr[i16];
                                int i19 = i15 - 1;
                                if (i18 >= 1 && i18 <= 255 && i19 >= i18 && bArr[i17] != 0) {
                                    bArr3 = new byte[i18];
                                    System.arraycopy(bArr, i17, bArr3, 0, i18);
                                }
                            }
                        }
                    } else {
                        this.ssl_e = new SSLException(2, SSLException.NOCIPHERSUITESPECIFIED);
                    }
                }
            }
        } else {
            if (bArr[1] != 3 || bArr[1 + 1] != 0) {
                this.ssl_e = new SSLException(1, SSLException.UNSUPPORTEDVERSION, bArr, 0, i2, 1);
                sendAlert((byte) 2, (byte) 40);
                return -1;
            }
            int i20 = 1 + 2;
            int i21 = 0;
            int i22 = i2 - 3;
            if (i22 >= 6) {
                int msbf2 = Util.msbf(bArr, i20, 2);
                int msbf3 = Util.msbf(bArr, i20 + 2, 2);
                int msbf4 = Util.msbf(bArr, i20 + 4, 2);
                int i23 = i20 + 6;
                int i24 = i22 - 6;
                if (i24 == msbf2 + msbf3 + msbf4) {
                    if (msbf2 == 0 || msbf2 % 3 != 0 || (!(msbf3 == 0 || msbf3 == 16) || msbf4 < 16)) {
                        this.ssl_e = new SSLException(1, SSLException.INCOMPATIBLELENGTHS, bArr, i, i2);
                    } else {
                        for (int i25 = 0; i25 < msbf2; i25 += 3) {
                            if ((Util.msbf(bArr, i23 + i25, 3) & 16711680) == 0) {
                                i21++;
                            }
                        }
                        if (i21 != 0) {
                            sArr = new short[i21];
                            int i26 = 0;
                            for (int i27 = 0; i27 < msbf2; i27 += 3) {
                                int msbf5 = Util.msbf(bArr, i23 + i27, 3);
                                if ((msbf5 & 16711680) == 0) {
                                    int i28 = i26;
                                    i26++;
                                    sArr[i28] = (short) (msbf5 & EPIRequest.EPI_TERM_INDEX_NONE);
                                }
                            }
                            int i29 = i23 + msbf2;
                            int i30 = i24 - msbf2;
                            if (msbf3 != 0) {
                                bArr2 = new byte[msbf3];
                                System.arraycopy(bArr, i29, bArr2, 0, msbf3);
                                i29 += msbf3;
                                int i31 = i30 - msbf3;
                            }
                            peerRandom(bArr, i29, msbf4);
                        } else {
                            this.ssl_e = new SSLException(2, SSLException.UNSUPPORTEDCIPHERSUITE, bArr, i, i2, i23);
                        }
                    }
                } else if (i24 < msbf2 + msbf3 + msbf4) {
                    this.ssl_e = new SSLException(1, SSLException.LENGTHTOOSHORT, bArr, i, i2);
                } else if (i24 > msbf2 + msbf3 + msbf4) {
                    this.ssl_e = new SSLException(1, SSLException.LENGTHTOOLONG, bArr, i, i2);
                }
            } else {
                this.ssl_e = new SSLException(1, SSLException.LENGTHTOOSHORT, bArr, i, i2);
            }
        }
        if (sArr == null) {
            sendAlert((byte) 2, (byte) 47);
            return -1;
        }
        register(bArr, i, i2);
        SSLSession sSLSession = null;
        byte b = 0;
        short s = 0;
        int i32 = 0;
        byte[] bArr4 = null;
        try {
            if (bArr2 != null) {
                SSLSession resume = SSLSession.resume(bArr2, this.context.context_id, bArr3, sArr);
                sSLSession = resume;
                if (resume != null) {
                    if (this.session != null && this.session != sSLSession) {
                        SSLSession.uninstall(this.session, this, true);
                    }
                    this.session = sSLSession;
                    b = this.session.compression_method;
                    s = this.session.cipher_suite;
                }
            } else if (this.session != null) {
                SSLSession.uninstall(this.session, this, false);
                this.session = null;
            }
            if (this.session == null) {
                if (bArr3 != null) {
                    int i33 = 0;
                    while (true) {
                        if (this.context.cm_list == null || i33 >= bArr3.length) {
                            break;
                        }
                        int i34 = 0;
                        while (i34 < this.context.cm_list.length && bArr3[i33] != this.context.cm_list[i34]) {
                            i34++;
                        }
                        if (i34 != this.context.cm_list.length) {
                            b = bArr3[i33];
                            break;
                        }
                        i33++;
                    }
                    if (i33 == bArr3.length) {
                        throw new SSLException(2, SSLException.UNSUPPORTEDCOMPRESSIONMETHOD, bArr, i, i2);
                    }
                }
                s = -1;
                if (sArr != null && this.context.cs_list != null) {
                    int i35 = 0;
                    while (true) {
                        if (i35 >= sArr.length) {
                            break;
                        }
                        int i36 = 0;
                        while (i36 < this.context.cs_list.length && sArr[i35] != this.context.cs_list[i36]) {
                            i36++;
                        }
                        if (i36 != this.context.cs_list.length) {
                            s = sArr[i35];
                            break;
                        }
                        i35++;
                    }
                }
                if (s == -1) {
                    throw new SSLException(2, SSLException.UNSUPPORTEDCIPHERSUITE, bArr, i, i2);
                }
                int i37 = SSLConnection.cipherSuite[s & 255];
                i32 = i37;
                if ((i37 & (-65536)) != 0) {
                    Object cert = this.context.getCert(i32, null, 0, 0, this.correlator);
                    if (cert instanceof Boolean) {
                        throw new SSLException(2, SSLException.COULDNOTSATISFYREQUESTEDCIPHERSUITE);
                    }
                    Object[] objArr = (Object[]) cert;
                    this.conn_cert = (SSLCert[]) objArr[0];
                    this.conn_key = (BigInteger[]) objArr[1];
                }
                this.session = new SSLSession(this.context.context_id, b, s, this.context.timeout[1]);
                if (this.conn_cert != null && this.context.clientAuthentication) {
                    byte[] auth = this.context.getAuth(i32);
                    bArr4 = auth;
                    if (auth == null) {
                        throw new SSLException(2, SSLException.CLIENTAUTHENTICATIONINVALIDWITHANONYMOUSSERVER);
                    }
                }
            }
            if (sendServerHello(b, s) == -1) {
                return -1;
            }
            if (sSLSession != null) {
                update();
                this.handshake_state = 1;
                return sendFinished(true);
            }
            if (this.conn_cert != null && sendCertificate() == -1) {
                return -1;
            }
            if ((i32 & IMSXAProperties.RRS_RC_ATR_NOT_AVAILABLE) == 256 && (this.conn_cert[0].alg != 1 || ((i32 & GatewayReturnCodes.ERROR_BASE) != 0 && this.conn_cert[0].keyL > 64))) {
                this.key_exchange = getEphemeralRSAKey((i32 & GatewayReturnCodes.ERROR_BASE) != 0);
            }
            if (this.key_exchange != null && sendServerKeyExchange() == -1) {
                return -1;
            }
            this.handshake_state = 8;
            if (bArr4 != null) {
                if (sendCertificateRequest(bArr4) == -1) {
                    return -1;
                }
                this.handshake_state |= 4;
            }
            return sendServerHelloDone();
        } catch (SSLException e) {
            this.ssl_e = e;
            sendAlert((byte) 2, (byte) 40);
            return -1;
        } catch (Exception e2) {
            this.ssl_e = new SSLException(8, SSLException.EXCEPTIONOCCURRED, e2);
            sendAlert((byte) 2, (byte) 40);
            return -1;
        }
    }

