package org.spongycastle.crypto.tls;

import d.c;
import e.d;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.DHParameters;
import org.spongycastle.crypto.params.DHPrivateKeyParameters;
import org.spongycastle.crypto.params.DHPublicKeyParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;

/* loaded from: classes3.dex */
public class TlsDHKeyExchange extends AbstractTlsKeyExchange {
    public static final BigInteger ONE;
    public static final BigInteger TWO;
    public TlsAgreementCredentials agreementCredentials;
    public DHPrivateKeyParameters dhAgreeClientPrivateKey;
    public DHPublicKeyParameters dhAgreeClientPublicKey;
    public DHPrivateKeyParameters dhAgreeServerPrivateKey;
    public DHPublicKeyParameters dhAgreeServerPublicKey;
    public DHParameters dhParameters;
    public AsymmetricKeyParameter serverPublicKey;
    public TlsSigner tlsSigner;

    /* loaded from: classes3.dex */
    public class Exception extends RuntimeException {
    }

    static {
        try {
            ONE = BigInteger.valueOf(1L);
            TWO = BigInteger.valueOf(2L);
        } catch (Exception unused) {
        }
    }

    public TlsDHKeyExchange(int i2, Vector vector, DHParameters dHParameters) {
        super(i2, vector);
        TlsSigner tlsDSSSigner;
        if (i2 == 3) {
            tlsDSSSigner = new TlsDSSSigner();
        } else if (i2 == 5) {
            tlsDSSSigner = new TlsRSASigner();
        } else {
            if (i2 != 7 && i2 != 9) {
                int a = c.a();
                throw new IllegalArgumentException(c.b((a * 2) % a != 0 ? d.b(61, "sryz-`m1w9x%tdx\u007f66uc;0`*=l&&u(z+`cim") : "#=#8:7+3*><u9*5i#;#u{yst.jdbmmum~~", 3));
            }
            tlsDSSSigner = null;
        }
        this.tlsSigner = tlsDSSSigner;
        this.dhParameters = dHParameters;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) {
        try {
            if (this.agreementCredentials == null) {
                this.dhAgreeClientPrivateKey = TlsDHUtils.generateEphemeralClientKeyExchange(this.context.getSecureRandom(), this.dhAgreeServerPublicKey.getParameters(), outputStream);
            }
        } catch (Exception unused) {
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] generatePremasterSecret() {
        try {
            if (this.agreementCredentials != null) {
                return this.agreementCredentials.generateAgreement(this.dhAgreeServerPublicKey);
            }
            if (this.dhAgreeServerPrivateKey != null) {
                return TlsDHUtils.calculateDHBasicAgreement(this.dhAgreeClientPublicKey, this.dhAgreeServerPrivateKey);
            }
            if (this.dhAgreeClientPrivateKey != null) {
                return TlsDHUtils.calculateDHBasicAgreement(this.dhAgreeServerPublicKey, this.dhAgreeClientPrivateKey);
            }
            throw new TlsFatalAlert((short) 80);
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void init(TlsContext tlsContext) {
        try {
            super.init(tlsContext);
            if (this.tlsSigner != null) {
                this.tlsSigner.init(tlsContext);
            }
        } catch (Exception unused) {
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) {
        try {
            if (tlsCredentials instanceof TlsAgreementCredentials) {
                this.agreementCredentials = (TlsAgreementCredentials) tlsCredentials;
            } else if (!(tlsCredentials instanceof TlsSignerCredentials)) {
                throw new TlsFatalAlert((short) 80);
            }
        } catch (Exception unused) {
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) {
        int i2;
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate certificateAt = certificate.getCertificateAt(0);
        try {
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(certificateAt.getSubjectPublicKeyInfo());
            this.serverPublicKey = createKey;
            TlsSigner tlsSigner = this.tlsSigner;
            if (tlsSigner == null) {
                try {
                    this.dhAgreeServerPublicKey = TlsDHUtils.validateDHPublicKey((DHPublicKeyParameters) createKey);
                    i2 = 8;
                } catch (ClassCastException unused) {
                    throw new TlsFatalAlert((short) 46);
                }
            } else {
                if (!tlsSigner.isValidPublicKey(createKey)) {
                    throw new TlsFatalAlert((short) 46);
                }
                i2 = 128;
            }
            TlsUtils.validateKeyUsage(certificateAt, i2);
            super.processServerCertificate(certificate);
        } catch (RuntimeException unused2) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        try {
            int i2 = this.keyExchange;
            return i2 == 3 || i2 == 5 || i2 == 11;
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void skipServerCredentials() {
        try {
            throw new TlsFatalAlert((short) 10);
        } catch (Exception unused) {
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) {
        try {
            for (short s2 : certificateRequest.getCertificateTypes()) {
                if (s2 != 1 && s2 != 2 && s2 != 3 && s2 != 4 && s2 != 64) {
                    throw new TlsFatalAlert((short) 47);
                }
            }
        } catch (Exception unused) {
        }
    }
}
