package fm.icelink;

import fm.ArrayExtensions;
import fm.ByteInputStream;
import fm.ByteOutputStream;
import fm.Log;
import fm.NetworkBuffer;

/* loaded from: classes.dex */
class TLSRsaKeyExchange extends TLSKeyExchange {
    byte[] _premasterSecret;
    TLSEncryptionCredentials _serverCredentials;
    RSAKey _serverPublicKey;

    public TLSRsaKeyExchange(TLSContext tLSContext, TLSSignatureAndHashAlgorithm[] tLSSignatureAndHashAlgorithmArr) {
        super(tLSContext, 1, tLSSignatureAndHashAlgorithmArr);
        this._serverPublicKey = null;
        this._serverCredentials = null;
    }

    public static byte[] generateEncryptedPreMasterSecret(TLSContext tLSContext, RSAKey rSAKey, ByteOutputStream byteOutputStream) {
        byte[] secureRandom = Crypto.secureRandom(48);
        TLSNetworkBuffer.writeVersion(tLSContext.getClientVersion(), secureRandom, 0);
        try {
            NetworkBuffer.writeStreamOpaque16(Crypto.encryptRsa(secureRandom, rSAKey), byteOutputStream);
            return secureRandom;
        } catch (Exception e) {
            throw new TLSFatalAlert(80);
        }
    }

    @Override // fm.icelink.TLSKeyExchange
    public void generateClientKeyExchange(ByteOutputStream byteOutputStream) {
        this._premasterSecret = generateEncryptedPreMasterSecret(this._context, this._serverPublicKey, byteOutputStream);
    }

    @Override // fm.icelink.TLSKeyExchange
    public byte[] generatePremasterSecret() {
        if (this._premasterSecret == null) {
            throw new TLSFatalAlert(80);
        }
        byte[] bArr = this._premasterSecret;
        this._premasterSecret = null;
        return bArr;
    }

    @Override // fm.icelink.TLSKeyExchange
    public void processClientCredentials(TLSCredentials tLSCredentials) {
        if (!(tLSCredentials instanceof TLSSignerCredentials)) {
            throw new TLSFatalAlert(80);
        }
    }

    @Override // fm.icelink.TLSKeyExchange
    public void processClientKeyExchange(ByteInputStream byteInputStream) {
        byte[] readStreamOpaque16 = NetworkBuffer.readStreamOpaque16(byteInputStream);
        TLSProtocolVersion clientVersion = this._context.getClientVersion();
        byte[] secureRandom = Crypto.secureRandom(48);
        byte[] bArr = new byte[0];
        try {
            bArr = this._serverCredentials.decryptPreMasterSecret(readStreamOpaque16);
        } catch (Exception e) {
        }
        if (ArrayExtensions.getLength(bArr) != 48) {
            TLSNetworkBuffer.writeVersion(clientVersion, secureRandom, 0);
            this._premasterSecret = secureRandom;
        } else {
            TLSNetworkBuffer.writeVersion(clientVersion, bArr, 0);
            this._premasterSecret = bArr;
        }
    }

    @Override // fm.icelink.TLSKeyExchange
    public void processServerCertificate(TLSCertificate tLSCertificate) {
        if (tLSCertificate.isEmpty()) {
            throw new TLSFatalAlert(42);
        }
        try {
            this._serverPublicKey = Certificate.fromX509(tLSCertificate.getCertificates()[0]).getKey();
            if (this._serverPublicKey.hasPrivate()) {
                throw new TLSFatalAlert(80);
            }
            this._serverPublicKey = validateRsaPublicKey(this._serverPublicKey);
            super.processServerCertificateBase(tLSCertificate);
        } catch (Exception e) {
            Log.error("Could not process server certificate.", e);
            throw new TLSFatalAlert(43);
        }
    }

    @Override // fm.icelink.TLSKeyExchange
    public void processServerCredentials(TLSCredentials tLSCredentials) {
        if (!(tLSCredentials instanceof TLSEncryptionCredentials)) {
            throw new TLSFatalAlert(80);
        }
        processServerCertificate(tLSCredentials.getCertificate());
        this._serverCredentials = (TLSEncryptionCredentials) tLSCredentials;
    }

    @Override // fm.icelink.TLSKeyExchange
    public void skipServerCredentials() {
        throw new TLSFatalAlert(10);
    }

    @Override // fm.icelink.TLSKeyExchange
    public void validateCertificateRequest(TLSCertificateRequest tLSCertificateRequest) {
        int[] certificateTypes = tLSCertificateRequest.getCertificateTypes();
        for (int i = 0; i < ArrayExtensions.getLength(certificateTypes); i++) {
            int i2 = certificateTypes[i];
            if (i2 != 1 && i2 != 2 && i2 != 64) {
                throw new TLSFatalAlert(47);
            }
        }
    }

    protected RSAKey validateRsaPublicKey(RSAKey rSAKey) {
        return rSAKey;
    }
}
