package org.bouncycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.CryptoException;

/* loaded from: classes2.dex */
public class ek extends g {
    protected eu d;
    protected ei e;
    protected byte[] f;
    protected byte[] g;
    protected org.bouncycastle.crypto.l.b h;
    protected org.bouncycastle.crypto.l.bn i;
    protected org.bouncycastle.crypto.a.c.a j;
    protected org.bouncycastle.crypto.a.c.b k;
    protected BigInteger l;
    protected BigInteger m;
    protected byte[] n;
    protected ev o;

    public ek(int i, Vector vector, ei eiVar, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.d = a(i);
        this.e = eiVar;
        this.f = bArr;
        this.g = bArr2;
        this.j = new org.bouncycastle.crypto.a.c.a();
    }

    public ek(int i, Vector vector, byte[] bArr, el elVar) {
        super(i, vector);
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.d = a(i);
        this.f = bArr;
        this.k = new org.bouncycastle.crypto.a.c.b();
        this.i = elVar.getGroup();
        this.m = elVar.getVerifier();
        this.n = elVar.getSalt();
    }

    public ek(int i, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i, vector, new az(), bArr, bArr2);
    }

    protected static eu a(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new dm();
            case 23:
                return new eg();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    protected org.bouncycastle.crypto.aa a(eu euVar, cq cqVar, ci ciVar) {
        org.bouncycastle.crypto.aa createVerifyer = euVar.createVerifyer(cqVar, this.h);
        createVerifyer.update(ciVar.g, 0, ciVar.g.length);
        createVerifyer.update(ciVar.h, 0, ciVar.h.length);
        return createVerifyer;
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void generateClientKeyExchange(OutputStream outputStream) {
        em.writeSRPParameter(this.j.generateClientCredentials(this.n, this.f, this.g), outputStream);
        this.c.getSecurityParameters().k = org.bouncycastle.util.a.clone(this.f);
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public byte[] generatePremasterSecret() {
        try {
            return org.bouncycastle.util.b.asUnsignedByteArray(this.k != null ? this.k.calculateSecret(this.l) : this.j.calculateSecret(this.l));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public byte[] generateServerKeyExchange() {
        this.k.init(this.i, this.m, ex.createHash((short) 2), this.c.getSecureRandom());
        cn cnVar = new cn(this.i.getN(), this.i.getG(), this.n, this.k.generateServerCredentials());
        bd bdVar = new bd();
        cnVar.encode(bdVar);
        if (this.o != null) {
            cq signatureAndHashAlgorithm = ex.getSignatureAndHashAlgorithm(this.c, this.o);
            org.bouncycastle.crypto.p createHash = ex.createHash(signatureAndHashAlgorithm);
            ci securityParameters = this.c.getSecurityParameters();
            createHash.update(securityParameters.g, 0, securityParameters.g.length);
            createHash.update(securityParameters.h, 0, securityParameters.h.length);
            bdVar.a(createHash);
            byte[] bArr = new byte[createHash.getDigestSize()];
            createHash.doFinal(bArr, 0);
            new be(signatureAndHashAlgorithm, this.o.generateCertificateSignature(bArr)).encode(bdVar);
        }
        return bdVar.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void init(dg dgVar) {
        super.init(dgVar);
        if (this.d != null) {
            this.d.init(dgVar);
        }
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void processClientCredentials(dh dhVar) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processClientKeyExchange(InputStream inputStream) {
        try {
            this.l = org.bouncycastle.crypto.a.c.d.validatePublicValue(this.i.getN(), em.readSRPParameter(inputStream));
            this.c.getSecurityParameters().k = org.bouncycastle.util.a.clone(this.f);
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerCertificate(t tVar) {
        if (this.d == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (tVar.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.o certificateAt = tVar.getCertificateAt(0);
        try {
            this.h = org.bouncycastle.crypto.util.g.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (!this.d.isValidPublicKey(this.h)) {
                throw new TlsFatalAlert((short) 46);
            }
            ex.a(certificateAt, 128);
            super.processServerCertificate(tVar);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerCredentials(dh dhVar) {
        if (this.f10781a == 21 || !(dhVar instanceof ev)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(dhVar.getCertificate());
        this.o = (ev) dhVar;
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerKeyExchange(InputStream inputStream) {
        cr crVar;
        InputStream inputStream2;
        ci securityParameters = this.c.getSecurityParameters();
        if (this.d != null) {
            crVar = new cr();
            inputStream2 = new org.bouncycastle.util.io.c(inputStream, crVar);
        } else {
            crVar = null;
            inputStream2 = inputStream;
        }
        cn parse = cn.parse(inputStream2);
        if (crVar != null) {
            be a2 = a(inputStream);
            org.bouncycastle.crypto.aa a3 = a(this.d, a2.getAlgorithm(), securityParameters);
            crVar.a(a3);
            if (!a3.verifySignature(a2.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        this.i = new org.bouncycastle.crypto.l.bn(parse.getN(), parse.getG());
        if (!this.e.accept(this.i)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.n = parse.getS();
        try {
            this.l = org.bouncycastle.crypto.a.c.d.validatePublicValue(this.i.getN(), parse.getB());
            this.j.init(this.i, ex.createHash((short) 2), this.c.getSecureRandom());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void skipServerCredentials() {
        if (this.d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void validateCertificateRequest(u uVar) {
        throw new TlsFatalAlert((short) 10);
    }
}
