package org.spongycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.apache.commons.compress.archivers.cpio.CpioConstants;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.agreement.srp.SRP6Client;
import org.spongycastle.crypto.agreement.srp.SRP6Server;
import org.spongycastle.crypto.agreement.srp.SRP6Util;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.SRP6GroupParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.BigIntegers;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    protected byte[] bDu;
    protected TlsSRPGroupVerifier bEU;
    protected TlsSignerCredentials bFO;
    protected TlsSigner bFP;
    protected AsymmetricKeyParameter bFR;
    protected SRP6GroupParameters bGM;
    protected SRP6Client bGN;
    protected SRP6Server bGO;
    protected BigInteger bGP;
    protected BigInteger bGQ;
    protected byte[] bGR;
    protected byte[] password;

    public TlsSRPKeyExchange(int i, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.bFR = null;
        this.bGM = null;
        this.bGN = null;
        this.bGO = null;
        this.bGP = null;
        this.bGQ = null;
        this.bGR = null;
        this.bFO = null;
        this.bFP = gG(i);
        this.bEU = tlsSRPGroupVerifier;
        this.bDu = bArr;
        this.password = bArr2;
        this.bGN = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i, vector);
        this.bFR = null;
        this.bGM = null;
        this.bGN = null;
        this.bGO = null;
        this.bGP = null;
        this.bGQ = null;
        this.bGR = null;
        this.bFO = null;
        this.bFP = gG(i);
        this.bDu = bArr;
        this.bGO = new SRP6Server();
        this.bGM = tlsSRPLoginParameters.Eo();
        this.bGQ = tlsSRPLoginParameters.Ep();
        this.bGR = tlsSRPLoginParameters.getSalt();
    }

    protected static TlsSigner gG(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange
    public boolean Cj() {
        return true;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] Ck() {
        this.bGO.a(this.bGM, this.bGQ, TlsUtils.m((short) 2), this.bDk.Cf());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.bGM.wJ(), this.bGM.getG(), this.bGR, this.bGO.zs());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.encode(digestInputBuffer);
        if (this.bFO != null) {
            SignatureAndHashAlgorithm a = TlsUtils.a(this.bDk, this.bFO);
            Digest a2 = TlsUtils.a(a);
            SecurityParameters Cg = this.bDk.Cg();
            a2.update(Cg.bFi, 0, Cg.bFi.length);
            a2.update(Cg.bFj, 0, Cg.bFj.length);
            digestInputBuffer.d(a2);
            byte[] bArr = new byte[a2.yS()];
            a2.doFinal(bArr, 0);
            new DigitallySigned(a, this.bFO.at(bArr)).encode(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void DP() {
        if (this.bFP != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] DQ() {
        try {
            return BigIntegers.I(this.bGO != null ? this.bGO.a(this.bGP) : this.bGN.a(this.bGP));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    protected Signer a(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer a = tlsSigner.a(signatureAndHashAlgorithm, this.bFR);
        a.update(securityParameters.bFi, 0, securityParameters.bFi.length);
        a.update(securityParameters.bFj, 0, securityParameters.bFj.length);
        return a;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(Certificate certificate) {
        if (this.bFP == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate gp = certificate.gp(0);
        try {
            this.bFR = PublicKeyFactory.c(gp.xs());
            if (!this.bFP.c(this.bFR)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.a(gp, CpioConstants.C_IWUSR);
            super.a(certificate);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(TlsContext tlsContext) {
        super.a(tlsContext);
        if (this.bFP != null) {
            this.bFP.a(tlsContext);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(TlsCredentials tlsCredentials) {
        if (this.bDj == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        a(tlsCredentials.CL());
        this.bFO = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void b(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void b(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void f(OutputStream outputStream) {
        TlsSRPUtils.c(this.bGN.a(this.bGR, this.bDu, this.password), outputStream);
        this.bDk.Cg().bEW = Arrays.bn(this.bDu);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void h(InputStream inputStream) {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters Cg = this.bDk.Cg();
        if (this.bFP != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams n = ServerSRPParams.n(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned g = g(inputStream);
            Signer a = a(this.bFP, g.CX(), Cg);
            signerInputBuffer.a(a);
            if (!a.r(g.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        this.bGM = new SRP6GroupParameters(n.wJ(), n.getG());
        if (!this.bEU.a(this.bGM)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.bGR = n.DE();
        try {
            this.bGP = SRP6Util.a(this.bGM.wJ(), n.getB());
            this.bGN.a(this.bGM, TlsUtils.m((short) 2), this.bDk.Cf());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void i(InputStream inputStream) {
        try {
            this.bGP = SRP6Util.a(this.bGM.wJ(), TlsSRPUtils.r(inputStream));
            this.bDk.Cg().bEW = Arrays.bn(this.bDu);
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }
}
