package com.xdja.tls;

import com.xdja.tls.crypto.TlsCertificate;
import com.xdja.tls.crypto.TlsCryptoParameters;
import com.xdja.tls.crypto.TlsSecret;
import com.xdja.tls.crypto.TlsVerifier;
import com.xdja.tls.crypto.impl.jcajce.JcaDefaultGMSSLCredentialedSigner;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;

/* loaded from: input_file:com/xdja/tls/GMSSLSM2KeyExchange.class */
public class GMSSLSM2KeyExchange extends AbstractTlsKeyExchange {
    protected TlsCertificate peerCertificate;
    private TlsCertificate encryptionCertificate;
    private JcaDefaultGMSSLCredentialedSigner serverCredentials;
    protected TlsSecret preMasterSecret;
    protected TlsVerifier verifier;

    public GMSSLSM2KeyExchange(int i) {
        super(i);
        this.verifier = null;
    }

    @Override // com.xdja.tls.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // com.xdja.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof JcaDefaultGMSSLCredentialedSigner)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.serverCredentials = (JcaDefaultGMSSLCredentialedSigner) tlsCredentials;
        this.encryptionCertificate = ((JcaDefaultGMSSLCredentialedSigner) tlsCredentials).certificate.getCertificateAt(1);
    }

    @Override // com.xdja.tls.AbstractTlsKeyExchange, com.xdja.tls.TlsKeyExchange
    public void processClientCertificate(Certificate certificate) throws IOException {
        super.processClientCertificate(certificate);
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        this.peerCertificate = certificate.getCertificateAt(0);
    }

    @Override // com.xdja.tls.AbstractTlsKeyExchange, com.xdja.tls.TlsKeyExchange
    public short[] getClientCertificateTypes() {
        return new short[]{1, 64, 80};
    }

    @Override // com.xdja.tls.AbstractTlsKeyExchange, com.xdja.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TlsUtils.writeOpaque16(TlsUtils.generateECCSM2ServerKeyExchangeSignature(this.context, this.serverCredentials, this.encryptionCertificate), byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.xdja.tls.AbstractTlsKeyExchange, com.xdja.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        TlsUtils.verifyECCSM2ServerKeyExchangeSignature(this.context, this.verifier, new DigitallySigned(new SignatureAndHashAlgorithm((short) 7, (short) 12), TlsUtils.readOpaque16(inputStream)), this.encryptionCertificate);
    }

    @Override // com.xdja.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsCredentialedSigner)) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // com.xdja.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        this.preMasterSecret = TlsUtils.generateEncryptedPreMasterSecret(this.context, this.encryptionCertificate, outputStream);
    }

    @Override // com.xdja.tls.AbstractTlsKeyExchange, com.xdja.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        this.verifier = certificate.getCertificateAt(0).createVerifier(TlsUtils.getLegacySignatureAlgorithmServer(this.keyExchange));
        this.encryptionCertificate = certificate.getCertificateAt(1);
    }

    @Override // com.xdja.tls.AbstractTlsKeyExchange, com.xdja.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        this.preMasterSecret = this.serverCredentials.decrypt(new TlsCryptoParameters(this.context), TlsUtils.readOpaque16(inputStream));
    }

    @Override // com.xdja.tls.TlsKeyExchange
    public TlsSecret generatePreMasterSecret() throws IOException {
        TlsSecret tlsSecret = this.preMasterSecret;
        this.preMasterSecret = null;
        return tlsSecret;
    }
}
