package org.spongycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.agreement.srp.SRP6Client;
import org.spongycastle.crypto.agreement.srp.SRP6Server;
import org.spongycastle.crypto.agreement.srp.SRP6Util;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.SRP6GroupParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.BigIntegers;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes3.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {

    /* renamed from: d, reason: collision with root package name */
    protected TlsSigner f12986d;

    /* renamed from: e, reason: collision with root package name */
    protected TlsSRPGroupVerifier f12987e;

    /* renamed from: f, reason: collision with root package name */
    protected byte[] f12988f;

    /* renamed from: g, reason: collision with root package name */
    protected byte[] f12989g;

    /* renamed from: h, reason: collision with root package name */
    protected AsymmetricKeyParameter f12990h;

    /* renamed from: i, reason: collision with root package name */
    protected SRP6GroupParameters f12991i;

    /* renamed from: j, reason: collision with root package name */
    protected SRP6Client f12992j;

    /* renamed from: k, reason: collision with root package name */
    protected SRP6Server f12993k;

    /* renamed from: l, reason: collision with root package name */
    protected BigInteger f12994l;

    /* renamed from: m, reason: collision with root package name */
    protected BigInteger f12995m;
    protected byte[] n;

    /* renamed from: o, reason: collision with root package name */
    protected TlsSignerCredentials f12996o;

    public TlsSRPKeyExchange(int i2, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i2, vector);
        this.f12990h = null;
        this.f12991i = null;
        this.f12992j = null;
        this.f12993k = null;
        this.f12994l = null;
        this.f12995m = null;
        this.n = null;
        this.f12996o = null;
        this.f12986d = b(i2);
        this.f12987e = tlsSRPGroupVerifier;
        this.f12988f = bArr;
        this.f12989g = bArr2;
        this.f12992j = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i2, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i2, vector);
        this.f12990h = null;
        this.f12991i = null;
        this.f12992j = null;
        this.f12993k = null;
        this.f12994l = null;
        this.f12995m = null;
        this.n = null;
        this.f12996o = null;
        this.f12986d = b(i2);
        this.f12988f = bArr;
        this.f12993k = new SRP6Server();
        this.f12991i = tlsSRPLoginParameters.getGroup();
        this.f12995m = tlsSRPLoginParameters.getVerifier();
        this.n = tlsSRPLoginParameters.getSalt();
    }

    public TlsSRPKeyExchange(int i2, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i2, vector, new DefaultTlsSRPGroupVerifier(), bArr, bArr2);
    }

    protected static TlsSigner b(int i2) {
        switch (i2) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    protected Signer c(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer createVerifyer = tlsSigner.createVerifyer(signatureAndHashAlgorithm, this.f12990h);
        byte[] bArr = securityParameters.f12872g;
        createVerifyer.update(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f12873h;
        createVerifyer.update(bArr2, 0, bArr2.length);
        return createVerifyer;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        TlsSRPUtils.writeSRPParameter(this.f12992j.generateClientCredentials(this.n, this.f12988f, this.f12989g), outputStream);
        this.f12759c.getSecurityParameters().f12876k = Arrays.clone(this.f12988f);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] generatePremasterSecret() throws IOException {
        try {
            SRP6Server sRP6Server = this.f12993k;
            return BigIntegers.asUnsignedByteArray(sRP6Server != null ? sRP6Server.calculateSecret(this.f12994l) : this.f12992j.calculateSecret(this.f12994l));
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        this.f12993k.init(this.f12991i, this.f12995m, TlsUtils.createHash((short) 2), this.f12759c.getSecureRandom());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.f12991i.getN(), this.f12991i.getG(), this.n, this.f12993k.generateServerCredentials());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.encode(digestInputBuffer);
        TlsSignerCredentials tlsSignerCredentials = this.f12996o;
        if (tlsSignerCredentials != null) {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(this.f12759c, tlsSignerCredentials);
            Digest createHash = TlsUtils.createHash(signatureAndHashAlgorithm);
            SecurityParameters securityParameters = this.f12759c.getSecurityParameters();
            byte[] bArr = securityParameters.f12872g;
            createHash.update(bArr, 0, bArr.length);
            byte[] bArr2 = securityParameters.f12873h;
            createHash.update(bArr2, 0, bArr2.length);
            digestInputBuffer.a(createHash);
            byte[] bArr3 = new byte[createHash.getDigestSize()];
            createHash.doFinal(bArr3, 0);
            new DigitallySigned(signatureAndHashAlgorithm, this.f12996o.generateCertificateSignature(bArr3)).encode(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void init(TlsContext tlsContext) {
        super.init(tlsContext);
        TlsSigner tlsSigner = this.f12986d;
        if (tlsSigner != null) {
            tlsSigner.init(tlsContext);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        try {
            this.f12994l = SRP6Util.validatePublicValue(this.f12991i.getN(), TlsSRPUtils.readSRPParameter(inputStream));
            this.f12759c.getSecurityParameters().f12876k = Arrays.clone(this.f12988f);
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (this.f12986d == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate certificateAt = certificate.getCertificateAt(0);
        try {
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(certificateAt.getSubjectPublicKeyInfo());
            this.f12990h = createKey;
            if (!this.f12986d.isValidPublicKey(createKey)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.k(certificateAt, 128);
            super.processServerCertificate(certificate);
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (this.f12757a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(tlsCredentials.getCertificate());
        this.f12996o = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters securityParameters = this.f12759c.getSecurityParameters();
        if (this.f12986d != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams parse = ServerSRPParams.parse(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned a2 = a(inputStream);
            Signer c2 = c(this.f12986d, a2.getAlgorithm(), securityParameters);
            signerInputBuffer.a(c2);
            if (!c2.verifySignature(a2.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        SRP6GroupParameters sRP6GroupParameters = new SRP6GroupParameters(parse.getN(), parse.getG());
        this.f12991i = sRP6GroupParameters;
        if (!this.f12987e.accept(sRP6GroupParameters)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.n = parse.getS();
        try {
            this.f12994l = SRP6Util.validatePublicValue(this.f12991i.getN(), parse.getB());
            this.f12992j.init(this.f12991i, TlsUtils.createHash((short) 2), this.f12759c.getSecureRandom());
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        if (this.f12986d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }
}