    private int sendServerKeyExchange() {
        int i = 0;
        int i2 = 0;
        int i3 = SSLConnection.cipherSuite[this.session.cipher_suite & 255];
        SSLCert sSLCert = null;
        if (this.conn_cert != null && this.conn_cert[0] != null) {
            SSLCert sSLCert2 = this.conn_cert[0];
            sSLCert = sSLCert2;
            i2 = sSLCert2.alg == 12 ? 40 : this.conn_cert[0].keyL;
        }
        int i4 = i2 + 2;
        do {
            if (i != 1 || (i3 & IMSXAProperties.RRS_RC_ATR_NOT_AVAILABLE) != 256) {
                i4 += 3 + (this.key_exchange[i].bitLength() / 8);
            }
            i++;
        } while (i < 3);
        int register = register(null, 0, 4 + i4);
        int i5 = register + 4;
        byte[] bArr = this.handshake;
        int i6 = 0;
        do {
            if (i6 != 1 || (i3 & IMSXAProperties.RRS_RC_ATR_NOT_AVAILABLE) != 256) {
                byte[] byteArray = this.key_exchange[i6].toByteArray();
                int length = byteArray.length;
                int i7 = i5;
                int i8 = 2;
                do {
                    int i9 = i7;
                    i7++;
                    i8--;
                    bArr[i9] = (byte) (length >>> (i8 * 8));
                } while (i8 > 0);
                int i10 = i5 + 2;
                System.arraycopy(byteArray, 0, bArr, i10, length);
                i5 = i10 + length;
            }
            i6++;
        } while (i6 < 3);
        int i11 = i5;
        int i12 = 2;
        do {
            int i13 = i11;
            i11++;
            i12--;
            bArr[i13] = (byte) (i2 >>> (i12 * 8));
        } while (i12 > 0);
        int i14 = i5 + 2;
        if (this.conn_cert != null) {
            paramHash(bArr, register + 4, i4 - (2 + i2), bArr, i14, sSLCert.alg == 1 ? 1 : 0);
            if (sSLCert.alg == 1) {
                System.arraycopy(Util.util23(true, 1, this.conn_key, bArr, i14, 36), 0, bArr, i14, i2);
            }
        }
        return sendHandshake((byte) 12, bArr, register, i4, false);
    }

