package org.bouncycastle.tls;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsECConfig;
import org.bouncycastle.tls.crypto.TlsSecret;
import yg.AbstractC0608;
import yg.C0567;
import yg.C0569;

/* loaded from: classes2.dex */
public class TlsECDHKeyExchange extends AbstractTlsKeyExchange {
    public TlsAgreement agreement;
    public TlsCredentialedAgreement agreementCredentials;
    public short[] clientECPointFormats;
    public TlsECConfig ecConfig;
    public TlsECConfigVerifier ecConfigVerifier;
    public TlsCertificate ecdhPeerCertificate;
    public short[] serverECPointFormats;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public TlsECDHKeyExchange(int i10, Vector vector, TlsECConfigVerifier tlsECConfigVerifier, TlsECConfig tlsECConfig, short[] sArr, short[] sArr2) {
        super(i10, vector);
        switch (i10) {
            case 16:
            case 17:
            case 18:
            case 19:
            case 20:
                this.ecConfigVerifier = tlsECConfigVerifier;
                this.ecConfig = tlsECConfig;
                this.clientECPointFormats = sArr;
                this.serverECPointFormats = sArr2;
                return;
            default:
                short m192 = (short) (C0567.m192() ^ 15197);
                short m1922 = (short) (C0567.m192() ^ 19826);
                int[] iArr = new int["L\f9\u001aio'X\u000fFnj\t\b6\rE\u001d2Xa5j\u0017\u0002\n@y\u0013f0gM\u0013".length()];
                C0569 c0569 = new C0569("L\f9\u001aio'X\u000fFnj\t\b6\rE\u001d2Xa5j\u0017\u0002\n@y\u0013f0gM\u0013");
                int i11 = 0;
                while (c0569.m195()) {
                    int m194 = c0569.m194();
                    AbstractC0608 m253 = AbstractC0608.m253(m194);
                    iArr[i11] = m253.mo254(m253.mo256(m194) - ((i11 * m1922) ^ m192));
                    i11++;
                }
                throw new IllegalArgumentException(new String(iArr, 0, i11));
        }
    }

    public TlsECDHKeyExchange(int i10, Vector vector, TlsECConfigVerifier tlsECConfigVerifier, short[] sArr, short[] sArr2) {
        this(i10, vector, tlsECConfigVerifier, null, sArr, sArr2);
    }

    public TlsECDHKeyExchange(int i10, Vector vector, TlsECConfig tlsECConfig, short[] sArr) {
        this(i10, vector, null, tlsECConfig, null, sArr);
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) {
        if (this.agreementCredentials == null) {
            generateEphemeral(outputStream);
        }
    }

    public void generateEphemeral(OutputStream outputStream) {
        TlsUtils.writeOpaque8(this.agreement.generateEphemeral(), outputStream);
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public TlsSecret generatePreMasterSecret() {
        TlsCredentialedAgreement tlsCredentialedAgreement = this.agreementCredentials;
        if (tlsCredentialedAgreement != null) {
            return tlsCredentialedAgreement.generateAgreement(this.ecdhPeerCertificate);
        }
        TlsAgreement tlsAgreement = this.agreement;
        if (tlsAgreement != null) {
            return tlsAgreement.calculateSecret();
        }
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() {
        if (!requiresServerKeyExchange()) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsECCUtils.writeECConfig(this.ecConfig, byteArrayOutputStream);
        this.agreement = this.context.getCrypto().createECDomain(this.ecConfig).createECDH();
        generateEphemeral(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public short[] getClientCertificateTypes() {
        if (this.keyExchange == 20) {
            return null;
        }
        return new short[]{66, 65};
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processClientCertificate(Certificate certificate) {
        if (this.keyExchange == 20) {
            throw new TlsFatalAlert((short) 10);
        }
        if (this.agreementCredentials != null) {
            this.ecdhPeerCertificate = validatePeerCertificate(1, certificate);
        }
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) {
        if (this.keyExchange == 20) {
            throw new TlsFatalAlert((short) 80);
        }
        if (!(tlsCredentials instanceof TlsCredentialedAgreement)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.agreementCredentials = (TlsCredentialedAgreement) tlsCredentials;
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) {
        if (this.ecdhPeerCertificate != null) {
            return;
        }
        processEphemeral(this.serverECPointFormats, TlsUtils.readOpaque8(inputStream));
    }

    public void processEphemeral(short[] sArr, byte[] bArr) {
        TlsECCUtils.checkPointEncoding(sArr, this.ecConfig.namedGroup, bArr);
        this.agreement.receivePeerValue(bArr);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) {
        if (this.keyExchange == 20) {
            throw new TlsFatalAlert((short) 10);
        }
        this.ecdhPeerCertificate = validatePeerCertificate(0, certificate);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) {
        if (this.keyExchange == 20) {
            throw new TlsFatalAlert((short) 80);
        }
        if (!(tlsCredentials instanceof TlsCredentialedAgreement)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.agreementCredentials = (TlsCredentialedAgreement) tlsCredentials;
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) {
        if (!requiresServerKeyExchange()) {
            throw new TlsFatalAlert((short) 10);
        }
        this.ecConfig = TlsECCUtils.receiveECConfig(this.ecConfigVerifier, this.serverECPointFormats, inputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(inputStream);
        this.agreement = this.context.getCrypto().createECDomain(this.ecConfig).createECDH();
        processEphemeral(this.clientECPointFormats, readOpaque8);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        int i10 = this.keyExchange;
        return i10 == 17 || i10 == 19 || i10 == 20;
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void skipServerCredentials() {
        if (this.keyExchange != 20) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    public TlsCertificate validatePeerCertificate(int i10, Certificate certificate) {
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        return certificate.certificateList[0].useInRole(i10, this.keyExchange);
    }
}
