package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Server;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.SRP6GroupParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: classes7.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {

    /* renamed from: d, reason: collision with root package name */
    public TlsSigner f40179d;

    /* renamed from: e, reason: collision with root package name */
    public TlsSRPGroupVerifier f40180e;

    /* renamed from: f, reason: collision with root package name */
    public byte[] f40181f;

    /* renamed from: g, reason: collision with root package name */
    public byte[] f40182g;

    /* renamed from: h, reason: collision with root package name */
    public AsymmetricKeyParameter f40183h;

    /* renamed from: i, reason: collision with root package name */
    public SRP6GroupParameters f40184i;

    /* renamed from: j, reason: collision with root package name */
    public SRP6Client f40185j;

    /* renamed from: k, reason: collision with root package name */
    public SRP6Server f40186k;

    /* renamed from: l, reason: collision with root package name */
    public BigInteger f40187l;

    /* renamed from: m, reason: collision with root package name */
    public BigInteger f40188m;

    /* renamed from: n, reason: collision with root package name */
    public byte[] f40189n;

    /* renamed from: o, reason: collision with root package name */
    public TlsSignerCredentials f40190o;

    public TlsSRPKeyExchange(int i2, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i2, vector);
        this.f40183h = null;
        this.f40184i = null;
        this.f40185j = null;
        this.f40186k = null;
        this.f40187l = null;
        this.f40188m = null;
        this.f40189n = null;
        this.f40190o = null;
        this.f40179d = q(i2);
        this.f40180e = tlsSRPGroupVerifier;
        this.f40181f = bArr;
        this.f40182g = bArr2;
        this.f40185j = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i2, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i2, vector);
        this.f40183h = null;
        this.f40184i = null;
        this.f40185j = null;
        this.f40186k = null;
        this.f40187l = null;
        this.f40188m = null;
        this.f40189n = null;
        this.f40190o = null;
        this.f40179d = q(i2);
        this.f40181f = bArr;
        this.f40186k = new SRP6Server();
        this.f40184i = tlsSRPLoginParameters.a();
        this.f40188m = tlsSRPLoginParameters.c();
        this.f40189n = tlsSRPLoginParameters.b();
    }

    public TlsSRPKeyExchange(int i2, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i2, vector, new DefaultTlsSRPGroupVerifier(), bArr, bArr2);
    }

    public static TlsSigner q(int i2) {
        switch (i2) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(TlsContext tlsContext) {
        super.a(tlsContext);
        TlsSigner tlsSigner = this.f40179d;
        if (tlsSigner != null) {
            tlsSigner.a(tlsContext);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] b() throws IOException {
        this.f40186k.g(this.f40184i, this.f40188m, TlsUtils.x((short) 2), this.f39513c.h());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.f40184i.b(), this.f40184i.a(), this.f40189n, this.f40186k.e());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.a(digestInputBuffer);
        TlsSignerCredentials tlsSignerCredentials = this.f40190o;
        if (tlsSignerCredentials != null) {
            SignatureAndHashAlgorithm V = TlsUtils.V(this.f39513c, tlsSignerCredentials);
            Digest w2 = TlsUtils.w(V);
            SecurityParameters j2 = this.f39513c.j();
            byte[] bArr = j2.f40010g;
            w2.update(bArr, 0, bArr.length);
            byte[] bArr2 = j2.f40011h;
            w2.update(bArr2, 0, bArr2.length);
            digestInputBuffer.a(w2);
            byte[] bArr3 = new byte[w2.g()];
            w2.c(bArr3, 0);
            new DigitallySigned(V, this.f40190o.d(bArr3)).a(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void c(InputStream inputStream) throws IOException {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters j2 = this.f39513c.j();
        if (this.f40179d != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams f2 = ServerSRPParams.f(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned p2 = p(inputStream);
            Signer r2 = r(this.f40179d, p2.b(), j2);
            signerInputBuffer.a(r2);
            if (!r2.b(p2.c())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        SRP6GroupParameters sRP6GroupParameters = new SRP6GroupParameters(f2.d(), f2.c());
        this.f40184i = sRP6GroupParameters;
        if (!this.f40180e.a(sRP6GroupParameters)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.f40189n = f2.e();
        try {
            this.f40187l = SRP6Util.k(this.f40184i.b(), f2.b());
            this.f40185j.g(this.f40184i, TlsUtils.x((short) 2), this.f39513c.h());
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void d(InputStream inputStream) throws IOException {
        try {
            this.f40187l = SRP6Util.k(this.f40184i.b(), TlsSRPUtils.f(inputStream));
            this.f39513c.j().f40014k = Arrays.m(this.f40181f);
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void e(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void h(OutputStream outputStream) throws IOException {
        TlsSRPUtils.g(this.f40185j.e(this.f40189n, this.f40181f, this.f40182g), outputStream);
        this.f39513c.j().f40014k = Arrays.m(this.f40181f);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public boolean i() {
        return true;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void j(TlsCredentials tlsCredentials) throws IOException {
        if (this.f39511a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        l(tlsCredentials.e());
        this.f40190o = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void l(Certificate certificate) throws IOException {
        if (this.f40179d == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.f()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate c2 = certificate.c(0);
        try {
            AsymmetricKeyParameter b2 = PublicKeyFactory.b(c2.s());
            this.f40183h = b2;
            if (!this.f40179d.c(b2)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.X0(c2, 128);
            super.l(certificate);
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void m(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] n() throws IOException {
        try {
            SRP6Server sRP6Server = this.f40186k;
            return BigIntegers.b(sRP6Server != null ? sRP6Server.b(this.f40187l) : this.f40185j.c(this.f40187l));
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void o() throws IOException {
        if (this.f40179d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    public Signer r(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer j2 = tlsSigner.j(signatureAndHashAlgorithm, this.f40183h);
        byte[] bArr = securityParameters.f40010g;
        j2.update(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f40011h;
        j2.update(bArr2, 0, bArr2.length);
        return j2;
    }
}
