package org.spongycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.agreement.srp.SRP6Client;
import org.spongycastle.crypto.agreement.srp.SRP6Server;
import org.spongycastle.crypto.agreement.srp.SRP6Util;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.SRP6GroupParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.BigIntegers;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    public byte[] ad;
    public byte[] ae;
    public BigInteger o;
    public SRP6Client p;
    public SRP6Server q;
    public AsymmetricKeyParameter r;
    public SRP6GroupParameters s;
    public TlsSRPGroupVerifier t;
    public TlsSigner u;
    public TlsSignerCredentials v;
    public byte[] w;
    public BigInteger x;

    public TlsSRPKeyExchange(int i2, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i2, vector);
        this.r = null;
        this.s = null;
        this.p = null;
        this.q = null;
        this.o = null;
        this.x = null;
        this.ae = null;
        this.v = null;
        this.u = af(i2);
        this.t = tlsSRPGroupVerifier;
        this.w = bArr;
        this.ad = bArr2;
        this.p = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i2, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i2, vector);
        this.r = null;
        this.s = null;
        this.p = null;
        this.q = null;
        this.o = null;
        this.x = null;
        this.ae = null;
        this.v = null;
        this.u = af(i2);
        this.w = bArr;
        this.q = new SRP6Server();
        this.s = tlsSRPLoginParameters.e();
        this.x = tlsSRPLoginParameters.d();
        this.ae = tlsSRPLoginParameters.f();
    }

    public TlsSRPKeyExchange(int i2, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i2, vector, new DefaultTlsSRPGroupVerifier(), bArr, bArr2);
    }

    public static TlsSigner af(int i2) {
        switch (i2) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void aa(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] ab() {
        try {
            return BigIntegers.g(this.q != null ? this.q.o(this.o) : this.p.o(this.o));
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void ac(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    public Signer ag(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer i2 = tlsSigner.i(signatureAndHashAlgorithm, this.r);
        byte[] bArr = securityParameters.f19105h;
        i2.d(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.k;
        i2.d(bArr2, 0, bArr2.length);
        return i2;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void e(InputStream inputStream) {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters n = this.f18793c.n();
        if (this.u != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams e2 = ServerSRPParams.e(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned d2 = d(inputStream);
            Signer ag = ag(this.u, d2.d(), n);
            signerInputBuffer.a(ag);
            if (!ag.e(d2.f())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        this.s = new SRP6GroupParameters(e2.j(), e2.i());
        if (!this.t.d(this.s)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.ae = e2.h();
        try {
            this.o = SRP6Util.c(this.s.d(), e2.f());
            this.p.r(this.s, TlsUtils.x((short) 2), this.f18793c.k());
        } catch (CryptoException e3) {
            throw new TlsFatalAlert((short) 47, e3);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void f(Certificate certificate) {
        if (this.u == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.g()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate e2 = certificate.e(0);
        try {
            this.r = PublicKeyFactory.b(e2.k());
            if (!this.u.o(this.r)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.as(e2, 128);
            super.f(certificate);
        } catch (RuntimeException e3) {
            throw new TlsFatalAlert((short) 43, e3);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void g(TlsContext tlsContext) {
        super.g(tlsContext);
        TlsSigner tlsSigner = this.u;
        if (tlsSigner != null) {
            tlsSigner.c(tlsContext);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void h(TlsCredentials tlsCredentials) {
        if (this.f18791a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        f(tlsCredentials.e());
        this.v = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public boolean i() {
        return true;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void k(InputStream inputStream) {
        try {
            this.o = SRP6Util.c(this.s.d(), TlsSRPUtils.b(inputStream));
            this.f18793c.n().o = Arrays.aa(this.w);
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] m() {
        this.q.q(this.s, this.x, TlsUtils.x((short) 2), this.f18793c.k());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.s.d(), this.s.c(), this.ae, this.q.t());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.g(digestInputBuffer);
        TlsSignerCredentials tlsSignerCredentials = this.v;
        if (tlsSignerCredentials != null) {
            SignatureAndHashAlgorithm ac = TlsUtils.ac(this.f18793c, tlsSignerCredentials);
            Digest w = TlsUtils.w(ac);
            SecurityParameters n = this.f18793c.n();
            byte[] bArr = n.f19105h;
            w.g(bArr, 0, bArr.length);
            byte[] bArr2 = n.k;
            w.g(bArr2, 0, bArr2.length);
            digestInputBuffer.a(w);
            byte[] bArr3 = new byte[w.a()];
            w.b(bArr3, 0);
            new DigitallySigned(ac, this.v.h(bArr3)).e(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void y() {
        if (this.u != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void z(OutputStream outputStream) {
        TlsSRPUtils.c(this.p.p(this.ae, this.w, this.ad), outputStream);
        this.f18793c.n().o = Arrays.aa(this.w);
    }
}
