package cfca.sadk.tls.sun.security.ssl;

import cfca.sadk.org.bouncycastle.jce.interfaces.ECPrivateKey;
import cfca.sadk.org.bouncycastle.jce.interfaces.ECPublicKey;
import cfca.sadk.tls.sun.security.ssl.extension.ExtensionType;
import cfca.sadk.tls.sun.security.ssl.extension.HelloExtension;
import cfca.sadk.tls.sun.security.ssl.extension.RenegotiationInfoExtension;
import cfca.sadk.tls.sun.security.ssl.manager.GMX509ExtendedTrustManager;
import cfca.sadk.tls.sun.security.ssl.message.CertificateMsg;
import cfca.sadk.tls.sun.security.ssl.message.CertificateRequest;
import cfca.sadk.tls.sun.security.ssl.message.CertificateVerify;
import cfca.sadk.tls.sun.security.ssl.message.ClientHello;
import cfca.sadk.tls.sun.security.ssl.message.ClientKeyExchange;
import cfca.sadk.tls.sun.security.ssl.message.Finished;
import cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage;
import cfca.sadk.tls.sun.security.ssl.message.HandshakeType;
import cfca.sadk.tls.sun.security.ssl.message.HelloRequest;
import cfca.sadk.tls.sun.security.ssl.message.ServerHello;
import cfca.sadk.tls.sun.security.ssl.message.ServerHelloDone;
import cfca.sadk.tls.sun.security.ssl.message.ServerKeyExchange;
import cfca.sadk.tls.sun.security.ssl.sec.CipherSuite;
import cfca.sadk.tls.sun.security.ssl.sec.ECDHCrypt;
import cfca.sadk.tls.sun.security.ssl.sec.SSLCredentials;
import cfca.sadk.tls.util.ECCurveType;
import cfca.sadk.tls.util.Utilities;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/ClientHandshaker.class */
public final class ClientHandshaker extends Handshaker {
    private PublicKey serverSignerKey;
    private PublicKey serverCipherKey;
    private PublicKey serverEphemeralKey;
    private ECDHCrypt ecdh;
    private CertificateRequest certRequest;
    private ProtocolVersion maxProtocolVersion;
    private boolean serverNamesAccepted;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientHandshaker(SSLSocketImpl sSLSocketImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, ProtocolVersion protocolVersion, boolean z, boolean z2, byte[] bArr, byte[] bArr2) {
        super(sSLSocketImpl, sSLContextImpl, protocolList, true, true, protocolVersion, z, z2, bArr, bArr2);
        this.serverNamesAccepted = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientHandshaker(SSLEngineImpl sSLEngineImpl, SSLContextImpl sSLContextImpl, ProtocolList protocolList, ProtocolVersion protocolVersion, boolean z, boolean z2, byte[] bArr, byte[] bArr2) {
        super(sSLEngineImpl, sSLContextImpl, protocolList, true, true, protocolVersion, z, z2, bArr, bArr2);
        this.serverNamesAccepted = false;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.Handshaker
    final void processMessage(byte b, int i) throws IOException {
        if (this.state >= b && b != 0) {
            throw new SSLProtocolException("Handshake message sequence violation, " + ((int) b));
        }
        switch (b) {
            case 0:
                serverHelloRequest(new HelloRequest(this.in));
                break;
            case 1:
            case ECCurveType.named_curve /* 3 */:
            case 4:
            case Record.headerSize /* 5 */:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
            case HandshakeType.ht_certificate_verify /* 15 */:
            case HandshakeType.ht_client_key_exchange /* 16 */:
            case 17:
            case 18:
            case 19:
            default:
                throw new SSLProtocolException("Illegal client handshake msg, " + ((int) b));
            case 2:
                serverHello(new ServerHello(this.in, i));
                break;
            case HandshakeType.ht_certificate /* 11 */:
                serverCertificate(new CertificateMsg(this.in));
                if (this.session.getPeerSignerCredentials() != null) {
                    if (this.session.getPeerCipherCredentials() != null) {
                        this.serverSignerKey = this.session.getPeerSignerCredentials().publicKey;
                        this.serverCipherKey = this.session.getPeerCipherCredentials().publicKey;
                        break;
                    } else {
                        throw new SSLProtocolException("Illegal client handshake msg, missing PeerCipherCredentials for certificates");
                    }
                } else {
                    throw new SSLProtocolException("Illegal client handshake msg, missing PeerSignerCredentials for certificates");
                }
            case HandshakeType.ht_server_key_exchange /* 12 */:
                serverKeyExchange(i);
                break;
            case HandshakeType.ht_certificate_request /* 13 */:
                certificateRequest(this.in, this.beingProtocolVersion);
                break;
            case HandshakeType.ht_server_hello_done /* 14 */:
                serverHelloDone(new ServerHelloDone(this.in));
                break;
            case 20:
                serverFinished(new Finished(this.beingProtocolVersion, this.in, this.cipherSuite));
                break;
        }
        if (this.state < b) {
            this.state = b;
        }
    }

