package org.bouncycastle.tls;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsSRP6Client;
import org.bouncycastle.tls.crypto.TlsSRP6Server;
import org.bouncycastle.tls.crypto.TlsSRPConfig;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.BigIntegers;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: classes4.dex */
public class TlsSRPKeyExchange extends AbstractTlsKeyExchange {
    public TlsCertificate serverCertificate;
    public TlsCredentialedSigner serverCredentials;
    public TlsSRP6Client srpClient;
    public TlsSRPConfigVerifier srpConfigVerifier;
    public TlsSRPIdentity srpIdentity;
    public TlsSRPLoginParameters srpLoginParameters;
    public BigInteger srpPeerCredentials;
    public byte[] srpSalt;
    public TlsSRP6Server srpServer;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public TlsSRPKeyExchange(int i, TlsSRPIdentity tlsSRPIdentity, TlsSRPConfigVerifier tlsSRPConfigVerifier) {
        super(i);
        switch (i) {
            case 21:
            case 22:
            case 23:
                this.serverCertificate = null;
                this.srpSalt = null;
                this.srpClient = null;
                this.serverCredentials = null;
                this.srpServer = null;
                this.srpPeerCredentials = null;
                this.srpIdentity = tlsSRPIdentity;
                this.srpConfigVerifier = tlsSRPConfigVerifier;
                return;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public TlsSRPKeyExchange(int i, TlsSRPLoginParameters tlsSRPLoginParameters) {
        super(i);
        switch (i) {
            case 21:
            case 22:
            case 23:
                this.serverCertificate = null;
                this.srpSalt = null;
                this.srpClient = null;
                this.serverCredentials = null;
                this.srpServer = null;
                this.srpPeerCredentials = null;
                this.srpLoginParameters = tlsSRPLoginParameters;
                return;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public final void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        this.srpIdentity.getSRPIdentity();
        this.srpIdentity.getSRPPassword();
        BigInteger generateClientCredentials = this.srpClient.generateClientCredentials(this.srpSalt, null, null);
        Integer num = TlsSRPUtils.EXT_SRP;
        TlsUtils.writeOpaque16((ByteArrayOutputStream) outputStream, BigIntegers.asUnsignedByteArray(generateClientCredentials));
        this.context.getSecurityParametersHandshake().srpIdentity = Arrays.clone((byte[]) null);
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public final TlsSecret generatePreMasterSecret() throws IOException {
        TlsSRP6Server tlsSRP6Server = this.srpServer;
        return this.context.getCrypto().createSecret(BigIntegers.asUnsignedByteArray(tlsSRP6Server != null ? tlsSRP6Server.calculateSecret(this.srpPeerCredentials) : this.srpClient.calculateSecret(this.srpPeerCredentials)));
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public final byte[] generateServerKeyExchange() throws IOException {
        this.srpLoginParameters.getClass();
        TlsCrypto crypto = this.context.getCrypto();
        this.srpLoginParameters.getClass();
        TlsSRP6Server createSRP6Server = crypto.createSRP6Server(null, null);
        this.srpServer = createSRP6Server;
        createSRP6Server.generateServerCredentials();
        throw null;
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public final void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public final void processClientKeyExchange(InputStream inputStream) throws IOException {
        this.srpLoginParameters.getClass();
        throw null;
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public final void processServerCertificate(Certificate certificate) throws IOException {
        if (this.keyExchange == 21) {
            throw new TlsFatalAlert((short) 80);
        }
        this.serverCertificate = certificate.getCertificateAt(0);
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public final void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (this.keyExchange == 21) {
            throw new TlsFatalAlert((short) 80);
        }
        this.serverCredentials = TlsUtils.requireSignerCredentials(tlsCredentials);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public final void processServerKeyExchange(InputStream inputStream) throws IOException {
        DigestInputBuffer digestInputBuffer;
        InputStream inputStream2;
        if (this.keyExchange != 21) {
            digestInputBuffer = new DigestInputBuffer();
            inputStream2 = new TeeInputStream(inputStream, digestInputBuffer);
        } else {
            digestInputBuffer = null;
            inputStream2 = inputStream;
        }
        Integer num = TlsSRPUtils.EXT_SRP;
        ServerSRPParams serverSRPParams = new ServerSRPParams(new BigInteger(1, TlsUtils.readOpaque16(inputStream2)), new BigInteger(1, TlsUtils.readOpaque16(inputStream2)), TlsUtils.readOpaque8(inputStream2, 1), new BigInteger(1, TlsUtils.readOpaque16(inputStream2)));
        if (digestInputBuffer != null) {
            TlsUtils.verifyServerKeyExchangeSignature(this.context, inputStream, this.serverCertificate, digestInputBuffer);
        }
        TlsSRPConfig tlsSRPConfig = new TlsSRPConfig();
        tlsSRPConfig.explicitNG = (BigInteger[]) new BigInteger[]{serverSRPParams.N, serverSRPParams.g}.clone();
        if (!this.srpConfigVerifier.accept(tlsSRPConfig)) {
            throw new TlsFatalAlert((short) 71);
        }
        this.srpSalt = serverSRPParams.s;
        BigInteger mod = serverSRPParams.B.mod(serverSRPParams.N);
        if (mod.equals(BigInteger.ZERO)) {
            throw new TlsFatalAlert((short) 47);
        }
        this.srpPeerCredentials = mod;
        this.srpClient = this.context.getCrypto().createSRP6Client(tlsSRPConfig);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange
    public final boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public final void skipServerCredentials() throws IOException {
        if (this.keyExchange != 21) {
            throw new TlsFatalAlert((short) 80);
        }
    }
}
