package ext.org.bouncycastle.crypto.tls;

import ext.org.bouncycastle.asn1.x509.X509CertificateStructure;
import ext.org.bouncycastle.crypto.CryptoException;
import ext.org.bouncycastle.crypto.Signer;
import ext.org.bouncycastle.crypto.agreement.srp.SRP6Client;
import ext.org.bouncycastle.crypto.agreement.srp.SRP6Util;
import ext.org.bouncycastle.crypto.digests.SHA1Digest;
import ext.org.bouncycastle.crypto.io.SignerInputStream;
import ext.org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import ext.org.bouncycastle.crypto.util.PublicKeyFactory;
import ext.org.bouncycastle.util.BigIntegers;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;

/* loaded from: classes.dex */
final class o implements TlsKeyExchange {

    /* renamed from: a, reason: collision with root package name */
    private TlsClientContext f940a;
    private p b;
    private byte[] c;
    private byte[] d;
    private AsymmetricKeyParameter e = null;
    private byte[] f = null;
    private BigInteger g = null;
    private SRP6Client h = new SRP6Client();

    /* JADX INFO: Access modifiers changed from: package-private */
    public o(TlsClientContext tlsClientContext, int i, byte[] bArr, byte[] bArr2) {
        switch (i) {
            case 21:
                this.b = null;
                break;
            case 22:
                this.b = new g();
                break;
            case 23:
                this.b = new n();
                break;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
        this.f940a = tlsClientContext;
        this.c = bArr;
        this.d = bArr2;
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void generateClientKeyExchange(OutputStream outputStream) {
        byte[] asUnsignedByteArray = BigIntegers.asUnsignedByteArray(this.h.generateClientCredentials(this.f, this.c, this.d));
        TlsUtils.writeUint24(asUnsignedByteArray.length + 2, outputStream);
        TlsUtils.writeOpaque16(asUnsignedByteArray, outputStream);
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final byte[] generatePremasterSecret() {
        try {
            return BigIntegers.asUnsignedByteArray(this.h.calculateSecret(this.g));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void processClientCredentials(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void processServerCertificate(Certificate certificate) {
        if (this.b == null) {
            throw new TlsFatalAlert((short) 10);
        }
        X509CertificateStructure x509CertificateStructure = certificate.certs[0];
        try {
            this.e = PublicKeyFactory.createKey(x509CertificateStructure.getSubjectPublicKeyInfo());
            if (!this.b.b(this.e)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.a(x509CertificateStructure, 128);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void processServerKeyExchange(InputStream inputStream) {
        InputStream inputStream2;
        SecurityParameters securityParameters = this.f940a.getSecurityParameters();
        Signer signer = null;
        if (this.b != null) {
            signer = this.b.a(this.e);
            signer.update(securityParameters.f928a, 0, securityParameters.f928a.length);
            signer.update(securityParameters.b, 0, securityParameters.b.length);
            inputStream2 = new SignerInputStream(inputStream, signer);
        } else {
            inputStream2 = inputStream;
        }
        byte[] readOpaque16 = TlsUtils.readOpaque16(inputStream2);
        byte[] readOpaque162 = TlsUtils.readOpaque16(inputStream2);
        byte[] readOpaque8 = TlsUtils.readOpaque8(inputStream2);
        byte[] readOpaque163 = TlsUtils.readOpaque16(inputStream2);
        if (signer != null && !signer.verifySignature(TlsUtils.readOpaque16(inputStream))) {
            throw new TlsFatalAlert((short) 42);
        }
        BigInteger bigInteger = new BigInteger(1, readOpaque16);
        BigInteger bigInteger2 = new BigInteger(1, readOpaque162);
        this.f = readOpaque8;
        try {
            this.g = SRP6Util.validatePublicValue(bigInteger, new BigInteger(1, readOpaque163));
            this.h.init(bigInteger, bigInteger2, new SHA1Digest(), this.f940a.getSecureRandom());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void skipClientCredentials() {
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void skipServerCertificate() {
        if (this.b != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void skipServerKeyExchange() {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // ext.org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void validateCertificateRequest(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }
}
