package m.c.c.f1;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;

/* loaded from: classes2.dex */
public class l4 extends g {
    protected j4 groupVerifier;
    protected byte[] identity;
    protected byte[] password;
    protected w4 serverCredentials;
    protected m.c.c.b1.b serverPublicKey;
    protected m.c.c.o0.i.a srpClient;
    protected m.c.c.b1.n1 srpGroup;
    protected BigInteger srpPeerCredentials;
    protected byte[] srpSalt;
    protected m.c.c.o0.i.b srpServer;
    protected BigInteger srpVerifier;
    protected v4 tlsSigner;

    public l4(int i2, Vector vector, j4 j4Var, byte[] bArr, byte[] bArr2) {
        super(i2, vector);
        this.serverPublicKey = null;
        this.srpGroup = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.tlsSigner = createSigner(i2);
        this.groupVerifier = j4Var;
        this.identity = bArr;
        this.password = bArr2;
        this.srpClient = new m.c.c.o0.i.a();
    }

    public l4(int i2, Vector vector, byte[] bArr, m4 m4Var) {
        super(i2, vector);
        this.serverPublicKey = null;
        this.srpGroup = null;
        this.srpClient = null;
        this.srpServer = null;
        this.srpPeerCredentials = null;
        this.srpVerifier = null;
        this.srpSalt = null;
        this.serverCredentials = null;
        this.tlsSigner = createSigner(i2);
        this.identity = bArr;
        this.srpServer = new m.c.c.o0.i.b();
        this.srpGroup = m4Var.getGroup();
        this.srpVerifier = m4Var.getVerifier();
        this.srpSalt = m4Var.getSalt();
    }

    public l4(int i2, Vector vector, byte[] bArr, byte[] bArr2) {
        this(i2, vector, new z0(), bArr, bArr2);
    }

    protected static v4 createSigner(int i2) {
        switch (i2) {
            case 21:
                return null;
            case 22:
                return new m3();
            case 23:
                return new h4();
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    @Override // m.c.c.f1.w3
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        n4.writeSRPParameter(this.srpClient.generateClientCredentials(this.srpSalt, this.identity, this.password), outputStream);
        this.context.getSecurityParameters().srpIdentity = m.c.j.a.clone(this.identity);
    }

    @Override // m.c.c.f1.w3
    public byte[] generatePremasterSecret() throws IOException {
        try {
            return m.c.j.b.asUnsignedByteArray(this.srpServer != null ? this.srpServer.calculateSecret(this.srpPeerCredentials) : this.srpClient.calculateSecret(this.srpPeerCredentials));
        } catch (m.c.c.m e2) {
            throw new t3((short) 47, e2);
        }
    }

    @Override // m.c.c.f1.g, m.c.c.f1.w3
    public byte[] generateServerKeyExchange() throws IOException {
        this.srpServer.init(this.srpGroup, this.srpVerifier, y4.createHash((short) 2), this.context.getSecureRandom());
        n2 n2Var = new n2(this.srpGroup.getN(), this.srpGroup.getG(), this.srpSalt, this.srpServer.generateServerCredentials());
        d1 d1Var = new d1();
        n2Var.encode(d1Var);
        w4 w4Var = this.serverCredentials;
        if (w4Var != null) {
            q2 signatureAndHashAlgorithm = y4.getSignatureAndHashAlgorithm(this.context, w4Var);
            m.c.c.r createHash = y4.createHash(signatureAndHashAlgorithm);
            i2 securityParameters = this.context.getSecurityParameters();
            byte[] bArr = securityParameters.clientRandom;
            createHash.update(bArr, 0, bArr.length);
            byte[] bArr2 = securityParameters.serverRandom;
            createHash.update(bArr2, 0, bArr2.length);
            d1Var.updateDigest(createHash);
            byte[] bArr3 = new byte[createHash.getDigestSize()];
            createHash.doFinal(bArr3, 0);
            new e1(signatureAndHashAlgorithm, this.serverCredentials.generateCertificateSignature(bArr3)).encode(d1Var);
        }
        return d1Var.toByteArray();
    }

