package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes2.dex */
class p implements TlsKeyExchange {
    protected TlsClientContext a;
    protected int b;
    protected q c;
    protected byte[] d;
    protected byte[] e;
    protected AsymmetricKeyParameter f = null;
    protected byte[] g = null;
    protected BigInteger h = null;
    protected SRP6Client i = new SRP6Client();

    /* JADX INFO: Access modifiers changed from: package-private */
    public p(TlsClientContext tlsClientContext, int i, byte[] bArr, byte[] bArr2) {
        switch (i) {
            case 21:
                this.c = null;
                break;
            case 22:
                this.c = new g();
                break;
            case 23:
                this.c = new o();
                break;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
        this.a = tlsClientContext;
        this.b = i;
        this.d = bArr;
        this.e = bArr2;
    }

    protected Signer a(q qVar, SecurityParameters securityParameters) {
        Signer a = qVar.a(this.f);
        a.update(securityParameters.a, 0, securityParameters.a.length);
        a.update(securityParameters.b, 0, securityParameters.b.length);
        return a;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        TlsUtils.b(BigIntegers.asUnsignedByteArray(this.i.generateClientCredentials(this.g, this.d, this.e)), outputStream);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] generatePremasterSecret() throws IOException {
        try {
            return BigIntegers.asUnsignedByteArray(this.i.calculateSecret(this.h));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (this.c == null) {
            throw new TlsFatalAlert((short) 10);
        }
        X509CertificateStructure x509CertificateStructure = certificate.b[0];
        try {
            this.f = PublicKeyFactory.createKey(x509CertificateStructure.getSubjectPublicKeyInfo());
            if (!this.c.b(this.f)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.a(x509CertificateStructure, 128);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        InputStream inputStream2;
        SecurityParameters securityParameters = this.a.getSecurityParameters();
        Signer signer = null;
        if (this.c != null) {
            signer = a(this.c, securityParameters);
            inputStream2 = new SignerInputStream(inputStream, signer);
        } else {
            inputStream2 = inputStream;
        }
        byte[] e = TlsUtils.e(inputStream2);
        byte[] e2 = TlsUtils.e(inputStream2);
        byte[] d = TlsUtils.d(inputStream2);
        byte[] e3 = TlsUtils.e(inputStream2);
        if (signer != null && !signer.verifySignature(TlsUtils.e(inputStream))) {
            throw new TlsFatalAlert((short) 42);
        }
        BigInteger bigInteger = new BigInteger(1, e);
        BigInteger bigInteger2 = new BigInteger(1, e2);
        this.g = d;
        try {
            this.h = SRP6Util.validatePublicValue(bigInteger, new BigInteger(1, e3));
            this.i.init(bigInteger, bigInteger2, new SHA1Digest(), this.a.getSecureRandom());
        } catch (CryptoException e4) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipClientCredentials() throws IOException {
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipServerCertificate() throws IOException {
        if (this.c != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipServerKeyExchange() throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }
}
