package cn.gmssl.sun.security.ssl;

import cn.gmssl.com.jsse.SM2CertUtil;
import cn.gmssl.crypto.impl.sm2.SM2Util;
import cn.gmssl.jsse.provider.GMConf;
import cn.gmssl.security.util.SecurityConstants;
import cn.gmssl.sun.security.ssl.CipherSuite;
import cn.gmssl.sun.security.ssl.HandshakeMessage;
import com.umeng.analytics.pro.d;
import java.io.IOException;
import java.io.PrintStream;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.Vector;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class ServerHandshaker extends Handshaker {
    private static /* synthetic */ int[] $SWITCH_TABLE$cn$gmssl$sun$security$ssl$CipherSuite$KeyExchange;
    private X509Certificate[] certs;
    private ProtocolVersion clientRequestedVersion;
    private DHCrypt dh;
    private byte doClientAuth;
    private ECDHCrypt ecdh;
    private X509Certificate[] encCerts;
    private byte[] encIdLocal;
    private byte[] encIdRemote;
    private PrivateKey encPrivateKey;
    private byte[] idLocal;
    private byte[] idRemote;
    private SecretKey[] kerberosKeys;
    private boolean needClientVerify;
    SignatureAndHashAlgorithm preferableSignatureAlgorithm;
    private PrivateKey privateKey;
    public boolean single;
    private SM2Crypt sm2;
    private SupportedEllipticCurvesExtension supportedCurves;
    private PrivateKey tempPrivateKey;
    private PublicKey tempPublicKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class SuiteComparator implements Comparator {
        SuiteComparator() {
        }

        @Override // java.util.Comparator
        public int compare(Object obj, Object obj2) {
            CipherSuite cipherSuite = (CipherSuite) obj;
            CipherSuite cipherSuite2 = (CipherSuite) obj2;
            if (cipherSuite.name.indexOf("SM4") != -1 && cipherSuite2.name.indexOf("SM4") == -1) {
                return -1;
            }
            if (cipherSuite.name.indexOf("SM4") != -1 || cipherSuite2.name.indexOf("SM4") == -1) {
                return cipherSuite.name.compareTo(cipherSuite2.name);
            }
            return 1;
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$cn$gmssl$sun$security$ssl$CipherSuite$KeyExchange() {
        int[] iArr = $SWITCH_TABLE$cn$gmssl$sun$security$ssl$CipherSuite$KeyExchange;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[CipherSuite.KeyExchange.valuesCustom().length];
        try {
            iArr2[CipherSuite.KeyExchange.K_DHE_DSS.ordinal()] = 6;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_DHE_RSA.ordinal()] = 7;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_DH_ANON.ordinal()] = 8;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_DH_DSS.ordinal()] = 5;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_DH_RSA.ordinal()] = 4;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_ECC.ordinal()] = 15;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_ECDHE_ECDSA.ordinal()] = 11;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_ECDHE_RSA.ordinal()] = 12;
        } catch (NoSuchFieldError unused8) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_ECDH_ANON.ordinal()] = 13;
        } catch (NoSuchFieldError unused9) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_ECDH_ECDSA.ordinal()] = 9;
        } catch (NoSuchFieldError unused10) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_ECDH_RSA.ordinal()] = 10;
        } catch (NoSuchFieldError unused11) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_KRB5.ordinal()] = 16;
        } catch (NoSuchFieldError unused12) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_KRB5_EXPORT.ordinal()] = 17;
        } catch (NoSuchFieldError unused13) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_NULL.ordinal()] = 1;
        } catch (NoSuchFieldError unused14) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_RSA.ordinal()] = 2;
        } catch (NoSuchFieldError unused15) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_RSA_EXPORT.ordinal()] = 3;
        } catch (NoSuchFieldError unused16) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_SCSV.ordinal()] = 18;
        } catch (NoSuchFieldError unused17) {
        }
        try {
            iArr2[CipherSuite.KeyExchange.K_SM2_SM2.ordinal()] = 14;
        } catch (NoSuchFieldError unused18) {
        }
        $SWITCH_TABLE$cn$gmssl$sun$security$ssl$CipherSuite$KeyExchange = iArr2;
        return iArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerHandshaker(SSLEngineImpl sSLEngineImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, byte b, ProtocolVersion protocolVersion, boolean z, boolean z2, byte[] bArr, byte[] bArr2) {
        super(sSLEngineImpl, sSLContextImpl, protocolList, b != 0, false, protocolVersion, z, z2, bArr, bArr2);
        this.needClientVerify = false;
        this.idLocal = null;
        this.idRemote = null;
        this.encIdLocal = null;
        this.encIdRemote = null;
        this.single = System.getProperty("record.single_msg") != null;
        this.doClientAuth = b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerHandshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, byte b, ProtocolVersion protocolVersion, boolean z, boolean z2, byte[] bArr, byte[] bArr2) {
        super(sSLSocketImpl, sSLContextImpl, protocolList, b != 0, false, protocolVersion, z, z2, bArr, bArr2);
        this.needClientVerify = false;
        this.idLocal = null;
        this.idRemote = null;
        this.encIdLocal = null;
        this.encIdRemote = null;
        this.single = System.getProperty("record.single_msg") != null;
        this.doClientAuth = b;
    }

