package cfca.sadk.tls.sun.security.ssl;

import cfca.sadk.org.bouncycastle.jce.interfaces.ECPublicKey;
import cfca.sadk.tls.sun.security.ssl.extension.ExtensionType;
import cfca.sadk.tls.sun.security.ssl.extension.RenegotiationInfoExtension;
import cfca.sadk.tls.sun.security.ssl.extension.SupportedEllipticCurvesExtension;
import cfca.sadk.tls.sun.security.ssl.manager.GMX509ExtendedTrustManager;
import cfca.sadk.tls.sun.security.ssl.message.CertificateMsg;
import cfca.sadk.tls.sun.security.ssl.message.CertificateRequest;
import cfca.sadk.tls.sun.security.ssl.message.CertificateVerify;
import cfca.sadk.tls.sun.security.ssl.message.ClientHello;
import cfca.sadk.tls.sun.security.ssl.message.ClientKeyExchange;
import cfca.sadk.tls.sun.security.ssl.message.Finished;
import cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage;
import cfca.sadk.tls.sun.security.ssl.message.HandshakeType;
import cfca.sadk.tls.sun.security.ssl.message.HelloRequest;
import cfca.sadk.tls.sun.security.ssl.message.ServerHello;
import cfca.sadk.tls.sun.security.ssl.message.ServerHelloDone;
import cfca.sadk.tls.sun.security.ssl.message.ServerKeyExchange;
import cfca.sadk.tls.sun.security.ssl.sec.CipherSuite;
import cfca.sadk.tls.sun.security.ssl.sec.ECDHCrypt;
import cfca.sadk.tls.sun.security.ssl.sec.KeyExchangeAlgorithm;
import cfca.sadk.tls.sun.security.ssl.sec.SSLCredentials;
import cfca.sadk.tls.sun.security.ssl.sec.SignatureAndHashAlgorithm;
import cfca.sadk.tls.util.Utilities;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/ServerHandshaker.class */
public final class ServerHandshaker extends Handshaker {
    private byte doClientAuth;
    private boolean needClientVerify;
    private ECDHCrypt ecdh;
    private ProtocolVersion clientRequestedVersion;
    private SupportedEllipticCurvesExtension supportedCurves;
    SignatureAndHashAlgorithm preferableSignatureAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerHandshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, byte b, ProtocolVersion protocolVersion, boolean z, boolean z2, byte[] bArr, byte[] bArr2) {
        super(sSLSocketImpl, sSLContextImpl, protocolList, b != 0, false, protocolVersion, z, z2, bArr, bArr2);
        this.needClientVerify = false;
        this.doClientAuth = b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerHandshaker(SSLEngineImpl sSLEngineImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, byte b, ProtocolVersion protocolVersion, boolean z, boolean z2, byte[] bArr, byte[] bArr2) {
        super(sSLEngineImpl, sSLContextImpl, protocolList, b != 0, false, protocolVersion, z, z2, bArr, bArr2);
        this.needClientVerify = false;
        this.doClientAuth = b;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.Handshaker
    final void processMessage(byte b, int i) throws IOException {
        if (this.state >= b && this.state != 16 && b != 15) {
            throw new SSLProtocolException("Handshake message sequence violation, state = " + this.state + ", type = " + ((int) b));
        }
        switch (b) {
            case 1:
                clientHello(new ClientHello(this.in, i));
                break;
            case HandshakeType.ht_certificate /* 11 */:
                if (this.doClientAuth == 0) {
                    fatalSE(AlertDescription.alert_unexpected_message, "client sent unsolicited cert chain");
                }
                clientCertificate(new CertificateMsg(this.in));
                break;
            case HandshakeType.ht_certificate_verify /* 15 */:
                clientCertificateVerify(new CertificateVerify(this.beingProtocolVersion, this.handshakeHash, this.in, this.localSupportedSignAlgs));
                break;
            case HandshakeType.ht_client_key_exchange /* 16 */:
                calculateWorkKeys(i);
                break;
            case 20:
                clientFinished(new Finished(this.beingProtocolVersion, this.in, this.cipherSuite));
                break;
            default:
                throw new SSLProtocolException("Illegal server handshake msg, " + ((int) b));
        }
        if (this.state < b) {
            if (b == 15) {
                this.state = b + 2;
            } else {
                this.state = b;
            }
        }
    }

