package o;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.HandshakeMessage;
import org.eclipse.californium.scandium.dtls.ServerKeyExchange;
import org.eclipse.californium.scandium.dtls.SignatureAndHashAlgorithm;
import org.eclipse.californium.scandium.dtls.cipher.ECDHECryptography;
import org.slf4j.Logger;

/* loaded from: classes7.dex */
public final class kaz extends ServerKeyExchange {
    private static final Logger e = keo.d(kaz.class);

    /* renamed from: a, reason: collision with root package name */
    private ECPublicKey f31389a;
    private final int b;
    private byte[] c;
    private byte[] d;
    private final SignatureAndHashAlgorithm i;
    private int j;

    private kaz(SignatureAndHashAlgorithm signatureAndHashAlgorithm, int i, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.f31389a = null;
        this.d = null;
        this.c = null;
        this.j = 3;
        this.i = signatureAndHashAlgorithm;
        this.b = i;
    }

    private kaz(SignatureAndHashAlgorithm signatureAndHashAlgorithm, int i, byte[] bArr, byte[] bArr2, InetSocketAddress inetSocketAddress) throws kbe {
        this(signatureAndHashAlgorithm, i, inetSocketAddress);
        this.d = Arrays.copyOf(bArr, bArr.length);
        this.c = Arrays.copyOf(bArr2, bArr2.length);
        ECDHECryptography.SupportedGroup fromId = ECDHECryptography.SupportedGroup.fromId(i);
        if (fromId == null || !fromId.isUsable()) {
            throw new kbe(String.format("Server used unsupported elliptic curve (%d) for ECDH", Integer.valueOf(i)), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, inetSocketAddress));
        }
        try {
            this.f31389a = jzs.e(new jzw(bArr, false), fromId.getEcParams());
        } catch (GeneralSecurityException e2) {
            e.debug("Cannot re-create server's public key from params", (Throwable) e2);
            throw new kbe(String.format("Cannot re-create server's public key from params: %s", e2.getMessage()), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.INTERNAL_ERROR, inetSocketAddress));
        }
    }

    public kaz(SignatureAndHashAlgorithm signatureAndHashAlgorithm, ECDHECryptography eCDHECryptography, PrivateKey privateKey, kbs kbsVar, kbs kbsVar2, int i, InetSocketAddress inetSocketAddress) throws GeneralSecurityException {
        this(signatureAndHashAlgorithm, i, inetSocketAddress);
        this.f31389a = eCDHECryptography.c();
        this.d = ECDHECryptography.e(this.f31389a.getW(), this.f31389a.getParams().getCurve());
        Signature signature = Signature.getInstance(this.i.c());
        signature.initSign(privateKey);
        b(signature, kbsVar, kbsVar2);
        this.c = signature.sign();
    }

    private static kaz a(jzw jzwVar, InetSocketAddress inetSocketAddress) throws kbe {
        byte[] bArr;
        int e2 = jzwVar.e(16);
        byte[] b = jzwVar.b(jzwVar.e(8));
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = new SignatureAndHashAlgorithm(SignatureAndHashAlgorithm.HashAlgorithm.SHA256, SignatureAndHashAlgorithm.SignatureAlgorithm.ECDSA);
        if (jzwVar.j()) {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = new SignatureAndHashAlgorithm(jzwVar.e(8), jzwVar.e(8));
            bArr = jzwVar.b(jzwVar.e(16));
            signatureAndHashAlgorithm = signatureAndHashAlgorithm2;
        } else {
            bArr = null;
        }
        return new kaz(signatureAndHashAlgorithm, e2, b, bArr, inetSocketAddress);
    }

    private void a(Signature signature) throws SignatureException {
        signature.update((byte) 3);
        signature.update((byte) (this.b >> 8));
        signature.update((byte) this.b);
        signature.update((byte) this.d.length);
        signature.update(this.d);
    }

    private void b(Signature signature, kbs kbsVar, kbs kbsVar2) throws SignatureException {
        signature.update(kbsVar.a());
        signature.update(kbsVar2.a());
        int i = this.j;
        if (i == 1 || i == 2) {
            return;
        }
        if (i != 3) {
            e.warn("Unknown curve type [{}]", Integer.valueOf(i));
        } else {
            a(signature);
        }
    }

    public static HandshakeMessage c(jzw jzwVar, InetSocketAddress inetSocketAddress) throws kbe {
        int e2 = jzwVar.e(8);
        if (e2 == 3) {
            return a(jzwVar, inetSocketAddress);
        }
        throw new kbe(String.format("Curve type [%s] received in ServerKeyExchange message from peer [%s] is unsupported", Integer.valueOf(e2), inetSocketAddress), new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, inetSocketAddress));
    }

    private void e(jzt jztVar) {
        jztVar.c(3, 8);
        jztVar.c(this.b, 16);
        jztVar.c(this.d.length, 8);
        jztVar.d(this.d);
        if (this.c != null) {
            jztVar.c(this.i.b().getCode(), 8);
            jztVar.c(this.i.a().getCode(), 8);
            jztVar.c(this.c.length, 16);
            jztVar.d(this.c);
        }
    }

    public ECPublicKey a() {
        return this.f31389a;
    }

    public void c(PublicKey publicKey, kbs kbsVar, kbs kbsVar2) throws kbe {
        if (this.c == null) {
            return;
        }
        boolean z = false;
        try {
            Signature signature = Signature.getInstance(this.i.c());
            signature.initVerify(publicKey);
            b(signature, kbsVar, kbsVar2);
            z = signature.verify(this.c);
        } catch (GeneralSecurityException e2) {
            e.error("Could not verify the server's signature.", (Throwable) e2);
        }
        if (!z) {
            throw new kbe("The server's ECDHE key exchange message's signature could not be verified.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeer()));
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public byte[] fragmentToByteArray() {
        jzt jztVar = new jzt();
        int i = this.j;
        if (i != 1 && i != 2) {
            if (i != 3) {
                e.warn("Unknown curve type [{}]", Integer.valueOf(i));
            } else {
                e(jztVar);
            }
        }
        return jztVar.e();
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public int getMessageLength() {
        int i = this.j;
        if (i == 1 || i == 2) {
            return 0;
        }
        if (i != 3) {
            e.warn("Unknown curve type [{}]", Integer.valueOf(i));
            return 0;
        }
        byte[] bArr = this.c;
        return (bArr != null ? bArr.length + 4 : 0) + this.d.length + 4;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public String toString() {
        return super.toString() + "\t\tDiffie-Hellman public key: " + a().toString() + kah.d();
    }
}
