package cfca.sadk.tls.sun.security.ssl.message;

import cfca.sadk.tls.sun.security.ssl.HandshakeInStream;
import cfca.sadk.tls.sun.security.ssl.HandshakeOutStream;
import cfca.sadk.tls.sun.security.ssl.ProtocolVersion;
import cfca.sadk.tls.sun.security.ssl.prf.HashPRF;
import cfca.sadk.tls.sun.security.ssl.prf.TlsPrfParameters;
import cfca.sadk.tls.sun.security.ssl.sec.CipherSuite;
import cfca.sadk.tls.sun.security.ssl.sec.HandshakeHash;
import cfca.sadk.tls.util.Utilities;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.ProviderException;
import javax.crypto.SecretKey;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/Finished.class */
public final class Finished extends HandshakeMessage {
    public static final int CLIENT = 1;
    public static final int SERVER = 2;
    static final byte[] SSL_CLIENT = {67, 76, 78, 84};
    static final byte[] SSL_SERVER = {83, 82, 86, 82};
    private ProtocolVersion protocolVersion;
    private CipherSuite cipherSuite;
    private byte[] verifyData;

    public Finished(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, int i, SecretKey secretKey, CipherSuite cipherSuite) {
        this.protocolVersion = protocolVersion;
        this.cipherSuite = cipherSuite;
        this.verifyData = callFinished(handshakeHash, i, secretKey);
    }

    public Finished(ProtocolVersion protocolVersion, HandshakeInStream handshakeInStream, CipherSuite cipherSuite) throws IOException {
        this.protocolVersion = protocolVersion;
        this.cipherSuite = cipherSuite;
        this.verifyData = new byte[12];
        handshakeInStream.read(this.verifyData);
    }

    public boolean verify(HandshakeHash handshakeHash, int i, SecretKey secretKey) {
        return Utilities.equals(callFinished(handshakeHash, i, secretKey), this.verifyData);
    }

    private byte[] callFinished(HandshakeHash handshakeHash, int i, SecretKey secretKey) {
        String str;
        boolean z;
        byte[] finishedHash;
        HashPRF hashPRF;
        if (i == 1) {
            str = "client finished";
        } else {
            if (i != 2) {
                throw new RuntimeException("Invalid sender: " + i);
            }
            str = "server finished";
        }
        try {
            try {
                if (this.protocolVersion.isChinaTLS11() || this.protocolVersion.isStandardTLS12()) {
                    z = true;
                    finishedHash = handshakeHash.getFinishedHash();
                    hashPRF = this.cipherSuite.prfAlg;
                } else {
                    z = false;
                    finishedHash = handshakeHash.combinedHash();
                    hashPRF = HashPRF.NONE;
                }
                SecretKey generateKey = new TlsPrfParameters(secretKey, str, finishedHash, 12, hashPRF).generateKey(z);
                if ("RAW".equals(generateKey.getFormat())) {
                    return generateKey.getEncoded();
                }
                throw new ProviderException("Invalid PRF output, format must be RAW");
            } catch (GeneralSecurityException e) {
                throw new RuntimeException("PRF failed", e);
            }
        } finally {
        }
    }

    public byte[] getVerifyData() {
        return this.verifyData;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    public final int messageType() {
        return 20;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    final int messageLength() {
        return this.verifyData.length;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    final void send(HandshakeOutStream handshakeOutStream) throws IOException {
        handshakeOutStream.write(this.verifyData);
    }

    public final String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append('\n');
        sb.append("*** Finished");
        if (this.protocolVersion.isStandardTLS12()) {
            sb.append("Signature Algorithm ");
            builderAppend(sb, "verify_data", this.verifyData);
        }
        sb.append("\n***");
        return sb.toString();
    }
}