    private void serverHelloRequest(HelloRequest helloRequest) throws IOException {
        Debugger.debug(helloRequest);
        if (this.state < 1) {
            if (!this.secureRenegotiation && !allowUnsafeRenegotiation) {
                warningSE(AlertDescription.alert_no_renegotiation);
                this.invalidated = true;
            } else {
                if (!this.secureRenegotiation) {
                    Debugger.handshaker.debug("Warning: continue with insecure renegotiation");
                }
                kickstart();
            }
        }
    }

    private void serverHello(ServerHello serverHello) throws IOException {
        Debugger.debug(serverHello);
        ProtocolVersion serverVersion = serverHello.getServerVersion();
        if (!isNegotiable(serverVersion)) {
            throw new SSLHandshakeException("Server chose " + serverVersion + ", but that protocol version is not enabled or not supported by the client.");
        }
        this.handshakeHash.protocolDetermined(serverVersion);
        setBeingVersion(serverVersion);
        RenegotiationInfoExtension renegotiationInfoExtension = (RenegotiationInfoExtension) serverHello.extensions.get(ExtensionType.EXT_RENEGOTIATION_INFO);
        if (renegotiationInfoExtension != null) {
            if (this.isInitialHandshake) {
                if (!renegotiationInfoExtension.isEmpty()) {
                    fatalSE(AlertDescription.alert_handshake_failure, "The renegotiation_info field is not empty");
                }
                this.secureRenegotiation = true;
            } else {
                if (!this.secureRenegotiation) {
                    fatalSE(AlertDescription.alert_handshake_failure, "Unexpected renegotiation indication extension");
                }
                byte[] bArr = new byte[this.clientVerifyData.length + this.serverVerifyData.length];
                System.arraycopy(this.clientVerifyData, 0, bArr, 0, this.clientVerifyData.length);
                System.arraycopy(this.serverVerifyData, 0, bArr, this.clientVerifyData.length, this.serverVerifyData.length);
                if (!Utilities.equals(bArr, renegotiationInfoExtension.getData())) {
                    fatalSE(AlertDescription.alert_handshake_failure, "Incorrect verify data in ServerHello renegotiation_info message");
                }
            }
        } else if (this.isInitialHandshake) {
            if (!allowLegacyHelloMessages) {
                fatalSE(AlertDescription.alert_handshake_failure, "Failed to negotiate the use of secure renegotiation");
            }
            this.secureRenegotiation = false;
            Debugger.handshaker.debug("Warning: No renegotiation indication extension in ServerHello");
        } else if (this.secureRenegotiation) {
            fatalSE(AlertDescription.alert_handshake_failure, "No renegotiation indication extension");
        }
        this.serverRandom = serverHello.getServerRandom();
        if (!isNegotiable(serverHello.getCipherSuite())) {
            fatalSE(AlertDescription.alert_illegal_parameter, "Server selected improper ciphersuite " + serverHello.getCipherSuite());
        }
        setBeingCipherSuite(serverHello.getCipherSuite());
        if (this.beingProtocolVersion.version == ProtocolVersion.TLS11SM.version) {
            this.handshakeHash.setFinishedAlg(this.cipherSuite.prfAlg.prfHashAlg);
        }
        if (serverHello.getCompressionMethod().value != 0) {
            fatalSE(AlertDescription.alert_illegal_parameter, "compression type not supported, " + serverHello.getCompressionMethod());
        }
        if (this.session != null) {
            if (this.session.getSessionId().equals(serverHello.getSessionId())) {
                if (this.cipherSuite != this.session.getSuite()) {
                    throw new SSLProtocolException("Server returned wrong cipher suite for session");
                }
                if (this.beingProtocolVersion != this.session.getProtocolVersion()) {
                    throw new SSLProtocolException("Server resumed session with wrong protocol version");
                }
                this.resumingSession = true;
                this.state = 19;
                calculateConnectionKeys(this.session.getMasterSecret());
                Debugger.handshaker.debug("%% Server resumed {}", this.session);
            } else {
                this.session = null;
                if (!this.enableNewSession) {
                    throw new SSLException("New session creation is disabled");
                }
            }
        }
        if (this.resumingSession && this.session != null) {
            setHandshakeSessionSE(this.session);
            return;
        }
        Iterator<HelloExtension> it = serverHello.extensions.list().iterator();
        while (it.hasNext()) {
            ExtensionType extensionType = it.next().type;
            if (extensionType == ExtensionType.EXT_SERVER_NAME) {
                this.serverNamesAccepted = true;
            } else if (extensionType != ExtensionType.EXT_ELLIPTIC_CURVES && extensionType != ExtensionType.EXT_EC_POINT_FORMATS && extensionType != ExtensionType.EXT_SERVER_NAME && extensionType != ExtensionType.EXT_RENEGOTIATION_INFO) {
                fatalSE(AlertDescription.alert_unsupported_extension, "Server sent an unsupported extension: " + extensionType);
            }
        }
        this.session = new SSLSessionImpl(this.beingProtocolVersion, this.cipherSuite, getLocalSupportedSignAlgs(), serverHello.getSessionId(), getHostSE(), getPortSE());
        setHandshakeSessionSE(this.session);
        Debugger.handshaker.debug("** " + this.cipherSuite);
    }

