package com.amazon.coral.internal.org.bouncycastle.crypto.tls;

import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$Certificate;
import com.amazon.coral.internal.org.bouncycastle.crypto.params.C$AsymmetricKeyParameter;
import com.amazon.coral.internal.org.bouncycastle.crypto.params.C$RSAKeyParameters;
import com.amazon.coral.internal.org.bouncycastle.crypto.util.C$PublicKeyFactory;
import com.amazon.coral.internal.org.bouncycastle.util.io.C$Streams;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.crypto.tls.$TlsRSAKeyExchange, reason: invalid class name */
/* loaded from: classes2.dex */
public class C$TlsRSAKeyExchange extends C$AbstractTlsKeyExchange {
    protected byte[] premasterSecret;
    protected C$RSAKeyParameters rsaServerPublicKey;
    protected C$TlsEncryptionCredentials serverCredentials;
    protected C$AsymmetricKeyParameter serverPublicKey;

    public C$TlsRSAKeyExchange(Vector vector) {
        super(1, vector);
        this.serverPublicKey = null;
        this.rsaServerPublicKey = null;
        this.serverCredentials = null;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        this.premasterSecret = C$TlsRSAUtils.generateEncryptedPreMasterSecret(this.context, this.rsaServerPublicKey, outputStream);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public byte[] generatePremasterSecret() throws IOException {
        if (this.premasterSecret == null) {
            throw new C$TlsFatalAlert((short) 80);
        }
        byte[] bArr = this.premasterSecret;
        this.premasterSecret = null;
        return bArr;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processClientCredentials(C$TlsCredentials c$TlsCredentials) throws IOException {
        if (!(c$TlsCredentials instanceof C$TlsSignerCredentials)) {
            throw new C$TlsFatalAlert((short) 80);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        this.premasterSecret = this.serverCredentials.decryptPreMasterSecret(C$TlsUtils.isSSL(this.context) ? C$Streams.readAll(inputStream) : C$TlsUtils.readOpaque16(inputStream));
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processServerCertificate(C$Certificate c$Certificate) throws IOException {
        if (c$Certificate.isEmpty()) {
            throw new C$TlsFatalAlert((short) 42);
        }
        C$Certificate certificateAt = c$Certificate.getCertificateAt(0);
        try {
            this.serverPublicKey = C$PublicKeyFactory.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (this.serverPublicKey.isPrivate()) {
                throw new C$TlsFatalAlert((short) 80);
            }
            this.rsaServerPublicKey = validateRSAPublicKey((C$RSAKeyParameters) this.serverPublicKey);
            C$TlsUtils.validateKeyUsage(certificateAt, 32);
            super.processServerCertificate(c$Certificate);
        } catch (RuntimeException e) {
            throw new C$TlsFatalAlert((short) 43, e);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processServerCredentials(C$TlsCredentials c$TlsCredentials) throws IOException {
        if (!(c$TlsCredentials instanceof C$TlsEncryptionCredentials)) {
            throw new C$TlsFatalAlert((short) 80);
        }
        processServerCertificate(c$TlsCredentials.getCertificate());
        this.serverCredentials = (C$TlsEncryptionCredentials) c$TlsCredentials;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        throw new C$TlsFatalAlert((short) 10);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void validateCertificateRequest(C$CertificateRequest c$CertificateRequest) throws IOException {
        for (short s : c$CertificateRequest.getCertificateTypes()) {
            switch (s) {
                case 1:
                case 2:
                case 64:
                default:
                    throw new C$TlsFatalAlert((short) 47);
            }
        }
    }

    protected C$RSAKeyParameters validateRSAPublicKey(C$RSAKeyParameters c$RSAKeyParameters) throws IOException {
        if (c$RSAKeyParameters.getExponent().isProbablePrime(2)) {
            return c$RSAKeyParameters;
        }
        throw new C$TlsFatalAlert((short) 47);
    }
}
