package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.util.Vector;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
    protected TlsSignerCredentials l;

    public TlsECDHEKeyExchange(int i, Vector vector, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector, iArr, sArr, sArr2);
        this.l = null;
    }

    @Override // org.bouncycastle.crypto.tls.TlsECDHKeyExchange, org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] b() throws IOException {
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        this.j = TlsECCUtils.k(this.f33326c.c(), this.f33469e, this.f33470f, digestInputBuffer);
        SignatureAndHashAlgorithm J = TlsUtils.J(this.f33326c, this.l);
        Digest n = TlsUtils.n(J);
        SecurityParameters e2 = this.f33326c.e();
        byte[] bArr = e2.f33414f;
        n.update(bArr, 0, bArr.length);
        byte[] bArr2 = e2.f33415g;
        n.update(bArr2, 0, bArr2.length);
        digestInputBuffer.b(n);
        byte[] bArr3 = new byte[n.getDigestSize()];
        n.doFinal(bArr3, 0);
        new DigitallySigned(J, this.l.c(bArr3)).a(digestInputBuffer);
        return digestInputBuffer.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.TlsECDHKeyExchange, org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void f(InputStream inputStream) throws IOException {
        SecurityParameters e2 = this.f33326c.e();
        SignerInputBuffer signerInputBuffer = new SignerInputBuffer();
        TeeInputStream teeInputStream = new TeeInputStream(inputStream, signerInputBuffer);
        ECDomainParameters w = TlsECCUtils.w(this.f33469e, this.f33470f, teeInputStream);
        byte[] i0 = TlsUtils.i0(teeInputStream);
        DigitallySigned o = o(inputStream);
        Signer q = q(this.f33468d, o.b(), e2);
        signerInputBuffer.b(q);
        if (!q.a(o.c())) {
            throw new TlsFatalAlert((short) 51);
        }
        this.k = TlsECCUtils.A(TlsECCUtils.h(this.f33470f, w, i0));
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void g(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        i(tlsCredentials.d());
        this.l = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.bouncycastle.crypto.tls.TlsECDHKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void k(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsECDHKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void l(CertificateRequest certificateRequest) throws IOException {
        for (short s : certificateRequest.b()) {
            if (s != 1 && s != 2 && s != 64) {
                throw new TlsFatalAlert((short) 47);
            }
        }
    }

    protected Signer q(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer e2 = tlsSigner.e(signatureAndHashAlgorithm, this.f33472h);
        byte[] bArr = securityParameters.f33414f;
        e2.update(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f33415g;
        e2.update(bArr2, 0, bArr2.length);
        return e2;
    }
}