    private void chooseCipherSuite(HandshakeMessage.ClientHello clientHello) throws IOException {
        PrintStream printStream;
        StringBuilder sb;
        String str;
        String sb2;
        if (GMConf.debug) {
            System.out.println("chooseCipherSuite...");
        }
        int i = 0;
        Iterator<CipherSuite> it = clientHello.getCipherSuites().collection().iterator();
        Vector vector = new Vector();
        while (it.hasNext()) {
            vector.addElement(it.next());
        }
        Collections.sort(vector, new SuiteComparator());
        Iterator it2 = vector.iterator();
        while (it2.hasNext()) {
            CipherSuite cipherSuite = (CipherSuite) it2.next();
            if (GMConf.debug) {
                System.out.println("chooseCipherSuite suite" + i + "=" + cipherSuite);
                i++;
            }
            if (isNegotiable(cipherSuite)) {
                if (GMConf.debug) {
                    System.out.println("chooseCipherSuite suite2");
                }
                if (this.doClientAuth != 2 || (cipherSuite.keyExchange != CipherSuite.KeyExchange.K_DH_ANON && cipherSuite.keyExchange != CipherSuite.KeyExchange.K_ECDH_ANON)) {
                    if (GMConf.debug) {
                        System.out.println("chooseCipherSuite suite3");
                    }
                    if (trySetCipherSuite(cipherSuite)) {
                        return;
                    }
                    if (GMConf.debug) {
                        printStream = System.out;
                        sb2 = "suite" + i + "=" + cipherSuite + " continue3";
                    }
                } else if (GMConf.debug) {
                    printStream = System.out;
                    sb = new StringBuilder("chooseCipherSuite suite");
                    sb.append(i);
                    sb.append("=");
                    sb.append(cipherSuite);
                    str = " continue2";
                    sb.append(str);
                    sb2 = sb.toString();
                }
            } else if (GMConf.debug) {
                printStream = System.out;
                sb = new StringBuilder("chooseCipherSuite suite");
                sb.append(i);
                sb.append("=");
                sb.append(cipherSuite);
                str = " continue1";
                sb.append(str);
                sb2 = sb.toString();
            }
            printStream.println(sb2);
        }
        fatalSE((byte) 40, "no cipher suites in common");
    }

    private void clientCertificate(HandshakeMessage.CertificateMsg certificateMsg) throws IOException {
        String str;
        if (debug != null && Debug.isOn("handshake")) {
            certificateMsg.print(System.out);
        }
        X509Certificate[] certificateChain = certificateMsg.getCertificateChain();
        if (certificateChain.length == 0) {
            if (this.doClientAuth == 1) {
                if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
                    this.handshakeHash.setCertificateVerifyAlg(null);
                    return;
                }
                return;
            }
            fatalSE((byte) 42, "null cert chain");
        }
        X509TrustManager x509TrustManager = this.sslContext.getX509TrustManager();
        try {
            String algorithm = certificateChain[0].getPublicKey().getAlgorithm();
            str = algorithm.equals("RSA") ? "RSA" : algorithm.equals("DSA") ? "DSA" : algorithm.equals("EC") ? "EC" : "UNKNOWN";
        } catch (CertificateException e) {
            fatalSE((byte) 46, e);
        }
        if (!(x509TrustManager instanceof X509ExtendedTrustManager)) {
            throw new CertificateException("Improper X509TrustManager implementation");
        }
        if (this.conn == null) {
            ((X509ExtendedTrustManager) x509TrustManager).checkClientTrusted((X509Certificate[]) certificateChain.clone(), str, this.engine);
        }
        this.needClientVerify = true;
        this.session.setPeerCertificates(certificateChain);
        this.idRemote = SM2Util.getId(certificateChain[0], this.protocolVersion.minor);
        if (this.protocolVersion.major == 1) {
            this.encIdRemote = SM2Util.getId(certificateChain[1], this.protocolVersion.minor);
        }
    }

