package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Server;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.SRP6GroupParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    protected byte[] eJp;
    protected TlsSRPGroupVerifier eKV;
    protected TlsSignerCredentials eLP;
    protected TlsSigner eLQ;
    protected AsymmetricKeyParameter eLS;
    protected SRP6GroupParameters eMO;
    protected SRP6Client eMP;
    protected SRP6Server eMQ;
    protected BigInteger eMR;
    protected BigInteger eMS;
    protected byte[] eMT;
    protected byte[] esU;

    public TlsSRPKeyExchange(int i, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.eLS = null;
        this.eMO = null;
        this.eMP = null;
        this.eMQ = null;
        this.eMR = null;
        this.eMS = null;
        this.eMT = null;
        this.eLP = null;
        this.eLQ = qn(i);
        this.eKV = tlsSRPGroupVerifier;
        this.eJp = bArr;
        this.esU = bArr2;
        this.eMP = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i, vector);
        this.eLS = null;
        this.eMO = null;
        this.eMP = null;
        this.eMQ = null;
        this.eMR = null;
        this.eMS = null;
        this.eMT = null;
        this.eLP = null;
        this.eLQ = qn(i);
        this.eJp = bArr;
        this.eMQ = new SRP6Server();
        this.eMO = tlsSRPLoginParameters.bjs();
        this.eMS = tlsSRPLoginParameters.bjt();
        this.eMT = tlsSRPLoginParameters.getSalt();
    }

    protected static TlsSigner qn(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange
    public boolean bhk() {
        return true;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] bhl() throws IOException {
        this.eMQ.m11655do(this.eMO, this.eMS, TlsUtils.m12417catch((short) 2), this.eJf.bdN());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.eMO.bbG(), this.eMO.getG(), this.eMT, this.eMQ.bea());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.encode(digestInputBuffer);
        if (this.eLP != null) {
            SignatureAndHashAlgorithm m12425do = TlsUtils.m12425do(this.eJf, this.eLP);
            Digest m12423do = TlsUtils.m12423do(m12425do);
            SecurityParameters bhh = this.eJf.bhh();
            m12423do.update(bhh.eLj, 0, bhh.eLj.length);
            m12423do.update(bhh.eLk, 0, bhh.eLk.length);
            digestInputBuffer.m12272int(m12423do);
            byte[] bArr = new byte[m12423do.bdO()];
            m12423do.doFinal(bArr, 0);
            new DigitallySigned(m12425do, this.eLP.aM(bArr)).encode(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void biT() throws IOException {
        if (this.eLQ != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] biU() throws IOException {
        try {
            return BigIntegers.m13891default(this.eMQ != null ? this.eMQ.m11653do(this.eMR) : this.eMP.m11649do(this.eMR));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: break */
    public void mo12215break(InputStream inputStream) throws IOException {
        try {
            this.eMR = SRP6Util.m11656do(this.eMO.bbG(), TlsSRPUtils.m12403while(inputStream));
            this.eJf.bhh().eKX = Arrays.cd(this.eJp);
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    /* renamed from: do, reason: not valid java name */
    protected Signer m12400do(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer mo12327do = tlsSigner.mo12327do(signatureAndHashAlgorithm, this.eLS);
        mo12327do.update(securityParameters.eLj, 0, securityParameters.eLj.length);
        mo12327do.update(securityParameters.eLk, 0, securityParameters.eLk.length);
        return mo12327do;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: do */
    public void mo12216do(Certificate certificate) throws IOException {
        if (this.eLQ == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate pX = certificate.pX(0);
        try {
            this.eLS = PublicKeyFactory.m12482do(pX.bcq());
            if (!this.eLQ.mo12333for(this.eLS)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.m12430do(pX, 128);
            super.mo12216do(certificate);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: do */
    public void mo12217do(TlsContext tlsContext) {
        super.mo12217do(tlsContext);
        TlsSigner tlsSigner = this.eLQ;
        if (tlsSigner != null) {
            tlsSigner.mo12231do(tlsContext);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: do */
    public void mo12218do(TlsCredentials tlsCredentials) throws IOException {
        if (this.eJe == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        mo12216do(tlsCredentials.bhN());
        this.eLP = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: for */
    public void mo12315for(OutputStream outputStream) throws IOException {
        TlsSRPUtils.m12402for(this.eMP.m11650do(this.eMT, this.eJp, this.esU), outputStream);
        this.eJf.bhh().eKX = Arrays.cd(this.eJp);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: if */
    public void mo12317if(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: if */
    public void mo12318if(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    /* renamed from: void */
    public void mo12221void(InputStream inputStream) throws IOException {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters bhh = this.eJf.bhh();
        if (this.eLQ != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams m12295float = ServerSRPParams.m12295float(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned digitallySigned = m12220this(inputStream);
            Signer m12400do = m12400do(this.eLQ, digitallySigned.bia(), bhh);
            signerInputBuffer.m12301do(m12400do);
            if (!m12400do.r(digitallySigned.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        this.eMO = new SRP6GroupParameters(m12295float.bbG(), m12295float.getG());
        if (!this.eKV.mo12267do(this.eMO)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.eMT = m12295float.biI();
        try {
            this.eMR = SRP6Util.m11656do(this.eMO.bbG(), m12295float.getB());
            this.eMP.m11652do(this.eMO, TlsUtils.m12417catch((short) 2), this.eJf.bdN());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }
}
