package cn.win_trust_erpc.bouncycastle.tls;

import cn.win_trust_erpc.bouncycastle.crypto.params.ECPublicKeyParameters;
import cn.win_trust_erpc.bouncycastle.crypto.signers.SM2Signer;
import cn.win_trust_erpc.bouncycastle.tls.crypto.TlsCryptoParameters;
import cn.win_trust_erpc.bouncycastle.tls.crypto.TlsEncryptor;
import cn.win_trust_erpc.bouncycastle.tls.crypto.TlsSecret;
import cn.win_trust_erpc.bouncycastle.tls.crypto.impl.bc.BcTlsCertificate;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;

/* loaded from: input_file:cn/win_trust_erpc/bouncycastle/tls/TlsSM2KeyExchange.class */
public class TlsSM2KeyExchange extends AbstractTlsKeyExchange {
    protected TlsCredentialedDecryptor serverCredentials;
    protected TlsEncryptor serverEncryptor;
    protected TlsSecret preMasterSecret;
    Certificate certificates;

    private static int checkKeyExchange(int i) {
        switch (i) {
            case 25:
                return i;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    public TlsSM2KeyExchange(int i) {
        super(checkKeyExchange(i));
        this.serverCredentials = null;
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        this.serverCredentials = TlsUtils.requireDecryptorCredentials(tlsCredentials);
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.AbstractTlsKeyExchange, cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        this.certificates = certificate;
        this.serverEncryptor = certificate.getCertificateAt(1).createEncryptor(4);
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.AbstractTlsKeyExchange, cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.AbstractTlsKeyExchange, cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public short[] getClientCertificateTypes() {
        return new short[]{256};
    }

    public static byte[] int2bytes(int i) {
        return new byte[]{(byte) ((i >>> 24) & 255), (byte) ((i >>> 16) & 255), (byte) ((i >>> 8) & 255), (byte) ((i >>> 0) & 255)};
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.AbstractTlsKeyExchange, cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        byte[] readOpaque16 = TlsUtils.readOpaque16(inputStream);
        byte[] bArr = new byte[inputStream.available()];
        try {
            BcTlsCertificate bcTlsCertificate = (BcTlsCertificate) this.certificates.getCertificateAt(0);
            SecurityParameters securityParameters = this.context.getSecurityParameters();
            ECPublicKeyParameters pubKeyEC = bcTlsCertificate.getPubKeyEC();
            SM2Signer sM2Signer = new SM2Signer();
            sM2Signer.init(false, pubKeyEC);
            sM2Signer.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
            sM2Signer.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
            sM2Signer.update(int2bytes(this.certificates.getCertificateAt(1).getEncoded().length), 1, 3);
            sM2Signer.update(this.certificates.getCertificateAt(1).getEncoded(), 0, this.certificates.getCertificateAt(1).getEncoded().length);
            if (sM2Signer.verifySignature(readOpaque16)) {
            } else {
                throw new TlsFatalAlert((short) 43);
            }
        } catch (RuntimeException e) {
            throw new TlsFatalAlert((short) 43, (Throwable) e);
        }
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        TlsUtils.requireSignerCredentials(tlsCredentials);
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        this.preMasterSecret = TlsUtils.generateEncryptedPreMasterSecret(this.context, this.serverEncryptor, outputStream);
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.AbstractTlsKeyExchange, cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        this.preMasterSecret = this.serverCredentials.decrypt(new TlsCryptoParameters(this.context), TlsUtils.readEncryptedPMS(this.context, inputStream));
    }

    @Override // cn.win_trust_erpc.bouncycastle.tls.TlsKeyExchange
    public TlsSecret generatePreMasterSecret() throws IOException {
        TlsSecret tlsSecret = this.preMasterSecret;
        this.preMasterSecret = null;
        return tlsSecret;
    }
}
