package com.amazon.coral.internal.org.bouncycastle.crypto.tls;

import com.amazon.coral.internal.org.bouncycastle.crypto.C$Digest;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer;
import com.amazon.coral.internal.org.bouncycastle.crypto.params.C$ECDomainParameters;
import com.amazon.coral.internal.org.bouncycastle.util.io.C$TeeInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Vector;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.crypto.tls.$TlsECDHEKeyExchange, reason: invalid class name */
/* loaded from: classes3.dex */
public class C$TlsECDHEKeyExchange extends C$TlsECDHKeyExchange {
    protected C$TlsSignerCredentials serverCredentials;

    public C$TlsECDHEKeyExchange(int i, Vector vector, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector, iArr, sArr, sArr2);
        this.serverCredentials = null;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        C$DigestInputBuffer c$DigestInputBuffer = new C$DigestInputBuffer();
        this.ecAgreePrivateKey = C$TlsECCUtils.generateEphemeralServerKeyExchange(this.context.getSecureRandom(), this.namedCurves, this.clientECPointFormats, c$DigestInputBuffer);
        C$SignatureAndHashAlgorithm signatureAndHashAlgorithm = C$TlsUtils.getSignatureAndHashAlgorithm(this.context, this.serverCredentials);
        C$Digest createHash = C$TlsUtils.createHash(signatureAndHashAlgorithm);
        C$SecurityParameters securityParameters = this.context.getSecurityParameters();
        createHash.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
        createHash.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
        c$DigestInputBuffer.updateDigest(createHash);
        byte[] bArr = new byte[createHash.getDigestSize()];
        createHash.doFinal(bArr, 0);
        new C$DigitallySigned(signatureAndHashAlgorithm, this.serverCredentials.generateCertificateSignature(bArr)).encode(c$DigestInputBuffer);
        return c$DigestInputBuffer.toByteArray();
    }

    protected C$Signer initVerifyer(C$TlsSigner c$TlsSigner, C$SignatureAndHashAlgorithm c$SignatureAndHashAlgorithm, C$SecurityParameters c$SecurityParameters) {
        C$Signer createVerifyer = c$TlsSigner.createVerifyer(c$SignatureAndHashAlgorithm, this.serverPublicKey);
        createVerifyer.update(c$SecurityParameters.clientRandom, 0, c$SecurityParameters.clientRandom.length);
        createVerifyer.update(c$SecurityParameters.serverRandom, 0, c$SecurityParameters.serverRandom.length);
        return createVerifyer;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsECDHKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processClientCredentials(C$TlsCredentials c$TlsCredentials) throws IOException {
        if (!(c$TlsCredentials instanceof C$TlsSignerCredentials)) {
            throw new C$TlsFatalAlert((short) 80);
        }
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processServerCredentials(C$TlsCredentials c$TlsCredentials) throws IOException {
        if (!(c$TlsCredentials instanceof C$TlsSignerCredentials)) {
            throw new C$TlsFatalAlert((short) 80);
        }
        processServerCertificate(c$TlsCredentials.getCertificate());
        this.serverCredentials = (C$TlsSignerCredentials) c$TlsCredentials;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$AbstractTlsKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        C$SecurityParameters securityParameters = this.context.getSecurityParameters();
        C$SignerInputBuffer c$SignerInputBuffer = new C$SignerInputBuffer();
        C$TeeInputStream c$TeeInputStream = new C$TeeInputStream(inputStream, c$SignerInputBuffer);
        C$ECDomainParameters readECParameters = C$TlsECCUtils.readECParameters(this.namedCurves, this.clientECPointFormats, c$TeeInputStream);
        byte[] readOpaque8 = C$TlsUtils.readOpaque8(c$TeeInputStream);
        C$DigitallySigned parseSignature = parseSignature(inputStream);
        C$Signer initVerifyer = initVerifyer(this.tlsSigner, parseSignature.getAlgorithm(), securityParameters);
        c$SignerInputBuffer.updateSigner(initVerifyer);
        if (!initVerifyer.verifySignature(parseSignature.getSignature())) {
            throw new C$TlsFatalAlert((short) 51);
        }
        this.ecAgreePublicKey = C$TlsECCUtils.validateECPublicKey(C$TlsECCUtils.deserializeECPublicKey(this.clientECPointFormats, readECParameters, readOpaque8));
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsECDHKeyExchange, com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsKeyExchange
    public void validateCertificateRequest(C$CertificateRequest c$CertificateRequest) throws IOException {
        for (short s : c$CertificateRequest.getCertificateTypes()) {
            switch (s) {
                case 1:
                case 2:
                case 64:
                default:
                    throw new C$TlsFatalAlert((short) 47);
            }
        }
    }
}
