package com.enterprisedt.net.puretls;

import com.enterprisedt.bouncycastle.tls.TlsUtils;
import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.net.puretls.crypto.Blindable;
import com.enterprisedt.net.puretls.crypto.DHPrivateKey;
import com.enterprisedt.net.puretls.crypto.DHPublicKey;
import com.enterprisedt.net.puretls.crypto.PKCS1Pad;
import com.hierynomus.sshj.common.KeyAlgorithm;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.Key;
import xjava.security.Cipher;
import xjava.security.interfaces.CryptixRSAPrivateKey;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class i extends r {

    /* renamed from: a, reason: collision with root package name */
    z f27698a = new z(-65535);

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    @Override // com.enterprisedt.net.puretls.r
    public int a(j jVar, InputStream inputStream) throws IOException {
        int a10;
        byte[] bArr;
        Key key;
        int c7 = jVar.f27700A.f27523m.c();
        if (c7 != 1) {
            if (c7 != 2) {
                throw new InternalError("Inconsistent algorithm");
            }
            if (jVar.f27702b >= 769) {
                a10 = this.f27698a.a(jVar, inputStream);
                bArr = this.f27698a.f27811b;
            } else {
                byte[] bArr2 = new byte[512];
                a10 = inputStream.read(bArr2);
                if (a10 < 0) {
                    throw new SSLException("Short RSA key");
                }
                byte[] bArr3 = new byte[a10];
                System.arraycopy(bArr2, 0, bArr3, 0, a10);
                bArr = bArr3;
            }
            try {
                Cipher cipher = Cipher.getInstance("RSABlind", Cryptix.PROVIDER_NAME);
                SSLHandshake sSLHandshake = jVar.f27700A;
                Key key2 = sSLHandshake.f27533w;
                if (key2 == null) {
                    key2 = jVar.f27704d.c();
                    key = jVar.f27704d.d();
                } else {
                    key = sSLHandshake.f27534x;
                }
                cipher.initDecrypt(key2);
                ((Blindable) cipher).setBlindingInfo(jVar.f27700A.f27518h, (CryptixRSAPublicKey) key);
                jVar.f27700A.f27527q = PKCS1Pad.pkcs1UnpadBuf(cipher.crypt(bArr), 1, (CryptixRSAPrivateKey) key2);
            } catch (Exception unused) {
                jVar.f27700A.f27527q = new byte[48];
                SSLDebug.debug(8, "Bad padding. Randomizing PMS");
                jVar.f27704d.f27500h.nextBytes(jVar.f27700A.f27527q);
            }
            if (jVar.f27700A.f27527q.length != 48) {
                throw new Exception("Bad PMS length");
            }
            SSLDebug.debug(8, "Checking client offered version against RSA block for rollback " + jVar.f27700A.f27535y);
            SSLHandshake sSLHandshake2 = jVar.f27700A;
            byte[] bArr4 = sSLHandshake2.f27527q;
            byte b10 = bArr4[0];
            int i10 = sSLHandshake2.f27535y;
            if (b10 == ((i10 >> 8) & 255)) {
                if (bArr4[1] != (i10 & 255)) {
                }
            }
            if (b10 != 3 || bArr4[1] != 0 || i10 != 769 || jVar.f27702b != 768) {
                throw new Exception("Bad PMS version number");
            }
            SSLDebug.debug(8, "Accepting rollback to SSLv3 from TLS since this is a common SSLv3/TLS bug");
            return a10;
        }
        a10 = this.f27698a.a(jVar, inputStream);
        jVar.f27700A.f27531u = new DHPublicKey(new BigInteger(1, this.f27698a.f27811b));
        SSLHandshake sSLHandshake3 = jVar.f27700A;
        sSLHandshake3.f27527q = sSLHandshake3.f27532v.keyAgree((DHPublicKey) sSLHandshake3.f27531u, false);
        return a10;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // com.enterprisedt.net.puretls.r
    public int a(j jVar, OutputStream outputStream) throws IOException {
        int c7 = jVar.f27700A.f27523m.c();
        if (c7 == 1) {
            DHPublicKey dHPublicKey = (DHPublicKey) jVar.f27700A.f27531u;
            DHPrivateKey dHPrivateKey = DHPrivateKey.getInstance();
            dHPrivateKey.initPrivateKey(dHPublicKey.getg(), dHPublicKey.getp(), jVar.f27700A.f27518h);
            this.f27698a.f27811b = dHPrivateKey.getYBytes();
            jVar.f27700A.f27527q = dHPrivateKey.keyAgree(dHPublicKey, true);
            return this.f27698a.a(jVar, outputStream);
        }
        if (c7 != 2) {
            if (c7 != 3) {
                throw new InternalError("Inconsistent algorithm");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            TlsUtils.writeOpaque8(jVar.f27700A.f27529s.generateEphemeral(), byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            outputStream.write(byteArray);
            jVar.f27700A.f27527q = jVar.f27700A.f27529s.calculateSecret().extract();
            return byteArray.length;
        }
        try {
            SSLHandshake sSLHandshake = jVar.f27700A;
            byte[] bArr = new byte[48];
            sSLHandshake.f27527q = bArr;
            sSLHandshake.f27518h.nextBytes(bArr);
            byte[] bArr2 = jVar.f27700A.f27527q;
            int i10 = 0;
            bArr2[0] = 3;
            bArr2[1] = (byte) (jVar.f27703c & 255);
            Cipher cipher = Cipher.getInstance(KeyAlgorithm.RSA, Cryptix.PROVIDER_NAME);
            SSLHandshake sSLHandshake2 = jVar.f27700A;
            if (sSLHandshake2.f27531u == null) {
                sSLHandshake2.f27531u = sSLHandshake2.f27530t;
            }
            cipher.initEncrypt(sSLHandshake2.f27531u);
            SSLHandshake sSLHandshake3 = jVar.f27700A;
            byte[] pkcs1PadBuf = PKCS1Pad.pkcs1PadBuf(sSLHandshake3.f27518h, sSLHandshake3.f27527q, sSLHandshake3.f27531u);
            SSLDebug.debug(8, "RSA input", pkcs1PadBuf);
            byte[] crypt = cipher.crypt(pkcs1PadBuf);
            this.f27698a.f27811b = crypt;
            SSLDebug.debug(8, "PreMasterSecret", jVar.f27700A.f27527q);
            SSLDebug.debug(8, "EncryptedPreMasterSecret", crypt);
            if (jVar.f27702b >= 769) {
                return this.f27698a.a(jVar, outputStream);
            }
            outputStream.write(crypt);
            if (crypt != null) {
                i10 = crypt.length;
            }
            return i10;
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new InternalError(e3.toString());
        }
    }
}
