package org.bouncycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes6.dex */
class TlsSRPKeyExchange implements TlsKeyExchange {

    /* renamed from: a, reason: collision with root package name */
    public TlsClientContext f118227a;

    /* renamed from: b, reason: collision with root package name */
    public int f118228b;

    /* renamed from: c, reason: collision with root package name */
    public TlsSigner f118229c;

    /* renamed from: d, reason: collision with root package name */
    public byte[] f118230d;

    /* renamed from: e, reason: collision with root package name */
    public byte[] f118231e;

    /* renamed from: f, reason: collision with root package name */
    public AsymmetricKeyParameter f118232f = null;

    /* renamed from: g, reason: collision with root package name */
    public byte[] f118233g = null;

    /* renamed from: h, reason: collision with root package name */
    public BigInteger f118234h = null;

    /* renamed from: i, reason: collision with root package name */
    public SRP6Client f118235i = new SRP6Client();

    public TlsSRPKeyExchange(TlsClientContext tlsClientContext, int i8, byte[] bArr, byte[] bArr2) {
        TlsSigner tlsSigner = null;
        switch (i8) {
            case 21:
                break;
            case 22:
                tlsSigner = new TlsDSSSigner();
                break;
            case 23:
                tlsSigner = new TlsRSASigner();
                break;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
        this.f118229c = tlsSigner;
        this.f118227a = tlsClientContext;
        this.f118228b = i8;
        this.f118230d = bArr;
        this.f118231e = bArr2;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void b() {
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void c(OutputStream outputStream) {
        byte[] a8 = BigIntegers.a(this.f118235i.c(this.f118233g, this.f118230d, this.f118231e));
        TlsUtils.q(a8.length + 2, outputStream);
        TlsUtils.l(a8, outputStream);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void d() {
        if (this.f118229c != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void e(Certificate certificate) {
        if (this.f118229c == null) {
            throw new TlsFatalAlert((short) 10);
        }
        X509CertificateStructure x509CertificateStructure = certificate.f118135a[0];
        try {
            AsymmetricKeyParameter a8 = PublicKeyFactory.a(x509CertificateStructure.r());
            this.f118232f = a8;
            if (!this.f118229c.a(a8)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.k(x509CertificateStructure, 128);
        } catch (RuntimeException unused) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] f() {
        try {
            return BigIntegers.a(this.f118235i.b(this.f118234h));
        } catch (CryptoException unused) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void g(InputStream inputStream) {
        Signer signer;
        InputStream inputStream2;
        SecurityParameters b8 = this.f118227a.b();
        TlsSigner tlsSigner = this.f118229c;
        if (tlsSigner != null) {
            signer = j(tlsSigner, b8);
            inputStream2 = new SignerInputStream(inputStream, signer);
        } else {
            signer = null;
            inputStream2 = inputStream;
        }
        byte[] f8 = TlsUtils.f(inputStream2);
        byte[] f9 = TlsUtils.f(inputStream2);
        byte[] g8 = TlsUtils.g(inputStream2);
        byte[] f10 = TlsUtils.f(inputStream2);
        if (signer != null && !signer.a(TlsUtils.f(inputStream))) {
            throw new TlsFatalAlert((short) 42);
        }
        BigInteger bigInteger = new BigInteger(1, f8);
        BigInteger bigInteger2 = new BigInteger(1, f9);
        this.f118233g = g8;
        try {
            this.f118234h = SRP6Util.g(bigInteger, new BigInteger(1, f10));
            this.f118235i.d(bigInteger, bigInteger2, new SHA1Digest(), this.f118227a.a());
        } catch (CryptoException unused) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void h() {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void i(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    public Signer j(TlsSigner tlsSigner, SecurityParameters securityParameters) {
        Signer b8 = tlsSigner.b(this.f118232f);
        byte[] bArr = securityParameters.f118170a;
        b8.f(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f118171b;
        b8.f(bArr2, 0, bArr2.length);
        return b8;
    }
}
