package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.util.Vector;

/* loaded from: classes2.dex */
public class di extends dj {
    protected ev serverCredentials;

    public di(int i, Vector vector, org.bouncycastle.crypto.l.m mVar) {
        super(i, vector, mVar);
        this.serverCredentials = null;
    }

    protected org.bouncycastle.crypto.aa a(eu euVar, cq cqVar, ci ciVar) {
        org.bouncycastle.crypto.aa createVerifyer = euVar.createVerifyer(cqVar, this.serverPublicKey);
        createVerifyer.update(ciVar.g, 0, ciVar.g.length);
        createVerifyer.update(ciVar.h, 0, ciVar.h.length);
        return createVerifyer;
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public byte[] generateServerKeyExchange() throws IOException {
        if (this.dhParameters == null) {
            throw new TlsFatalAlert((short) 80);
        }
        bd bdVar = new bd();
        this.dhAgreePrivateKey = dk.generateEphemeralServerKeyExchange(this.context.getSecureRandom(), this.dhParameters, bdVar);
        cq signatureAndHashAlgorithm = ex.getSignatureAndHashAlgorithm(this.context, this.serverCredentials);
        org.bouncycastle.crypto.p createHash = ex.createHash(signatureAndHashAlgorithm);
        ci securityParameters = this.context.getSecurityParameters();
        createHash.update(securityParameters.g, 0, securityParameters.g.length);
        createHash.update(securityParameters.h, 0, securityParameters.h.length);
        bdVar.a(createHash);
        byte[] bArr = new byte[createHash.getDigestSize()];
        createHash.doFinal(bArr, 0);
        new be(signatureAndHashAlgorithm, this.serverCredentials.generateCertificateSignature(bArr)).encode(bdVar);
        return bdVar.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerCredentials(dh dhVar) throws IOException {
        if (!(dhVar instanceof ev)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(dhVar.getCertificate());
        this.serverCredentials = (ev) dhVar;
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        ci securityParameters = this.context.getSecurityParameters();
        cr crVar = new cr();
        cj parse = cj.parse(new org.bouncycastle.util.io.c(inputStream, crVar));
        be a = a(inputStream);
        org.bouncycastle.crypto.aa a2 = a(this.tlsSigner, a.getAlgorithm(), securityParameters);
        crVar.a(a2);
        if (!a2.verifySignature(a.getSignature())) {
            throw new TlsFatalAlert((short) 51);
        }
        this.dhAgreePublicKey = dk.validateDHPublicKey(parse.getPublicKey());
        this.dhParameters = a(this.dhAgreePublicKey.getParameters());
    }
}
