package org.spongycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.agreement.srp.SRP6Client;
import org.spongycastle.crypto.agreement.srp.SRP6Server;
import org.spongycastle.crypto.agreement.srp.SRP6Util;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.SRP6GroupParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.BigIntegers;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes6.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    public TlsSigner d;
    public TlsSRPGroupVerifier e;
    public byte[] f;
    public byte[] g;
    public AsymmetricKeyParameter h;
    public SRP6GroupParameters i;
    public SRP6Client j;
    public SRP6Server k;
    public BigInteger l;
    public BigInteger m;
    public byte[] n;
    public TlsSignerCredentials o;

    public TlsSRPKeyExchange(int i, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.d = q(i);
        this.e = tlsSRPGroupVerifier;
        this.f = bArr;
        this.g = bArr2;
        this.j = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i, vector);
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.d = q(i);
        this.f = bArr;
        this.k = new SRP6Server();
        this.i = tlsSRPLoginParameters.a();
        this.m = tlsSRPLoginParameters.c();
        this.n = tlsSRPLoginParameters.b();
    }

    public static TlsSigner q(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(TlsContext tlsContext) {
        super.a(tlsContext);
        TlsSigner tlsSigner = this.d;
        if (tlsSigner != null) {
            tlsSigner.a(tlsContext);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] b() {
        this.k.e(this.i, this.m, TlsUtils.o((short) 2), this.c.d());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.i.b(), this.i.a(), this.n, this.k.c());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.a(digestInputBuffer);
        TlsSignerCredentials tlsSignerCredentials = this.o;
        if (tlsSignerCredentials != null) {
            SignatureAndHashAlgorithm J = TlsUtils.J(this.c, tlsSignerCredentials);
            Digest n = TlsUtils.n(J);
            SecurityParameters f = this.c.f();
            byte[] bArr = f.f;
            n.update(bArr, 0, bArr.length);
            byte[] bArr2 = f.g;
            n.update(bArr2, 0, bArr2.length);
            digestInputBuffer.b(n);
            byte[] bArr3 = new byte[n.f()];
            n.c(bArr3, 0);
            new DigitallySigned(J, this.o.d(bArr3)).a(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void c(InputStream inputStream) {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters f = this.c.f();
        if (this.d != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams f2 = ServerSRPParams.f(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned o = o(inputStream);
            Signer r = r(this.d, o.b(), f);
            signerInputBuffer.b(r);
            if (!r.a(o.c())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        SRP6GroupParameters sRP6GroupParameters = new SRP6GroupParameters(f2.d(), f2.c());
        this.i = sRP6GroupParameters;
        if (!this.e.a(sRP6GroupParameters)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.n = f2.e();
        try {
            this.l = SRP6Util.g(this.i.b(), f2.b());
            this.j.e(this.i, TlsUtils.o((short) 2), this.c.d());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void e(InputStream inputStream) {
        try {
            this.l = SRP6Util.g(this.i.b(), TlsSRPUtils.d(inputStream));
            this.c.f().j = Arrays.h(this.f);
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void f(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void h(OutputStream outputStream) {
        TlsSRPUtils.e(this.j.c(this.n, this.f, this.g), outputStream);
        this.c.f().j = Arrays.h(this.f);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void i(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void k(TlsCredentials tlsCredentials) {
        if (this.f15544a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        m(tlsCredentials.e());
        this.o = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] l() {
        try {
            SRP6Server sRP6Server = this.k;
            return BigIntegers.b(sRP6Server != null ? sRP6Server.b(this.l) : this.j.b(this.l));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void m(Certificate certificate) {
        if (this.d == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.c()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate b = certificate.b(0);
        try {
            AsymmetricKeyParameter a2 = PublicKeyFactory.a(b.A());
            this.h = a2;
            if (!this.d.e(a2)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.x0(b, 128);
            super.m(certificate);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void n() {
        if (this.d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange
    public boolean p() {
        return true;
    }

    public Signer r(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer d = tlsSigner.d(signatureAndHashAlgorithm, this.h);
        byte[] bArr = securityParameters.f;
        d.update(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.g;
        d.update(bArr2, 0, bArr2.length);
        return d;
    }
}