    private void clientCertificateVerify(HandshakeMessage.CertificateVerify certificateVerify) throws IOException {
        if (debug != null && Debug.isOn("handshake")) {
            certificateVerify.print(System.out);
        }
        if (this.protocolVersion.v >= ProtocolVersion.TLS12.v) {
            SignatureAndHashAlgorithm preferableSignatureAlgorithm = certificateVerify.getPreferableSignatureAlgorithm();
            if (preferableSignatureAlgorithm == null) {
                throw new SSLHandshakeException("Illegal CertificateVerify message");
            }
            String hashAlgorithmName = SignatureAndHashAlgorithm.getHashAlgorithmName(preferableSignatureAlgorithm);
            if (hashAlgorithmName == null || hashAlgorithmName.length() == 0) {
                throw new SSLHandshakeException("No supported hash algorithm");
            }
            this.handshakeHash.setCertificateVerifyAlg(hashAlgorithmName);
        }
        try {
            if (!certificateVerify.verify(this.protocolVersion, this.handshakeHash, this.session.getPeerCertificates()[0].getPublicKey(), this.session.getMasterSecret(), this.cipherSuite.name, this.idRemote)) {
                fatalSE((byte) 42, "certificate verify message signature error");
            }
        } catch (GeneralSecurityException e) {
            fatalSE((byte) 42, "certificate verify format error", e);
        }
        this.needClientVerify = false;
    }

    private void clientFinished(HandshakeMessage.Finished finished) throws IOException {
        PrintStream printStream;
        StringBuilder sb;
        if (debug != null && Debug.isOn("handshake")) {
            finished.print(System.out);
        }
        if (this.doClientAuth == 2) {
            this.session.getPeerPrincipal();
        }
        if (this.needClientVerify) {
            fatalSE((byte) 40, "client did not send certificate verify message");
        }
        if (!finished.verify(this.handshakeHash, 1, this.session.getMasterSecret())) {
            fatalSE((byte) 40, "client 'finished' message doesn't verify");
        }
        if (this.secureRenegotiation) {
            this.clientVerifyData = finished.getVerifyData();
        }
        if (!this.resumingSession) {
            this.input.digestNow();
            sendChangeCipherAndFinish(true);
        }
        this.session.setLastAccessedTime(System.currentTimeMillis());
        if (!this.resumingSession && this.session.isRejoinable()) {
            ((SSLSessionContextImpl) this.sslContext.engineGetServerSessionContext()).put(this.session);
            if (debug == null || !Debug.isOn(d.aw)) {
                return;
            }
            printStream = System.out;
            sb = new StringBuilder("%% Cached server session: ");
        } else {
            if (this.resumingSession || debug == null || !Debug.isOn(d.aw)) {
                return;
            }
            printStream = System.out;
            sb = new StringBuilder("%% Didn't cache non-resumable server session: ");
        }
        sb.append(this.session);
        printStream.println(sb.toString());
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:180:0x040d. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:188:0x0534  */
    /* JADX WARN: Removed duplicated region for block: B:196:0x054f  */
    /* JADX WARN: Removed duplicated region for block: B:223:0x05dc  */
    /* JADX WARN: Removed duplicated region for block: B:230:0x05ce  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void clientHello(cn.gmssl.sun.security.ssl.HandshakeMessage.ClientHello r18) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1554
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: cn.gmssl.sun.security.ssl.ServerHandshaker.clientHello(cn.gmssl.sun.security.ssl.HandshakeMessage$ClientHello):void");
    }

