package org.b.b.r;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;

/* loaded from: classes.dex */
public class eb extends g {
    protected short[] clientECPointFormats;
    protected org.b.b.n.n dhAgreePrivateKey;
    protected org.b.b.n.o dhAgreePublicKey;
    protected org.b.b.n.m dhParameters;
    protected org.b.b.n.ab ecAgreePrivateKey;
    protected org.b.b.n.ac ecAgreePublicKey;
    protected int[] namedCurves;
    protected byte[] premasterSecret;
    protected byte[] psk;
    protected dz pskIdentity;
    protected ea pskIdentityManager;
    protected byte[] psk_identity_hint;
    protected org.b.b.n.bl rsaServerPublicKey;
    protected dp serverCredentials;
    protected short[] serverECPointFormats;
    protected org.b.b.n.b serverPublicKey;

    public eb(int i, Vector vector, dz dzVar, ea eaVar, org.b.b.n.m mVar, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector);
        this.psk_identity_hint = null;
        this.psk = null;
        this.dhAgreePrivateKey = null;
        this.dhAgreePublicKey = null;
        this.ecAgreePrivateKey = null;
        this.ecAgreePublicKey = null;
        this.serverPublicKey = null;
        this.rsaServerPublicKey = null;
        this.serverCredentials = null;
        switch (i) {
            case 13:
            case 14:
            case 15:
            case 24:
                this.pskIdentity = dzVar;
                this.pskIdentityManager = eaVar;
                this.dhParameters = mVar;
                this.namedCurves = iArr;
                this.clientECPointFormats = sArr;
                this.serverECPointFormats = sArr2;
                return;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.b.b.r.du
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        if (this.psk_identity_hint == null) {
            this.pskIdentity.skipIdentityHint();
        } else {
            this.pskIdentity.notifyIdentityHint(this.psk_identity_hint);
        }
        byte[] pSKIdentity = this.pskIdentity.getPSKIdentity();
        if (pSKIdentity == null) {
            throw new dr((short) 80);
        }
        this.psk = this.pskIdentity.getPSK();
        if (this.psk == null) {
            throw new dr((short) 80);
        }
        ew.writeOpaque16(pSKIdentity, outputStream);
        this.context.getSecurityParameters().pskIdentity = org.b.h.a.clone(pSKIdentity);
        if (this.keyExchange == 14) {
            this.dhAgreePrivateKey = di.generateEphemeralClientKeyExchange(this.context.getSecureRandom(), this.dhParameters, outputStream);
        } else if (this.keyExchange == 24) {
            this.ecAgreePrivateKey = dl.generateEphemeralClientKeyExchange(this.context.getSecureRandom(), this.serverECPointFormats, this.ecAgreePublicKey.getParameters(), outputStream);
        } else if (this.keyExchange == 15) {
            this.premasterSecret = eg.generateEncryptedPreMasterSecret(this.context, this.rsaServerPublicKey, outputStream);
        }
    }

    protected byte[] generateOtherSecret(int i) throws IOException {
        if (this.keyExchange == 14) {
            if (this.dhAgreePrivateKey != null) {
                return di.calculateDHBasicAgreement(this.dhAgreePublicKey, this.dhAgreePrivateKey);
            }
            throw new dr((short) 80);
        }
        if (this.keyExchange != 24) {
            return this.keyExchange == 15 ? this.premasterSecret : new byte[i];
        }
        if (this.ecAgreePrivateKey != null) {
            return dl.calculateECDHBasicAgreement(this.ecAgreePublicKey, this.ecAgreePrivateKey);
        }
        throw new dr((short) 80);
    }

