package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes2.dex */
public class TlsSRPKeyExchange implements TlsKeyExchange {

    /* renamed from: a, reason: collision with root package name */
    public TlsClientContext f21722a;

    /* renamed from: b, reason: collision with root package name */
    public int f21723b;

    /* renamed from: c, reason: collision with root package name */
    public TlsSigner f21724c;

    /* renamed from: d, reason: collision with root package name */
    public byte[] f21725d;

    /* renamed from: e, reason: collision with root package name */
    public byte[] f21726e;

    /* renamed from: f, reason: collision with root package name */
    public AsymmetricKeyParameter f21727f = null;

    /* renamed from: g, reason: collision with root package name */
    public byte[] f21728g = null;

    /* renamed from: h, reason: collision with root package name */
    public BigInteger f21729h = null;

    /* renamed from: i, reason: collision with root package name */
    public SRP6Client f21730i = new SRP6Client();

    public TlsSRPKeyExchange(TlsClientContext tlsClientContext, int i2, byte[] bArr, byte[] bArr2) {
        TlsSigner tlsSigner = null;
        switch (i2) {
            case 21:
                break;
            case 22:
                tlsSigner = new TlsDSSSigner();
                break;
            case 23:
                tlsSigner = new TlsRSASigner();
                break;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
        this.f21724c = tlsSigner;
        this.f21722a = tlsClientContext;
        this.f21723b = i2;
        this.f21725d = bArr;
        this.f21726e = bArr2;
    }

    public Signer a(TlsSigner tlsSigner, SecurityParameters securityParameters) {
        Signer b2 = tlsSigner.b(this.f21727f);
        byte[] bArr = securityParameters.f21663a;
        b2.update(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f21664b;
        b2.update(bArr2, 0, bArr2.length);
        return b2;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a() throws IOException {
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(InputStream inputStream) throws IOException {
        Signer signer;
        InputStream inputStream2;
        SecurityParameters c2 = this.f21722a.c();
        TlsSigner tlsSigner = this.f21724c;
        if (tlsSigner != null) {
            signer = a(tlsSigner, c2);
            inputStream2 = new SignerInputStream(inputStream, signer);
        } else {
            signer = null;
            inputStream2 = inputStream;
        }
        byte[] a2 = TlsUtils.a(inputStream2);
        byte[] a3 = TlsUtils.a(inputStream2);
        byte[] b2 = TlsUtils.b(inputStream2);
        byte[] a4 = TlsUtils.a(inputStream2);
        if (signer != null && !signer.a(TlsUtils.a(inputStream))) {
            throw new TlsFatalAlert((short) 42);
        }
        BigInteger bigInteger = new BigInteger(1, a2);
        BigInteger bigInteger2 = new BigInteger(1, a3);
        this.f21728g = b2;
        try {
            this.f21729h = SRP6Util.a(bigInteger, new BigInteger(1, a4));
            this.f21730i.a(bigInteger, bigInteger2, new SHA1Digest(), this.f21722a.b());
        } catch (CryptoException unused) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(OutputStream outputStream) throws IOException {
        byte[] a2 = BigIntegers.a(this.f21730i.a(this.f21728g, this.f21725d, this.f21726e));
        TlsUtils.b(a2.length + 2, outputStream);
        TlsUtils.a(a2, outputStream);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(Certificate certificate) throws IOException {
        if (this.f21724c == null) {
            throw new TlsFatalAlert((short) 10);
        }
        X509CertificateStructure x509CertificateStructure = certificate.f21519b[0];
        try {
            this.f21727f = PublicKeyFactory.a(x509CertificateStructure.o());
            if (!this.f21724c.a(this.f21727f)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.a(x509CertificateStructure, 128);
        } catch (RuntimeException unused) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void a(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void b() throws IOException {
        if (this.f21724c != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void c() throws IOException {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] d() throws IOException {
        try {
            return BigIntegers.a(this.f21730i.a(this.f21729h));
        } catch (CryptoException unused) {
            throw new TlsFatalAlert((short) 47);
        }
    }
}