    private final void clientHello(ClientHello clientHello) throws IOException {
        Debugger.debug(clientHello);
        if (rejectClientInitiatedRenego && !this.isInitialHandshake && this.state != 0) {
            fatalSE(AlertDescription.alert_handshake_failure, "Client initiated renegotiation is not allowed");
        }
        boolean z = false;
        if (clientHello.getCipherSuites().contains(CipherSuite.C_SCSV)) {
            z = true;
            if (this.isInitialHandshake) {
                this.secureRenegotiation = true;
            } else if (this.secureRenegotiation) {
                fatalSE(AlertDescription.alert_handshake_failure, "The SCSV is present in a secure renegotiation");
            } else {
                fatalSE(AlertDescription.alert_handshake_failure, "The SCSV is present in a insecure renegotiation");
            }
        }
        RenegotiationInfoExtension renegotiationInfoExtension = (RenegotiationInfoExtension) clientHello.extensions.get(ExtensionType.EXT_RENEGOTIATION_INFO);
        if (renegotiationInfoExtension != null) {
            z = true;
            if (this.isInitialHandshake) {
                if (!renegotiationInfoExtension.isEmpty()) {
                    fatalSE(AlertDescription.alert_handshake_failure, "The renegotiation_info field is not empty");
                }
                this.secureRenegotiation = true;
            } else {
                if (!this.secureRenegotiation) {
                    fatalSE(AlertDescription.alert_handshake_failure, "The renegotiation_info is present in a insecure renegotiation");
                }
                if (!Utilities.equals(this.clientVerifyData, renegotiationInfoExtension.getData())) {
                    fatalSE(AlertDescription.alert_handshake_failure, "Incorrect verify data in ClientHello renegotiation_info message");
                }
            }
        } else if (!this.isInitialHandshake && this.secureRenegotiation) {
            fatalSE(AlertDescription.alert_handshake_failure, "Inconsistent secure renegotiation indication");
        }
        if (!z || !this.secureRenegotiation) {
            if (this.isInitialHandshake) {
                if (!allowLegacyHelloMessages) {
                    fatalSE(AlertDescription.alert_handshake_failure, "Failed to negotiate the use of secure renegotiation");
                }
                Debugger.handshaker.debug("Warning: No renegotiation indication in ClientHello, allow legacy ClientHello");
            } else {
                if (!allowUnsafeRenegotiation) {
                    warningSE(AlertDescription.alert_no_renegotiation);
                    this.invalidated = true;
                    if (this.in.available() > 0) {
                        fatalSE(AlertDescription.alert_unexpected_message, "ClientHello followed by an unexpected  handshake message");
                        return;
                    }
                    return;
                }
                Debugger.handshaker.debug("Warning: continue with insecure renegotiation");
            }
        }
        this.in.digestNow();
        writeServerHello(clientHello);
        this.out.flush();
        if (this.resumingSession) {
            calculateConnectionKeys(this.session.getMasterSecret());
            sendChangeCipherAndFinish(false);
            return;
        }
        writeCertificate();
        this.out.flush();
        writeServerKeyExchange();
        this.out.flush();
        writeCertificateRequest();
        this.out.flush();
        writeServerHelloDone();
        this.out.flush();
        Debugger.handshaker.debug("ServerHelloDone: Finished");
    }

