package org.bouncycastle.crypto.tls;

import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.CryptoException;

/* loaded from: classes2.dex */
public class k4 extends g {

    /* renamed from: d, reason: collision with root package name */
    protected u4 f21394d;

    /* renamed from: e, reason: collision with root package name */
    protected i4 f21395e;
    protected byte[] f;
    protected byte[] g;
    protected org.bouncycastle.crypto.t0.b h;
    protected org.bouncycastle.crypto.t0.n1 i;
    protected org.bouncycastle.crypto.i0.i.a j;
    protected org.bouncycastle.crypto.i0.i.b k;
    protected BigInteger l;
    protected BigInteger m;
    protected byte[] n;
    protected v4 o;

    public k4(int i, Vector vector, i4 i4Var, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.f21394d = a(i);
        this.f21395e = i4Var;
        this.f = bArr;
        this.g = bArr2;
        this.j = new org.bouncycastle.crypto.i0.i.a();
    }

    public k4(int i, Vector vector, byte[] bArr, l4 l4Var) {
        super(i, vector);
        this.h = null;
        this.i = null;
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.f21394d = a(i);
        this.f = bArr;
        this.k = new org.bouncycastle.crypto.i0.i.b();
        this.i = l4Var.getGroup();
        this.m = l4Var.getVerifier();
        this.n = l4Var.getSalt();
    }

    public k4(int i, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i, vector, new z0(), bArr, bArr2);
    }

    protected static u4 a(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new m3();
            case 23:
                return new g4();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    protected org.bouncycastle.crypto.a0 a(u4 u4Var, q2 q2Var, i2 i2Var) {
        org.bouncycastle.crypto.a0 createVerifyer = u4Var.createVerifyer(q2Var, this.h);
        byte[] bArr = i2Var.g;
        createVerifyer.update(bArr, 0, bArr.length);
        byte[] bArr2 = i2Var.h;
        createVerifyer.update(bArr2, 0, bArr2.length);
        return createVerifyer;
    }

    @Override // org.bouncycastle.crypto.tls.v3
    public void generateClientKeyExchange(OutputStream outputStream) {
        m4.writeSRPParameter(this.j.generateClientCredentials(this.n, this.f, this.g), outputStream);
        this.f21324c.getSecurityParameters().k = org.bouncycastle.util.a.clone(this.f);
    }

    @Override // org.bouncycastle.crypto.tls.v3
    public byte[] generatePremasterSecret() {
        try {
            return org.bouncycastle.util.b.asUnsignedByteArray(this.k != null ? this.k.calculateSecret(this.l) : this.j.calculateSecret(this.l));
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.v3
    public byte[] generateServerKeyExchange() {
        this.k.init(this.i, this.m, x4.createHash((short) 2), this.f21324c.getSecureRandom());
        n2 n2Var = new n2(this.i.getN(), this.i.getG(), this.n, this.k.generateServerCredentials());
        d1 d1Var = new d1();
        n2Var.encode(d1Var);
        v4 v4Var = this.o;
        if (v4Var != null) {
            q2 signatureAndHashAlgorithm = x4.getSignatureAndHashAlgorithm(this.f21324c, v4Var);
            org.bouncycastle.crypto.p createHash = x4.createHash(signatureAndHashAlgorithm);
            i2 securityParameters = this.f21324c.getSecurityParameters();
            byte[] bArr = securityParameters.g;
            createHash.update(bArr, 0, bArr.length);
            byte[] bArr2 = securityParameters.h;
            createHash.update(bArr2, 0, bArr2.length);
            d1Var.a(createHash);
            byte[] bArr3 = new byte[createHash.getDigestSize()];
            createHash.doFinal(bArr3, 0);
            new e1(signatureAndHashAlgorithm, this.o.generateCertificateSignature(bArr3)).encode(d1Var);
        }
        return d1Var.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.v3
    public void init(g3 g3Var) {
        super.init(g3Var);
        u4 u4Var = this.f21394d;
        if (u4Var != null) {
            u4Var.init(g3Var);
        }
    }

    @Override // org.bouncycastle.crypto.tls.v3
    public void processClientCredentials(h3 h3Var) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.v3
    public void processClientKeyExchange(InputStream inputStream) {
        try {
            this.l = org.bouncycastle.crypto.i0.i.d.validatePublicValue(this.i.getN(), m4.readSRPParameter(inputStream));
            this.f21324c.getSecurityParameters().k = org.bouncycastle.util.a.clone(this.f);
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.v3
    public void processServerCertificate(t tVar) {
        if (this.f21394d == null) {
            throw new TlsFatalAlert((short) 10);
        }
        if (tVar.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.o certificateAt = tVar.getCertificateAt(0);
        try {
            org.bouncycastle.crypto.t0.b createKey = org.bouncycastle.crypto.util.f.createKey(certificateAt.getSubjectPublicKeyInfo());
            this.h = createKey;
            if (!this.f21394d.isValidPublicKey(createKey)) {
                throw new TlsFatalAlert((short) 46);
            }
            x4.a(certificateAt, 128);
            super.processServerCertificate(tVar);
        } catch (RuntimeException e2) {
            throw new TlsFatalAlert((short) 43, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.v3
    public void processServerCredentials(h3 h3Var) {
        if (this.f21322a == 21 || !(h3Var instanceof v4)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(h3Var.getCertificate());
        this.o = (v4) h3Var;
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.v3
    public void processServerKeyExchange(InputStream inputStream) {
        r2 r2Var;
        InputStream inputStream2;
        i2 securityParameters = this.f21324c.getSecurityParameters();
        if (this.f21394d != null) {
            r2Var = new r2();
            inputStream2 = new org.bouncycastle.util.io.c(inputStream, r2Var);
        } else {
            r2Var = null;
            inputStream2 = inputStream;
        }
        n2 parse = n2.parse(inputStream2);
        if (r2Var != null) {
            e1 a2 = a(inputStream);
            org.bouncycastle.crypto.a0 a3 = a(this.f21394d, a2.getAlgorithm(), securityParameters);
            r2Var.a(a3);
            if (!a3.verifySignature(a2.getSignature())) {
                throw new TlsFatalAlert((short) 51);
            }
        }
        org.bouncycastle.crypto.t0.n1 n1Var = new org.bouncycastle.crypto.t0.n1(parse.getN(), parse.getG());
        this.i = n1Var;
        if (!this.f21395e.accept(n1Var)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.n = parse.getS();
        try {
            this.l = org.bouncycastle.crypto.i0.i.d.validatePublicValue(this.i.getN(), parse.getB());
            this.j.init(this.i, x4.createHash((short) 2), this.f21324c.getSecureRandom());
        } catch (CryptoException e2) {
            throw new TlsFatalAlert((short) 47, e2);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.v3
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // org.bouncycastle.crypto.tls.v3
    public void skipServerCredentials() {
        if (this.f21394d != null) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.v3
    public void validateCertificateRequest(u uVar) {
        throw new TlsFatalAlert((short) 10);
    }
}