    private int sendHelloRequest() {
        return sendHandshake((byte) 0, new byte[4], 0, 0, true);
    }

    private int sendServerHello(byte b, short s) {
        this.out.enable(false);
        byte length = this.session.session_id != null ? (byte) this.session.session_id.length : (byte) 0;
        helloRandom();
        int i = 35 + length + 2 + 1;
        int register = register(null, 0, 4 + i);
        int i2 = register + 4;
        byte[] bArr = this.handshake;
        bArr[i2] = 3;
        bArr[i2 + 1] = 0;
        System.arraycopy(this.random[1], 0, bArr, i2 + 2, 32);
        int i3 = i2 + 34;
        int i4 = i3 + 1;
        bArr[i3] = length;
        if (length != 0) {
            System.arraycopy(this.session.session_id, 0, bArr, i4, length);
            i4 += length;
        }
        int i5 = i4;
        int i6 = 2;
        do {
            int i7 = i5;
            i5++;
            i6--;
            bArr[i7] = (byte) (s >>> (i6 * 8));
        } while (i6 > 0);
        bArr[i4 + 2] = b;
        return sendHandshake((byte) 2, bArr, register, i, false);
    }

    private int sendServerHelloDone() {
        return sendHandshake((byte) 14, this.handshake, register(null, 0, 4), 0, true);
    }

    private int sendCertificateRequest(byte[] bArr) {
        int msbf = (Util.msbf(bArr, 3, 2) + 5) - 1;
        int register = register(null, 0, 4 + msbf);
        System.arraycopy(bArr, 1, this.handshake, register + 4, msbf);
        if (1 != 0) {
            this.handshake[register + 5] = (byte) (this.conn_cert[0].alg == 1 ? 1 : 2);
        }
        return sendHandshake((byte) 13, this.handshake, register, msbf, false);
    }

    @Override // com.ibm.ctgsslight.SSLConnection
    final boolean shouldUseStepup(SSLCert[] sSLCertArr) {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLServer(SSLGenSock sSLGenSock, boolean z, SSLContext sSLContext, boolean z2, Object obj) throws IOException, SSLException {
        install(sSLGenSock, z, 1, sSLContext, z2, obj);
    }
}