    @Override // org.b.b.r.du
    public byte[] generatePremasterSecret() throws IOException {
        byte[] generateOtherSecret = generateOtherSecret(this.psk.length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(generateOtherSecret.length + 4 + this.psk.length);
        ew.writeOpaque16(generateOtherSecret, byteArrayOutputStream);
        ew.writeOpaque16(this.psk, byteArrayOutputStream);
        org.b.h.a.fill(this.psk, (byte) 0);
        this.psk = null;
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public byte[] generateServerKeyExchange() throws IOException {
        this.psk_identity_hint = this.pskIdentityManager.getHint();
        if (this.psk_identity_hint == null && !requiresServerKeyExchange()) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (this.psk_identity_hint == null) {
            ew.writeOpaque16(ew.EMPTY_BYTES, byteArrayOutputStream);
        } else {
            ew.writeOpaque16(this.psk_identity_hint, byteArrayOutputStream);
        }
        if (this.keyExchange == 14) {
            if (this.dhParameters == null) {
                throw new dr((short) 80);
            }
            this.dhAgreePrivateKey = di.generateEphemeralServerKeyExchange(this.context.getSecureRandom(), this.dhParameters, byteArrayOutputStream);
        } else if (this.keyExchange == 24) {
            this.ecAgreePrivateKey = dl.generateEphemeralServerKeyExchange(this.context.getSecureRandom(), this.namedCurves, this.clientECPointFormats, byteArrayOutputStream);
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.b.b.r.du
    public void processClientCredentials(df dfVar) throws IOException {
        throw new dr((short) 80);
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        byte[] readOpaque16 = ew.readOpaque16(inputStream);
        this.psk = this.pskIdentityManager.getPSK(readOpaque16);
        if (this.psk == null) {
            throw new dr(l.unknown_psk_identity);
        }
        this.context.getSecurityParameters().pskIdentity = readOpaque16;
        if (this.keyExchange == 14) {
            this.dhAgreePublicKey = di.validateDHPublicKey(new org.b.b.n.o(di.readDHParameter(inputStream), this.dhParameters));
            return;
        }
        if (this.keyExchange == 24) {
            this.ecAgreePublicKey = dl.validateECPublicKey(dl.deserializeECPublicKey(this.serverECPointFormats, this.ecAgreePrivateKey.getParameters(), ew.readOpaque8(inputStream)));
        } else if (this.keyExchange == 15) {
            this.premasterSecret = this.serverCredentials.decryptPreMasterSecret(ew.isSSL(this.context) ? org.b.h.b.c.readAll(inputStream) : ew.readOpaque16(inputStream));
        }
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void processServerCertificate(r rVar) throws IOException {
        if (this.keyExchange != 15) {
            throw new dr((short) 10);
        }
        if (rVar.isEmpty()) {
            throw new dr((short) 42);
        }
        org.b.a.ae.o certificateAt = rVar.getCertificateAt(0);
        try {
            this.serverPublicKey = org.b.b.s.d.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (this.serverPublicKey.isPrivate()) {
                throw new dr((short) 80);
            }
            this.rsaServerPublicKey = validateRSAPublicKey((org.b.b.n.bl) this.serverPublicKey);
            ew.validateKeyUsage(certificateAt, 32);
            super.processServerCertificate(rVar);
        } catch (RuntimeException e) {
            throw new dr((short) 43, e);
        }
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void processServerCredentials(df dfVar) throws IOException {
        if (!(dfVar instanceof dp)) {
            throw new dr((short) 80);
        }
        processServerCertificate(dfVar.getCertificate());
        this.serverCredentials = (dp) dfVar;
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        this.psk_identity_hint = ew.readOpaque16(inputStream);
        if (this.keyExchange == 14) {
            this.dhAgreePublicKey = di.validateDHPublicKey(ch.parse(inputStream).getPublicKey());
            this.dhParameters = this.dhAgreePublicKey.getParameters();
        } else if (this.keyExchange == 24) {
            this.ecAgreePublicKey = dl.validateECPublicKey(dl.deserializeECPublicKey(this.clientECPointFormats, dl.readECParameters(this.namedCurves, this.clientECPointFormats, inputStream), ew.readOpaque8(inputStream)));
        }
    }

    @Override // org.b.b.r.g, org.b.b.r.du
    public boolean requiresServerKeyExchange() {
        switch (this.keyExchange) {
            case 14:
            case 24:
                return true;
            default:
                return false;
        }
    }

    @Override // org.b.b.r.du
    public void skipServerCredentials() throws IOException {
        if (this.keyExchange == 15) {
            throw new dr((short) 10);
        }
    }

    @Override // org.b.b.r.du
    public void validateCertificateRequest(s sVar) throws IOException {
        throw new dr((short) 10);
    }

    protected org.b.b.n.bl validateRSAPublicKey(org.b.b.n.bl blVar) throws IOException {
        if (blVar.getExponent().isProbablePrime(2)) {
            return blVar;
        }
        throw new dr((short) 47);
    }
}
