package org.spongycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import org.spongycastle.crypto.AsymmetricCipherKeyPair;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.params.ECDomainParameters;
import org.spongycastle.crypto.params.ECPrivateKeyParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes.dex */
public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
    protected TlsSignerCredentials serverCredentials;

    public TlsECDHEKeyExchange(int i, short[] sArr) {
        super(i, sArr);
        this.serverCredentials = null;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public final byte[] generateServerKeyExchange() throws IOException {
        SecurityParameters securityParameters = null;
        ECDomainParameters parametersForNamedCurve = TlsECCUtils.getParametersForNamedCurve(23);
        if (parametersForNamedCurve == null) {
            throw new TlsFatalAlert((short) 80);
        }
        AsymmetricCipherKeyPair generateECKeyPair$585a823d = TlsECCUtils.generateECKeyPair$585a823d(parametersForNamedCurve);
        this.ecAgreePrivateKey = (ECPrivateKeyParameters) generateECKeyPair$585a823d.getPrivate();
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        TlsECCUtils.writeNamedECParameters$5e5f4da0(digestInputBuffer);
        TlsECCUtils.writeECPoint(null, ((ECPublicKeyParameters) generateECKeyPair$585a823d.getPublic()).getQ(), digestInputBuffer);
        if (TlsUtils.isTLSv12(this.context)) {
            this.serverCredentials.getSignatureAndHashAlgorithm();
            throw new TlsFatalAlert((short) 80);
        }
        CombinedHash combinedHash = new CombinedHash();
        combinedHash.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
        combinedHash.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
        digestInputBuffer.updateDigest(combinedHash);
        byte[] bArr = new byte[combinedHash.getDigestSize()];
        combinedHash.doFinal(bArr, 0);
        new DigitallySigned(null, this.serverCredentials.generateCertificateSignature(bArr)).encode(digestInputBuffer);
        return digestInputBuffer.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public final void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(null);
        this.serverCredentials = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public final void processServerKeyExchange(InputStream inputStream) throws IOException {
        SecurityParameters securityParameters = null;
        SignerInputBuffer signerInputBuffer = new SignerInputBuffer();
        TeeInputStream teeInputStream = new TeeInputStream(inputStream, signerInputBuffer);
        ECDomainParameters readECParameters$65ecc024 = TlsECCUtils.readECParameters$65ecc024(teeInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(teeInputStream);
        DigitallySigned parse = DigitallySigned.parse(this.context, inputStream);
        Signer createVerifyer = this.tlsSigner.createVerifyer(parse.getAlgorithm(), this.serverPublicKey);
        createVerifyer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
        createVerifyer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
        signerInputBuffer.updateSigner(createVerifyer);
        if (!createVerifyer.verifySignature(parse.getSignature())) {
            throw new TlsFatalAlert((short) 51);
        }
        this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(null, readECParameters$65ecc024, readOpaque8));
    }

    @Override // org.spongycastle.crypto.tls.TlsECDHKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public final void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
        for (short s : certificateRequest.getCertificateTypes()) {
            switch (s) {
                case 1:
                case 2:
                case 64:
                default:
                    throw new TlsFatalAlert((short) 47);
            }
        }
    }
}
