package com.enterprisedt.net.puretls;

import com.enterprisedt.bouncycastle.tls.TlsECCUtils;
import com.enterprisedt.bouncycastle.tls.TlsUtils;
import com.enterprisedt.bouncycastle.tls.crypto.TlsCrypto;
import com.enterprisedt.bouncycastle.tls.crypto.TlsECConfig;
import com.enterprisedt.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import com.enterprisedt.bouncycastle.util.io.TeeInputStream;
import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.cryptix.provider.rsa.RawRSAPublicKey;
import com.enterprisedt.net.puretls.crypto.Blindable;
import com.enterprisedt.net.puretls.crypto.DHPublicKey;
import com.enterprisedt.util.debug.Logger;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPublicKey;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class x extends r {

    /* renamed from: h, reason: collision with root package name */
    private static Logger f30692h = Logger.getLogger("com.enterprisedt.net.puretls.SSLServerKeyExchange");

    /* renamed from: a, reason: collision with root package name */
    k f30693a;

    /* renamed from: b, reason: collision with root package name */
    t f30694b;

    /* renamed from: c, reason: collision with root package name */
    TlsECConfig f30695c;

    /* renamed from: f, reason: collision with root package name */
    r f30698f;

    /* renamed from: e, reason: collision with root package name */
    z f30697e = new z(-65535);

    /* renamed from: g, reason: collision with root package name */
    int f30699g = 0;

    /* renamed from: d, reason: collision with root package name */
    TlsCrypto f30696d = new BcTlsCrypto(new SecureRandom());

    private void a(j jVar, PublicKey publicKey, String str) throws IOException {
        if (str.equals("RawRSA") || str.equals(g.f30575a) || str.equals(g.f30576b) || str.equals(g.f30577c)) {
            if (publicKey instanceof CryptixRSAPublicKey) {
                return;
            }
            jVar.a(b.f30470p);
        } else {
            if (!str.equals("RawDSA")) {
                throw new InternalError("Unknown Algorithm");
            }
            if (publicKey instanceof DSAPublicKey) {
                return;
            }
            jVar.a(b.f30470p);
        }
    }

    private byte[] a(j jVar, String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException {
        if (str.equals(g.f30575a) || str.equals(g.f30576b) || str.equals(g.f30577c)) {
            SSLHandshake sSLHandshake = jVar.f30597A;
            byte[] bArr2 = sSLHandshake.f30414i;
            byte[] bArr3 = new byte[bArr2.length + sSLHandshake.f30415j.length + bArr.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            SSLHandshake sSLHandshake2 = jVar.f30597A;
            int length = sSLHandshake2.f30414i.length;
            byte[] bArr4 = sSLHandshake2.f30415j;
            System.arraycopy(bArr4, 0, bArr3, length, bArr4.length);
            System.arraycopy(bArr, 0, bArr3, length + jVar.f30597A.f30415j.length, bArr.length);
            return bArr3;
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1", Cryptix.PROVIDER_NAME);
        messageDigest.update(jVar.f30597A.f30414i);
        messageDigest.update(jVar.f30597A.f30415j);
        messageDigest.update(bArr);
        if (!str.equals("RawRSA")) {
            return messageDigest.digest();
        }
        MessageDigest messageDigest2 = MessageDigest.getInstance(MessageDigestAlgorithms.MD5, Cryptix.PROVIDER_NAME);
        messageDigest2.update(jVar.f30597A.f30414i);
        messageDigest2.update(jVar.f30597A.f30415j);
        messageDigest2.update(bArr);
        byte[] digest = messageDigest2.digest();
        byte[] digest2 = messageDigest.digest();
        byte[] bArr5 = new byte[36];
        System.arraycopy(digest, 0, bArr5, 0, digest.length);
        System.arraycopy(digest2, 0, bArr5, 16, digest2.length);
        return bArr5;
    }

