package org.bouncycastle.tls;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;
import org.bouncycastle.tls.crypto.TlsAgreement;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsDHConfig;
import org.bouncycastle.tls.crypto.TlsSecret;

/* loaded from: input_file:BOOT-INF/lib/gmssl-jsse-provider-1.3.5-SNAPSHOT.jar:org/bouncycastle/tls/TlsDHKeyExchange.class */
public class TlsDHKeyExchange extends AbstractTlsKeyExchange {
    protected TlsDHConfigVerifier dhConfigVerifier;
    protected TlsCredentialedAgreement agreementCredentials;
    protected TlsCertificate dhPeerCertificate;
    protected TlsDHConfig dhConfig;
    protected TlsAgreement agreement;

    private static int checkKeyExchange(int i) {
        switch (i) {
            case 3:
            case 5:
            case 7:
            case 9:
            case 11:
                return i;
            case 4:
            case 6:
            case 8:
            case 10:
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    public TlsDHKeyExchange(int i, Vector vector, TlsDHConfigVerifier tlsDHConfigVerifier) {
        this(i, vector, tlsDHConfigVerifier, null);
    }

    public TlsDHKeyExchange(int i, Vector vector, TlsDHConfig tlsDHConfig) {
        this(i, vector, null, tlsDHConfig);
    }

    private TlsDHKeyExchange(int i, Vector vector, TlsDHConfigVerifier tlsDHConfigVerifier, TlsDHConfig tlsDHConfig) {
        super(checkKeyExchange(i), vector);
        this.dhConfigVerifier = tlsDHConfigVerifier;
        this.dhConfig = tlsDHConfig;
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        if (this.keyExchange != 11) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (this.keyExchange == 11) {
            throw new TlsFatalAlert((short) 80);
        }
        if (!(tlsCredentials instanceof TlsCredentialedAgreement)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.agreementCredentials = (TlsCredentialedAgreement) tlsCredentials;
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (this.keyExchange == 11) {
            throw new TlsFatalAlert((short) 10);
        }
        checkServerCertSigAlg(certificate);
        this.dhPeerCertificate = validatePeerCertificate(0, certificate);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        switch (this.keyExchange) {
            case 3:
            case 5:
            case 11:
                return true;
            default:
                return false;
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        if (!requiresServerKeyExchange()) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsDHUtils.writeDHConfig(this.dhConfig, byteArrayOutputStream);
        this.agreement = this.context.getCrypto().createDHDomain(this.dhConfig).createDH();
        generateEphemeral(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        if (!requiresServerKeyExchange()) {
            throw new TlsFatalAlert((short) 10);
        }
        this.dhConfig = TlsDHUtils.receiveDHConfig(this.dhConfigVerifier, inputStream);
        byte[] readOpaque16 = TlsUtils.readOpaque16(inputStream);
        this.agreement = this.context.getCrypto().createDHDomain(this.dhConfig).createDH();
        processEphemeral(readOpaque16);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public short[] getClientCertificateTypes() {
        if (this.keyExchange == 11) {
            return null;
        }
        return new short[]{4, 3};
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (this.keyExchange == 11) {
            throw new TlsFatalAlert((short) 80);
        }
        if (!(tlsCredentials instanceof TlsCredentialedAgreement)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.agreementCredentials = (TlsCredentialedAgreement) tlsCredentials;
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        if (this.agreementCredentials == null) {
            generateEphemeral(outputStream);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processClientCertificate(Certificate certificate) throws IOException {
        if (this.keyExchange == 11) {
            throw new TlsFatalAlert((short) 10);
        }
        if (this.agreementCredentials != null) {
            this.dhPeerCertificate = validatePeerCertificate(1, certificate);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        if (this.dhPeerCertificate != null) {
            return;
        }
        processEphemeral(TlsUtils.readOpaque16(inputStream));
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public TlsSecret generatePreMasterSecret() throws IOException {
        if (this.agreementCredentials != null) {
            return this.agreementCredentials.generateAgreement(this.dhPeerCertificate);
        }
        if (this.agreement != null) {
            return this.agreement.calculateSecret();
        }
        throw new TlsFatalAlert((short) 80);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void generateEphemeral(OutputStream outputStream) throws IOException {
        TlsUtils.writeOpaque16(this.agreement.generateEphemeral(), outputStream);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processEphemeral(byte[] bArr) throws IOException {
        this.agreement.receivePeerValue(bArr);
    }

    protected TlsCertificate validatePeerCertificate(int i, Certificate certificate) throws IOException {
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        return certificate.getCertificateAt(0).useInRole(i, this.keyExchange);
    }
}
