package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.util.Vector;

/* renamed from: org.bouncycastle.crypto.tls.do, reason: invalid class name */
/* loaded from: classes2.dex */
public class Cdo extends dp {
    protected ev serverCredentials;

    public Cdo(int i, Vector vector, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector, iArr, sArr, sArr2);
        this.serverCredentials = null;
    }

    protected org.bouncycastle.crypto.aa a(eu euVar, cq cqVar, ci ciVar) {
        org.bouncycastle.crypto.aa createVerifyer = euVar.createVerifyer(cqVar, this.serverPublicKey);
        createVerifyer.update(ciVar.g, 0, ciVar.g.length);
        createVerifyer.update(ciVar.h, 0, ciVar.h.length);
        return createVerifyer;
    }

    @Override // org.bouncycastle.crypto.tls.dp, org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public byte[] generateServerKeyExchange() throws IOException {
        bd bdVar = new bd();
        this.ecAgreePrivateKey = dn.a(this.context.getSecureRandom(), this.namedCurves, this.clientECPointFormats, bdVar);
        cq signatureAndHashAlgorithm = ex.getSignatureAndHashAlgorithm(this.context, this.serverCredentials);
        org.bouncycastle.crypto.p createHash = ex.createHash(signatureAndHashAlgorithm);
        ci securityParameters = this.context.getSecurityParameters();
        createHash.update(securityParameters.g, 0, securityParameters.g.length);
        createHash.update(securityParameters.h, 0, securityParameters.h.length);
        bdVar.a(createHash);
        byte[] bArr = new byte[createHash.getDigestSize()];
        createHash.doFinal(bArr, 0);
        new be(signatureAndHashAlgorithm, this.serverCredentials.generateCertificateSignature(bArr)).encode(bdVar);
        return bdVar.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.dp, org.bouncycastle.crypto.tls.dv
    public void processClientCredentials(dh dhVar) throws IOException {
        if (!(dhVar instanceof ev)) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerCredentials(dh dhVar) throws IOException {
        if (!(dhVar instanceof ev)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(dhVar.getCertificate());
        this.serverCredentials = (ev) dhVar;
    }

    @Override // org.bouncycastle.crypto.tls.dp, org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        ci securityParameters = this.context.getSecurityParameters();
        cr crVar = new cr();
        org.bouncycastle.util.io.c cVar = new org.bouncycastle.util.io.c(inputStream, crVar);
        org.bouncycastle.crypto.l.x readECParameters = dn.readECParameters(this.namedCurves, this.clientECPointFormats, cVar);
        byte[] readOpaque8 = ex.readOpaque8(cVar);
        be a = a(inputStream);
        org.bouncycastle.crypto.aa a2 = a(this.tlsSigner, a.getAlgorithm(), securityParameters);
        crVar.a(a2);
        if (!a2.verifySignature(a.getSignature())) {
            throw new TlsFatalAlert((short) 51);
        }
        this.ecAgreePublicKey = dn.validateECPublicKey(dn.deserializeECPublicKey(this.clientECPointFormats, readECParameters, readOpaque8));
    }

    @Override // org.bouncycastle.crypto.tls.dp, org.bouncycastle.crypto.tls.dv
    public void validateCertificateRequest(u uVar) throws IOException {
        for (short s : uVar.getCertificateTypes()) {
            switch (s) {
                case 1:
                case 2:
                case 64:
                default:
                    throw new TlsFatalAlert((short) 47);
            }
        }
    }
}