    private void serverCertificate(CertificateMsg certificateMsg) throws IOException {
        String str;
        Debugger.debug(certificateMsg);
        X509Certificate[] chain = certificateMsg.chain();
        if (chain == null || chain.length == 0) {
            fatalSE(AlertDescription.alert_bad_certificate, "empty certificate chain");
        }
        SSLCredentials[] buildDoubleCredentials = SSLCredentials.buildDoubleCredentials(chain);
        if (buildDoubleCredentials == null || buildDoubleCredentials.length != 2) {
            fatalSE(AlertDescription.alert_bad_certificate, "invalid certificate chain");
        }
        X509Certificate[] x509CertificateArr = null;
        if (buildDoubleCredentials[0] == null || buildDoubleCredentials[0].certificates == null) {
            fatalSE(AlertDescription.alert_bad_certificate, "invalid signer certificate chain");
        } else {
            x509CertificateArr = (X509Certificate[]) buildDoubleCredentials[0].certificates.clone();
        }
        X509TrustManager x509TrustManager = this.context.getX509TrustManager();
        try {
            str = this.cipherSuite.keyExchange.name;
        } catch (CertificateException e) {
            if (Debugger.handshaker.isErrorEnabled()) {
                Debugger.handshaker.error("handshaker failure", e);
            }
            fatalSE(AlertDescription.alert_certificate_unknown, e);
        }
        if (!(x509TrustManager instanceof GMX509ExtendedTrustManager)) {
            throw new CertificateException("Improper X509TrustManager implementation");
        }
        GMX509ExtendedTrustManager gMX509ExtendedTrustManager = (GMX509ExtendedTrustManager) x509TrustManager;
        if (x509CertificateArr != null) {
            if (this.conn != null) {
                gMX509ExtendedTrustManager.checkServerTrusted((X509Certificate[]) buildDoubleCredentials[0].certificates.clone(), str, this.conn);
            } else {
                gMX509ExtendedTrustManager.checkServerTrusted((X509Certificate[]) buildDoubleCredentials[0].certificates.clone(), str, this.engine);
            }
        }
        this.session.setPeerCredentials(buildDoubleCredentials[0], buildDoubleCredentials[1]);
        Debugger.handshaker.debug("serverCertificate Finished");
    }

