package com.amazon.coral.internal.org.bouncycastle.crypto.tls;

import com.amazon.coral.internal.org.bouncycastle.asn1.x509.C$Certificate;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$CryptoException;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$Digest;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer;
import com.amazon.coral.internal.org.bouncycastle.crypto.agreement.srp.C$SRP6Client;
import com.amazon.coral.internal.org.bouncycastle.crypto.agreement.srp.C$SRP6Server;
import com.amazon.coral.internal.org.bouncycastle.crypto.agreement.srp.C$SRP6Util;
import com.amazon.coral.internal.org.bouncycastle.crypto.params.C$AsymmetricKeyParameter;
import com.amazon.coral.internal.org.bouncycastle.crypto.params.C$SRP6GroupParameters;
import com.amazon.coral.internal.org.bouncycastle.crypto.util.C$PublicKeyFactory;
import com.amazon.coral.internal.org.bouncycastle.util.C$Arrays;
import com.amazon.coral.internal.org.bouncycastle.util.C$BigIntegers;
import com.amazon.coral.internal.org.bouncycastle.util.io.C$TeeInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.crypto.tls.$TlsSRPKeyExchange, reason: invalid class name */
/* loaded from: classes3.dex */
public class C$TlsSRPKeyExchange extends C$AbstractTlsKeyExchange {
    protected C$TlsSRPGroupVerifier groupVerifier;
    protected byte[] identity;
    protected byte[] password;
    protected C$TlsSignerCredentials serverCredentials;
    protected C$AsymmetricKeyParameter serverPublicKey;
    protected C$SRP6Client srpClient;
    protected C$SRP6GroupParameters srpGroup;
    protected BigInteger srpPeerCredentials;
    protected byte[] srpSalt;
    protected C$SRP6Server srpServer;
    protected BigInteger srpVerifier;
    protected C$TlsSigner tlsSigner;

    public C$TlsSRPKeyExchange(int i, Vector vector, C$TlsSRPGroupVerifier c$TlsSRPGroupVerifier, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.serverPublicKey = null;
        this.srpGroup = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.tlsSigner = createSigner(i);
        this.groupVerifier = c$TlsSRPGroupVerifier;
        this.identity = bArr;
        this.password = bArr2;
        this.srpClient = new C$SRP6Client();
    }

    public C$TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, C$TlsSRPLoginParameters c$TlsSRPLoginParameters) {
        super(i, vector);
        this.serverPublicKey = null;
        this.srpGroup = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.tlsSigner = createSigner(i);
        this.identity = bArr;
        this.srpServer = new C$SRP6Server();
        this.srpGroup = c$TlsSRPLoginParameters.getGroup();
        this.srpVerifier = c$TlsSRPLoginParameters.getVerifier();
        this.srpSalt = c$TlsSRPLoginParameters.getSalt();
    }

    public C$TlsSRPKeyExchange(int i, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i, vector, new C$DefaultTlsSRPGroupVerifier(), bArr, bArr2);
    }

    protected static C$TlsSigner createSigner(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new C$TlsDSSSigner();
            case 23:
                return new C$TlsRSASigner();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        C$TlsSRPUtils.writeSRPParameter(this.srpClient.generateClientCredentials(this.srpSalt, this.identity, this.password), outputStream);
        this.context.getSecurityParameters().srpIdentity = C$Arrays.clone(this.identity);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public byte[] generatePremasterSecret() throws IOException {
        try {
            return C$BigIntegers.asUnsignedByteArray(this.srpServer != null ? this.srpServer.calculateSecret(this.srpPeerCredentials) : this.srpClient.calculateSecret(this.srpPeerCredentials));
        } catch (C$CryptoException e) {
            throw new C$TlsFatalAlert((short) 47, e);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        this.srpServer.init(this.srpGroup, this.srpVerifier, C$TlsUtils.createHash((short) 2), this.context.getSecureRandom());
        C$ServerSRPParams c$ServerSRPParams = new C$ServerSRPParams(this.srpGroup.getN(), this.srpGroup.getG(), this.srpSalt, this.srpServer.generateServerCredentials());
        C$DigestInputBuffer c$DigestInputBuffer = new C$DigestInputBuffer();
        c$ServerSRPParams.encode(c$DigestInputBuffer);
        if (this.serverCredentials != null) {
            C$SignatureAndHashAlgorithm signatureAndHashAlgorithm = C$TlsUtils.getSignatureAndHashAlgorithm(this.context, this.serverCredentials);
            C$Digest createHash = C$TlsUtils.createHash(signatureAndHashAlgorithm);
            C$SecurityParameters securityParameters = this.context.getSecurityParameters();
            createHash.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
            createHash.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
            c$DigestInputBuffer.updateDigest(createHash);
            byte[] bArr = new byte[createHash.getDigestSize()];
            createHash.doFinal(bArr, 0);
            new C$DigitallySigned(signatureAndHashAlgorithm, this.serverCredentials.generateCertificateSignature(bArr)).encode(c$DigestInputBuffer);
        }
        return c$DigestInputBuffer.toByteArray();
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void init(C$TlsContext c$TlsContext) {
        super.init(c$TlsContext);
        if (this.tlsSigner != null) {
            this.tlsSigner.init(c$TlsContext);
        }
    }

