package org.spongycastle.crypto.tls;

import java.io.InputStream;
import java.util.Vector;
import org.spongycastle.crypto.AsymmetricCipherKeyPair;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.params.ECDomainParameters;
import org.spongycastle.crypto.params.ECPrivateKeyParameters;
import org.spongycastle.crypto.params.ECPublicKeyParameters;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes.dex */
public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {
    protected TlsSignerCredentials serverCredentials;

    public TlsECDHEKeyExchange(int i, Vector vector, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector, iArr, sArr, sArr2);
        this.serverCredentials = null;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() {
        int i;
        Digest cVar;
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
        if (this.namedCurves != null) {
            int i2 = 0;
            while (true) {
                if (i2 >= this.namedCurves.length) {
                    i = -1;
                    break;
                }
                i = this.namedCurves[i2];
                if (NamedCurve.isValid(i) && TlsECCUtils.isSupportedNamedCurve(i)) {
                    break;
                }
                i2++;
            }
        } else {
            i = 23;
        }
        ECDomainParameters parametersForNamedCurve = i >= 0 ? TlsECCUtils.getParametersForNamedCurve(i) : Arrays.contains(this.namedCurves, 65281) ? TlsECCUtils.getParametersForNamedCurve(23) : Arrays.contains(this.namedCurves, NamedCurve.arbitrary_explicit_char2_curves) ? TlsECCUtils.getParametersForNamedCurve(10) : null;
        if (parametersForNamedCurve == null) {
            throw new TlsFatalAlert((short) 80);
        }
        AsymmetricCipherKeyPair generateECKeyPair = TlsECCUtils.generateECKeyPair(this.context.getSecureRandom(), parametersForNamedCurve);
        this.ecAgreePrivateKey = (ECPrivateKeyParameters) generateECKeyPair.getPrivate();
        o oVar = new o();
        if (i < 0) {
            TlsECCUtils.writeExplicitECParameters(this.clientECPointFormats, parametersForNamedCurve, oVar);
        } else {
            TlsECCUtils.writeNamedECParameters(i, oVar);
        }
        TlsECCUtils.writeECPoint(this.clientECPointFormats, ((ECPublicKeyParameters) generateECKeyPair.getPublic()).getQ(), oVar);
        if (TlsUtils.isTLSv12(this.context)) {
            signatureAndHashAlgorithm = this.serverCredentials.getSignatureAndHashAlgorithm();
            if (signatureAndHashAlgorithm == null) {
                throw new TlsFatalAlert((short) 80);
            }
            cVar = TlsUtils.createHash(signatureAndHashAlgorithm.getHash());
        } else {
            cVar = new c();
        }
        SecurityParameters securityParameters = this.context.getSecurityParameters();
        cVar.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
        cVar.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
        oVar.a(cVar);
        byte[] bArr = new byte[cVar.getDigestSize()];
        cVar.doFinal(bArr, 0);
        new DigitallySigned(signatureAndHashAlgorithm, this.serverCredentials.generateCertificateSignature(bArr)).encode(oVar);
        return oVar.toByteArray();
    }

    protected Signer initVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer createVerifyer = tlsSigner.createVerifyer(signatureAndHashAlgorithm, this.serverPublicKey);
        createVerifyer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
        createVerifyer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
        return createVerifyer;
    }

    @Override // org.spongycastle.crypto.tls.TlsECDHKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) {
        if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) {
        if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(tlsCredentials.getCertificate());
        this.serverCredentials = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) {
        SecurityParameters securityParameters = this.context.getSecurityParameters();
        s sVar = new s();
        TeeInputStream teeInputStream = new TeeInputStream(inputStream, sVar);
        ECDomainParameters readECParameters = TlsECCUtils.readECParameters(this.namedCurves, this.clientECPointFormats, teeInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(teeInputStream);
        DigitallySigned parse = DigitallySigned.parse(this.context, inputStream);
        Signer initVerifyer = initVerifyer(this.tlsSigner, parse.getAlgorithm(), securityParameters);
        sVar.a(initVerifyer);
        if (!initVerifyer.verifySignature(parse.getSignature())) {
            throw new TlsFatalAlert((short) 51);
        }
        this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(this.clientECPointFormats, readECParameters, readOpaque8));
    }

    @Override // org.spongycastle.crypto.tls.TlsECDHKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) {
        for (short s : certificateRequest.getCertificateTypes()) {
            switch (s) {
                case 1:
                case 2:
                case 64:
                default:
                    throw new TlsFatalAlert((short) 47);
            }
        }
    }
}
