package org.spongycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.agreement.srp.SRP6Client;
import org.spongycastle.crypto.agreement.srp.SRP6Server;
import org.spongycastle.crypto.agreement.srp.SRP6Util;
import org.spongycastle.crypto.params.AsymmetricKeyParameter;
import org.spongycastle.crypto.params.SRP6GroupParameters;
import org.spongycastle.crypto.util.PublicKeyFactory;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.BigIntegers;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    public BigInteger a;

    /* renamed from: a, reason: collision with other field name */
    public SRP6Client f4639a;

    /* renamed from: a, reason: collision with other field name */
    public SRP6Server f4640a;

    /* renamed from: a, reason: collision with other field name */
    public AsymmetricKeyParameter f4641a;

    /* renamed from: a, reason: collision with other field name */
    public SRP6GroupParameters f4642a;

    /* renamed from: a, reason: collision with other field name */
    public TlsSRPGroupVerifier f4643a;

    /* renamed from: a, reason: collision with other field name */
    public TlsSigner f4644a;

    /* renamed from: a, reason: collision with other field name */
    public TlsSignerCredentials f4645a;

    /* renamed from: a, reason: collision with other field name */
    public byte[] f4646a;
    public BigInteger b;

    /* renamed from: b, reason: collision with other field name */
    public byte[] f4647b;
    public byte[] c;

    public TlsSRPKeyExchange(int i, Vector vector, TlsSRPGroupVerifier tlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.f4641a = null;
        this.f4642a = null;
        this.f4639a = null;
        this.f4640a = null;
        this.a = null;
        this.b = null;
        this.c = null;
        this.f4645a = null;
        this.f4644a = a(i);
        this.f4643a = tlsSRPGroupVerifier;
        this.f4646a = bArr;
        this.f4647b = bArr2;
        this.f4639a = new SRP6Client();
    }

    public TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i, vector);
        this.f4641a = null;
        this.f4642a = null;
        this.f4639a = null;
        this.f4640a = null;
        this.a = null;
        this.b = null;
        this.c = null;
        this.f4645a = null;
        this.f4644a = a(i);
        this.f4646a = bArr;
        this.f4640a = new SRP6Server();
        this.f4642a = tlsSRPLoginParameters.m975a();
        this.b = tlsSRPLoginParameters.a();
        this.c = tlsSRPLoginParameters.m976a();
    }