    private final void writeServerHello(ClientHello clientHello) throws IOException {
        SSLSessionImpl sSLSessionImpl;
        this.clientRequestedVersion = clientHello.getClientVersion();
        ProtocolVersion selectProtocolVersion = selectProtocolVersion(this.clientRequestedVersion);
        if (selectProtocolVersion == null || selectProtocolVersion.version == ProtocolVersion.SSL20Hello.version) {
            fatalSE(AlertDescription.alert_handshake_failure, "Client requested protocol " + this.clientRequestedVersion + " not enabled or not supported");
        }
        this.handshakeHash.protocolDetermined(selectProtocolVersion);
        setBeingVersion(selectProtocolVersion);
        this.clientRandom = clientHello.getClientRandom();
        this.serverRandom = new RandomCookie(this.context.getSecureRandom());
        this.session = null;
        if (clientHello.getSessionId().length() != 0 && (sSLSessionImpl = ((SSLSessionContextImpl) this.context.engineGetServerSessionContext()).get(clientHello.getSessionId().getId())) != null) {
            this.resumingSession = sSLSessionImpl.isRejoinable();
            if (this.resumingSession && sSLSessionImpl.getProtocolVersion() != this.beingProtocolVersion) {
                this.resumingSession = false;
            }
            if (this.resumingSession && this.doClientAuth == 2) {
                try {
                    sSLSessionImpl.getPeerPrincipal();
                } catch (SSLPeerUnverifiedException e) {
                    this.resumingSession = false;
                }
            }
            if (this.resumingSession) {
                CipherSuite suite = sSLSessionImpl.getSuite();
                if (isNegotiable(suite) && clientHello.getCipherSuites().contains(suite)) {
                    setBeingCipherSuite(suite);
                } else {
                    this.resumingSession = false;
                }
            }
            if (this.resumingSession) {
                this.session = sSLSessionImpl;
                Debugger.handshaker.debug("%% Resuming {}", this.session);
            }
        }
        if (this.session != null) {
            setHandshakeSessionSE(this.session);
        } else {
            if (!this.enableNewSession) {
                throw new SSLException("Client did not resume a session");
            }
            this.supportedCurves = (SupportedEllipticCurvesExtension) clientHello.extensions.get(ExtensionType.EXT_ELLIPTIC_CURVES);
            this.session = new SSLSessionImpl(this.beingProtocolVersion, CipherSuite.C_NULL, getLocalSupportedSignAlgs(), this.context.getSecureRandom(), getHostAddressSE(), getPortSE());
            setHandshakeSessionSE(this.session);
            chooseCipherSuite(clientHello);
            this.session.setSuite(this.cipherSuite);
            this.session.setLocalCredentials(this.signerCredentials, this.cipherCredentials);
        }
        if (this.beingProtocolVersion.version == ProtocolVersion.TLS11SM.version) {
            this.handshakeHash.setFinishedAlg(this.cipherSuite.prfAlg.prfHashAlg);
        }
        ServerHello serverHello = new ServerHello(this.beingProtocolVersion, this.serverRandom, this.session.getSessionId(), this.cipherSuite, this.session.getCompression());
        if (this.beingProtocolVersion.version != ProtocolVersion.TLS11SM.version && this.secureRenegotiation) {
            serverHello.extensions.add(new RenegotiationInfoExtension(this.clientVerifyData, this.serverVerifyData));
        }
        Debugger.debug(serverHello);
        Debugger.handshaker.debug("Cipher suite:  {}", this.session.getSuite());
        serverHello.write(this.out);
    }

    private final void writeCertificate() throws IOException {
        if (this.signerCredentials == null) {
            throw new RuntimeException("no signerCredentials for certificates");
        }
        if (this.signerCredentials.certificates == null) {
            throw new RuntimeException("no signerCertificates for certificates");
        }
        if (this.cipherCredentials == null) {
            throw new RuntimeException("no cipherCredentials for certificates");
        }
        if (this.cipherCredentials.certificates == null) {
            throw new RuntimeException("no cipherCertificates for certificates");
        }
        X509Certificate[] concat = SSLCredentials.concat(this.signerCredentials.certificates, this.cipherCredentials.certificates);
        if (concat == null || concat.length == 0) {
            throw new RuntimeException("no certificates");
        }
        CertificateMsg certificateMsg = new CertificateMsg(concat);
        this.session.setLocalCredentials(this.signerCredentials, this.cipherCredentials);
        Debugger.debug(certificateMsg);
        certificateMsg.write(this.out);
    }

