package org.bouncycastle.crypto.tls;

import java.io.IOException;
import java.io.InputStream;
import java.util.Vector;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.util.io.TeeInputStream;

/* loaded from: classes2.dex */
public class TlsDHEKeyExchange extends TlsDHKeyExchange {
    protected TlsSignerCredentials d;

    public TlsDHEKeyExchange(int i, Vector vector, DHParameters dHParameters) {
        super(i, vector, dHParameters);
        this.d = null;
    }

    protected Signer a(TlsSigner tlsSigner, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecurityParameters securityParameters) {
        Signer createVerifyer = tlsSigner.createVerifyer(signatureAndHashAlgorithm, this.g);
        createVerifyer.update(securityParameters.g, 0, securityParameters.g.length);
        createVerifyer.update(securityParameters.h, 0, securityParameters.h.length);
        return createVerifyer;
    }

    @Override // org.bouncycastle.crypto.tls.TlsDHKeyExchange, org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        if (this.f == null) {
            throw new TlsFatalAlert((short) 80);
        }
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        this.i = TlsDHUtils.b(this.c.getSecureRandom(), this.f, digestInputBuffer);
        SignatureAndHashAlgorithm a2 = TlsUtils.a(this.c, this.d);
        Digest a3 = TlsUtils.a(a2);
        SecurityParameters securityParameters = this.c.getSecurityParameters();
        a3.update(securityParameters.g, 0, securityParameters.g.length);
        a3.update(securityParameters.h, 0, securityParameters.h.length);
        digestInputBuffer.a(a3);
        byte[] bArr = new byte[a3.getDigestSize()];
        a3.doFinal(bArr, 0);
        new DigitallySigned(a2, this.d.generateCertificateSignature(bArr)).a(digestInputBuffer);
        return digestInputBuffer.toByteArray();
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsSignerCredentials)) {
            throw new TlsFatalAlert((short) 80);
        }
        processServerCertificate(tlsCredentials.getCertificate());
        this.d = (TlsSignerCredentials) tlsCredentials;
    }

    @Override // org.bouncycastle.crypto.tls.TlsDHKeyExchange, org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        SecurityParameters securityParameters = this.c.getSecurityParameters();
        SignerInputBuffer signerInputBuffer = new SignerInputBuffer();
        ServerDHParams a2 = ServerDHParams.a(new TeeInputStream(inputStream, signerInputBuffer));
        DigitallySigned a3 = a(inputStream);
        Signer a4 = a(this.e, a3.a(), securityParameters);
        signerInputBuffer.a(a4);
        if (!a4.verifySignature(a3.b())) {
            throw new TlsFatalAlert((short) 51);
        }
        this.j = TlsDHUtils.a(a2.a());
        this.f = a(this.j.b());
    }
}