    private SecretKey clientKeyExchange(DHClientKeyExchange dHClientKeyExchange) throws IOException {
        if (debug != null && Debug.isOn("handshake")) {
            dHClientKeyExchange.print(System.out);
        }
        return this.dh.getAgreedSecret(dHClientKeyExchange.getClientPublicKey());
    }

    private SecretKey clientKeyExchange(ECCClientKeyExchange eCCClientKeyExchange) throws IOException {
        if (debug != null && Debug.isOn("handshake")) {
            eCCClientKeyExchange.print(System.out);
        }
        return eCCClientKeyExchange.preMaster;
    }

    private SecretKey clientKeyExchange(ECDHClientKeyExchange eCDHClientKeyExchange) throws IOException {
        if (debug != null && Debug.isOn("handshake")) {
            eCDHClientKeyExchange.print(System.out);
        }
        return this.ecdh.getAgreedSecret(eCDHClientKeyExchange.getEncodedPoint());
    }

    private SecretKey clientKeyExchange(KerberosClientKeyExchange kerberosClientKeyExchange) throws IOException {
        if (debug != null && Debug.isOn("handshake")) {
            kerberosClientKeyExchange.print(System.out);
        }
        this.session.setPeerPrincipal(kerberosClientKeyExchange.getPeerPrincipal());
        this.session.setLocalPrincipal(kerberosClientKeyExchange.getLocalPrincipal());
        return new SecretKeySpec(kerberosClientKeyExchange.getUnencryptedPreMasterSecret(), "TlsPremasterSecret");
    }

    private SecretKey clientKeyExchange(RSAClientKeyExchange rSAClientKeyExchange) throws IOException {
        if (debug != null && Debug.isOn("handshake")) {
            rSAClientKeyExchange.print(System.out);
        }
        return rSAClientKeyExchange.preMaster;
    }

    private SecretKey clientKeyExchange(SM2ClientKeyExchange sM2ClientKeyExchange) throws IOException {
        if (debug != null && Debug.isOn("handshake")) {
            sM2ClientKeyExchange.print(System.out);
        }
        this.sm2.setPeerPublicKey(this.session.getPeerCertificateChain()[1].getPublicKey());
        this.sm2.sb = this.sb;
        return this.sm2.getAgreedSecret(sM2ClientKeyExchange.getEncodedPoint(), this.encIdLocal, this.encIdRemote);
    }

    private void flushRecord() throws IOException {
        if (this.single) {
            this.output.flush();
        }
    }

    private void sendChangeCipherAndFinish(boolean z) throws IOException {
        this.output.flush();
        HandshakeMessage.Finished finished = new HandshakeMessage.Finished(this.protocolVersion, this.handshakeHash, 2, this.session.getMasterSecret(), this.cipherSuite);
        sendChangeCipherSpec(finished, z);
        if (this.secureRenegotiation) {
            this.serverVerifyData = finished.getVerifyData();
        }
        if (z) {
            this.state = 20;
        }
    }

    private void setupEphemeralDHKeys(boolean z) {
        this.dh = new DHCrypt(z ? 512 : 768, this.sslContext.getSecureRandom());
    }

    private boolean setupEphemeralECDHKeys() {
        int i;
        if (this.protocolVersion.major == 1) {
            i = 23;
        } else {
            SupportedEllipticCurvesExtension supportedEllipticCurvesExtension = this.supportedCurves;
            if (supportedEllipticCurvesExtension != null) {
                int[] curveIds = supportedEllipticCurvesExtension.curveIds();
                int length = curveIds.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length) {
                        i = -1;
                        break;
                    }
                    int i3 = curveIds[i2];
                    if (SupportedEllipticCurvesExtension.isSupported(i3)) {
                        i = i3;
                        break;
                    }
                    i2++;
                }
                if (i < 0) {
                    return false;
                }
            } else {
                i = SupportedEllipticCurvesExtension.DEFAULT.curveIds()[0];
            }
        }
        this.ecdh = new ECDHCrypt(SupportedEllipticCurvesExtension.getCurveOid(i), this.sslContext.getSecureRandom());
        return true;
    }