    protected C$Signer initVerifyer(C$TlsSigner c$TlsSigner, C$SignatureAndHashAlgorithm c$SignatureAndHashAlgorithm, C$SecurityParameters c$SecurityParameters) {
        C$Signer createVerifyer = c$TlsSigner.createVerifyer(c$SignatureAndHashAlgorithm, this.serverPublicKey);
        createVerifyer.update(c$SecurityParameters.clientRandom, 0, c$SecurityParameters.clientRandom.length);
        createVerifyer.update(c$SecurityParameters.serverRandom, 0, c$SecurityParameters.serverRandom.length);
        return createVerifyer;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processClientCredentials(C$TlsCredentials c$TlsCredentials) throws IOException {
        throw new C$TlsFatalAlert((short) 80);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        try {
            this.srpPeerCredentials = C$SRP6Util.validatePublicValue(this.srpGroup.getN(), C$TlsSRPUtils.readSRPParameter(inputStream));
            this.context.getSecurityParameters().srpIdentity = C$Arrays.clone(this.identity);
        } catch (C$CryptoException e) {
            throw new C$TlsFatalAlert((short) 47, e);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processServerCertificate(C$Certificate c$Certificate) throws IOException {
        if (this.tlsSigner == null) {
            throw new C$TlsFatalAlert((short) 10);
        }
        if (c$Certificate.isEmpty()) {
            throw new C$TlsFatalAlert((short) 42);
        }
        C$Certificate certificateAt = c$Certificate.getCertificateAt(0);
        try {
            this.serverPublicKey = C$PublicKeyFactory.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (!this.tlsSigner.isValidPublicKey(this.serverPublicKey)) {
                throw new C$TlsFatalAlert((short) 46);
            }
            C$TlsUtils.validateKeyUsage(certificateAt, 128);
            super.processServerCertificate(c$Certificate);
        } catch (RuntimeException e) {
            throw new C$TlsFatalAlert((short) 43, e);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processServerCredentials(C$TlsCredentials c$TlsCredentials) throws IOException {
        if (this.keyExchange == 21 || !(c$TlsCredentials instanceof C$TlsSignerCredentials)) {
            throw new C$TlsFatalAlert((short) 80);
        }
        processServerCertificate(c$TlsCredentials.getCertificate());
        this.serverCredentials = (C$TlsSignerCredentials) c$TlsCredentials;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        C$SignerInputBuffer c$SignerInputBuffer;
        InputStream inputStream2;
        C$SecurityParameters securityParameters = this.context.getSecurityParameters();
        if (this.tlsSigner != null) {
            c$SignerInputBuffer = new C$SignerInputBuffer();
            inputStream2 = new C$TeeInputStream(inputStream, c$SignerInputBuffer);
        } else {
            c$SignerInputBuffer = null;
            inputStream2 = inputStream;
        }
        C$ServerSRPParams parse = C$ServerSRPParams.parse(inputStream2);
        if (c$SignerInputBuffer != null) {
            C$DigitallySigned parseSignature = parseSignature(inputStream);
            C$Signer initVerifyer = initVerifyer(this.tlsSigner, parseSignature.getAlgorithm(), securityParameters);
            c$SignerInputBuffer.updateSigner(initVerifyer);
            if (!initVerifyer.verifySignature(parseSignature.getSignature())) {
                throw new C$TlsFatalAlert((short) 51);
            }
        }
        this.srpGroup = new C$SRP6GroupParameters(parse.getN(), parse.getG());
        if (!this.groupVerifier.accept(this.srpGroup)) {
            throw new C$TlsFatalAlert((short) 71);
        }
        this.srpSalt = parse.getS();
        try {
            this.srpPeerCredentials = C$SRP6Util.validatePublicValue(this.srpGroup.getN(), parse.getB());
            this.srpClient.init(this.srpGroup, C$TlsUtils.createHash((short) 2), this.context.getSecureRandom());
        } catch (C$CryptoException e) {
            throw new C$TlsFatalAlert((short) 47, e);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        if (this.tlsSigner != null) {
            throw new C$TlsFatalAlert((short) 10);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void validateCertificateRequest(C$CertificateRequest c$CertificateRequest) throws IOException {
        throw new C$TlsFatalAlert((short) 10);
    }
}
