package org.bouncycastle.crypto.tls;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;

/* loaded from: classes2.dex */
public class ec extends g {
    protected ea d;
    protected eb e;
    protected org.bouncycastle.crypto.l.m f;
    protected int[] g;
    protected short[] h;
    protected short[] i;
    protected byte[] j;
    protected byte[] k;
    protected org.bouncycastle.crypto.l.n l;
    protected org.bouncycastle.crypto.l.o m;
    protected org.bouncycastle.crypto.l.ab n;
    protected org.bouncycastle.crypto.l.ac o;
    protected org.bouncycastle.crypto.l.b p;
    protected org.bouncycastle.crypto.l.bl q;
    protected dr r;
    protected byte[] s;

    public ec(int i, Vector vector, ea eaVar, eb ebVar, org.bouncycastle.crypto.l.m mVar, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector);
        this.j = null;
        this.k = null;
        this.l = null;
        this.m = null;
        this.n = null;
        this.o = null;
        this.p = null;
        this.q = null;
        this.r = null;
        if (i != 24) {
            switch (i) {
                case 13:
                case 14:
                case 15:
                    break;
                default:
                    throw new IllegalArgumentException("unsupported key exchange algorithm");
            }
        }
        this.d = eaVar;
        this.e = ebVar;
        this.f = mVar;
        this.g = iArr;
        this.h = sArr;
        this.i = sArr2;
    }

    protected org.bouncycastle.crypto.l.bl a(org.bouncycastle.crypto.l.bl blVar) {
        if (blVar.getExponent().isProbablePrime(2)) {
            return blVar;
        }
        throw new TlsFatalAlert((short) 47);
    }

    protected byte[] a(int i) {
        if (this.f8667a == 14) {
            if (this.l != null) {
                return dk.calculateDHBasicAgreement(this.m, this.l);
            }
            throw new TlsFatalAlert((short) 80);
        }
        if (this.f8667a != 24) {
            return this.f8667a == 15 ? this.s : new byte[i];
        }
        if (this.n != null) {
            return dn.calculateECDHBasicAgreement(this.o, this.n);
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void generateClientKeyExchange(OutputStream outputStream) {
        if (this.j == null) {
            this.d.skipIdentityHint();
        } else {
            this.d.notifyIdentityHint(this.j);
        }
        byte[] pSKIdentity = this.d.getPSKIdentity();
        if (pSKIdentity == null) {
            throw new TlsFatalAlert((short) 80);
        }
        this.k = this.d.getPSK();
        if (this.k == null) {
            throw new TlsFatalAlert((short) 80);
        }
        ex.writeOpaque16(pSKIdentity, outputStream);
        this.c.getSecurityParameters().j = org.bouncycastle.util.a.clone(pSKIdentity);
        if (this.f8667a == 14) {
            this.l = dk.generateEphemeralClientKeyExchange(this.c.getSecureRandom(), this.f, outputStream);
        } else if (this.f8667a == 24) {
            this.n = dn.generateEphemeralClientKeyExchange(this.c.getSecureRandom(), this.i, this.o.getParameters(), outputStream);
        } else if (this.f8667a == 15) {
            this.s = eh.generateEncryptedPreMasterSecret(this.c, this.q, outputStream);
        }
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public byte[] generatePremasterSecret() {
        byte[] a2 = a(this.k.length);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(a2.length + 4 + this.k.length);
        ex.writeOpaque16(a2, byteArrayOutputStream);
        ex.writeOpaque16(this.k, byteArrayOutputStream);
        org.bouncycastle.util.a.fill(this.k, (byte) 0);
        this.k = null;
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public byte[] generateServerKeyExchange() {
        this.j = this.e.getHint();
        if (this.j == null && !requiresServerKeyExchange()) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ex.writeOpaque16(this.j == null ? ex.f8658a : this.j, byteArrayOutputStream);
        if (this.f8667a == 14) {
            if (this.f == null) {
                throw new TlsFatalAlert((short) 80);
            }
            this.l = dk.generateEphemeralServerKeyExchange(this.c.getSecureRandom(), this.f, byteArrayOutputStream);
        } else if (this.f8667a == 24) {
            this.n = dn.a(this.c.getSecureRandom(), this.g, this.h, byteArrayOutputStream);
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void processClientCredentials(dh dhVar) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processClientKeyExchange(InputStream inputStream) {
        byte[] readOpaque16 = ex.readOpaque16(inputStream);
        this.k = this.e.getPSK(readOpaque16);
        if (this.k == null) {
            throw new TlsFatalAlert(l.D);
        }
        this.c.getSecurityParameters().j = readOpaque16;
        if (this.f8667a == 14) {
            this.m = dk.validateDHPublicKey(new org.bouncycastle.crypto.l.o(dk.readDHParameter(inputStream), this.f));
            return;
        }
        if (this.f8667a == 24) {
            this.o = dn.validateECPublicKey(dn.deserializeECPublicKey(this.i, this.n.getParameters(), ex.readOpaque8(inputStream)));
        } else if (this.f8667a == 15) {
            this.s = this.r.decryptPreMasterSecret(ex.isSSL(this.c) ? org.bouncycastle.util.io.b.readAll(inputStream) : ex.readOpaque16(inputStream));
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerCertificate(t tVar) {
        if (this.f8667a != 15) {
            throw new TlsFatalAlert((short) 10);
        }
        if (tVar.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.o certificateAt = tVar.getCertificateAt(0);
        try {
            this.p = org.bouncycastle.crypto.util.g.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (this.p.isPrivate()) {
                throw new TlsFatalAlert((short) 80);
            }
            this.q = a((org.bouncycastle.crypto.l.bl) this.p);
            ex.a(certificateAt, 32);
            super.processServerCertificate(tVar);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerCredentials(dh dhVar) {
        if (!(dhVar instanceof dr)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(dhVar.getCertificate());
        this.r = (dr) dhVar;
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public void processServerKeyExchange(InputStream inputStream) {
        this.j = ex.readOpaque16(inputStream);
        if (this.f8667a == 14) {
            this.m = dk.validateDHPublicKey(cj.parse(inputStream).getPublicKey());
            this.f = this.m.getParameters();
        } else if (this.f8667a == 24) {
            this.o = dn.validateECPublicKey(dn.deserializeECPublicKey(this.h, dn.readECParameters(this.g, this.h, inputStream), ex.readOpaque8(inputStream)));
        }
    }

    @Override // org.bouncycastle.crypto.tls.g, org.bouncycastle.crypto.tls.dv
    public boolean requiresServerKeyExchange() {
        int i = this.f8667a;
        return i == 14 || i == 24;
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void skipServerCredentials() {
        if (this.f8667a == 15) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.dv
    public void validateCertificateRequest(u uVar) {
        throw new TlsFatalAlert((short) 10);
    }
}
