package org.bouncycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Server;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.SRP6GroupParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {

    /* renamed from: d, reason: collision with root package name */
    protected TlsSigner f17865d;

    /* renamed from: e, reason: collision with root package name */
    protected TlsSRPGroupVerifier f17866e;

    /* renamed from: f, reason: collision with root package name */
    protected byte[] f17867f;

    /* renamed from: g, reason: collision with root package name */
    protected byte[] f17868g;

    /* renamed from: h, reason: collision with root package name */
    protected AsymmetricKeyParameter f17869h;

    /* renamed from: i, reason: collision with root package name */
    protected SRP6GroupParameters f17870i;

    /* renamed from: j, reason: collision with root package name */
    protected SRP6Client f17871j;

    /* renamed from: k, reason: collision with root package name */
    protected SRP6Server f17872k;

    /* renamed from: l, reason: collision with root package name */
    protected BigInteger f17873l;

    /* renamed from: m, reason: collision with root package name */
    protected BigInteger f17874m;

    /* renamed from: n, reason: collision with root package name */
    protected byte[] f17875n;

    /* renamed from: o, reason: collision with root package name */
    protected TlsSignerCredentials f17876o;

    public TlsSRPKeyExchange(int i10, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i10, vector);
        this.f17869h = null;
        this.f17870i = null;
        this.f17871j = null;
        this.f17872k = null;
        this.f17873l = null;
        this.f17874m = null;
        this.f17875n = null;
        this.f17876o = null;
        this.f17865d = a(i10);
        this.f17866e = tlsSRPGroupVerifier;
        this.f17867f = bArr;
        this.f17868g = bArr2;
        this.f17871j = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i10, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i10, vector);
        this.f17869h = null;
        this.f17870i = null;
        this.f17871j = null;
        this.f17872k = null;
        this.f17873l = null;
        this.f17874m = null;
        this.f17875n = null;
        this.f17876o = null;
        this.f17865d = a(i10);
        this.f17867f = bArr;
        this.f17872k = new SRP6Server();
        this.f17870i = tlsSRPLoginParameters.a();
        this.f17874m = tlsSRPLoginParameters.c();
        this.f17875n = tlsSRPLoginParameters.b();
    }

    protected static TlsSigner a(int i10) {
        switch (i10) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    protected Signer a(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer a10 = tlsSigner.a(signatureAndHashAlgorithm, this.f17869h);
        byte[] bArr = securityParameters.f17728f;
        a10.a(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f17729g;
        a10.a(bArr2, 0, bArr2.length);
        return a10;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(InputStream inputStream) {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters e10 = this.f17615c.e();
        if (this.f17865d != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams a10 = ServerSRPParams.a(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned c10 = c(inputStream);
            Signer a11 = a(this.f17865d, c10.a(), e10);
            signerInputBuffer.a(a11);
            if (!a11.a(c10.b())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        SRP6GroupParameters sRP6GroupParameters = new SRP6GroupParameters(a10.c(), a10.b());
        this.f17870i = sRP6GroupParameters;
        if (!this.f17866e.a(sRP6GroupParameters)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.f17875n = a10.d();
        try {
            this.f17873l = SRP6Util.a(this.f17870i.b(), a10.a());
            this.f17871j.a(this.f17870i, TlsUtils.b((short) 2), this.f17615c.c());
        } catch (CryptoException e11) {
            throw new TlsFatalAlert((short) 47, e11);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(OutputStream outputStream) {
        TlsSRPUtils.a(this.f17871j.a(this.f17875n, this.f17867f, this.f17868g), outputStream);
        this.f17615c.e().f17732j = Arrays.b(this.f17867f);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(TlsContext tlsContext) {
        super.a(tlsContext);
        TlsSigner tlsSigner = this.f17865d;
        if (tlsSigner != null) {
            tlsSigner.a(tlsContext);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(TlsCredentials tlsCredentials) {
        if (this.f17613a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        b(tlsCredentials.b());
        this.f17876o = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] a() {
        this.f17872k.a(this.f17870i, this.f17874m, TlsUtils.b((short) 2), this.f17615c.c());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.f17870i.b(), this.f17870i.a(), this.f17875n, this.f17872k.b());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.a(digestInputBuffer);
        TlsSignerCredentials tlsSignerCredentials = this.f17876o;
        if (tlsSignerCredentials != null) {
            SignatureAndHashAlgorithm a10 = TlsUtils.a(this.f17615c, tlsSignerCredentials);
            Digest a11 = TlsUtils.a(a10);
            SecurityParameters e10 = this.f17615c.e();
            byte[] bArr = e10.f17728f;
            a11.a(bArr, 0, bArr.length);
            byte[] bArr2 = e10.f17729g;
            a11.a(bArr2, 0, bArr2.length);
            digestInputBuffer.a(a11);
            byte[] bArr3 = new byte[a11.h()];
            a11.a(bArr3, 0);
            new DigitallySigned(a10, this.f17876o.b(bArr3)).a(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void b(InputStream inputStream) {
        try {
            this.f17873l = SRP6Util.a(this.f17870i.b(), TlsSRPUtils.a(inputStream));
            this.f17615c.e().f17732j = Arrays.b(this.f17867f);
        } catch (CryptoException e10) {
            throw new TlsFatalAlert((short) 47, e10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void b(Certificate certificate) {
        if (this.f17865d == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.a()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate a10 = certificate.a(0);
        try {
            AsymmetricKeyParameter a11 = PublicKeyFactory.a(a10.m());
            this.f17869h = a11;
            if (!this.f17865d.a(a11)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.a(a10, 128);
            super.b(certificate);
        } catch (RuntimeException e10) {
            throw new TlsFatalAlert((short) 43, e10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void b(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] c() {
        try {
            SRP6Server sRP6Server = this.f17872k;
            return BigIntegers.a(sRP6Server != null ? sRP6Server.a(this.f17873l) : this.f17871j.a(this.f17873l));
        } catch (CryptoException e10) {
            throw new TlsFatalAlert((short) 47, e10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void d() {
        if (this.f17865d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange
    public boolean f() {
        return true;
    }
}