    private boolean setupEphemeralRSAKeys(boolean z) {
        KeyPair rSAKeyPair = this.sslContext.getEphemeralKeyManager().getRSAKeyPair(z, this.sslContext.getSecureRandom());
        if (rSAKeyPair == null) {
            return false;
        }
        this.tempPublicKey = rSAKeyPair.getPublic();
        this.tempPrivateKey = rSAKeyPair.getPrivate();
        return true;
    }

    private boolean setupEphemeralSM2Keys() {
        this.idLocal = SM2Util.getId(this.certs[0], this.protocolVersion.minor);
        this.encIdLocal = SM2Util.getId(this.encCerts[0], this.protocolVersion.minor);
        this.sm2 = new SM2Crypt(this.encCerts[0].getPublicKey(), this.encPrivateKey, this.sslContext.getSecureRandom(), true);
        return true;
    }

    private boolean setupKerberosKeys() {
        if (this.kerberosKeys != null) {
            return true;
        }
        try {
            final AccessControlContext accSE = getAccSE();
            SecretKey[] secretKeyArr = (SecretKey[]) AccessController.doPrivileged(new PrivilegedExceptionAction<SecretKey[]>() { // from class: cn.gmssl.sun.security.ssl.ServerHandshaker.2
                @Override // java.security.PrivilegedExceptionAction
                public SecretKey[] run() throws Exception {
                    return Krb5Helper.getServerKeys(accSE);
                }
            });
            this.kerberosKeys = secretKeyArr;
            if (secretKeyArr != null && secretKeyArr.length > 0) {
                if (debug != null && Debug.isOn("handshake")) {
                    for (SecretKey secretKey : this.kerberosKeys) {
                        System.out.println("Using Kerberos key: " + secretKey);
                    }
                }
                String serverPrincipalName = Krb5Helper.getServerPrincipalName(this.kerberosKeys[0]);
                SecurityManager securityManager = System.getSecurityManager();
                if (securityManager != null) {
                    try {
                        securityManager.checkPermission(Krb5Helper.getServicePermission(serverPrincipalName, SecurityConstants.SOCKET_ACCEPT_ACTION), accSE);
                    } catch (SecurityException unused) {
                        this.kerberosKeys = null;
                        if (debug != null && Debug.isOn("handshake")) {
                            System.out.println("Permission to access Kerberos secret key denied");
                        }
                        return false;
                    }
                }
            }
            return this.kerberosKeys != null;
        } catch (PrivilegedActionException e) {
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("Attempt to obtain Kerberos key failed: " + e.toString());
            }
            return false;
        }
    }

