package com.enterprisedt.net.puretls;

import com.enterprisedt.bouncycastle.tls.TlsECCUtils;
import com.enterprisedt.bouncycastle.tls.TlsUtils;
import com.enterprisedt.bouncycastle.tls.crypto.TlsCrypto;
import com.enterprisedt.bouncycastle.tls.crypto.TlsECConfig;
import com.enterprisedt.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import com.enterprisedt.bouncycastle.util.io.TeeInputStream;
import com.enterprisedt.cryptix.provider.Cryptix;
import com.enterprisedt.cryptix.provider.rsa.RawRSAPublicKey;
import com.enterprisedt.net.puretls.crypto.Blindable;
import com.enterprisedt.net.puretls.crypto.DHPublicKey;
import com.enterprisedt.util.debug.Logger;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPublicKey;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class x extends r {

    /* renamed from: h, reason: collision with root package name */
    private static Logger f12586h = Logger.getLogger("com.enterprisedt.net.puretls.SSLServerKeyExchange");

    /* renamed from: a, reason: collision with root package name */
    public k f12587a;

    /* renamed from: b, reason: collision with root package name */
    public t f12588b;

    /* renamed from: c, reason: collision with root package name */
    public TlsECConfig f12589c;

    /* renamed from: f, reason: collision with root package name */
    public r f12592f;

    /* renamed from: e, reason: collision with root package name */
    public z f12591e = new z(-65535);

    /* renamed from: g, reason: collision with root package name */
    public int f12593g = 0;

    /* renamed from: d, reason: collision with root package name */
    public TlsCrypto f12590d = new BcTlsCrypto(new SecureRandom());

    private void a(j jVar, PublicKey publicKey, String str) throws IOException {
        if (str.equals("RawRSA") || str.equals(g.f12480a) || str.equals(g.f12481b) || str.equals(g.f12482c)) {
            if (publicKey instanceof CryptixRSAPublicKey) {
                return;
            }
            jVar.a(b.f12382p);
        } else {
            if (!str.equals("RawDSA")) {
                throw new InternalError("Unknown Algorithm");
            }
            if (publicKey instanceof DSAPublicKey) {
                return;
            }
            jVar.a(b.f12382p);
        }
    }

    private byte[] a(j jVar, String str, byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException {
        if (str.equals(g.f12480a) || str.equals(g.f12481b) || str.equals(g.f12482c)) {
            SSLHandshake sSLHandshake = jVar.A;
            byte[] bArr2 = sSLHandshake.f12327i;
            byte[] bArr3 = new byte[bArr2.length + sSLHandshake.f12328j.length + bArr.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            SSLHandshake sSLHandshake2 = jVar.A;
            int length = sSLHandshake2.f12327i.length + 0;
            byte[] bArr4 = sSLHandshake2.f12328j;
            System.arraycopy(bArr4, 0, bArr3, length, bArr4.length);
            System.arraycopy(bArr, 0, bArr3, length + jVar.A.f12328j.length, bArr.length);
            return bArr3;
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1", Cryptix.PROVIDER_NAME);
        messageDigest.update(jVar.A.f12327i);
        messageDigest.update(jVar.A.f12328j);
        messageDigest.update(bArr);
        if (!str.equals("RawRSA")) {
            return messageDigest.digest();
        }
        MessageDigest messageDigest2 = MessageDigest.getInstance("MD5", Cryptix.PROVIDER_NAME);
        messageDigest2.update(jVar.A.f12327i);
        messageDigest2.update(jVar.A.f12328j);
        messageDigest2.update(bArr);
        byte[] digest = messageDigest2.digest();
        byte[] digest2 = messageDigest.digest();
        byte[] bArr5 = new byte[36];
        System.arraycopy(digest, 0, bArr5, 0, digest.length);
        System.arraycopy(digest2, 0, bArr5, 16, digest2.length);
        return bArr5;
    }

