package org.bouncycastle.crypto.tls;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.util.Vector;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;

/* loaded from: classes2.dex */
public class TlsPSKKeyExchange extends AbstractTlsKeyExchange {
    protected TlsPSKIdentity d;
    protected byte[] e;
    protected DHPublicKeyParameters f;
    protected DHPrivateKeyParameters g;
    protected AsymmetricKeyParameter h;
    protected RSAKeyParameters i;
    protected byte[] j;

    public TlsPSKKeyExchange(int i, Vector vector, TlsPSKIdentity tlsPSKIdentity) {
        super(i, vector);
        this.e = null;
        this.f = null;
        this.g = null;
        this.h = null;
        this.i = null;
        switch (i) {
            case 13:
            case 14:
            case 15:
                this.d = tlsPSKIdentity;
                return;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    private static RSAKeyParameters a(RSAKeyParameters rSAKeyParameters) {
        if (rSAKeyParameters.c().isProbablePrime(2)) {
            return rSAKeyParameters;
        }
        throw new TlsFatalAlert((short) 47);
    }

    private byte[] a(int i) {
        return this.f4938a == 14 ? TlsDHUtils.a(this.f, this.g) : this.f4938a == 15 ? this.j : new byte[i];
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void a(InputStream inputStream) {
        this.e = TlsUtils.f(inputStream);
        if (this.f4938a == 14) {
            byte[] f = TlsUtils.f(inputStream);
            byte[] f2 = TlsUtils.f(inputStream);
            this.f = TlsDHUtils.a(new DHPublicKeyParameters(new BigInteger(1, TlsUtils.f(inputStream)), new DHParameters(new BigInteger(1, f), new BigInteger(1, f2))));
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void a(OutputStream outputStream) {
        TlsUtils.b(this.d.c(), outputStream);
        if (this.f4938a == 15) {
            this.j = TlsRSAUtils.a(this.c, this.i, outputStream);
        } else if (this.f4938a == 14) {
            this.g = TlsDHUtils.a(this.c.a(), this.f.b(), outputStream);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void a(Certificate certificate) {
        if (this.f4938a != 15) {
            throw new TlsFatalAlert((short) 10);
        }
        if (certificate.c()) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate a2 = certificate.a(0);
        try {
            this.h = PublicKeyFactory.a(a2.k());
            if (this.h.a()) {
                throw new TlsFatalAlert((short) 80);
            }
            RSAKeyParameters rSAKeyParameters = (RSAKeyParameters) this.h;
            if (!rSAKeyParameters.c().isProbablePrime(2)) {
                throw new TlsFatalAlert((short) 47);
            }
            this.i = rSAKeyParameters;
            TlsUtils.a(a2, 32);
            super.a(certificate);
        } catch (RuntimeException unused) {
            throw new TlsFatalAlert((short) 43);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void a(CertificateRequest certificateRequest) {
        throw new TlsFatalAlert((short) 10);
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsKeyExchange, org.bouncycastle.crypto.tls.TlsKeyExchange
    public final boolean a() {
        return this.f4938a == 14;
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void b(TlsCredentials tlsCredentials) {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public final void f() {
        if (this.f4938a == 15) {
            throw new TlsFatalAlert((short) 10);
        }
    }

    @Override // org.bouncycastle.crypto.tls.TlsKeyExchange
    public final byte[] g() {
        byte[] d = this.d.d();
        byte[] a2 = this.f4938a == 14 ? TlsDHUtils.a(this.f, this.g) : this.f4938a == 15 ? this.j : new byte[d.length];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(a2.length + 4 + d.length);
        TlsUtils.b(a2, byteArrayOutputStream);
        TlsUtils.b(d, byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }
}