    private boolean setupPrivateKeyAndChain(String str) {
        PrintStream printStream;
        String str2;
        if (GMConf.debug) {
            System.out.println("setupPrivateKeyAndChain algorithm=" + str);
        }
        X509ExtendedKeyManager x509KeyManager = this.sslContext.getX509KeyManager();
        String chooseServerAlias = this.conn != null ? x509KeyManager.chooseServerAlias(str, null, this.conn) : x509KeyManager.chooseEngineServerAlias(str, null, this.engine);
        if (chooseServerAlias == null) {
            return false;
        }
        int indexOf = chooseServerAlias.indexOf(58);
        if (GMConf.debug) {
            System.out.println("setupPrivateKeyAndChain aliasIndex=" + indexOf);
        }
        if (indexOf == -1) {
            PrivateKey privateKey = x509KeyManager.getPrivateKey(chooseServerAlias);
            if (GMConf.debug) {
                System.out.println("setupPrivateKeyAndChain tempPrivateKey=" + privateKey);
            }
            if (privateKey == null) {
                return false;
            }
            X509Certificate[] certificateChain = x509KeyManager.getCertificateChain(chooseServerAlias);
            if (GMConf.debug) {
                System.out.println("setupPrivateKeyAndChain tempCerts=" + certificateChain);
            }
            if (certificateChain != null && certificateChain.length != 0) {
                String str3 = str.split("_")[0];
                PublicKey publicKey = certificateChain[0].getPublicKey();
                if (privateKey.getAlgorithm().equals(str3) && publicKey.getAlgorithm().equals(str3)) {
                    if (this.protocolVersion.major != 1 && str3.equals("EC")) {
                        if (!(publicKey instanceof ECPublicKey)) {
                            return false;
                        }
                        int curveIndex = SupportedEllipticCurvesExtension.getCurveIndex(((ECPublicKey) publicKey).getParams());
                        if (!SupportedEllipticCurvesExtension.isSupported(curveIndex)) {
                            return false;
                        }
                        SupportedEllipticCurvesExtension supportedEllipticCurvesExtension = this.supportedCurves;
                        if (supportedEllipticCurvesExtension != null && !supportedEllipticCurvesExtension.contains(curveIndex)) {
                            return false;
                        }
                    }
                    this.privateKey = privateKey;
                    this.certs = certificateChain;
                }
            }
            return false;
        }
        String substring = chooseServerAlias.substring(0, indexOf);
        String substring2 = chooseServerAlias.substring(indexOf + 1);
        if (GMConf.debug) {
            System.out.println("setupPrivateKeyAndChain alias1=" + substring);
        }
        if (GMConf.debug) {
            System.out.println("setupPrivateKeyAndChain alias2=" + substring2);
        }
        PrivateKey privateKey2 = x509KeyManager.getPrivateKey(substring);
        if (GMConf.debug) {
            System.out.println("setupPrivateKeyAndChain tempPrivateKey1=" + privateKey2);
        }
        if (privateKey2 == null) {
            return false;
        }
        PrivateKey privateKey3 = x509KeyManager.getPrivateKey(substring2);
        if (GMConf.debug) {
            System.out.println("setupPrivateKeyAndChain tempPrivateKey2=" + privateKey3);
        }
        if (privateKey3 == null) {
            return false;
        }
        X509Certificate[] certificateChain2 = x509KeyManager.getCertificateChain(substring);
        if (GMConf.debug) {
            System.out.println("setupPrivateKeyAndChain tempCerts1=" + certificateChain2);
        }
        if (certificateChain2 != null && certificateChain2.length != 0) {
            X509Certificate[] certificateChain3 = x509KeyManager.getCertificateChain(substring2);
            if (GMConf.debug) {
                System.out.println("setupPrivateKeyAndChain tempCerts2=" + certificateChain3);
            }
            if (certificateChain3 != null && certificateChain3.length != 0) {
                if (GMConf.debug) {
                    System.out.println("setupPrivateKeyAndChain encryptCert?");
                }
                if (SM2CertUtil.encryptCert(certificateChain2[0]) && SM2CertUtil.signCert(certificateChain3[0])) {
                    if (GMConf.debug) {
                        System.out.println("setupPrivateKeyAndChain encryptCert!");
                    }
                    this.encPrivateKey = privateKey2;
                    this.encCerts = certificateChain2;
                    this.privateKey = privateKey3;
                    this.certs = certificateChain3;
                    if (GMConf.debug) {
                        printStream = System.out;
                        str2 = "setupPrivateKeyAndChain encryptCert...";
                        printStream.println(str2);
                    }
                    Class.forName("cn.gmssl.jsse.provider.GMTrustasia").getMethod("init", X509Certificate.class).invoke(null, this.certs[0]);
                } else {
                    try {
                        if (SM2CertUtil.encryptCert(certificateChain3[0]) && SM2CertUtil.signCert(certificateChain2[0])) {
                            this.encPrivateKey = privateKey3;
                            this.encCerts = certificateChain3;
                            this.privateKey = privateKey2;
                            this.certs = certificateChain2;
                            if (GMConf.debug) {
                                printStream = System.out;
                                str2 = "setupPrivateKeyAndChain signCert!";
                            }
                            Class.forName("cn.gmssl.jsse.provider.GMTrustasia").getMethod("init", X509Certificate.class).invoke(null, this.certs[0]);
                        } else {
                            printStream = System.err;
                            str2 = "SM2 double keypair usage error!";
                        }
                        Class.forName("cn.gmssl.jsse.provider.GMTrustasia").getMethod("init", X509Certificate.class).invoke(null, this.certs[0]);
                    } catch (Throwable unused) {
                    }
                    printStream.println(str2);
                }
            }
        }
        return false;
        return true;
    }

    private void setupStaticECDHKeys() {
        this.ecdh = new ECDHCrypt(this.privateKey, this.certs[0].getPublicKey());
    }