    private final void writeServerKeyExchange() throws SSLException, IOException {
        HandshakeMessage handshakeMessage;
        switch (this.cipherSuite.keyExchange) {
            case K_ECDHE_SM2DSA:
                try {
                    if (this.signerCredentials != null && this.signerCredentials.privateKey != null) {
                        handshakeMessage = new ServerKeyExchange.SKESM2DHE(this.ecdh, this.signerCredentials.privateKey, this.clientRandom, this.serverRandom, this.context.getSecureRandom(), this.preferableSignatureAlgorithm, this.beingProtocolVersion);
                        break;
                    } else {
                        throw new SecurityException("missing signerCredentials for ECDHE_SM2DSA");
                    }
                } catch (SecurityException e) {
                    throwSSLException("Error generating ECDHE_SM2DSA server key exchange", e);
                    handshakeMessage = null;
                    break;
                }
            case K_SM2PKEA_SM2DSA:
                try {
                    if (this.signerCredentials != null) {
                        if (this.cipherCredentials != null && this.cipherCredentials.getCertificate() != null) {
                            handshakeMessage = new ServerKeyExchange.SKEPKEA("SM3WithSM2", this.signerCredentials, this.clientRandom, this.serverRandom, this.cipherCredentials.getCertificate());
                            break;
                        } else {
                            throw new SecurityException("missing cipherCredentials for ServerKeyExchange[SM2PKEA_SM2DSA]");
                        }
                    } else {
                        throw new SecurityException("missing signerCredentials for ServerKeyExchange[SM2PKEA_SM2DSA]");
                    }
                } catch (Exception e2) {
                    throwSSLException("Error generating SM2PKEA_SM2DSA server key exchange", e2);
                    handshakeMessage = null;
                    break;
                }
            default:
                throw new RuntimeException("internal error: " + this.cipherSuite.keyExchange);
        }
        if (handshakeMessage != null) {
            Debugger.debug(handshakeMessage);
            handshakeMessage.write(this.out);
        }
    }

    private final void writeCertificateRequest() throws SSLHandshakeException, IOException {
        if (this.doClientAuth != 0) {
            CertificateRequest certificateRequest = new CertificateRequest(this.context.getX509TrustManager().getAcceptedIssuers(), this.cipherSuite.keyExchange, null, this.beingProtocolVersion);
            Debugger.debug(certificateRequest);
            certificateRequest.write(this.out);
        }
    }

    private final void writeServerHelloDone() throws IOException {
        ServerHelloDone serverHelloDone = new ServerHelloDone();
        Debugger.debug(serverHelloDone);
        serverHelloDone.write(this.out);
    }

    private void clientCertificate(CertificateMsg certificateMsg) throws IOException {
        String str;
        Debugger.debug(certificateMsg);
        X509Certificate[] chain = certificateMsg.chain();
        if (chain.length == 0) {
            if (this.doClientAuth == 1) {
                return;
            } else {
                fatalSE(AlertDescription.alert_bad_certificate, "empty certificate chain");
            }
        }
        SSLCredentials[] buildDoubleCredentials = SSLCredentials.buildDoubleCredentials(chain);
        if (buildDoubleCredentials == null || buildDoubleCredentials.length != 2) {
            fatalSE(AlertDescription.alert_bad_certificate, "invalid certificate chain");
        }
        X509Certificate[] x509CertificateArr = null;
        if (buildDoubleCredentials[0] == null || buildDoubleCredentials[0].certificates == null) {
            fatalSE(AlertDescription.alert_bad_certificate, "invalid signer certificate chain");
        } else {
            x509CertificateArr = (X509Certificate[]) buildDoubleCredentials[0].certificates.clone();
        }
        X509TrustManager x509TrustManager = this.context.getX509TrustManager();
        try {
            String algorithm = chain[0].getPublicKey().getAlgorithm();
            str = (algorithm.equals("EC") || algorithm.equals("SM2")) ? "EC" : "UNKNOWN";
        } catch (CertificateException e) {
            fatalSE(AlertDescription.alert_certificate_unknown, e);
        }
        if (!(x509TrustManager instanceof GMX509ExtendedTrustManager)) {
            throw new CertificateException("Improper X509TrustManager implementation");
        }
        GMX509ExtendedTrustManager gMX509ExtendedTrustManager = (GMX509ExtendedTrustManager) x509TrustManager;
        if (x509CertificateArr != null) {
            if (this.conn != null) {
                gMX509ExtendedTrustManager.checkClientTrusted((X509Certificate[]) buildDoubleCredentials[0].certificates.clone(), str, this.conn);
            } else {
                gMX509ExtendedTrustManager.checkClientTrusted((X509Certificate[]) buildDoubleCredentials[0].certificates.clone(), str, this.engine);
            }
        }
        this.needClientVerify = true;
        this.session.setPeerCredentials(buildDoubleCredentials[0], buildDoubleCredentials[1]);
    }

