package org.spongycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Vector;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.agreement.srp.SRP6Client;
import org.spongycastle.crypto.agreement.srp.SRP6Server;
import org.spongycastle.crypto.agreement.srp.SRP6Util;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.SRP6GroupParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.BigIntegers;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {

    /* renamed from: d, reason: collision with root package name */
    public final AbstractTlsSigner f31791d;

    /* renamed from: e, reason: collision with root package name */
    public final TlsSRPGroupVerifier f31792e;

    /* renamed from: f, reason: collision with root package name */
    public final byte[] f31793f;

    /* renamed from: g, reason: collision with root package name */
    public final byte[] f31794g;

    /* renamed from: h, reason: collision with root package name */
    public AsymmetricKeyParameter f31795h;

    /* renamed from: i, reason: collision with root package name */
    public SRP6GroupParameters f31796i;
    public final SRP6Client j;
    public final SRP6Server k;
    public BigInteger l;
    public final BigInteger m;

    /* renamed from: n, reason: collision with root package name */
    public byte[] f31797n;
    public TlsSignerCredentials o;

    public TlsSRPKeyExchange(int i2, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i2, vector);
        this.f31795h = null;
        this.f31796i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.f31797n = null;
        this.o = null;
        this.f31791d = b(i2);
        this.f31792e = tlsSRPGroupVerifier;
        this.f31793f = bArr;
        this.f31794g = bArr2;
        this.j = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i2, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i2, vector);
        this.f31795h = null;
        this.f31796i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.f31797n = null;
        this.o = null;
        this.f31791d = b(i2);
        this.f31793f = bArr;
        this.k = new SRP6Server();
        this.f31796i = tlsSRPLoginParameters.getGroup();
        this.m = tlsSRPLoginParameters.getVerifier();
        this.f31797n = tlsSRPLoginParameters.getSalt();
    }

    public TlsSRPKeyExchange(int i2, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i2, vector, new DefaultTlsSRPGroupVerifier(), bArr, bArr2);
    }

    public static AbstractTlsSigner b(int i2) {
        switch (i2) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) {
        byte[] bArr = this.f31797n;
        byte[] bArr2 = this.f31794g;
        SRP6Client sRP6Client = this.j;
        byte[] bArr3 = this.f31793f;
        TlsSRPUtils.writeSRPParameter(sRP6Client.generateClientCredentials(bArr, bArr3, bArr2), outputStream);
        this.c.getSecurityParameters().k = Arrays.clone(bArr3);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] generatePremasterSecret() {
        try {
            SRP6Server sRP6Server = this.k;
            return BigIntegers.asUnsignedByteArray(sRP6Server != null ? sRP6Server.calculateSecret(this.l) : this.j.calculateSecret(this.l));
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() {
        SRP6GroupParameters sRP6GroupParameters = this.f31796i;
        Digest createHash = TlsUtils.createHash((short) 2);
        SecureRandom secureRandom = this.c.getSecureRandom();
        SRP6Server sRP6Server = this.k;
        sRP6Server.init(sRP6GroupParameters, this.m, createHash, secureRandom);
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.f31796i.getN(), this.f31796i.getG(), this.f31797n, sRP6Server.generateServerCredentials());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.encode(digestInputBuffer);
        TlsSignerCredentials tlsSignerCredentials = this.o;
        if (tlsSignerCredentials != null) {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(this.c, tlsSignerCredentials);
            Digest createHash2 = TlsUtils.createHash(signatureAndHashAlgorithm);
            SecurityParameters securityParameters = this.c.getSecurityParameters();
            byte[] bArr = securityParameters.f31681g;
            createHash2.update(bArr, 0, bArr.length);
            byte[] bArr2 = securityParameters.f31682h;
            createHash2.update(bArr2, 0, bArr2.length);
            digestInputBuffer.a(createHash2);
            byte[] bArr3 = new byte[createHash2.getDigestSize()];
            createHash2.doFinal(bArr3, 0);
            new DigitallySigned(signatureAndHashAlgorithm, this.o.generateCertificateSignature(bArr3)).encode(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void init(TlsContext tlsContext) {
        super.init(tlsContext);
        AbstractTlsSigner abstractTlsSigner = this.f31791d;
        if (abstractTlsSigner != null) {
            abstractTlsSigner.init(tlsContext);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) {
        try {
            this.l = SRP6Util.validatePublicValue(this.f31796i.getN(), TlsSRPUtils.readSRPParameter(inputStream));
            this.c.getSecurityParameters().k = Arrays.clone(this.f31793f);
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) {
        AbstractTlsSigner abstractTlsSigner = this.f31791d;
        if (abstractTlsSigner == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate certificateAt = certificate.getCertificateAt(0);
        try {
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(certificateAt.getSubjectPublicKeyInfo());
            this.f31795h = createKey;
            if (!abstractTlsSigner.isValidPublicKey(createKey)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.i(certificateAt, 128);
            super.processServerCertificate(certificate);
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) {
        if (this.f31541a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(tlsCredentials.getCertificate());
        this.o = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters securityParameters = this.c.getSecurityParameters();
        AbstractTlsSigner abstractTlsSigner = this.f31791d;
        if (abstractTlsSigner != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams parse = ServerSRPParams.parse(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned a2 = a(inputStream);
            Signer createVerifyer = abstractTlsSigner.createVerifyer(a2.getAlgorithm(), this.f31795h);
            byte[] bArr = securityParameters.f31681g;
            createVerifyer.update(bArr, 0, bArr.length);
            byte[] bArr2 = securityParameters.f31682h;
            createVerifyer.update(bArr2, 0, bArr2.length);
            signerInputBuffer.a(createVerifyer);
            if (!createVerifyer.verifySignature(a2.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        SRP6GroupParameters sRP6GroupParameters = new SRP6GroupParameters(parse.getN(), parse.getG());
        this.f31796i = sRP6GroupParameters;
        if (!this.f31792e.accept(sRP6GroupParameters)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.f31797n = parse.getS();
        try {
            this.l = SRP6Util.validatePublicValue(this.f31796i.getN(), parse.getB());
            this.j.init(this.f31796i, TlsUtils.createHash((short) 2), this.c.getSecureRandom());
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void skipServerCredentials() {
        if (this.f31791d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }
}