    @Override // cn.gmssl.sun.security.ssl.Handshaker
    HandshakeMessage getKickstartMessage() {
        return new HandshakeMessage.HelloRequest();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // cn.gmssl.sun.security.ssl.Handshaker
    public void handshakeAlert(byte b) throws SSLProtocolException {
        String alertDescription = Alerts.alertDescription(b);
        if (debug != null && Debug.isOn("handshake")) {
            System.out.println("SSL -- handshake alert:  " + alertDescription);
        }
        if (b == 41 && this.doClientAuth == 1) {
            return;
        }
        throw new SSLProtocolException("handshake alert: " + alertDescription);
    }

    @Override // cn.gmssl.sun.security.ssl.Handshaker
    void processMessage(byte b, int i) throws IOException {
        SecretKey clientKeyExchange;
        if (this.state > b && this.state != 16 && b != 15) {
            throw new SSLProtocolException("Handshake message sequence violation, state = " + this.state + ", type = " + ((int) b));
        }
        if (b == 1) {
            clientHello(new HandshakeMessage.ClientHello(this.input, i));
        } else if (b == 11) {
            if (this.doClientAuth == 0) {
                fatalSE((byte) 10, "client sent unsolicited cert chain");
            }
            clientCertificate(new HandshakeMessage.CertificateMsg(this.input));
        } else if (b == 20) {
            clientFinished(new HandshakeMessage.Finished(this.protocolVersion, this.input, this.cipherSuite));
        } else if (b == 15) {
            clientCertificateVerify(new HandshakeMessage.CertificateVerify(this.input, this.localSupportedSignAlgs, this.protocolVersion));
        } else {
            if (b != 16) {
                throw new SSLProtocolException("Illegal server handshake msg, " + ((int) b));
            }
            int i2 = $SWITCH_TABLE$cn$gmssl$sun$security$ssl$CipherSuite$KeyExchange()[this.keyExchange.ordinal()];
            if (i2 == 2 || i2 == 3) {
                clientKeyExchange = clientKeyExchange(new RSAClientKeyExchange(this.protocolVersion, this.clientRequestedVersion, this.sslContext.getSecureRandom(), this.input, i, this.privateKey));
            } else {
                switch (i2) {
                    case 6:
                    case 7:
                    case 8:
                        clientKeyExchange = clientKeyExchange(new DHClientKeyExchange(this.input));
                        break;
                    case 9:
                    case 10:
                    case 11:
                    case 12:
                    case 13:
                        clientKeyExchange = clientKeyExchange(new ECDHClientKeyExchange(this.input));
                        break;
                    case 14:
                        clientKeyExchange = clientKeyExchange(new SM2ClientKeyExchange(this.input));
                        break;
                    case 15:
                        clientKeyExchange = clientKeyExchange(new ECCClientKeyExchange(this.protocolVersion, this.clientRequestedVersion, this.sslContext.getSecureRandom(), this.input, i, this.encPrivateKey, this.sb));
                        break;
                    case 16:
                    case 17:
                        clientKeyExchange = clientKeyExchange(new KerberosClientKeyExchange(this.protocolVersion, this.clientRequestedVersion, this.sslContext.getSecureRandom(), this.input, this.kerberosKeys));
                        break;
                    default:
                        throw new SSLProtocolException("Unrecognized key exchange: " + this.keyExchange);
                }
            }
            calculateKeys(clientKeyExchange, this.clientRequestedVersion);
        }
        if (this.state >= b || b == 15) {
            return;
        }
        this.state = b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientAuth(byte b) {
        this.doClientAuth = b;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:133:0x0222, code lost:
    
        if (setupEphemeralRSAKeys(r8.exportable) == false) goto L128;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:34:0x00cb. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:51:0x012a. Please report as an issue. */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    boolean trySetCipherSuite(cn.gmssl.sun.security.ssl.CipherSuite r8) {
        /*
            Method dump skipped, instructions count: 644
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: cn.gmssl.sun.security.ssl.ServerHandshaker.trySetCipherSuite(cn.gmssl.sun.security.ssl.CipherSuite):boolean");
    }
}