    private final void serverKeyExchange(int i) throws IOException {
        switch (this.cipherSuite.keyExchange) {
            case K_ECDHE_SM2DSA:
                try {
                    ServerKeyExchange.SKESM2DHE skesm2dhe = new ServerKeyExchange.SKESM2DHE(this.in, this.serverSignerKey, this.clientRandom, this.serverRandom, this.localSupportedSignAlgs, this.beingProtocolVersion);
                    Debugger.debug(skesm2dhe);
                    ECPublicKey ephemeralPublicKey = skesm2dhe.getEphemeralPublicKey();
                    this.ecdh = new ECDHCrypt(true, ephemeralPublicKey.getParameters(), this.context.getSecureRandom());
                    this.serverEphemeralKey = ephemeralPublicKey;
                    return;
                } catch (SecurityException e) {
                    if (Debugger.handshaker.isErrorEnabled()) {
                        Debugger.handshaker.error("handshaker failure", e);
                    }
                    throwSSLException("Server key", e);
                    return;
                }
            case K_SM2PKEA_SM2DSA:
                try {
                    if (this.session.getPeerCipherCredentials() == null) {
                        throw new GeneralSecurityException("ServerKeyExchange failure,missing PeerCipherCredentials[SM2PKEA_SM2DSA]");
                    }
                    if (this.session.getPeerCipherCredentials().getCertificate() == null) {
                        throw new GeneralSecurityException("ServerKeyExchange failure,missing PeerCipherCertificate[SM2PKEA_SM2DSA]");
                    }
                    if (this.session.getPeerSignerCredentials() == null) {
                        throw new GeneralSecurityException("ServerKeyExchange failure,missing PeerSignerCredentials[SM2PKEA_SM2DSA]");
                    }
                    if (this.session.getPeerSignerCredentials().getCertificate() == null) {
                        throw new GeneralSecurityException("ServerKeyExchange failure,missing PeerSignerCertificate[SM2PKEA_SM2DSA]");
                    }
                    if (!new ServerKeyExchange.SKEPKEA(this.session.getPeerSignerCredentials().getSigAlgName(), this.in).verify(this.session.getPeerSignerCredentials(), this.clientRandom, this.serverRandom, this.session.getPeerCipherCredentials().getCertificate())) {
                        fatalSE(AlertDescription.alert_illegal_parameter, "ServerKeyExchange failure");
                    }
                    return;
                } catch (Exception e2) {
                    if (Debugger.handshaker.isErrorEnabled()) {
                        Debugger.handshaker.error("handshaker failure", e2);
                    }
                    throwSSLException("Error decoded ECDH server key exchange", e2);
                    return;
                }
            default:
                throw new SSLProtocolException("unsupported key exchange algorithm = " + this.cipherSuite.keyExchange);
        }
    }

    private final void certificateRequest(HandshakeInStream handshakeInStream, ProtocolVersion protocolVersion) throws IOException {
        this.certRequest = new CertificateRequest(handshakeInStream, protocolVersion);
        Debugger.debug(this.certRequest);
    }

