package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Server;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.SRP6GroupParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {

    /* renamed from: d, reason: collision with root package name */
    protected TlsSigner f11722d;

    /* renamed from: e, reason: collision with root package name */
    protected TlsSRPGroupVerifier f11723e;
    protected byte[] f;
    protected byte[] g;
    protected AsymmetricKeyParameter h;
    protected SRP6GroupParameters i;
    protected SRP6Client j;
    protected SRP6Server k;
    protected BigInteger l;
    protected BigInteger m;
    protected byte[] n;
    protected TlsSignerCredentials o;

    public TlsSRPKeyExchange(int i, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.f11722d = a(i);
        this.f11723e = tlsSRPGroupVerifier;
        this.f = bArr;
        this.g = bArr2;
        this.j = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i, vector);
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.f11722d = a(i);
        this.f = bArr;
        this.k = new SRP6Server();
        this.i = tlsSRPLoginParameters.a();
        this.m = tlsSRPLoginParameters.c();
        this.n = tlsSRPLoginParameters.b();
    }

    protected static TlsSigner a(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    protected Signer a(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer a2 = tlsSigner.a(signatureAndHashAlgorithm, this.h);
        a2.a(securityParameters.g, 0, securityParameters.g.length);
        a2.a(securityParameters.h, 0, securityParameters.h.length);
        return a2;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(OutputStream outputStream) throws IOException {
        TlsSRPUtils.a(this.j.a(this.n, this.f, this.g), outputStream);
        this.f11561c.c().k = Arrays.b(this.f);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(Certificate certificate) throws IOException {
        if (this.f11722d == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.a()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate a2 = certificate.a(0);
        try {
            this.h = PublicKeyFactory.a(a2.h());
            if (!this.f11722d.a(this.h)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.a(a2, 128);
            super.a(certificate);
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(TlsContext tlsContext) {
        super.a(tlsContext);
        if (this.f11722d != null) {
            this.f11722d.a(tlsContext);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(TlsCredentials tlsCredentials) throws IOException {
        if (this.f11559a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        a(tlsCredentials.a());
        this.o = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange
    public boolean a() {
        return true;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void b(InputStream inputStream) throws IOException {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters c2 = this.f11561c.c();
        if (this.f11722d != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams a2 = ServerSRPParams.a(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned a3 = a(inputStream);
            Signer a4 = a(this.f11722d, a3.a(), c2);
            signerInputBuffer.a(a4);
            if (!a4.a(a3.b())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        this.i = new SRP6GroupParameters(a2.c(), a2.b());
        if (!this.f11723e.a(this.i)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.n = a2.d();
        try {
            this.l = SRP6Util.a(this.i.b(), a2.a());
            this.j.a(this.i, TlsUtils.c((short) 2), this.f11561c.b());
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void b(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] b() throws IOException {
        this.k.a(this.i, this.m, TlsUtils.c((short) 2), this.f11561c.b());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.i.b(), this.i.a(), this.n, this.k.a());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.a(digestInputBuffer);
        if (this.o != null) {
            SignatureAndHashAlgorithm a2 = TlsUtils.a(this.f11561c, this.o);
            Digest a3 = TlsUtils.a(a2);
            SecurityParameters c2 = this.f11561c.c();
            a3.a(c2.g, 0, c2.g.length);
            a3.a(c2.h, 0, c2.h.length);
            digestInputBuffer.a(a3);
            byte[] bArr = new byte[a3.b()];
            a3.a(bArr, 0);
            new DigitallySigned(a2, this.o.a(bArr)).a(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void c(InputStream inputStream) throws IOException {
        try {
            this.l = SRP6Util.a(this.i.b(), TlsSRPUtils.a(inputStream));
            this.f11561c.c().k = Arrays.b(this.f);
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void e() throws IOException {
        if (this.f11722d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] f() throws IOException {
        try {
            return BigIntegers.a(this.k != null ? this.k.a(this.l) : this.j.a(this.l));
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }
}
