package org.spongycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.agreement.srp.SRP6Client;
import org.spongycastle.crypto.agreement.srp.SRP6Util;
import org.spongycastle.crypto.digests.SHA1Digest;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.BigIntegers;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes3.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    protected TlsSigner d;
    protected byte[] e;
    protected byte[] f;
    protected AsymmetricKeyParameter g;
    protected byte[] h;
    protected BigInteger i;
    protected SRP6Client j;

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.g = null;
        this.h = null;
        this.i = null;
        this.j = new SRP6Client();
        switch (i) {
            case 21:
                this.d = null;
                break;
            case 22:
                this.d = new TlsDSSSigner();
                break;
            case 23:
                this.d = new TlsRSASigner();
                break;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
        this.a = i;
        this.e = bArr;
        this.f = bArr2;
    }

    protected Signer a(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer createVerifyer = tlsSigner.createVerifyer(signatureAndHashAlgorithm, this.g);
        createVerifyer.update(securityParameters.g, 0, securityParameters.g.length);
        createVerifyer.update(securityParameters.h, 0, securityParameters.h.length);
        return createVerifyer;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        TlsUtils.writeOpaque16(BigIntegers.asUnsignedByteArray(this.j.generateClientCredentials(this.h, this.e, this.f)), outputStream);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] generatePremasterSecret() throws IOException {
        try {
            return BigIntegers.asUnsignedByteArray(this.j.calculateSecret(this.i));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void init(TlsContext tlsContext) {
        super.init(tlsContext);
        if (this.d != null) {
            this.d.init(tlsContext);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (this.d == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate certificateAt = certificate.getCertificateAt(0);
        try {
            this.g = PublicKeyFactory.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (!this.d.isValidPublicKey(this.g)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.a(certificateAt, 128);
            super.processServerCertificate(certificate);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters securityParameters = this.c.getSecurityParameters();
        if (this.d != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        byte[] readOpaque16 = TlsUtils.readOpaque16(inputStream2);
        byte[] readOpaque162 = TlsUtils.readOpaque16(inputStream2);
        byte[] readOpaque8 = TlsUtils.readOpaque8(inputStream2);
        byte[] readOpaque163 = TlsUtils.readOpaque16(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned parse = DigitallySigned.parse(this.c, inputStream);
            Signer a = a(this.d, parse.getAlgorithm(), securityParameters);
            signerInputBuffer.a(a);
            if (!a.verifySignature(parse.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        BigInteger bigInteger = new BigInteger(1, readOpaque16);
        BigInteger bigInteger2 = new BigInteger(1, readOpaque162);
        this.h = readOpaque8;
        try {
            this.i = SRP6Util.validatePublicValue(bigInteger, new BigInteger(1, readOpaque163));
            this.j.init(bigInteger, bigInteger2, new SHA1Digest(), this.c.getSecureRandom());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        if (this.d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }
}
