package org.bouncycastle.tls;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.tls.crypto.TlsVerifier;
import org.bouncycastle.tls.crypto.impl.bc.BcSM2TlsCredentialedSignerAndDecryptor;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:org/bouncycastle/tls/TlsSM2KeyExchange.class */
public class TlsSM2KeyExchange extends AbstractTlsKeyExchange {
    protected BcSM2TlsCredentialedSignerAndDecryptor serverCredentials;
    protected Certificate serverCertificate;
    protected TlsSecret preMasterSecret;
    protected TlsVerifier verifier;

    public TlsSM2KeyExchange(Vector vector) {
        super(26, vector);
        this.serverCredentials = null;
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof BcSM2TlsCredentialedSignerAndDecryptor)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.serverCredentials = (BcSM2TlsCredentialedSignerAndDecryptor) tlsCredentials;
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        checkServerCertSigAlg(certificate);
        for (TlsCertificate tlsCertificate : certificate.getCertificateList()) {
            System.out.println("IMSSDK, serverCertificate:" + Base64.toBase64String(tlsCertificate.getEncoded()));
        }
        if (null == certificate.getCertificateAt(1).useInRole(0, this.keyExchange)) {
            throw new TlsFatalAlert((short) 43);
        }
        this.serverCertificate = certificate;
        System.out.println("IMSSDK, keyExchange:" + this.keyExchange);
        this.verifier = certificate.getCertificateAt(0).createVerifier(TlsUtils.getSignatureAlgorithm(this.keyExchange));
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public short[] getClientCertificateTypes() {
        return new short[]{1, 2, 64};
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsCredentialedSigner)) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        digestInputBuffer.write(this.serverCredentials.getCertificate().getCertificateAt(1).getEncoded());
        return TlsUtils.generateServerKeyExchangeSignature(this.context, this.serverCredentials, digestInputBuffer).signature;
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        System.out.println("IMSSDK, processServerKeyExchange");
        byte[] readOpaque16 = TlsUtils.readOpaque16(inputStream);
        System.out.println("IMSSDK, signature:" + Base64.toBase64String(readOpaque16));
        DigitallySigned digitallySigned = new DigitallySigned(new SignatureAndHashAlgorithm((short) 7, (short) 4), readOpaque16);
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        byte[] encoded = this.serverCertificate.getCertificateAt(1).getEncoded();
        byte[] bArr = new byte[encoded.length + 3];
        bArr[0] = (byte) ((encoded.length >>> 16) & CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
        bArr[1] = (byte) ((encoded.length >>> 8) & CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
        bArr[2] = (byte) (encoded.length & CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
        System.arraycopy(encoded, 0, bArr, 3, encoded.length);
        digestInputBuffer.write(bArr);
        TlsUtils.verifyServerKeyExchangeSignature(this.context, this.verifier, digestInputBuffer, digitallySigned);
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        this.preMasterSecret = TlsSM2Utils.generateEncryptedPreMasterSecret(this.context, this.serverCertificate.getCertificateAt(1), outputStream);
    }

    @Override // org.bouncycastle.tls.AbstractTlsKeyExchange, org.bouncycastle.tls.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        this.preMasterSecret = this.serverCredentials.decrypt(new TlsCryptoParameters(this.context), TlsUtils.readOpaque16(inputStream));
    }

    @Override // org.bouncycastle.tls.TlsKeyExchange
    public TlsSecret generatePreMasterSecret() throws IOException {
        TlsSecret tlsSecret = this.preMasterSecret;
        this.preMasterSecret = null;
        return tlsSecret;
    }
}
