package org.spongycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.util.Vector;
import org.spongycastle.crypto.Digest;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.params.ECDomainParameters;
import org.spongycastle.util.io.TeeInputStream;

/* loaded from: classes3.dex */
public class TlsECDHEKeyExchange extends TlsECDHKeyExchange {

    /* renamed from: l, reason: collision with root package name */
    protected TlsSignerCredentials f36888l;

    public TlsECDHEKeyExchange(int i2, Vector vector, int[] iArr, short[] sArr, short[] sArr2) {
        super(i2, vector, iArr, sArr, sArr2);
        this.f36888l = null;
    }

    protected Signer b(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer createVerifyer = tlsSigner.createVerifyer(signatureAndHashAlgorithm, this.f36893h);
        byte[] bArr = securityParameters.f36819g;
        createVerifyer.update(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f36820h;
        createVerifyer.update(bArr2, 0, bArr2.length);
        return createVerifyer;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        j jVar = new j();
        this.f36895j = TlsECCUtils.b(this.f36696c.getSecureRandom(), this.f36890e, this.f36891f, jVar);
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm(this.f36696c, this.f36888l);
        Digest createHash = TlsUtils.createHash(signatureAndHashAlgorithm);
        SecurityParameters securityParameters = this.f36696c.getSecurityParameters();
        byte[] bArr = securityParameters.f36819g;
        createHash.update(bArr, 0, bArr.length);
        byte[] bArr2 = securityParameters.f36820h;
        createHash.update(bArr2, 0, bArr2.length);
        jVar.a(createHash);
        byte[] bArr3 = new byte[createHash.getDigestSize()];
        createHash.doFinal(bArr3, 0);
        new DigitallySigned(signatureAndHashAlgorithm, this.f36888l.generateCertificateSignature(bArr3)).encode(jVar);
        return jVar.toByteArray();
    }

    @Override // org.spongycastle.crypto.tls.TlsECDHKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(tlsCredentials.getCertificate());
        this.f36888l = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.spongycastle.crypto.tls.AbstractTlsKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        SecurityParameters securityParameters = this.f36696c.getSecurityParameters();
        l lVar = new l();
        TeeInputStream teeInputStream = new TeeInputStream(inputStream, lVar);
        ECDomainParameters readECParameters = TlsECCUtils.readECParameters(this.f36890e, this.f36891f, teeInputStream);
        byte[] readOpaque8 = TlsUtils.readOpaque8(teeInputStream);
        DigitallySigned a2 = a(inputStream);
        Signer b2 = b(this.f36889d, a2.getAlgorithm(), securityParameters);
        lVar.a(b2);
        if (!b2.verifySignature(a2.getSignature())) {
            throw new TlsFatalAlert((short) 51);
        }
        this.f36896k = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(this.f36891f, readECParameters, readOpaque8));
    }

    @Override // org.spongycastle.crypto.tls.TlsECDHKeyExchange, org.spongycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
        for (short s2 : certificateRequest.getCertificateTypes()) {
            if (s2 != 1 && s2 != 2 && s2 != 64) {
                throw new TlsFatalAlert((short) 47);
            }
        }
    }
}
