package org.spongycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.agreement.srp.SRP6Client;
import org.spongycastle.crypto.agreement.srp.SRP6Server;
import org.spongycastle.crypto.agreement.srp.SRP6Util;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.SRP6GroupParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.BigIntegers;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    protected byte[] cFu;
    protected byte[] cTI;
    protected TlsSRPGroupVerifier cVi;
    protected TlsSignerCredentials cWc;
    protected TlsSigner cWd;
    protected AsymmetricKeyParameter cWf;
    protected SRP6GroupParameters cXc;
    protected SRP6Client cXd;
    protected SRP6Server cXe;
    protected BigInteger cXf;
    protected BigInteger cXg;
    protected byte[] cXh;

    public TlsSRPKeyExchange(int i, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.cWf = null;
        this.cXc = null;
        this.cXd = null;
        this.cXe = null;
        this.cXf = null;
        this.cXg = null;
        this.cXh = null;
        this.cWc = null;
        this.cWd = gw(i);
        this.cVi = tlsSRPGroupVerifier;
        this.cTI = bArr;
        this.cFu = bArr2;
        this.cXd = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i, vector);
        this.cWf = null;
        this.cXc = null;
        this.cXd = null;
        this.cXe = null;
        this.cXf = null;
        this.cXg = null;
        this.cXh = null;
        this.cWc = null;
        this.cWd = gw(i);
        this.cTI = bArr;
        this.cXe = new SRP6Server();
        this.cXc = tlsSRPLoginParameters.agV();
        this.cXg = tlsSRPLoginParameters.agW();
        this.cXh = tlsSRPLoginParameters.getSalt();
    }

    protected static TlsSigner gw(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    protected Signer a(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer a2 = tlsSigner.a(signatureAndHashAlgorithm, this.cWf);
        a2.update(securityParameters.cVw, 0, securityParameters.cVw.length);
        a2.update(securityParameters.cVx, 0, securityParameters.cVx.length);
        return a2;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(Certificate certificate) throws IOException {
        if (this.cWd == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate gg = certificate.gg(0);
        try {
            this.cWf = PublicKeyFactory.b(gg.ZO());
            if (!this.cWd.c(this.cWf)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.a(gg, 128);
            super.a(certificate);
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(TlsContext tlsContext) {
        super.a(tlsContext);
        TlsSigner tlsSigner = this.cWd;
        if (tlsSigner != null) {
            tlsSigner.a(tlsContext);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(TlsCredentials tlsCredentials) throws IOException {
        if (this.cTx == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        a(tlsCredentials.afr());
        this.cWc = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange
    public boolean aeP() {
        return true;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] aeQ() throws IOException {
        this.cXe.a(this.cXc, this.cXg, TlsUtils.p((short) 2), this.cTy.aeL());
        ServerSRPParams serverSRPParams = new ServerSRPParams(this.cXc.Zf(), this.cXc.getG(), this.cXh, this.cXe.acc());
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        serverSRPParams.encode(digestInputBuffer);
        if (this.cWc != null) {
            SignatureAndHashAlgorithm a2 = TlsUtils.a(this.cTy, this.cWc);
            Digest a3 = TlsUtils.a(a2);
            SecurityParameters aeM = this.cTy.aeM();
            a3.update(aeM.cVw, 0, aeM.cVw.length);
            a3.update(aeM.cVx, 0, aeM.cVx.length);
            digestInputBuffer.d(a3);
            byte[] bArr = new byte[a3.abC()];
            a3.doFinal(bArr, 0);
            new DigitallySigned(a2, this.cWc.bo(bArr)).encode(digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void agw() throws IOException {
        if (this.cWd != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] agx() throws IOException {
        try {
            return BigIntegers.J(this.cXe != null ? this.cXe.a(this.cXf) : this.cXd.a(this.cXf));
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void b(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void b(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void g(OutputStream outputStream) throws IOException {
        TlsSRPUtils.c(this.cXd.f(this.cXh, this.cTI, this.cFu), outputStream);
        this.cTy.aeM().cVk = Arrays.cm(this.cTI);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void t(InputStream inputStream) throws IOException {
        SignerInputBuffer signerInputBuffer;
        InputStream inputStream2;
        SecurityParameters aeM = this.cTy.aeM();
        if (this.cWd != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            signerInputBuffer = null;
            inputStream2 = inputStream;
        }
        ServerSRPParams z = ServerSRPParams.z(inputStream2);
        if (signerInputBuffer != null) {
            DigitallySigned s = s(inputStream);
            Signer a2 = a(this.cWd, s.afE(), aeM);
            signerInputBuffer.a(a2);
            if (!a2.al(s.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        this.cXc = new SRP6GroupParameters(z.Zf(), z.getG());
        if (!this.cVi.a(this.cXc)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.cXh = z.agl();
        try {
            this.cXf = SRP6Util.a(this.cXc.Zf(), z.getB());
            this.cXd.a(this.cXc, TlsUtils.p((short) 2), this.cTy.aeL());
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void u(InputStream inputStream) throws IOException {
        try {
            this.cXf = SRP6Util.a(this.cXc.Zf(), TlsSRPUtils.D(inputStream));
            this.cTy.aeM().cVk = Arrays.cm(this.cTI);
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }
}
