package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Server;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.SRP6GroupParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: classes3.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    public BigInteger a;

    /* renamed from: a, reason: collision with other field name */
    public SRP6Client f6452a;

    /* renamed from: a, reason: collision with other field name */
    public SRP6Server f6453a;

    /* renamed from: a, reason: collision with other field name */
    public AsymmetricKeyParameter f6454a;

    /* renamed from: a, reason: collision with other field name */
    public SRP6GroupParameters f6455a;

    /* renamed from: a, reason: collision with other field name */
    public TlsSRPGroupVerifier f6456a;

    /* renamed from: a, reason: collision with other field name */
    public TlsSigner f6457a;

    /* renamed from: a, reason: collision with other field name */
    public TlsSignerCredentials f6458a;

    /* renamed from: a, reason: collision with other field name */
    public byte[] f6459a;
    public BigInteger b;

    /* renamed from: b, reason: collision with other field name */
    public byte[] f6460b;
    public byte[] c;

    public TlsSRPKeyExchange(int i, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.f6454a = null;
        this.f6455a = null;
        this.f6452a = null;
        this.f6453a = null;
        this.a = null;
        this.b = null;
        this.c = null;
        this.f6458a = null;
        this.f6457a = p(i);
        this.f6456a = tlsSRPGroupVerifier;
        this.f6459a = bArr;
        this.f6460b = bArr2;
        this.f6452a = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i, vector);
        this.f6454a = null;
        this.f6455a = null;
        this.f6452a = null;
        this.f6453a = null;
        this.a = null;
        this.b = null;
        this.c = null;
        this.f6458a = null;
        this.f6457a = p(i);
        this.f6459a = bArr;
        this.f6453a = new SRP6Server();
        this.f6455a = tlsSRPLoginParameters.getGroup();
        this.b = tlsSRPLoginParameters.getVerifier();
        this.c = tlsSRPLoginParameters.getSalt();
    }

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i, vector, new DefaultTlsSRPGroupVerifier(), bArr, bArr2);
    }

    public static TlsSigner p(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(TlsContext tlsContext) {
        super.a(tlsContext);
        TlsSigner tlsSigner = this.f6457a;
        if (tlsSigner != null) {
            tlsSigner.a(tlsContext);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void b(InputStream inputStream) throws IOException {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters securityParameters = ((AbstractTlsKeyExchange) this).f6220a.getSecurityParameters();
        if (this.f6457a != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams b = ServerSRPParams.b(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned b2 = DigitallySigned.b(((AbstractTlsKeyExchange) this).f6220a, inputStream);
            Signer q = q(this.f6457a, b2.getAlgorithm(), securityParameters);
            signerInputBuffer.a(q);
            if (!q.g(b2.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        SRP6GroupParameters sRP6GroupParameters = new SRP6GroupParameters(b.getN(), b.getG());
        this.f6455a = sRP6GroupParameters;
        if (!this.f6456a.a(sRP6GroupParameters)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.c = b.getS();
        try {
            this.a = SRP6Util.k(this.f6455a.getN(), b.getB());
            this.f6452a.g(this.f6455a, TlsUtils.x((short) 2), ((AbstractTlsKeyExchange) this).f6220a.getSecureRandom());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void c(Certificate certificate) throws IOException {
        if (this.f6457a == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.d()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate c = certificate.c(0);
        try {
            AsymmetricKeyParameter b = PublicKeyFactory.b(c.getSubjectPublicKeyInfo());
            this.f6454a = b;
            if (!this.f6457a.i(b)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.M0(c, 128);
            super.c(certificate);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void d(TlsCredentials tlsCredentials) throws IOException {
        if (((AbstractTlsKeyExchange) this).a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        c(tlsCredentials.getCertificate());
        this.f6458a = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void e() throws IOException {
        if (this.f6457a != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void g(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void h(OutputStream outputStream) throws IOException {
        TlsSRPUtils.g(this.f6452a.e(this.c, this.f6459a, this.f6460b), outputStream);
        ((AbstractTlsKeyExchange) this).f6220a.getSecurityParameters().f = Arrays.j(this.f6459a);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] j() throws IOException {
        try {
            SRP6Server sRP6Server = this.f6453a;
            return BigIntegers.b(sRP6Server != null ? sRP6Server.b(this.a) : this.f6452a.c(this.a));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] k() throws IOException {
        this.f6453a.g(this.f6455a, this.b, TlsUtils.x((short) 2), ((AbstractTlsKeyExchange) this).f6220a.getSecureRandom());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.f6455a.getN(), this.f6455a.getG(), this.c, this.f6453a.e());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.a(digestInputBuffer);
        TlsSignerCredentials tlsSignerCredentials = this.f6458a;
        if (tlsSignerCredentials != null) {
            SignatureAndHashAlgorithm O = TlsUtils.O(((AbstractTlsKeyExchange) this).f6220a, tlsSignerCredentials);
            Digest w = TlsUtils.w(O);
            SecurityParameters securityParameters = ((AbstractTlsKeyExchange) this).f6220a.getSecurityParameters();
            byte[] bArr = securityParameters.f6351b;
            w.e(bArr, 0, bArr.length);
            byte[] bArr2 = securityParameters.f6353c;
            w.e(bArr2, 0, bArr2.length);
            digestInputBuffer.a(w);
            byte[] bArr3 = new byte[w.getDigestSize()];
            w.c(bArr3, 0);
            new DigitallySigned(O, this.f6458a.a(bArr3)).a(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public boolean l() {
        return true;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void m(InputStream inputStream) throws IOException {
        try {
            this.a = SRP6Util.k(this.f6455a.getN(), TlsSRPUtils.f(inputStream));
            ((AbstractTlsKeyExchange) this).f6220a.getSecurityParameters().f = Arrays.j(this.f6459a);
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void n(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    public Signer q(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer g = tlsSigner.g(signatureAndHashAlgorithm, this.f6454a);
        byte[] bArr = securityParameters.f6351b;
        g.e(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f6353c;
        g.e(bArr2, 0, bArr2.length);
        return g;
    }
}