    @Override // com.enterprisedt.net.puretls.r
    public int a(j jVar, InputStream inputStream) throws Error, IOException {
        int a10;
        PublicKey dHPublicKey;
        String e10;
        int i10;
        PublicKey publicKey = jVar.f30597A.f30425t;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (!jVar.f30597A.f30418m.a(publicKey)) {
            jVar.a(b.f30470p);
        }
        int c10 = jVar.f30597A.f30418m.c();
        if (c10 == 1) {
            k kVar = new k();
            this.f30693a = kVar;
            a10 = kVar.a(jVar, inputStream);
            this.f30693a.a(jVar, byteArrayOutputStream);
            dHPublicKey = new DHPublicKey(new BigInteger(1, this.f30693a.f30625b.f30708b), new BigInteger(1, this.f30693a.f30624a.f30708b), new BigInteger(1, this.f30693a.f30626c.f30708b));
        } else if (c10 == 2) {
            t tVar = new t();
            this.f30694b = tVar;
            a10 = tVar.a(jVar, inputStream);
            this.f30694b.a(jVar, byteArrayOutputStream);
            BigInteger bigInteger = new BigInteger(1, this.f30694b.f30669a.f30708b);
            BigInteger bigInteger2 = new BigInteger(1, this.f30694b.f30670b.f30708b);
            if (bigInteger.bitLength() > 512) {
                jVar.a(b.f30470p);
            }
            dHPublicKey = new RawRSAPublicKey(bigInteger, bigInteger2);
        } else {
            if (c10 != 3) {
                throw new Error("Unknown key exchange algorithm");
            }
            TeeInputStream teeInputStream = new TeeInputStream(inputStream, byteArrayOutputStream);
            this.f30695c = TlsECCUtils.readECConfig(null, teeInputStream);
            byte[] readOpaque8 = TlsUtils.readOpaque8(teeInputStream);
            a10 = byteArrayOutputStream.size();
            jVar.f30597A.f30424s = this.f30696d.createECDomain(this.f30695c).createECDH();
            TlsECCUtils.checkPointEncoding(jVar.d().getClientECPointFormats(), this.f30695c.getNamedGroup(), readOpaque8);
            jVar.f30597A.f30424s.receivePeerValue(readOpaque8);
            dHPublicKey = null;
        }
        if (jVar.f30599b >= 771) {
            ac acVar = new ac();
            int a11 = acVar.a(jVar, inputStream) + a10;
            ac acVar2 = new ac();
            i10 = a11 + acVar2.a(jVar, inputStream);
            f30692h.debug("Hash=" + acVar.f30440a + ", sig=" + acVar2.f30440a);
            if (acVar2.f30440a != 1) {
                f30692h.warn("Invalid sig: " + acVar2.f30440a);
                jVar.a(b.f30478x);
            }
            int i11 = acVar.f30440a;
            if (i11 == 2) {
                e10 = g.f30575a;
            } else if (i11 == 4) {
                e10 = g.f30576b;
            } else if (i11 == 5) {
                e10 = g.f30577c;
            } else {
                f30692h.warn("Invalid hash: " + acVar2.f30440a);
                jVar.a(b.f30478x);
                e10 = null;
            }
        } else {
            e10 = jVar.f30597A.f30418m.e();
            i10 = a10;
        }
        int a12 = i10 + this.f30697e.a(jVar, inputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (byteArray.length != a10) {
            throw new InternalError("Inconsistency in param size");
        }
        try {
            Signature signature = Signature.getInstance(e10, Cryptix.PROVIDER_NAME);
            f30692h.debug("encode: alg=" + e10 + ",provider=" + signature.getProvider().getName());
            a(jVar, publicKey, e10);
            signature.initVerify(publicKey);
            signature.update(a(jVar, e10, byteArray));
            if (!signature.verify(this.f30697e.f30708b)) {
                jVar.a(b.f30474t);
            }
        } catch (InvalidKeyException e11) {
            jVar.a(b.f30474t, e11);
        } catch (NoSuchAlgorithmException e12) {
            throw new InternalError(e12.toString());
        } catch (NoSuchProviderException e13) {
            throw new InternalError(e13.toString());
        } catch (SignatureException e14) {
            jVar.a(b.f30474t, e14);
        } catch (Exception e15) {
            jVar.a(b.f30474t, e15);
        }
        jVar.f30597A.f30426u = dHPublicKey;
        return a12;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.enterprisedt.net.puretls.r
    public int a(j jVar, OutputStream outputStream) throws IOException {
        Signature signature;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int c10 = jVar.f30597A.f30418m.c();
        if (c10 == 1) {
            jVar.f30597A.f30427v = jVar.f30601d.a(jVar.f30603f.dhAlwaysEphemeralP());
            k kVar = new k(jVar.f30597A.f30427v);
            this.f30693a = kVar;
            this.f30698f = kVar;
        } else {
            if (c10 != 2) {
                throw new Error("Unknown key exchange algorithm");
            }
            jVar.f30597A.f30428w = jVar.f30601d.e();
            jVar.f30597A.f30429x = jVar.f30601d.f();
            t tVar = new t(jVar.f30601d.f());
            this.f30694b = tVar;
            this.f30698f = tVar;
        }
        this.f30698f.a(jVar, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        try {
            PrivateKey c11 = jVar.f30601d.c();
            String e10 = jVar.f30597A.f30418m.e();
            if (e10.equals("RawDSA")) {
                Signature signature2 = Signature.getInstance(e10, Cryptix.PROVIDER_NAME);
                f30692h.debug("encode: alg=" + e10 + ",provider=" + signature2.getProvider().getName());
                signature2.setParameter("SecureRandom", jVar.f30597A.f30413h);
                signature = signature2;
            } else {
                if (!e10.equals("RawRSA")) {
                    throw new Exception("Unknown key type");
                }
                Signature signature3 = Signature.getInstance(e10, Cryptix.PROVIDER_NAME);
                f30692h.debug("encode: alg=" + e10 + ",provider=" + signature3.getProvider().getName());
                ((Blindable) signature3).setBlindingInfo(jVar.f30597A.f30413h, (CryptixRSAPublicKey) jVar.f30601d.d());
                signature = signature3;
            }
            signature.initSign(c11);
            signature.update(a(jVar, e10, byteArray));
            this.f30697e.f30708b = signature.sign();
            int a10 = this.f30698f.a(jVar, outputStream);
            this.f30699g = a10;
            int a11 = a10 + this.f30697e.a(jVar, outputStream);
            this.f30699g = a11;
            return a11;
        } catch (Exception e11) {
            throw new InternalError(e11.toString());
        }
    }
}
