package com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls;

import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.AsymmetricKeyParameter;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.DHParameters;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.DHPrivateKeyParameters;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.DHPublicKeyParameters;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.ECPrivateKeyParameters;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.ECPublicKeyParameters;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.params.RSAKeyParameters;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.util.PublicKeyFactory;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.Arrays;
import com.aspose.pdf.internal.imaging.internal.bouncycastle.util.io.Streams;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;

/* loaded from: classes4.dex */
public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
    private int[] m12131;
    private short[] m12132;
    private short[] m12133;
    private byte[] m12147;
    private TlsPSKIdentity m12195;
    private TlsPSKIdentityManager m12196;
    private DHParameters m12242;
    private AsymmetricKeyParameter m12243;
    private DHPrivateKeyParameters m12245;
    private DHPublicKeyParameters m12246;
    private ECPrivateKeyParameters m12252;
    private ECPublicKeyParameters m12253;
    private byte[] m12259;
    private RSAKeyParameters m12260;
    private TlsEncryptionCredentials m12261;
    private byte[] m12262;

    public TlsPSKKeyExchange(int i, Vector vector, TlsPSKIdentity tlsPSKIdentity, TlsPSKIdentityManager tlsPSKIdentityManager, DHParameters dHParameters, int[] iArr, short[] sArr, short[] sArr2) {
        super(i, vector);
        this.m12259 = null;
        this.m12147 = null;
        this.m12245 = null;
        this.m12246 = null;
        this.m12252 = null;
        this.m12253 = null;
        this.m12243 = null;
        this.m12260 = null;
        this.m12261 = null;
        if (i != 24) {
            switch (i) {
                case 13:
                case 14:
                case 15:
                    break;
                default:
                    throw new IllegalArgumentException("unsupported key exchange algorithm");
            }
        }
        this.m12195 = tlsPSKIdentity;
        this.m12196 = tlsPSKIdentityManager;
        this.m12242 = dHParameters;
        this.m12131 = iArr;
        this.m12132 = sArr;
        this.m12133 = sArr2;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        byte[] bArr = this.m12259;
        if (bArr == null) {
            this.m12195.skipIdentityHint();
        } else {
            this.m12195.notifyIdentityHint(bArr);
        }
        byte[] pSKIdentity = this.m12195.getPSKIdentity();
        if (pSKIdentity == null) {
            throw new TlsFatalAlert((short) 80);
        }
        this.m12147 = this.m12195.getPSK();
        if (this.m12147 == null) {
            throw new TlsFatalAlert((short) 80);
        }
        TlsUtils.writeOpaque16(pSKIdentity, outputStream);
        this.m12137.getSecurityParameters().pskIdentity = Arrays.clone(pSKIdentity);
        if (this.m12136 == 14) {
            this.m12245 = TlsDHUtils.generateEphemeralClientKeyExchange(this.m12137.getSecureRandom(), this.m12242, outputStream);
        } else if (this.m12136 == 24) {
            this.m12252 = TlsECCUtils.generateEphemeralClientKeyExchange(this.m12137.getSecureRandom(), this.m12133, this.m12253.getParameters(), outputStream);
        } else if (this.m12136 == 15) {
            this.m12262 = TlsRSAUtils.generateEncryptedPreMasterSecret(this.m12137, this.m12260, outputStream);
        }
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] generatePremasterSecret() throws IOException {
        byte[] bArr;
        int length = this.m12147.length;
        if (this.m12136 == 14) {
            DHPrivateKeyParameters dHPrivateKeyParameters = this.m12245;
            if (dHPrivateKeyParameters == null) {
                throw new TlsFatalAlert((short) 80);
            }
            bArr = TlsDHUtils.calculateDHBasicAgreement(this.m12246, dHPrivateKeyParameters);
        } else if (this.m12136 == 24) {
            ECPrivateKeyParameters eCPrivateKeyParameters = this.m12252;
            if (eCPrivateKeyParameters == null) {
                throw new TlsFatalAlert((short) 80);
            }
            bArr = TlsECCUtils.calculateECDHBasicAgreement(this.m12253, eCPrivateKeyParameters);
        } else {
            bArr = this.m12136 == 15 ? this.m12262 : new byte[length];
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length + 4 + this.m12147.length);
