package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.CryptoException;

/* loaded from: classes2.dex */
public class ek extends g {
    protected ei groupVerifier;
    protected byte[] identity;
    protected byte[] password;
    protected ev serverCredentials;
    protected org.bouncycastle.crypto.l.b serverPublicKey;
    protected org.bouncycastle.crypto.a.c.a srpClient;
    protected org.bouncycastle.crypto.l.bn srpGroup;
    protected BigInteger srpPeerCredentials;
    protected byte[] srpSalt;
    protected org.bouncycastle.crypto.a.c.b srpServer;
    protected BigInteger srpVerifier;
    protected eu tlsSigner;

    public ek(int i, Vector vector, ei eiVar, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.serverPublicKey = null;
        this.srpGroup = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.tlsSigner = a(i);
        this.groupVerifier = eiVar;
        this.identity = bArr;
        this.password = bArr2;
        this.srpClient = new org.bouncycastle.crypto.a.c.a();
    }

    public ek(int i, Vector vector, byte[] bArr, el elVar) {
        super(i, vector);
        this.serverPublicKey = null;
        this.srpGroup = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.tlsSigner = a(i);
        this.identity = bArr;
        this.srpServer = new org.bouncycastle.crypto.a.c.b();
        this.srpGroup = elVar.getGroup();
        this.srpVerifier = elVar.getVerifier();
        this.srpSalt = elVar.getSalt();
    }

    public ek(int i, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i, vector, new az(), bArr, bArr2);
    }

    protected static eu a(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new dm();
            case 23:
                return new eg();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    protected org.bouncycastle.crypto.aa a(eu euVar, cq cqVar, ci ciVar) {
        org.bouncycastle.crypto.aa createVerifyer = euVar.createVerifyer(cqVar, this.serverPublicKey);
        createVerifyer.update(ciVar.g, 0, ciVar.g.length);
        createVerifyer.update(ciVar.h, 0, ciVar.h.length);
        return createVerifyer;
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        em.writeSRPParameter(this.srpClient.generateClientCredentials(this.srpSalt, this.identity, this.password), outputStream);
        this.context.getSecurityParameters().k = org.bouncycastle.util.a.clone(this.identity);
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public byte[] generatePremasterSecret() throws IOException {
        try {
            return org.bouncycastle.util.b.asUnsignedByteArray(this.srpServer != null ? this.srpServer.calculateSecret(this.srpPeerCredentials) : this.srpClient.calculateSecret(this.srpPeerCredentials));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public byte[] generateServerKeyExchange() throws IOException {
        this.srpServer.init(this.srpGroup, this.srpVerifier, ex.createHash((short) 2), this.context.getSecureRandom());
        cn cnVar = new cn(this.srpGroup.getN(), this.srpGroup.getG(), this.srpSalt, this.srpServer.generateServerCredentials());
        bd bdVar = new bd();
        cnVar.encode(bdVar);
        if (this.serverCredentials != null) {
            cq signatureAndHashAlgorithm = ex.getSignatureAndHashAlgorithm(this.context, this.serverCredentials);
            org.bouncycastle.crypto.p createHash = ex.createHash(signatureAndHashAlgorithm);
            ci securityParameters = this.context.getSecurityParameters();
            createHash.update(securityParameters.g, 0, securityParameters.g.length);
            createHash.update(securityParameters.h, 0, securityParameters.h.length);
            bdVar.a(createHash);
            byte[] bArr = new byte[createHash.getDigestSize()];
            createHash.doFinal(bArr, 0);
            new be(signatureAndHashAlgorithm, this.serverCredentials.generateCertificateSignature(bArr)).encode(bdVar);
        }
        return bdVar.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void init(dg dgVar) {
        super.init(dgVar);
        if (this.tlsSigner != null) {
            this.tlsSigner.init(dgVar);
        }
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void processClientCredentials(dh dhVar) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        try {
            this.srpPeerCredentials = org.bouncycastle.crypto.a.c.d.validatePublicValue(this.srpGroup.getN(), em.readSRPParameter(inputStream));
            this.context.getSecurityParameters().k = org.bouncycastle.util.a.clone(this.identity);
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerCertificate(t tVar) throws IOException {
        if (this.tlsSigner == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (tVar.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.o certificateAt = tVar.getCertificateAt(0);
        try {
            this.serverPublicKey = org.bouncycastle.crypto.util.g.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (!this.tlsSigner.isValidPublicKey(this.serverPublicKey)) {
                throw new TlsFatalAlert((short) 46);
            }
            ex.a(certificateAt, 128);
            super.processServerCertificate(tVar);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerCredentials(dh dhVar) throws IOException {
        if (this.keyExchange == 21 || !(dhVar instanceof ev)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(dhVar.getCertificate());
        this.serverCredentials = (ev) dhVar;
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        InputStream inputStream2;
        ci securityParameters = this.context.getSecurityParameters();
        cr crVar = null;
        if (this.tlsSigner != null) {
            crVar = new cr();
            inputStream2 = new org.bouncycastle.util.io.c(inputStream, crVar);
        } else {
            inputStream2 = inputStream;
        }
        cn parse = cn.parse(inputStream2);
        if (crVar != null) {
            be a = a(inputStream);
            org.bouncycastle.crypto.aa a2 = a(this.tlsSigner, a.getAlgorithm(), securityParameters);
            crVar.a(a2);
            if (!a2.verifySignature(a.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        this.srpGroup = new org.bouncycastle.crypto.l.bn(parse.getN(), parse.getG());
        if (!this.groupVerifier.accept(this.srpGroup)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.srpSalt = parse.getS();
        try {
            this.srpPeerCredentials = org.bouncycastle.crypto.a.c.d.validatePublicValue(this.srpGroup.getN(), parse.getB());
            this.srpClient.init(this.srpGroup, ex.createHash((short) 2), this.context.getSecureRandom());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void skipServerCredentials() throws IOException {
        if (this.tlsSigner != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void validateCertificateRequest(u uVar) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }
}