    private SecretKey clientKeyExchange(ClientKeyExchange.CKESM2DH ckesm2dh) throws IOException {
        Debugger.debug(ckesm2dh);
        ECPublicKey eCPublicKey = this.session.getPeerCipherCredentials().publicKey;
        ECPublicKey publicKey = ckesm2dh.getPublicKey();
        if (this.cipherCredentials == null) {
            throw new SecurityException("missing cipherCredentials for clientKeyExchange");
        }
        return this.ecdh.getSM2AgreedSecret(this.cipherCredentials, eCPublicKey, publicKey);
    }

    private void clientCertificateVerify(CertificateVerify certificateVerify) throws IOException {
        Debugger.debug(certificateVerify);
        try {
            if (!certificateVerify.verify(this.session.getPeerSignerCredentials().publicKey, this.session.getMasterSecret())) {
                fatalSE(AlertDescription.alert_bad_certificate, "certificate verify message signature error");
            }
        } catch (Exception e) {
            fatalSE(AlertDescription.alert_bad_certificate, "certificate verify format error", e);
        }
        this.needClientVerify = false;
        Debugger.handshaker.debug("clientCertificateVerify Finished");
    }

    private void clientFinished(Finished finished) throws IOException {
        Debugger.debug(finished);
        if (this.doClientAuth == 2) {
            this.session.getPeerPrincipal();
        }
        if (this.needClientVerify) {
            fatalSE(AlertDescription.alert_handshake_failure, "client did not send certificate verify message");
        }
        if (!finished.verify(this.handshakeHash, 1, this.session.getMasterSecret())) {
            fatalSE(AlertDescription.alert_handshake_failure, "client 'finished' message doesn't verify");
        }
        if (this.secureRenegotiation) {
            this.clientVerifyData = finished.getVerifyData();
        }
        if (!this.resumingSession) {
            this.in.digestNow();
            sendChangeCipherAndFinish(true);
        }
        this.session.setLastAccessedTime(System.currentTimeMillis());
        if (!this.resumingSession && this.session.isRejoinable()) {
            ((SSLSessionContextImpl) this.context.engineGetServerSessionContext()).put(this.session);
            Debugger.handshaker.debug("%% Cached server session: {}", this.session);
        } else {
            if (this.resumingSession || !Debugger.handshaker.isDebugEnabled()) {
                return;
            }
            Debugger.handshaker.debug("%% Didn't cache non-resumable server session: {}", this.session);
        }
    }

    private void sendChangeCipherAndFinish(boolean z) throws IOException {
        Debugger.handshaker.debug("sendChangeCipherAndFinish");
        this.out.flush();
        Finished finished = new Finished(this.beingProtocolVersion, this.handshakeHash, 2, this.session.getMasterSecret(), this.cipherSuite);
        sendChangeCipherSpec(finished, z);
        if (this.secureRenegotiation) {
            this.serverVerifyData = finished.getVerifyData();
        }
        if (z) {
            this.state = 20;
        }
        Debugger.handshaker.debug("sendChangeCipherAndFinish Finished");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientAuth(byte b) {
        this.doClientAuth = b;
    }

    private void chooseCipherSuite(ClientHello clientHello) throws IOException {
        CipherSuiteList cipherSuites;
        CipherSuiteList activeCipherSuites;
        Debugger.handshaker.debug("chooseCipherSuite: ...");
        if (this.preferLocalCipherSuites) {
            cipherSuites = getActiveCipherSuites();
            activeCipherSuites = clientHello.getCipherSuites();
        } else {
            cipherSuites = clientHello.getCipherSuites();
            activeCipherSuites = getActiveCipherSuites();
        }
        boolean z = true;
        Iterator<CipherSuite> it = cipherSuites.collection().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CipherSuite next = it.next();
            if (isNegotiable(activeCipherSuites, next) && trySetCipherSuite(next)) {
                Debugger.handshaker.debug("chooseCipherSuite: Finished");
                z = false;
                break;
            }
        }
        if (z) {
            fatalSE(AlertDescription.alert_handshake_failure, "no cipher suites in common");
        }
    }