        TlsUtils.writeOpaque16(bArr, byteArrayOutputStream);
        TlsUtils.writeOpaque16(this.m12147, byteArrayOutputStream);
        Arrays.fill(this.m12147, (byte) 0);
        this.m12147 = null;
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.AbstractTlsKeyExchange, com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        this.m12259 = this.m12196.getHint();
        if (this.m12259 == null && !requiresServerKeyExchange()) {
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = this.m12259;
        if (bArr == null) {
            TlsUtils.writeOpaque16(TlsUtils.EMPTY_BYTES, byteArrayOutputStream);
        } else {
            TlsUtils.writeOpaque16(bArr, byteArrayOutputStream);
        }
        if (this.m12136 == 14) {
            if (this.m12242 == null) {
                throw new TlsFatalAlert((short) 80);
            }
            this.m12245 = TlsDHUtils.generateEphemeralServerKeyExchange(this.m12137.getSecureRandom(), this.m12242, byteArrayOutputStream);
        } else if (this.m12136 == 24) {
            this.m12252 = TlsECCUtils.m1(this.m12137.getSecureRandom(), this.m12131, this.m12132, byteArrayOutputStream);
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.AbstractTlsKeyExchange, com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        byte[] readOpaque16 = TlsUtils.readOpaque16(inputStream);
        this.m12147 = this.m12196.getPSK(readOpaque16);
        if (this.m12147 == null) {
            throw new TlsFatalAlert(AlertDescription.unknown_psk_identity);
        }
        this.m12137.getSecurityParameters().pskIdentity = readOpaque16;
        if (this.m12136 == 14) {
            this.m12246 = TlsDHUtils.validateDHPublicKey(new DHPublicKeyParameters(TlsDHUtils.readDHParameter(inputStream), this.m12242));
            return;
        }
        if (this.m12136 == 24) {
            this.m12253 = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(this.m12133, this.m12252.getParameters(), TlsUtils.readOpaque8(inputStream)));
        } else if (this.m12136 == 15) {
            this.m12262 = this.m12261.decryptPreMasterSecret(TlsUtils.isSSL(this.m12137) ? Streams.readAll(inputStream) : TlsUtils.readOpaque16(inputStream));
        }
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.AbstractTlsKeyExchange, com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (this.m12136 != 15) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        com.aspose.pdf.internal.imaging.internal.bouncycastle.asn1.x509.Certificate certificateAt = certificate.getCertificateAt(0);
        try {
            this.m12243 = PublicKeyFactory.createKey(certificateAt.getSubjectPublicKeyInfo());
            if (this.m12243.isPrivate()) {
                throw new TlsFatalAlert((short) 80);
            }
            RSAKeyParameters rSAKeyParameters = (RSAKeyParameters) this.m12243;
            if (!rSAKeyParameters.getExponent().isProbablePrime(2)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.m12260 = rSAKeyParameters;
            TlsUtils.m1(certificateAt, 32);
            super.processServerCertificate(certificate);
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, e);
        }
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.AbstractTlsKeyExchange, com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsEncryptionCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(tlsCredentials.getCertificate());
        this.m12261 = (TlsEncryptionCredentials) tlsCredentials;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.AbstractTlsKeyExchange, com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        this.m12259 = TlsUtils.readOpaque16(inputStream);
        if (this.m12136 == 14) {
            this.m12246 = TlsDHUtils.validateDHPublicKey(ServerDHParams.parse(inputStream).getPublicKey());
            this.m12242 = this.m12246.getParameters();
        } else if (this.m12136 == 24) {
            this.m12253 = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey(this.m12132, TlsECCUtils.readECParameters(this.m12131, this.m12132, inputStream), TlsUtils.readOpaque8(inputStream)));
        }
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.AbstractTlsKeyExchange, com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        int i = this.m12136;
        return i == 14 || i == 24;
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        if (this.m12136 == 15) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // com.aspose.pdf.internal.imaging.internal.bouncycastle.crypto.tls.TlsKeyExchange
    public void validateCertificateRequest(CertificateRequest certificateRequest) throws IOException {
        throw new TlsFatalAlert((short) 10);
    }
}
