package org.bouncycastle.tls;

import java.io.IOException;
import java.io.InputStream;
import java.util.Vector;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsVerifier;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: input_file:BOOT-INF/lib/gmssl-jsse-provider-2.0.2-SNAPSHOT.jar:org/bouncycastle/tls/TlsDHEKeyExchange.class */
public class TlsDHEKeyExchange extends TlsDHKeyExchange {
    protected TlsCredentialedSigner serverCredentials;
    protected TlsVerifier verifier;

    private static int checkKeyExchange(int i) {
        switch (i) {
            case 3:
            case 5:
                return i;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    public TlsDHEKeyExchange(int i, Vector vector, TlsDHConfigVerifier tlsDHConfigVerifier) {
        super(checkKeyExchange(i), vector, tlsDHConfigVerifier);
        this.serverCredentials = null;
        this.verifier = null;
    }

    public TlsDHEKeyExchange(int i, Vector vector, TlsDHConfig tlsDHConfig) {
        super(checkKeyExchange(i), vector, tlsDHConfig);
        this.serverCredentials = null;
        this.verifier = null;
    }

    @Override // org.bouncycastle.tls.TlsDHKeyExchange, org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsCredentialedSigner)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.serverCredentials = (TlsCredentialedSigner) tlsCredentials;
    }

    @Override // org.bouncycastle.tls.TlsDHKeyExchange, org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        checkServerCertSigAlg(certificate);
        this.verifier = certificate.getCertificateAt(0).createVerifier(TlsUtils.getSignatureAlgorithm(this.keyExchange));
    }

    @Override // org.bouncycastle.tls.TlsDHKeyExchange, org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        if (this.dhConfig == null) {
            throw new TlsFatalAlert((short) 80);
        }
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        TlsDHUtils.writeDHConfig(this.dhConfig, digestInputBuffer);
        this.agreement = this.context.getCrypto().createDHDomain(this.dhConfig).createDH();
        generateEphemeral(digestInputBuffer);
        TlsUtils.generateServerKeyExchangeSignature(this.context, this.serverCredentials, digestInputBuffer).encode(digestInputBuffer);
        return digestInputBuffer.toByteArray();
    }

    @Override // org.bouncycastle.tls.TlsDHKeyExchange, org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        TeeInputStream teeInputStream = new TeeInputStream(inputStream, digestInputBuffer);
        this.dhConfig = TlsDHUtils.receiveDHConfig(this.dhConfigVerifier, teeInputStream);
        byte[] readOpaque16 = TlsUtils.readOpaque16(teeInputStream);
        TlsUtils.verifyServerKeyExchangeSignature(this.context, this.verifier, digestInputBuffer, parseSignature(inputStream));
        this.agreement = this.context.getCrypto().createDHDomain(this.dhConfig).createDH();
        processEphemeral(readOpaque16);
    }

    @Override // org.bouncycastle.tls.TlsDHKeyExchange, org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public short[] getClientCertificateTypes() {
        return new short[]{2, 64, 1};
    }

    @Override // org.bouncycastle.tls.TlsDHKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsCredentialedSigner)) {
            throw new TlsFatalAlert((short) 80);
        }
    }
}