    private void serverHelloDone(ServerHelloDone serverHelloDone) throws IOException {
        Debugger.debug(serverHelloDone);
        this.in.digestNow();
        PrivateKey writeCertificate = writeCertificate();
        ClientKeyExchange writeClientKeyExchange = writeClientKeyExchange();
        this.out.doHashes();
        this.out.flush();
        calculateWorkKeys(writeClientKeyExchange);
        writeCertificateVerify(writeCertificate);
        this.out.flush();
        writeChangeCipherAndFinish(false);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x0030. Please report as an issue. */
    private final PrivateKey writeCertificate() throws IOException {
        PrivateKey privateKey = null;
        if (this.certRequest != null) {
            X509ExtendedKeyManager x509KeyManager = this.context.getX509KeyManager();
            SSLCredentials[] sSLCredentialsArr = null;
            for (int i = 0; i < this.certRequest.types.length; i++) {
                switch (this.certRequest.types[i]) {
                    case 64:
                        String[] clientAliases = x509KeyManager.getClientAliases("SM2", this.certRequest.getAuthorities());
                        if (clientAliases == null) {
                            clientAliases = x509KeyManager.getClientAliases("EC", this.certRequest.getAuthorities());
                        }
                        sSLCredentialsArr = SSLCredentials.getTLSCredentials(x509KeyManager, "SM2", clientAliases);
                        break;
                }
                if (sSLCredentialsArr != null && sSLCredentialsArr.length > 0) {
                    if (sSLCredentialsArr != null || sSLCredentialsArr.length == 0) {
                        CertificateMsg certificateMsg = new CertificateMsg(new X509Certificate[0]);
                        Debugger.debug(certificateMsg);
                        certificateMsg.write(this.out);
                        return null;
                    }
                    if (sSLCredentialsArr.length == 1) {
                        this.signerCredentials = sSLCredentialsArr[0];
                        this.cipherCredentials = sSLCredentialsArr[0];
                    } else if (sSLCredentialsArr.length > 1) {
                        this.signerCredentials = sSLCredentialsArr[0];
                        this.cipherCredentials = sSLCredentialsArr[1];
                    }
                    if (this.signerCredentials == null) {
                        throw new SecurityException("missing signerCredentials for certificates");
                    }
                    if (this.signerCredentials.certificates == null) {
                        throw new SecurityException("missing signerCertificates for certificates");
                    }
                    if (this.cipherCredentials == null) {
                        throw new SecurityException("missing cipherCredentials for certificates");
                    }
                    if (this.cipherCredentials.certificates == null) {
                        throw new SecurityException("missing cipherCertificates for certificates");
                    }
                    privateKey = this.signerCredentials.privateKey;
                    X509Certificate[] concat = SSLCredentials.concat(this.signerCredentials.certificates, this.cipherCredentials.certificates);
                    if (concat == null || concat.length == 0) {
                        throw new RuntimeException("no certificates");
                    }
                    this.session.setLocalCredentials(this.signerCredentials, this.signerCredentials);
                    CertificateMsg certificateMsg2 = new CertificateMsg(concat);
                    if (certificateMsg2 != null) {
                        Debugger.debug(certificateMsg2);
                        certificateMsg2.write(this.out);
                    }
                }
            }
            if (sSLCredentialsArr != null) {
            }
            CertificateMsg certificateMsg3 = new CertificateMsg(new X509Certificate[0]);
            Debugger.debug(certificateMsg3);
            certificateMsg3.write(this.out);
            return null;
        }
        return privateKey;
    }

    private final ClientKeyExchange writeClientKeyExchange() throws IOException {
        ClientKeyExchange ckepkea;
        switch (this.cipherSuite.keyExchange) {
            case K_ECDHE_SM2DSA:
                if (this.serverCipherKey != null) {
                    if (!(this.serverCipherKey instanceof ECPublicKey)) {
                        throw new SSLProtocolException("ECDHE_SM2DSA Server certificate does not include an EC key");
                    }
                    this.ecdh = new ECDHCrypt(true, this.serverEphemeralKey.getParameters(), this.context.getSecureRandom());
                    ckepkea = new ClientKeyExchange.CKESM2DH(this.ecdh.getPublicKey());
                    break;
                } else {
                    throw new SSLProtocolException("ECDHE_SM2DSA Server did not send certificate message");
                }
            case K_SM2PKEA_SM2DSA:
                if (this.serverCipherKey != null) {
                    if (!(this.serverCipherKey instanceof ECPublicKey)) {
                        throw new SSLProtocolException("SM2PKEA_SM2DSA Server certificate does not include an SM2 key");
                    }
                    ckepkea = new ClientKeyExchange.CKEPKEA(this.beingProtocolVersion, this.maxProtocolVersion, this.context.getSecureRandom(), this.serverCipherKey);
                    break;
                } else {
                    throw new SSLProtocolException("SM2PKEA_SM2DSA Server did not send certificate message");
                }
            default:
                throw new RuntimeException("Unsupported key exchange: " + this.cipherSuite.keyExchange);
        }
        Debugger.debug(ckepkea);
        ckepkea.write(this.out);
        return ckepkea;
    }