    @Override // com.enterprisedt.net.puretls.r
    public int a(j jVar, InputStream inputStream) throws Error, IOException {
        int a10;
        PublicKey dHPublicKey;
        int i10;
        PublicKey publicKey = jVar.A.f12338t;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (!jVar.A.f12331m.a(publicKey)) {
            jVar.a(b.f12382p);
        }
        int c10 = jVar.A.f12331m.c();
        String str = null;
        if (c10 == 1) {
            k kVar = new k();
            this.f12587a = kVar;
            a10 = kVar.a(jVar, inputStream);
            this.f12587a.a(jVar, byteArrayOutputStream);
            dHPublicKey = new DHPublicKey(new BigInteger(1, this.f12587a.f12528b.f12602b), new BigInteger(1, this.f12587a.f12527a.f12602b), new BigInteger(1, this.f12587a.f12529c.f12602b));
        } else if (c10 == 2) {
            t tVar = new t();
            this.f12588b = tVar;
            a10 = tVar.a(jVar, inputStream);
            this.f12588b.a(jVar, byteArrayOutputStream);
            BigInteger bigInteger = new BigInteger(1, this.f12588b.f12563a.f12602b);
            BigInteger bigInteger2 = new BigInteger(1, this.f12588b.f12564b.f12602b);
            if (bigInteger.bitLength() > 512) {
                jVar.a(b.f12382p);
            }
            dHPublicKey = new RawRSAPublicKey(bigInteger, bigInteger2);
        } else {
            if (c10 != 3) {
                throw new Error("Unknown key exchange algorithm");
            }
            TeeInputStream teeInputStream = new TeeInputStream(inputStream, byteArrayOutputStream);
            this.f12589c = TlsECCUtils.readECConfig(null, teeInputStream);
            byte[] readOpaque8 = TlsUtils.readOpaque8(teeInputStream);
            a10 = byteArrayOutputStream.size();
            jVar.A.f12337s = this.f12590d.createECDomain(this.f12589c).createECDH();
            TlsECCUtils.checkPointEncoding(jVar.d().getClientECPointFormats(), this.f12589c.getNamedGroup(), readOpaque8);
            jVar.A.f12337s.receivePeerValue(readOpaque8);
            dHPublicKey = null;
        }
        if (jVar.f12502b >= 771) {
            ac acVar = new ac();
            int a11 = acVar.a(jVar, inputStream) + a10;
            ac acVar2 = new ac();
            i10 = a11 + acVar2.a(jVar, inputStream);
            Logger logger = f12586h;
            StringBuilder s10 = a0.x.s("Hash=");
            s10.append(acVar.f12353a);
            s10.append(", sig=");
            s10.append(acVar2.f12353a);
            logger.debug(s10.toString());
            if (acVar2.f12353a != 1) {
                Logger logger2 = f12586h;
                StringBuilder s11 = a0.x.s("Invalid sig: ");
                s11.append(acVar2.f12353a);
                logger2.warn(s11.toString());
                jVar.a(b.f12390x);
            }
            int i11 = acVar.f12353a;
            if (i11 == 2) {
                str = g.f12480a;
            } else if (i11 == 4) {
                str = g.f12481b;
            } else if (i11 == 5) {
                str = g.f12482c;
            } else {
                Logger logger3 = f12586h;
                StringBuilder s12 = a0.x.s("Invalid hash: ");
                s12.append(acVar2.f12353a);
                logger3.warn(s12.toString());
                jVar.a(b.f12390x);
            }
        } else {
            str = jVar.A.f12331m.e();
            i10 = a10;
        }
        int a12 = i10 + this.f12591e.a(jVar, inputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (byteArray.length != a10) {
            throw new InternalError("Inconsistency in param size");
        }
        try {
            Signature signature = Signature.getInstance(str, Cryptix.PROVIDER_NAME);
            f12586h.debug("encode: alg=" + str + ",provider=" + signature.getProvider().getName());
            a(jVar, publicKey, str);
            signature.initVerify(publicKey);
            signature.update(a(jVar, str, byteArray));
            if (!signature.verify(this.f12591e.f12602b)) {
                jVar.a(b.f12386t);
            }
        } catch (InvalidKeyException e9) {
            jVar.a(b.f12386t, e9);
        } catch (NoSuchAlgorithmException e10) {
            throw new InternalError(e10.toString());
        } catch (NoSuchProviderException e11) {
            throw new InternalError(e11.toString());
        } catch (SignatureException e12) {
            jVar.a(b.f12386t, e12);
        } catch (Exception e13) {
            jVar.a(b.f12386t, e13);
        }
        jVar.A.f12339u = dHPublicKey;
        return a12;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.enterprisedt.net.puretls.r
    public int a(j jVar, OutputStream outputStream) throws IOException {
        Signature signature;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int c10 = jVar.A.f12331m.c();
        if (c10 == 1) {
            jVar.A.f12340v = jVar.f12504d.a(jVar.f12506f.dhAlwaysEphemeralP());
            k kVar = new k(jVar.A.f12340v);
            this.f12587a = kVar;
            this.f12592f = kVar;
        } else {
            if (c10 != 2) {
                throw new Error("Unknown key exchange algorithm");
            }
            jVar.A.f12341w = jVar.f12504d.e();
            jVar.A.f12342x = jVar.f12504d.f();
            t tVar = new t(jVar.f12504d.f());
            this.f12588b = tVar;
            this.f12592f = tVar;
        }
        this.f12592f.a(jVar, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        try {
            PrivateKey c11 = jVar.f12504d.c();
            String e9 = jVar.A.f12331m.e();
            if (e9.equals("RawDSA")) {
                Signature signature2 = Signature.getInstance(e9, Cryptix.PROVIDER_NAME);
                f12586h.debug("encode: alg=" + e9 + ",provider=" + signature2.getProvider().getName());
                signature2.setParameter("SecureRandom", jVar.A.f12326h);
                signature = signature2;
            } else {
                if (!e9.equals("RawRSA")) {
                    throw new Exception("Unknown key type");
                }
                Signature signature3 = Signature.getInstance(e9, Cryptix.PROVIDER_NAME);
                f12586h.debug("encode: alg=" + e9 + ",provider=" + signature3.getProvider().getName());
                ((Blindable) signature3).setBlindingInfo(jVar.A.f12326h, (CryptixRSAPublicKey) jVar.f12504d.d());
                signature = signature3;
            }
            signature.initSign(c11);
            signature.update(a(jVar, e9, byteArray));
            this.f12591e.f12602b = signature.sign();
            int a10 = this.f12592f.a(jVar, outputStream);
            this.f12593g = a10;
            int a11 = a10 + this.f12591e.a(jVar, outputStream);
            this.f12593g = a11;
            return a11;
        } catch (Exception e10) {
            throw new InternalError(e10.toString());
        }
    }
}
