package org.bouncycastle.crypto.tls;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.io.Streams;

/* loaded from: classes2.dex */
public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
    protected int[] eIT;
    protected short[] eIU;
    protected short[] eIV;
    protected byte[] eJq;
    protected TlsPSKIdentity eKr;
    protected TlsPSKIdentityManager eKs;
    protected DHParameters eLR;
    protected AsymmetricKeyParameter eLS;
    protected DHPrivateKeyParameters eLU;
    protected DHPublicKeyParameters eLV;
    protected ECPrivateKeyParameters eMf;
    protected ECPublicKeyParameters eMg;
    protected byte[] eMt;
    protected RSAKeyParameters eMu;
    protected TlsEncryptionCredentials eMv;
    protected byte[] eMw;

    public TlsPSKKeyExchange(int i, Vector vector, TlsPSKIdentity tlsPSKIdentity, TlsPSKIdentityManager tlsPSKIdentityManager, DHParameters dHParameters, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector);
        this.eMt = null;
        this.eJq = null;
        this.eLU = null;
        this.eLV = null;
        this.eMf = null;
        this.eMg = null;
        this.eLS = null;
        this.eMu = null;
        this.eMv = null;
        if (i != 24) {
            switch (i) {
                case 13:
                case 14:
                case 15:
                    break;
                default:
                    throw new IllegalArgumentException("unsupported key exchange algorithm");
            }
        }
        this.eKr = tlsPSKIdentity;
        this.eKs = tlsPSKIdentityManager;
        this.eLR = dHParameters;
        this.eIT = iArr;
        this.eIU = sArr;
        this.eIV = sArr2;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange
    public boolean bhk() {
        int i = this.eJe;
        return i == 14 || i == 24;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] bhl() throws IOException {
        this.eMt = this.eKs.bjd();
        if (this.eMt == null && !bhk()) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = this.eMt;
        if (bArr == null) {
            TlsUtils.m12457if(TlsUtils.dFK, (OutputStream) byteArrayOutputStream);
        } else {
            TlsUtils.m12457if(bArr, (OutputStream) byteArrayOutputStream);
        }
        if (this.eJe == 14) {
            if (this.eLR == null) {
                throw new TlsFatalAlert((short) 80);
            }
            this.eLU = TlsDHUtils.m12325if(this.eJf.bdN(), this.eLR, byteArrayOutputStream);
        } else if (this.eJe == 24) {
            this.eMf = TlsECCUtils.m12339do(this.eJf.bdN(), this.eIT, this.eIU, byteArrayOutputStream);
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void biT() throws IOException {
        if (this.eJe == 15) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] biU() throws IOException {
        byte[] qm = qm(this.eJq.length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(qm.length + 4 + this.eJq.length);
        TlsUtils.m12457if(qm, (OutputStream) byteArrayOutputStream);
        TlsUtils.m12457if(this.eJq, (OutputStream) byteArrayOutputStream);
        Arrays.fill(this.eJq, (byte) 0);
        this.eJq = null;
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: break */
    public void mo12215break(InputStream inputStream) throws IOException {
        byte[] m12476static = TlsUtils.m12476static(inputStream);
        this.eJq = this.eKs.ba(m12476static);
        if (this.eJq == null) {
            throw new TlsFatalAlert((short) 115);
        }
        this.eJf.bhh().eLm = m12476static;
        if (this.eJe == 14) {
            this.eLV = TlsDHUtils.m12321do(new DHPublicKeyParameters(TlsDHUtils.m12326super(inputStream), this.eLR));
            return;
        }
        if (this.eJe == 24) {
            this.eMg = TlsECCUtils.m12341do(TlsECCUtils.m12342do(this.eIV, this.eMf.bgj(), TlsUtils.m12474return(inputStream)));
        } else if (this.eJe == 15) {
            this.eMw = this.eMv.aL(TlsUtils.m12452for(this.eJf) ? Streams.m13927protected(inputStream) : TlsUtils.m12476static(inputStream));
        }
    }

    /* renamed from: do, reason: not valid java name */
    protected RSAKeyParameters m12374do(RSAKeyParameters rSAKeyParameters) throws IOException {
        if (rSAKeyParameters.getExponent().isProbablePrime(2)) {
            return rSAKeyParameters;
        }
        throw new TlsFatalAlert((short) 47);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: do */
    public void mo12216do(Certificate certificate) throws IOException {
        if (this.eJe != 15) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate pX = certificate.pX(0);
        try {
            this.eLS = PublicKeyFactory.m12482do(pX.bcq());
            if (this.eLS.isPrivate()) {
                throw new TlsFatalAlert((short) 80);
            }
            this.eMu = m12374do((RSAKeyParameters) this.eLS);
            TlsUtils.m12430do(pX, 32);
            super.mo12216do(certificate);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: do */
    public void mo12218do(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsEncryptionCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        mo12216do(tlsCredentials.bhN());
        this.eMv = (TlsEncryptionCredentials) tlsCredentials;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: for */
    public void mo12315for(OutputStream outputStream) throws IOException {
        byte[] bArr = this.eMt;
        if (bArr == null) {
            this.eKr.bhD();
        } else {
            this.eKr.aK(bArr);
        }
        byte[] bhE = this.eKr.bhE();
        if (bhE == null) {
            throw new TlsFatalAlert((short) 80);
        }
        this.eJq = this.eKr.bhF();
        if (this.eJq == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsUtils.m12457if(bhE, outputStream);
        this.eJf.bhh().eLm = Arrays.cd(bhE);
        if (this.eJe == 14) {
            this.eLU = TlsDHUtils.m12320do(this.eJf.bdN(), this.eLR, outputStream);
        } else if (this.eJe == 24) {
            this.eMf = TlsECCUtils.m12340do(this.eJf.bdN(), this.eIV, this.eMg.bgj(), outputStream);
        } else if (this.eJe == 15) {
            this.eMw = TlsRSAUtils.m12398do(this.eJf, this.eMu, outputStream);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: if */
    public void mo12317if(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: if */
    public void mo12318if(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    protected byte[] qm(int i) throws IOException {
        if (this.eJe == 14) {
            DHPrivateKeyParameters dHPrivateKeyParameters = this.eLU;
            if (dHPrivateKeyParameters != null) {
                return TlsDHUtils.m12323do(this.eLV, dHPrivateKeyParameters);
            }
            throw new TlsFatalAlert((short) 80);
        }
        if (this.eJe != 24) {
            return this.eJe == 15 ? this.eMw : new byte[i];
        }
        ECPrivateKeyParameters eCPrivateKeyParameters = this.eMf;
        if (eCPrivateKeyParameters != null) {
            return TlsECCUtils.m12350do(this.eMg, eCPrivateKeyParameters);
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: void */
    public void mo12221void(InputStream inputStream) throws IOException {
        this.eMt = TlsUtils.m12476static(inputStream);
        if (this.eJe == 14) {
            this.eLV = TlsDHUtils.m12321do(ServerDHParams.m12294final(inputStream).biH());
            this.eLR = this.eLV.bfS();
        } else if (this.eJe == 24) {
            this.eMg = TlsECCUtils.m12341do(TlsECCUtils.m12342do(this.eIU, TlsECCUtils.m12338do(this.eIT, this.eIU, inputStream), TlsUtils.m12474return(inputStream)));
        }
    }
}