    public static TlsSigner a(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new TlsDSSSigner();
            case 23:
                return new TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    public Signer a(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer a = tlsSigner.a(signatureAndHashAlgorithm, this.f4641a);
        byte[] bArr = securityParameters.f4563b;
        a.a(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f4565c;
        a.a(bArr2, 0, bArr2.length);
        return a;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void a() throws IOException {
        if (this.f4644a != null) {
            throw new TlsFatalAlert((short) 10, null);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    /* renamed from: a */
    public void mo908a(InputStream inputStream) throws IOException {
        InputStream inputStream2;
        SignerInputBuffer signerInputBuffer;
        SecurityParameters mo907a = ((AbstractTlsKeyExchange) this).f4501a.mo907a();
        if (this.f4644a != null) {
            signerInputBuffer = new SignerInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, signerInputBuffer);
        } else {
            inputStream2 = inputStream;
            signerInputBuffer = null;
        }
        BigInteger a = TlsSRPUtils.a(inputStream2);
        BigInteger a2 = TlsSRPUtils.a(inputStream2);
        byte[] c = TlsUtils.c(inputStream2);
        BigInteger a3 = TlsSRPUtils.a(inputStream2);
        byte[] m1322a = Arrays.m1322a(c);
        if (signerInputBuffer != null) {
            DigitallySigned a4 = a(inputStream);
            Signer a5 = a(this.f4644a, a4.a(), mo907a);
            signerInputBuffer.a(a5);
            if (!a5.mo902a(a4.m939a())) {
                throw new TlsFatalAlert((short) 51, null);
            }
        }
        this.f4642a = new SRP6GroupParameters(a, a2);
        if (!this.f4643a.a(this.f4642a)) {
            throw new TlsFatalAlert((short) 71, null);
        }
        this.c = m1322a;
        try {
            this.a = SRP6Util.a(this.f4642a.b(), a3);
            this.f4639a.a(this.f4642a, TlsUtils.a((short) 2), ((AbstractTlsKeyExchange) this).f4501a.a());
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(OutputStream outputStream) throws IOException {
        TlsSRPUtils.a(this.f4639a.a(this.c, this.f4646a, this.f4647b), outputStream);
        ((AbstractTlsKeyExchange) this).f4501a.mo907a().f = Arrays.m1322a(this.f4646a);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(Certificate certificate) throws IOException {
        if (this.f4644a == null) {
            throw new TlsFatalAlert((short) 10, null);
        }
        if (certificate.a()) {
            throw new TlsFatalAlert((short) 42, null);
        }
        org.spongycastle.asn1.x509.Certificate a = certificate.a(0);
        try {
            this.f4641a = PublicKeyFactory.a(a.m748a());
            if (!this.f4644a.a(this.f4641a)) {
                throw new TlsFatalAlert((short) 46, null);
            }
            TlsUtils.a(a, 128);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10, null);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(TlsContext tlsContext) {
        super.a(tlsContext);
        TlsSigner tlsSigner = this.f4644a;
        if (tlsSigner != null) {
            tlsSigner.a(tlsContext);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void a(TlsCredentials tlsCredentials) throws IOException {
        if (((AbstractTlsKeyExchange) this).a == 21 || !(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80, null);
        }
        a(tlsCredentials.a());
        this.f4645a = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange
    /* renamed from: a */
    public boolean mo963a() {
        return true;
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    /* renamed from: a */
    public byte[] mo964a() throws IOException {
        try {
            return BigIntegers.a(this.f4640a != null ? this.f4640a.a(this.a) : this.f4639a.a(this.a));
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void b(InputStream inputStream) throws IOException {
        try {
            this.a = SRP6Util.a(this.f4642a.b(), TlsSRPUtils.a(inputStream));
            ((AbstractTlsKeyExchange) this).f4501a.mo907a().f = Arrays.m1322a(this.f4646a);
        } catch (CryptoException e) {
            throw new TlsFatalAlert((short) 47, e);
        }
    }

    @Override // org.spongycastle.crypto.tls.TlsKeyExchange
    public void b(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80, null);
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    /* renamed from: b */
    public byte[] mo909b() throws IOException {
        this.f4640a.a(this.f4642a, this.b, TlsUtils.a((short) 2), ((AbstractTlsKeyExchange) this).f4501a.a());
        BigInteger a = this.f4640a.a();
        BigInteger b = this.f4642a.b();
        BigInteger a2 = this.f4642a.a();
        byte[] m1322a = Arrays.m1322a(this.c);
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        TlsSRPUtils.a(b, digestInputBuffer);
        TlsSRPUtils.a(a2, digestInputBuffer);
        TlsUtils.c(m1322a, digestInputBuffer);
        TlsSRPUtils.a(a, digestInputBuffer);
        TlsSignerCredentials tlsSignerCredentials = this.f4645a;
        if (tlsSignerCredentials != null) {
            SignatureAndHashAlgorithm a3 = TlsUtils.a(((AbstractTlsKeyExchange) this).f4501a, tlsSignerCredentials);
            Digest a4 = TlsUtils.a(a3);
            SecurityParameters mo907a = ((AbstractTlsKeyExchange) this).f4501a.mo907a();
            byte[] bArr = mo907a.f4563b;
            a4.a(bArr, 0, bArr.length);
            byte[] bArr2 = mo907a.f4565c;
            a4.a(bArr2, 0, bArr2.length);
            digestInputBuffer.a(a4);
            byte[] bArr3 = new byte[a4.a()];
            a4.a(bArr3, 0);
            byte[] a5 = this.f4645a.a(bArr3);
            if (a5 == null) {
                throw new IllegalArgumentException("'signature' cannot be null");
            }
            if (a3 != null) {
                a3.a(digestInputBuffer);
            }
            TlsUtils.a(a5, (OutputStream) digestInputBuffer);
        }
        return digestInputBuffer.toByteArray();
    }
}
