package ext.org.bouncycastle.crypto.tls;

import ext.org.bouncycastle.asn1.x509.X509CertificateStructure;
import ext.org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import ext.org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import ext.org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import ext.org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import ext.org.bouncycastle.crypto.params.ECDomainParameters;
import ext.org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import ext.org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import ext.org.bouncycastle.crypto.params.ECPublicKeyParameters;
import ext.org.bouncycastle.crypto.util.PublicKeyFactory;
import ext.org.bouncycastle.util.BigIntegers;
import java.io.InputStream;
import java.io.OutputStream;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class i implements TlsKeyExchange {

    /* renamed from: a, reason: collision with root package name */
    protected TlsClientContext f936a;
    protected p b;
    protected AsymmetricKeyParameter c;
    protected ECPublicKeyParameters d;
    private TlsAgreementCredentials e;
    private ECPrivateKeyParameters f = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public i(TlsClientContext tlsClientContext, int i) {
        switch (i) {
            case 16:
            case 18:
                this.b = null;
                break;
            case 17:
                this.b = new j();
                break;
            case 19:
                this.b = new n();
                break;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
        this.f936a = tlsClientContext;
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) {
        if (this.e != null) {
            TlsUtils.writeUint24(0, outputStream);
            return;
        }
        ECDomainParameters parameters = this.d.getParameters();
        ECKeyPairGenerator eCKeyPairGenerator = new ECKeyPairGenerator();
        eCKeyPairGenerator.init(new ECKeyGenerationParameters(parameters, this.f936a.getSecureRandom()));
        AsymmetricCipherKeyPair generateKeyPair = eCKeyPairGenerator.generateKeyPair();
        this.f = (ECPrivateKeyParameters) generateKeyPair.getPrivate();
        byte[] encoded = ((ECPublicKeyParameters) generateKeyPair.getPublic()).getQ().getEncoded();
        TlsUtils.writeUint24(encoded.length + 1, outputStream);
        TlsUtils.writeOpaque8(encoded, outputStream);
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] generatePremasterSecret() {
        if (this.e != null) {
            return this.e.generateAgreement(this.d);
        }
        ECPublicKeyParameters eCPublicKeyParameters = this.d;
        ECPrivateKeyParameters eCPrivateKeyParameters = this.f;
        ECDHBasicAgreement eCDHBasicAgreement = new ECDHBasicAgreement();
        eCDHBasicAgreement.init(eCPrivateKeyParameters);
        return BigIntegers.asUnsignedByteArray(eCDHBasicAgreement.calculateAgreement(eCPublicKeyParameters));
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) {
        if (tlsCredentials instanceof TlsAgreementCredentials) {
            this.e = (TlsAgreementCredentials) tlsCredentials;
        } else if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) {
        X509CertificateStructure x509CertificateStructure = certificate.certs[0];
        try {
            this.c = PublicKeyFactory.createKey(x509CertificateStructure.getSubjectPublicKeyInfo());
            if (this.b == null) {
                try {
                    this.d = (ECPublicKeyParameters) this.c;
                    TlsUtils.a(x509CertificateStructure, 8);
                } catch (ClassCastException e) {
                    throw new TlsFatalAlert((short) 46);
                }
            } else {
                if (!this.b.b(this.c)) {
                    throw new TlsFatalAlert((short) 46);
                }
                TlsUtils.a(x509CertificateStructure, 128);
            }
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipClientCredentials() {
        this.e = null;
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipServerCertificate() {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipServerKeyExchange() {
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) {
        for (short s : certificateRequest.getCertificateTypes()) {
            switch (s) {
                case 1:
                case 2:
                case 64:
                case 65:
                case 66:
                default:
                    throw new TlsFatalAlert((short) 47);
            }
        }
    }
}
