package com.enterprisedt.bouncycastle.tls;

import com.enterprisedt.bouncycastle.tls.crypto.TlsSRP6Client;
import com.enterprisedt.bouncycastle.tls.crypto.TlsSRP6Server;
import com.enterprisedt.bouncycastle.tls.crypto.TlsSRPConfig;
import com.enterprisedt.bouncycastle.tls.crypto.TlsSecret;
import com.enterprisedt.bouncycastle.tls.crypto.TlsVerifier;
import com.enterprisedt.bouncycastle.util.Arrays;
import com.enterprisedt.bouncycastle.util.BigIntegers;
import com.enterprisedt.bouncycastle.util.io.TeeInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;

/* loaded from: classes.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    public byte[] identity;
    public byte[] password;
    public TlsCredentialedSigner serverCredentials;
    public TlsSRP6Client srpClient;
    public TlsSRPConfig srpConfig;
    public TlsSRPConfigVerifier srpConfigVerifier;
    public BigInteger srpPeerCredentials;
    public byte[] srpSalt;
    public TlsSRP6Server srpServer;
    public BigInteger srpVerifier;
    public TlsVerifier verifier;

    public TlsSRPKeyExchange(int i9, Vector vector, TlsSRPConfigVerifier tlsSRPConfigVerifier, byte[] bArr, byte[] bArr2) {
        super(a(i9), vector);
        this.srpConfig = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.verifier = null;
        this.srpConfigVerifier = tlsSRPConfigVerifier;
        this.identity = bArr;
        this.password = bArr2;
    }

    public TlsSRPKeyExchange(int i9, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(a(i9), vector);
        this.srpConfig = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.verifier = null;
        this.identity = bArr;
        this.srpConfig = tlsSRPLoginParameters.getConfig();
        this.srpVerifier = tlsSRPLoginParameters.getVerifier();
        this.srpSalt = tlsSRPLoginParameters.getSalt();
    }

    private static int a(int i9) {
        switch (i9) {
            case 21:
            case 22:
            case 23:
                return i9;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    public static BigInteger validatePublicValue(BigInteger bigInteger, BigInteger bigInteger2) throws IOException {
        BigInteger mod = bigInteger2.mod(bigInteger);
        if (mod.equals(BigInteger.ZERO)) {
            throw new TlsFatalAlert((short) 47);
        }
        return mod;
    }

    @Override // com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        TlsSRPUtils.writeSRPParameter(this.srpClient.generateClientCredentials(this.srpSalt, this.identity, this.password), outputStream);
        this.context.getSecurityParameters().f10737g = Arrays.clone(this.identity);
    }

    @Override // com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public TlsSecret generatePreMasterSecret() throws IOException {
        TlsSRP6Server tlsSRP6Server = this.srpServer;
        return this.context.getCrypto().createSecret(BigIntegers.asUnsignedByteArray(tlsSRP6Server != null ? tlsSRP6Server.calculateSecret(this.srpPeerCredentials) : this.srpClient.calculateSecret(this.srpPeerCredentials)));
    }

    @Override // com.enterprisedt.bouncycastle.tls.AbstractTlsKeyExchange, com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        TlsSRP6Server createSRP6Server = this.context.getCrypto().createSRP6Server(this.srpConfig, this.srpVerifier);
        this.srpServer = createSRP6Server;
        BigInteger generateServerCredentials = createSRP6Server.generateServerCredentials();
        BigInteger[] explicitNG = this.srpConfig.getExplicitNG();
        ServerSRPParams serverSRPParams = new ServerSRPParams(explicitNG[0], explicitNG[1], this.srpSalt, generateServerCredentials);
        i iVar = new i();
        serverSRPParams.encode(iVar);
        TlsCredentialedSigner tlsCredentialedSigner = this.serverCredentials;
        if (tlsCredentialedSigner != null) {
            TlsUtils.a(this.context, tlsCredentialedSigner, iVar).encode(iVar);
        }
        return iVar.toByteArray();
    }

    @Override // com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // com.enterprisedt.bouncycastle.tls.AbstractTlsKeyExchange, com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        this.srpPeerCredentials = validatePublicValue(this.srpConfig.getExplicitNG()[0], TlsSRPUtils.readSRPParameter(inputStream));
        this.context.getSecurityParameters().f10737g = Arrays.clone(this.identity);
    }

    @Override // com.enterprisedt.bouncycastle.tls.AbstractTlsKeyExchange, com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (this.keyExchange == 21) {
            throw new TlsFatalAlert((short) 80);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        checkServerCertSigAlg(certificate);
        this.verifier = certificate.getCertificateAt(0).createVerifier(TlsUtils.getSignatureAlgorithm(this.keyExchange));
    }

    @Override // com.enterprisedt.bouncycastle.tls.AbstractTlsKeyExchange, com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (this.keyExchange == 21) {
            throw new TlsFatalAlert((short) 80);
        }
        if (!(tlsCredentials instanceof TlsCredentialedSigner)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.serverCredentials = (TlsCredentialedSigner) tlsCredentials;
    }

    @Override // com.enterprisedt.bouncycastle.tls.AbstractTlsKeyExchange, com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        i iVar;
        InputStream inputStream2;
        if (this.keyExchange != 21) {
            iVar = new i();
            inputStream2 = new TeeInputStream(inputStream, iVar);
        } else {
            iVar = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams parse = ServerSRPParams.parse(inputStream2);
        if (iVar != null) {
            TlsUtils.a(this.context, this.verifier, iVar, parseSignature(inputStream));
        }
        TlsSRPConfig tlsSRPConfig = new TlsSRPConfig();
        this.srpConfig = tlsSRPConfig;
        tlsSRPConfig.setExplicitNG(new BigInteger[]{parse.getN(), parse.getG()});
        if (!this.srpConfigVerifier.accept(this.srpConfig)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.srpSalt = parse.getS();
        this.srpPeerCredentials = validatePublicValue(parse.getN(), parse.getB());
        this.srpClient = this.context.getCrypto().createSRP6Client(this.srpConfig);
    }

    @Override // com.enterprisedt.bouncycastle.tls.AbstractTlsKeyExchange, com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // com.enterprisedt.bouncycastle.tls.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        if (this.keyExchange != 21) {
            throw new TlsFatalAlert((short) 80);
        }
    }
}