    private final void writeCertificateVerify(PrivateKey privateKey) throws SSLHandshakeException, IOException {
        if (privateKey == null) {
            if (Debugger.handshaker.isDebugEnabled()) {
                Debugger.handshaker.debug("handshaker failure:signingKey cannot be null!");
                return;
            }
            return;
        }
        try {
            CertificateVerify certificateVerify = new CertificateVerify(this.beingProtocolVersion, this.handshakeHash, privateKey, this.session.getMasterSecret(), null, this.context.getSecureRandom());
            Debugger.debug(certificateVerify);
            certificateVerify.write(this.out);
            this.out.doHashes();
        } catch (Exception e) {
            if (Debugger.handshaker.isErrorEnabled()) {
                Debugger.handshaker.error("handshaker failure", e);
            }
            fatalSE(AlertDescription.alert_handshake_failure, "Error signing certificate verify", e);
        }
    }

    private void writeChangeCipherAndFinish(boolean z) throws IOException {
        Finished finished = new Finished(this.beingProtocolVersion, this.handshakeHash, 1, this.session.getMasterSecret(), this.cipherSuite);
        sendChangeCipherSpec(finished, z);
        if (this.secureRenegotiation) {
            this.clientVerifyData = finished.getVerifyData();
        }
        this.state = 19;
    }

    private void serverFinished(Finished finished) throws IOException {
        Debugger.debug(finished);
        if (!finished.verify(this.handshakeHash, 2, this.session.getMasterSecret())) {
            fatalSE(AlertDescription.alert_illegal_parameter, "server 'finished' message doesn't verify");
        }
        if (this.secureRenegotiation) {
            this.serverVerifyData = finished.getVerifyData();
        }
        if (this.resumingSession) {
            this.in.digestNow();
            writeChangeCipherAndFinish(true);
        }
        this.session.setLastAccessedTime(System.currentTimeMillis());
        if (this.resumingSession) {
            return;
        }
        if (!this.session.isRejoinable()) {
            if (Debugger.handshaker.isDebugEnabled()) {
                Debugger.handshaker.debug("%% Didn't cache non-resumable client session: {}", this.session);
            }
        } else {
            ((SSLSessionContextImpl) this.context.engineGetClientSessionContext()).put(this.session);
            if (Debugger.handshaker.isDebugEnabled()) {
                Debugger.handshaker.debug("%% Cached client session: {}", this.session);
            }
        }
    }

    private final void calculateWorkKeys(ClientKeyExchange clientKeyExchange) throws IOException {
        SecretKey secretKey;
        switch (this.cipherSuite.keyExchange) {
            case K_ECDHE_SM2DSA:
                if (this.cipherCredentials != null && this.cipherCredentials.privateKey != null) {
                    secretKey = this.ecdh.getSM2AgreedSecret((ECPrivateKey) this.cipherCredentials.privateKey, (ECPublicKey) this.cipherCredentials.publicKey, (ECPublicKey) this.serverCipherKey, (ECPublicKey) this.serverEphemeralKey);
                    break;
                } else {
                    throw new SecurityException("missing cipherCredentials for calculateWorkKeys[ECDHE_SM2DSA]");
                }
            case K_SM2PKEA_SM2DSA:
                secretKey = ((ClientKeyExchange.CKEPKEA) clientKeyExchange).preMasterKey;
                break;
            default:
                throw new IOException("Internal error: unknown key exchange " + this.cipherSuite.keyExchange);
        }
        calculateKeys(secretKey, null);
    }