    boolean trySetCipherSuite(CipherSuite cipherSuite) {
        Debugger.handshaker.debug("trySetCipherSuite: ...");
        if (this.resumingSession) {
            return true;
        }
        if (!cipherSuite.isNegotiable() || this.beingProtocolVersion.version >= cipherSuite.obsoleted || this.beingProtocolVersion.version < cipherSuite.supported) {
            return false;
        }
        KeyExchangeAlgorithm keyExchangeAlgorithm = cipherSuite.keyExchange;
        this.signerCredentials = null;
        this.cipherCredentials = null;
        switch (keyExchangeAlgorithm) {
            case K_ECDHE_SM2DSA:
                if (!setupPrivateKeyAndChain("SM2_SM2") || !setupEphemeralECDHKeys(true)) {
                    return false;
                }
                break;
            case K_SM2PKEA_SM2DSA:
                if (!setupPrivateKeyAndChain("SM2_SM2")) {
                    return false;
                }
                break;
            default:
                throw new RuntimeException("Unrecognized cipherSuite: " + cipherSuite);
        }
        setBeingCipherSuite(cipherSuite);
        Debugger.handshaker.debug("trySetCipherSuite: Finished");
        return true;
    }

    private boolean setupEphemeralECDHKeys(boolean z) {
        Debugger.handshaker.debug("setupEphemeralECDHKeys: ...");
        int i = -1;
        if (this.supportedCurves != null) {
            int[] curveIds = this.supportedCurves.curveIds();
            int length = curveIds.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                int i3 = curveIds[i2];
                if (SupportedEllipticCurvesExtension.isSupported(i3)) {
                    i = i3;
                    break;
                }
                i2++;
            }
            if (i < 0) {
                return false;
            }
        } else {
            i = SupportedEllipticCurvesExtension.firstCurveId();
        }
        String curveOid = SupportedEllipticCurvesExtension.getCurveOid(i);
        Debugger.handshaker.debug("setupEphemeralECDHKeys: >>ECDHCrypt");
        this.ecdh = new ECDHCrypt(z, curveOid, this.context.getSecureRandom());
        Debugger.handshaker.debug("setupEphemeralECDHKeys: Finished");
        return true;
    }

    private boolean setupPrivateKeyAndChain(String str) {
        X509ExtendedKeyManager x509KeyManager = this.context.getX509KeyManager();
        String[] serverAliases = x509KeyManager.getServerAliases(str, null);
        if (serverAliases == null || serverAliases.length != 2) {
            return false;
        }
        SSLCredentials[] tLSCredentials = SSLCredentials.getTLSCredentials(x509KeyManager, "SM2", serverAliases);
        this.signerCredentials = tLSCredentials[0];
        this.cipherCredentials = tLSCredentials[1];
        Debugger.handshaker.debug("setupPrivateKeyAndChain: Finished");
        return true;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.Handshaker
    HandshakeMessage getKickstartMessage() {
        Debugger.handshaker.debug("getKickstartMessage");
        return new HelloRequest();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // cfca.sadk.tls.sun.security.ssl.Handshaker
    public void handshakeAlert(AlertDescription alertDescription) throws SSLProtocolException {
        String alertDescription2 = Alerts.alertDescription(alertDescription);
        Debugger.handshaker.debug("SSL -- handshake alert:  {}", alertDescription2);
        if (alertDescription != AlertDescription.alert_no_certificate || this.doClientAuth != 1) {
            throw new SSLProtocolException("handshake alert: " + alertDescription2);
        }
    }

    private final void calculateWorkKeys(int i) throws SSLProtocolException, IOException {
        SecretKey secretKey;
        switch (this.cipherSuite.keyExchange) {
            case K_ECDHE_SM2DSA:
                secretKey = clientKeyExchange(new ClientKeyExchange.CKESM2DH(this.ecdh, this.in));
                break;
            case K_SM2PKEA_SM2DSA:
                if (this.cipherCredentials != null) {
                    if (this.cipherCredentials.privateKey != null) {
                        secretKey = new ClientKeyExchange.CKEPKEA(this.beingProtocolVersion, this.clientRequestedVersion, this.context.getSecureRandom(), this.in, i, this.cipherCredentials.privateKey).preMasterKey;
                        break;
                    } else {
                        throw new SSLProtocolException("missing signerprivateKey for calculateWorkKeys[SM2PKEA]");
                    }
                } else {
                    throw new SSLProtocolException("missing signerCredentials for calculateWorkKeys[SM2PKEA]");
                }
            default:
                throw new SSLProtocolException("Unrecognized key exchange: " + this.cipherSuite.keyExchange);
        }
        calculateKeys(secretKey, this.clientRequestedVersion);
    }
}
