package org.bouncycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.agreement.srp.SRP6Client;
import org.bouncycastle.crypto.agreement.srp.SRP6Util;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.io.SignerInputStream;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.BigIntegers;

/* loaded from: classes2.dex */
class p implements TlsKeyExchange {
    protected TlsClientContext a;
    protected q b;

    /* renamed from: c, reason: collision with root package name */
    protected byte[] f16864c;

    /* renamed from: d, reason: collision with root package name */
    protected byte[] f16865d;

    /* renamed from: e, reason: collision with root package name */
    protected AsymmetricKeyParameter f16866e = null;

    /* renamed from: f, reason: collision with root package name */
    protected byte[] f16867f = null;

    /* renamed from: g, reason: collision with root package name */
    protected BigInteger f16868g = null;

    /* renamed from: h, reason: collision with root package name */
    protected SRP6Client f16869h = new SRP6Client();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0011. Please report as an issue. */
    public p(TlsClientContext tlsClientContext, int i2, byte[] bArr, byte[] bArr2) {
        q gVar;
        switch (i2) {
            case 21:
                this.b = null;
                this.a = tlsClientContext;
                this.f16864c = bArr;
                this.f16865d = bArr2;
                return;
            case 22:
                gVar = new g();
                this.b = gVar;
                this.a = tlsClientContext;
                this.f16864c = bArr;
                this.f16865d = bArr2;
                return;
            case 23:
                gVar = new o();
                this.b = gVar;
                this.a = tlsClientContext;
                this.f16864c = bArr;
                this.f16865d = bArr2;
                return;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    protected Signer a(q qVar, SecurityParameters securityParameters) {
        Signer b = qVar.b(this.f16866e);
        byte[] bArr = securityParameters.a;
        b.update(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.b;
        b.update(bArr2, 0, bArr2.length);
        return b;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) {
        TlsUtils.q(BigIntegers.asUnsignedByteArray(this.f16869h.generateClientCredentials(this.f16867f, this.f16864c, this.f16865d)), outputStream);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] generatePremasterSecret() {
        try {
            return BigIntegers.asUnsignedByteArray(this.f16869h.calculateSecret(this.f16868g));
        } catch (CryptoException unused) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) {
        if (this.b == null) {
            throw new TlsFatalAlert((short) 10);
        }
        X509CertificateStructure x509CertificateStructure = certificate.a[0];
        try {
            AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(x509CertificateStructure.getSubjectPublicKeyInfo());
            this.f16866e = createKey;
            if (!this.b.a(createKey)) {
                throw new TlsFatalAlert((short) 46);
            }
            TlsUtils.o(x509CertificateStructure, 128);
        } catch (RuntimeException unused) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) {
        Signer signer;
        InputStream inputStream2;
        SecurityParameters securityParameters = this.a.getSecurityParameters();
        q qVar = this.b;
        if (qVar != null) {
            signer = a(qVar, securityParameters);
            inputStream2 = new SignerInputStream(inputStream, signer);
        } else {
            signer = null;
            inputStream2 = inputStream;
        }
        byte[] i2 = TlsUtils.i(inputStream2);
        byte[] i3 = TlsUtils.i(inputStream2);
        byte[] j2 = TlsUtils.j(inputStream2);
        byte[] i4 = TlsUtils.i(inputStream2);
        if (signer != null && !signer.verifySignature(TlsUtils.i(inputStream))) {
            throw new TlsFatalAlert((short) 42);
        }
        BigInteger bigInteger = new BigInteger(1, i2);
        BigInteger bigInteger2 = new BigInteger(1, i3);
        this.f16867f = j2;
        try {
            this.f16868g = SRP6Util.validatePublicValue(bigInteger, new BigInteger(1, i4));
            this.f16869h.init(bigInteger, bigInteger2, new SHA1Digest(), this.a.getSecureRandom());
        } catch (CryptoException unused) {
            throw new TlsFatalAlert((short) 47);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipClientCredentials() {
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipServerCertificate() {
        if (this.b != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipServerKeyExchange() {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }
}