    @Override // cfca.sadk.tls.sun.security.ssl.Handshaker
    HandshakeMessage getKickstartMessage() throws SSLException {
        Debugger.handshaker.debug("kickstart->GetKickstartMessage running...");
        SessionId sessionId = SSLSessionImpl.nullSession.getSessionId();
        Debugger.handshaker.debug("kickstart->GetActiveCipherSuites running...");
        CipherSuiteList activeCipherSuites = getActiveCipherSuites();
        Debugger.handshaker.debug("kickstart->GetActiveCipherSuites finished.");
        this.maxProtocolVersion = this.beingProtocolVersion;
        Debugger.handshaker.debug("kickstart->SSLContextImpl.GetSession running...");
        this.session = ((SSLSessionContextImpl) this.context.engineGetClientSessionContext()).get(getHostSE(), getPortSE());
        Debugger.handshaker.debug("kickstart->SSLContextImpl.GetSession finished.");
        if (Debugger.handshaker.isDebugEnabled()) {
            if (this.session != null) {
                Debugger.handshaker.debug("%% Client cached " + this.session + (this.session.isRejoinable() ? "" : " (not rejoinable)"));
            } else {
                Debugger.handshaker.debug("%% No cached client session");
            }
        }
        if (this.session != null && !this.session.isRejoinable()) {
            this.session = null;
        }
        if (this.session != null) {
            CipherSuite suite = this.session.getSuite();
            ProtocolVersion protocolVersion = this.session.getProtocolVersion();
            if (!isNegotiable(suite)) {
                Debugger.handshaker.debug("%% can't resume, unavailable cipher");
                this.session = null;
            }
            if (this.session != null && !isNegotiable(protocolVersion)) {
                Debugger.handshaker.debug("%% can't resume, protocol disabled");
                this.session = null;
            }
            if (this.session != null) {
                Debugger.handshaker.debug("%% Try resuming {} from port {}", this.session, Integer.valueOf(getLocalPortSE()));
                sessionId = this.session.getSessionId();
                this.maxProtocolVersion = protocolVersion;
                setBeingVersion(protocolVersion);
            }
            if (!this.enableNewSession) {
                if (this.session == null) {
                    throw new SSLHandshakeException("Can't reuse existing SSL client session");
                }
                ArrayList arrayList = new ArrayList(2);
                arrayList.add(suite);
                if (!this.secureRenegotiation && activeCipherSuites.contains(CipherSuite.C_SCSV)) {
                    arrayList.add(CipherSuite.C_SCSV);
                }
                activeCipherSuites = new CipherSuiteList(arrayList);
            }
        }
        if (this.session == null && !this.enableNewSession) {
            throw new SSLHandshakeException("No existing session to resume");
        }
        if (this.secureRenegotiation && activeCipherSuites.contains(CipherSuite.C_SCSV)) {
            ArrayList arrayList2 = new ArrayList(activeCipherSuites.size() - 1);
            for (CipherSuite cipherSuite : activeCipherSuites.collection()) {
                if (cipherSuite != CipherSuite.C_SCSV) {
                    arrayList2.add(cipherSuite);
                }
            }
            activeCipherSuites = new CipherSuiteList(arrayList2);
        }
        boolean z = false;
        Iterator<CipherSuite> it = activeCipherSuites.collection().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (isNegotiable(it.next())) {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new SSLHandshakeException("No negotiable cipher suite");
        }
        if (Debugger.debugHandshakerFull) {
            sessionId = SSLSessionImpl.nullSession.getSessionId();
        }
        ClientHello clientHello = new ClientHello(this.maxProtocolVersion, this.context.getSecureRandom(), sessionId, activeCipherSuites);
        this.clientRandom = clientHello.getClientRandom();
        Debugger.handshaker.debug("kickstart->GetKickstartMessage finished.");
        return clientHello;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.Handshaker
    void handshakeAlert(AlertDescription alertDescription) throws SSLProtocolException {
        String alertDescription2 = Alerts.alertDescription(alertDescription);
        Debugger.handshaker.debug("SSL - handshake alert: {}", alertDescription2);
        throw new SSLProtocolException("handshake alert:  " + alertDescription2);
    }
}
