package org.b.b.r;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;

/* loaded from: classes.dex */
public class ej extends g {
    protected eh groupVerifier;
    protected byte[] identity;
    protected byte[] password;
    protected eu serverCredentials;
    protected org.b.b.n.b serverPublicKey;
    protected org.b.b.a.c.a srpClient;
    protected org.b.b.n.bn srpGroup;
    protected BigInteger srpPeerCredentials;
    protected byte[] srpSalt;
    protected org.b.b.a.c.b srpServer;
    protected BigInteger srpVerifier;
    protected et tlsSigner;

    public ej(int i, Vector vector, eh ehVar, byte[] bArr, byte[] bArr2) {
        super(i, vector);
        this.serverPublicKey = null;
        this.srpGroup = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.tlsSigner = createSigner(i);
        this.groupVerifier = ehVar;
        this.identity = bArr;
        this.password = bArr2;
        this.srpClient = new org.b.b.a.c.a();
    }

    public ej(int i, Vector vector, byte[] bArr, ek ekVar) {
        super(i, vector);
        this.serverPublicKey = null;
        this.srpGroup = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.tlsSigner = createSigner(i);
        this.identity = bArr;
        this.srpServer = new org.b.b.a.c.b();
        this.srpGroup = ekVar.getGroup();
        this.srpVerifier = ekVar.getVerifier();
        this.srpSalt = ekVar.getSalt();
    }

    public ej(int i, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i, vector, new ax(), bArr, bArr2);
    }

    protected static et createSigner(int i) {
        switch (i) {
            case 21:
                return null;
            case 22:
                return new dk();
            case 23:
                return new ef();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.b.b.r.du
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        el.writeSRPParameter(this.srpClient.generateClientCredentials(this.srpSalt, this.identity, this.password), outputStream);
        this.context.getSecurityParameters().srpIdentity = org.b.h.a.clone(this.identity);
    }

    @Override // org.b.b.r.du
    public byte[] generatePremasterSecret() throws IOException {
        try {
            return org.b.h.b.asUnsignedByteArray(this.srpServer != null ? this.srpServer.calculateSecret(this.srpPeerCredentials) : this.srpClient.calculateSecret(this.srpPeerCredentials));
        } catch (org.b.b.l e) {
            throw new dr((short) 47, e);
        }
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public byte[] generateServerKeyExchange() throws IOException {
        this.srpServer.init(this.srpGroup, this.srpVerifier, ew.createHash((short) 2), this.context.getSecureRandom());
        cl clVar = new cl(this.srpGroup.getN(), this.srpGroup.getG(), this.srpSalt, this.srpServer.generateServerCredentials());
        bb bbVar = new bb();
        clVar.encode(bbVar);
        if (this.serverCredentials != null) {
            co signatureAndHashAlgorithm = ew.getSignatureAndHashAlgorithm(this.context, this.serverCredentials);
            org.b.b.q createHash = ew.createHash(signatureAndHashAlgorithm);
            cg securityParameters = this.context.getSecurityParameters();
            createHash.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
            createHash.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
            bbVar.updateDigest(createHash);
            byte[] bArr = new byte[createHash.getDigestSize()];
            createHash.doFinal(bArr, 0);
            new bc(signatureAndHashAlgorithm, this.serverCredentials.generateCertificateSignature(bArr)).encode(bbVar);
        }
        return bbVar.toByteArray();
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void init(de deVar) {
        super.init(deVar);
        if (this.tlsSigner != null) {
            this.tlsSigner.init(deVar);
        }
    }

    protected org.b.b.af initVerifyer(et etVar, co coVar, cg cgVar) {
        org.b.b.af createVerifyer = etVar.createVerifyer(coVar, this.serverPublicKey);
        createVerifyer.update(cgVar.clientRandom, 0, cgVar.clientRandom.length);
        createVerifyer.update(cgVar.serverRandom, 0, cgVar.serverRandom.length);
        return createVerifyer;
    }

    @Override // org.b.b.r.du
    public void processClientCredentials(df dfVar) throws IOException {
        throw new dr((short) 80);
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        try {
            this.srpPeerCredentials = org.b.b.a.c.d.validatePublicValue(this.srpGroup.getN(), el.readSRPParameter(inputStream));
            this.context.getSecurityParameters().srpIdentity = org.b.h.a.clone(this.identity);
        } catch (org.b.b.l e) {
            throw new dr((short) 47, e);
        }
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void processServerCertificate(r rVar) throws IOException {
        if (this.tlsSigner == null) {
            throw new dr((short) 10);
        }
        if (rVar.isEmpty()) {
            throw new dr((short) 42);
        }
        org.b.a.ae.o certificateAt = rVar.getCertificateAt(0);
        try {
            this.serverPublicKey = org.b.b.s.d.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (!this.tlsSigner.isValidPublicKey(this.serverPublicKey)) {
                throw new dr((short) 46);
            }
            ew.validateKeyUsage(certificateAt, 128);
            super.processServerCertificate(rVar);
        } catch (RuntimeException e) {
            throw new dr((short) 43, e);
        }
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void processServerCredentials(df dfVar) throws IOException {
        if (this.keyExchange == 21 || !(dfVar instanceof eu)) {
            throw new dr((short) 80);
        }
        processServerCertificate(dfVar.getCertificate());
        this.serverCredentials = (eu) dfVar;
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        cp cpVar;
        InputStream inputStream2;
        cg securityParameters = this.context.getSecurityParameters();
        if (this.tlsSigner != null) {
            cpVar = new cp();
            inputStream2 = new org.b.h.b.d(inputStream, cpVar);
        } else {
            cpVar = null;
            inputStream2 = inputStream;
        }
        cl parse = cl.parse(inputStream2);
        if (cpVar != null) {
            bc parse2 = bc.parse(this.context, inputStream);
            org.b.b.af initVerifyer = initVerifyer(this.tlsSigner, parse2.getAlgorithm(), securityParameters);
            cpVar.updateSigner(initVerifyer);
            if (!initVerifyer.verifySignature(parse2.getSignature())) {
                throw new dr((short) 51);
            }
        }
        this.srpGroup = new org.b.b.n.bn(parse.getN(), parse.getG());
        if (!this.groupVerifier.accept(this.srpGroup)) {
            throw new dr((short) 71);
        }
        this.srpSalt = parse.getS();
        try {
            this.srpPeerCredentials = org.b.b.a.c.d.validatePublicValue(this.srpGroup.getN(), parse.getB());
            this.srpClient.init(this.srpGroup, ew.createHash((short) 2), this.context.getSecureRandom());
        } catch (org.b.b.l e) {
            throw new dr((short) 47, e);
        }
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // org.b.b.r.du
    public void skipServerCredentials() throws IOException {
        if (this.tlsSigner != null) {
            throw new dr((short) 10);
        }
    }

    @Override // org.b.b.r.du
    public void validateCertificateRequest(s sVar) throws IOException {
        throw new dr((short) 10);
    }
}
