package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.util.Arrays;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;

/* loaded from: classes3.dex */
public final class r extends at {
    private static final org.slf4j.c LOGGER = org.slf4j.d.C(r.class.getCanonicalName());
    private final SignatureAndHashAlgorithm gjj;
    private byte[] gku;
    private ECPublicKey gkv;
    private ECPoint gkw;
    private final int gkx;
    private byte[] gky;
    private int gkz;

    private r(SignatureAndHashAlgorithm signatureAndHashAlgorithm, int i, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.gkv = null;
        this.gkw = null;
        this.gku = null;
        this.gky = null;
        this.gkz = 3;
        this.gjj = signatureAndHashAlgorithm;
        this.gkx = i;
    }

    private r(SignatureAndHashAlgorithm signatureAndHashAlgorithm, int i, byte[] bArr, byte[] bArr2, InetSocketAddress inetSocketAddress) throws x {
        this(signatureAndHashAlgorithm, i, inetSocketAddress);
        this.gku = Arrays.copyOf(bArr, bArr.length);
        this.gky = Arrays.copyOf(bArr2, bArr2.length);
        ECDHECryptography.SupportedGroup fromId = ECDHECryptography.SupportedGroup.fromId(i);
        if (fromId == null || !fromId.isUsable()) {
            throw new x(String.format("Server used unsupported elliptic curve (%d) for ECDH", Integer.valueOf(i)), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, inetSocketAddress));
        }
        try {
            this.gkw = ECDHECryptography.a(bArr, fromId.getEcParams().getCurve());
            this.gkv = (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(this.gkw, fromId.getEcParams()));
        } catch (GeneralSecurityException e) {
            LOGGER.b("Cannot re-create server's public key from params", (Throwable) e);
            throw new x(String.format("Cannot re-create server's public key from params: %s", e.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, inetSocketAddress));
        }
    }

    public r(SignatureAndHashAlgorithm signatureAndHashAlgorithm, ECDHECryptography eCDHECryptography, PrivateKey privateKey, aj ajVar, aj ajVar2, int i, InetSocketAddress inetSocketAddress) throws GeneralSecurityException {
        this(signatureAndHashAlgorithm, i, inetSocketAddress);
        this.gkv = eCDHECryptography.bKu();
        ECParameterSpec params = this.gkv.getParams();
        this.gkw = this.gkv.getW();
        this.gku = ECDHECryptography.a(this.gkw, params.getCurve());
        Signature signature = Signature.getInstance(this.gjj.bLf());
        signature.initSign(privateKey);
        a(signature, ajVar, ajVar2);
        this.gky = signature.sign();
    }

    private void a(Signature signature) throws SignatureException {
        signature.update((byte) 3);
        signature.update((byte) (this.gkx >> 8));
        signature.update((byte) this.gkx);
        signature.update((byte) this.gku.length);
        signature.update(this.gku);
    }

    private void a(Signature signature, aj ajVar, aj ajVar2) throws SignatureException {
        signature.update(ajVar.bKO());
        signature.update(ajVar2.bKO());
        switch (this.gkz) {
            case 1:
            case 2:
                return;
            case 3:
                a(signature);
                return;
            default:
                LOGGER.e("Unknown curve type [{}]", Integer.valueOf(this.gkz));
                return;
        }
    }

    private static r b(org.eclipse.californium.a.b.d dVar, InetSocketAddress inetSocketAddress) throws x {
        byte[] bArr;
        int lZ = dVar.lZ(16);
        byte[] zi = dVar.zi(dVar.lZ(8));
        byte[] bIo = dVar.bIo();
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.ECDSA);
        if (bIo.length > 0) {
            org.eclipse.californium.a.b.d dVar2 = new org.eclipse.californium.a.b.d(bIo);
            SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = new SignatureAndHashAlgorithm(dVar2.lZ(8), dVar2.lZ(8));
            bArr = dVar2.zi(dVar2.lZ(16));
            signatureAndHashAlgorithm = signatureAndHashAlgorithm2;
        } else {
            bArr = null;
        }
        return new r(signatureAndHashAlgorithm, lZ, zi, bArr, inetSocketAddress);
    }

    public static y c(byte[] bArr, InetSocketAddress inetSocketAddress) throws x {
        org.eclipse.californium.a.b.d dVar = new org.eclipse.californium.a.b.d(bArr);
        int lZ = dVar.lZ(8);
        if (lZ == 3) {
            return b(dVar, inetSocketAddress);
        }
        throw new x(String.format("Curve type [%s] received in ServerKeyExchange message from peer [%s] is unsupported", Integer.valueOf(lZ), inetSocketAddress), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, inetSocketAddress));
    }

    private void c(org.eclipse.californium.a.b.e eVar) {
        eVar.cp(3, 8);
        eVar.cp(this.gkx, 16);
        eVar.cp(this.gku.length, 8);
        eVar.writeBytes(this.gku);
        if (this.gky != null) {
            eVar.cp(this.gjj.bLe().getCode(), 8);
            eVar.cp(this.gjj.bLd().getCode(), 8);
            eVar.cp(this.gky.length, 16);
            eVar.writeBytes(this.gky);
        }
    }

    public void a(PublicKey publicKey, aj ajVar, aj ajVar2) throws x {
        boolean z;
        if (this.gky == null) {
            return;
        }
        try {
            Signature signature = Signature.getInstance(this.gjj.bLf());
            signature.initVerify(publicKey);
            a(signature, ajVar, ajVar2);
            z = signature.verify(this.gky);
        } catch (GeneralSecurityException e) {
            LOGGER.error("Could not verify the server's signature.", e);
            z = false;
        }
        if (!z) {
            throw new x("The server's ECDHE key exchange message's signature could not be verified.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, bJb()));
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.y
    public int bJh() {
        switch (this.gkz) {
            case 1:
            case 2:
                return 0;
            case 3:
                return (this.gky != null ? this.gky.length + 4 : 0) + this.gku.length + 4;
            default:
                LOGGER.e("Unknown curve type [{}]", Integer.valueOf(this.gkz));
                return 0;
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.y
    public byte[] bJj() {
        org.eclipse.californium.a.b.e eVar = new org.eclipse.californium.a.b.e();
        switch (this.gkz) {
            case 1:
            case 2:
                break;
            case 3:
                c(eVar);
                break;
            default:
                LOGGER.e("Unknown curve type [{}]", Integer.valueOf(this.gkz));
                break;
        }
        return eVar.toByteArray();
    }

    public ECPublicKey bKu() {
        return this.gkv;
    }

    @Override // org.eclipse.californium.scandium.dtls.y
    public String toString() {
        return super.toString() + "\t\tDiffie-Hellman public key: " + bKu().toString() + org.eclipse.californium.a.b.i.lineSeparator();
    }
}
