package org.spongycastle.crypto.tls;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.DHParameters;
import org.spongycastle.crypto.params.DHPrivateKeyParameters;
import org.spongycastle.crypto.params.DHPublicKeyParameters;
import org.spongycastle.crypto.params.ECPrivateKeyParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.crypto.params.RSAKeyParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.io.Streams;

/* loaded from: classes2.dex */
public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
    protected byte[] cTJ;
    protected int[] cTn;
    protected short[] cTo;
    protected short[] cTp;
    protected TlsPSKIdentity cUH;
    protected TlsPSKIdentityManager cUI;
    protected byte[] cWH;
    protected RSAKeyParameters cWI;
    protected TlsEncryptionCredentials cWJ;
    protected byte[] cWK;
    protected DHParameters cWe;
    protected AsymmetricKeyParameter cWf;
    protected DHPrivateKeyParameters cWh;
    protected DHPublicKeyParameters cWi;
    protected ECPrivateKeyParameters cWs;
    protected ECPublicKeyParameters cWt;

    public TlsPSKKeyExchange(int i, Vector vector, TlsPSKIdentity tlsPSKIdentity, TlsPSKIdentityManager tlsPSKIdentityManager, DHParameters dHParameters, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector);
        this.cWH = null;
        this.cTJ = null;
        this.cWh = null;
        this.cWi = null;
        this.cWs = null;
        this.cWt = null;
        this.cWf = null;
        this.cWI = null;
        this.cWJ = null;
        if (i != 24) {
            switch (i) {
                case 13:
                case 14:
                case 15:
                    break;
                default:
                    throw new IllegalArgumentException("unsupported key exchange algorithm");
            }
        }
        this.cUH = tlsPSKIdentity;
        this.cUI = tlsPSKIdentityManager;
        this.cWe = dHParameters;
        this.cTn = iArr;
        this.cTo = sArr;
        this.cTp = sArr2;
    }

    protected RSAKeyParameters a(RSAKeyParameters rSAKeyParameters) throws IOException {
        if (rSAKeyParameters.getExponent().isProbablePrime(2)) {
            return rSAKeyParameters;
        }
        throw new TlsFatalAlert((short) 47);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(Certificate certificate) throws IOException {
        if (this.cTx != 15) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.spongycastle.asn1.x509.Certificate gg = certificate.gg(0);
        try {
            this.cWf = PublicKeyFactory.b(gg.ZO());
            if (this.cWf.isPrivate()) {
                throw new TlsFatalAlert((short) 80);
            }
            this.cWI = a((RSAKeyParameters) this.cWf);
            TlsUtils.a(gg, 32);
            super.a(certificate);
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsEncryptionCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        a(tlsCredentials.afr());
        this.cWJ = (TlsEncryptionCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange
    public boolean aeP() {
        int i = this.cTx;
        return i == 14 || i == 24;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] aeQ() throws IOException {
        this.cWH = this.cUI.agG();
        if (this.cWH == null && !aeP()) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = this.cWH;
        if (bArr == null) {
            TlsUtils.b(TlsUtils.bSK, (OutputStream) byteArrayOutputStream);
        } else {
            TlsUtils.b(bArr, (OutputStream) byteArrayOutputStream);
        }
        if (this.cTx == 14) {
            if (this.cWe == null) {
                throw new TlsFatalAlert((short) 80);
            }
            this.cWh = TlsDHUtils.b(this.cTy.aeL(), this.cWe, byteArrayOutputStream);
        } else if (this.cTx == 24) {
            this.cWs = TlsECCUtils.a(this.cTy.aeL(), this.cTn, this.cTo, byteArrayOutputStream);
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void agw() throws IOException {
        if (this.cTx == 15) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] agx() throws IOException {
        byte[] gv = gv(this.cTJ.length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(gv.length + 4 + this.cTJ.length);
        TlsUtils.b(gv, (OutputStream) byteArrayOutputStream);
        TlsUtils.b(this.cTJ, (OutputStream) byteArrayOutputStream);
        Arrays.fill(this.cTJ, (byte) 0);
        this.cTJ = null;
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void b(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void b(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void g(OutputStream outputStream) throws IOException {
        byte[] bArr = this.cWH;
        if (bArr == null) {
            this.cUH.afi();
        } else {
            this.cUH.bm(bArr);
        }
        byte[] afj = this.cUH.afj();
        if (afj == null) {
            throw new TlsFatalAlert((short) 80);
        }
        this.cTJ = this.cUH.afk();
        if (this.cTJ == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsUtils.b(afj, outputStream);
        this.cTy.aeM().cVz = Arrays.cm(afj);
        if (this.cTx == 14) {
            this.cWh = TlsDHUtils.a(this.cTy.aeL(), this.cWe, outputStream);
        } else if (this.cTx == 24) {
            this.cWs = TlsECCUtils.a(this.cTy.aeL(), this.cTp, this.cWt.adL(), outputStream);
        } else if (this.cTx == 15) {
            this.cWK = TlsRSAUtils.a(this.cTy, this.cWI, outputStream);
        }
    }

    protected byte[] gv(int i) throws IOException {
        if (this.cTx == 14) {
            DHPrivateKeyParameters dHPrivateKeyParameters = this.cWh;
            if (dHPrivateKeyParameters != null) {
                return TlsDHUtils.a(this.cWi, dHPrivateKeyParameters);
            }
            throw new TlsFatalAlert((short) 80);
        }
        if (this.cTx != 24) {
            return this.cTx == 15 ? this.cWK : new byte[i];
        }
        ECPrivateKeyParameters eCPrivateKeyParameters = this.cWs;
        if (eCPrivateKeyParameters != null) {
            return TlsECCUtils.a(this.cWt, eCPrivateKeyParameters);
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void t(InputStream inputStream) throws IOException {
        this.cWH = TlsUtils.J(inputStream);
        if (this.cTx == 14) {
            this.cWi = TlsDHUtils.a(ServerDHParams.y(inputStream).agk());
            this.cWe = this.cWi.adF();
        } else if (this.cTx == 24) {
            this.cWt = TlsECCUtils.a(TlsECCUtils.a(this.cTo, TlsECCUtils.a(this.cTn, this.cTo, inputStream), TlsUtils.I(inputStream)));
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void u(InputStream inputStream) throws IOException {
        byte[] J = TlsUtils.J(inputStream);
        this.cTJ = this.cUI.bC(J);
        if (this.cTJ == null) {
            throw new TlsFatalAlert((short) 115);
        }
        this.cTy.aeM().cVz = J;
        if (this.cTx == 14) {
            this.cWi = TlsDHUtils.a(new DHPublicKeyParameters(TlsDHUtils.B(inputStream), this.cWe));
            return;
        }
        if (this.cTx == 24) {
            this.cWt = TlsECCUtils.a(TlsECCUtils.a(this.cTp, this.cWs.adL(), TlsUtils.I(inputStream)));
        } else if (this.cTx == 15) {
            this.cWK = this.cWJ.bn(TlsUtils.c(this.cTy) ? Streams.Y(inputStream) : TlsUtils.J(inputStream));
        }
    }
}