    @Override // m.c.c.f1.g, m.c.c.f1.w3
    public void init(g3 g3Var) {
        super.init(g3Var);
        v4 v4Var = this.tlsSigner;
        if (v4Var != null) {
            v4Var.init(g3Var);
        }
    }

    protected m.c.c.g0 initVerifyer(v4 v4Var, q2 q2Var, i2 i2Var) {
        m.c.c.g0 createVerifyer = v4Var.createVerifyer(q2Var, this.serverPublicKey);
        byte[] bArr = i2Var.clientRandom;
        createVerifyer.update(bArr, 0, bArr.length);
        byte[] bArr2 = i2Var.serverRandom;
        createVerifyer.update(bArr2, 0, bArr2.length);
        return createVerifyer;
    }

    @Override // m.c.c.f1.w3
    public void processClientCredentials(h3 h3Var) throws IOException {
        throw new t3((short) 80);
    }

    @Override // m.c.c.f1.g, m.c.c.f1.w3
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        try {
            this.srpPeerCredentials = m.c.c.o0.i.d.validatePublicValue(this.srpGroup.getN(), n4.readSRPParameter(inputStream));
            this.context.getSecurityParameters().srpIdentity = m.c.j.a.clone(this.identity);
        } catch (m.c.c.m e2) {
            throw new t3((short) 47, e2);
        }
    }

    @Override // m.c.c.f1.g, m.c.c.f1.w3
    public void processServerCertificate(t tVar) throws IOException {
        if (this.tlsSigner == null) {
            throw new t3((short) 10);
        }
        if (tVar.isEmpty()) {
            throw new t3((short) 42);
        }
        m.c.b.b4.o certificateAt = tVar.getCertificateAt(0);
        try {
            m.c.c.b1.b createKey = m.c.c.g1.g.createKey(certificateAt.getSubjectPublicKeyInfo());
            this.serverPublicKey = createKey;
            if (!this.tlsSigner.isValidPublicKey(createKey)) {
                throw new t3((short) 46);
            }
            y4.validateKeyUsage(certificateAt, 128);
            super.processServerCertificate(tVar);
        } catch (RuntimeException e2) {
            throw new t3((short) 43, e2);
        }
    }

    @Override // m.c.c.f1.g, m.c.c.f1.w3
    public void processServerCredentials(h3 h3Var) throws IOException {
        if (this.keyExchange == 21 || !(h3Var instanceof w4)) {
            throw new t3((short) 80);
        }
        processServerCertificate(h3Var.getCertificate());
        this.serverCredentials = (w4) h3Var;
    }

    @Override // m.c.c.f1.g, m.c.c.f1.w3
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        r2 r2Var;
        InputStream inputStream2;
        i2 securityParameters = this.context.getSecurityParameters();
        if (this.tlsSigner != null) {
            r2Var = new r2();
            inputStream2 = new m.c.j.v.d(inputStream, r2Var);
        } else {
            r2Var = null;
            inputStream2 = inputStream;
        }
        n2 parse = n2.parse(inputStream2);
        if (r2Var != null) {
            e1 parseSignature = parseSignature(inputStream);
            m.c.c.g0 initVerifyer = initVerifyer(this.tlsSigner, parseSignature.getAlgorithm(), securityParameters);
            r2Var.updateSigner(initVerifyer);
            if (!initVerifyer.verifySignature(parseSignature.getSignature())) {
                throw new t3((short) 51);
            }
        }
        m.c.c.b1.n1 n1Var = new m.c.c.b1.n1(parse.getN(), parse.getG());
        this.srpGroup = n1Var;
        if (!this.groupVerifier.accept(n1Var)) {
            throw new t3((short) 71);
        }
        this.srpSalt = parse.getS();
        try {
            this.srpPeerCredentials = m.c.c.o0.i.d.validatePublicValue(this.srpGroup.getN(), parse.getB());
            this.srpClient.init(this.srpGroup, y4.createHash((short) 2), this.context.getSecureRandom());
        } catch (m.c.c.m e2) {
            throw new t3((short) 47, e2);
        }
    }

    @Override // m.c.c.f1.g, m.c.c.f1.w3
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // m.c.c.f1.w3
    public void skipServerCredentials() throws IOException {
        if (this.tlsSigner != null) {
            throw new t3((short) 10);
        }
    }

    @Override // m.c.c.f1.w3
    public void validateCertificateRequest(u uVar) throws IOException {
        throw new t3((short) 10);
    }
}
