package com.bes.enterprise.cipher.gmssl;

import com.bes.enterprise.cipher.gmssl.crypto.TlsCryptoParameters;
import com.bes.enterprise.cipher.gmssl.crypto.TlsECConfig;
import com.bes.enterprise.cipher.gmssl.crypto.TlsSecret;
import com.bes.enterprise.cipher.gmssl.crypto.TlsVerifier;
import com.bes.enterprise.cipher.gmssl.crypto.impl.jcajce.GMSSLSignerAndDecryptor;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Vector;

/* loaded from: input_file:com/bes/enterprise/cipher/gmssl/GMSM2KeyExchange.class */
public class GMSM2KeyExchange extends TlsECDHKeyExchange {
    protected GMSSLSignerAndDecryptor serverCredentials;
    protected Certificate serverCertificate;
    protected TlsVerifier verifier;
    protected TlsSecret preMasterSecret;

    private static int checkKeyExchange(int i) {
        switch (i) {
            case 25:
                return i;
            default:
                throw new IllegalArgumentException("unsupported key exchange algorithm");
        }
    }

    public GMSM2KeyExchange(int i, Vector vector, TlsECConfigVerifier tlsECConfigVerifier, short[] sArr, short[] sArr2) {
        super(checkKeyExchange(i), vector, tlsECConfigVerifier, sArr, sArr2);
        this.serverCredentials = null;
        this.serverCertificate = null;
        this.verifier = null;
    }

    public GMSM2KeyExchange(int i, Vector vector, TlsECConfig tlsECConfig, short[] sArr) {
        super(checkKeyExchange(i), vector, tlsECConfig, sArr);
        this.serverCredentials = null;
        this.serverCertificate = null;
        this.verifier = null;
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.AbstractTlsKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsCredentialedSigner)) {
            throw new TlsFatalAlert((short) 80);
        }
        this.serverCredentials = (GMSSLSignerAndDecryptor) tlsCredentials;
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.AbstractTlsKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        if (certificate.isEmpty()) {
            throw new TlsFatalAlert((short) 42);
        }
        checkServerCertSigAlg(certificate);
        this.verifier = certificate.getCertificateAt(0).createVerifier(TlsUtils.getSignatureAlgorithm(this.keyExchange));
        this.serverCertificate = certificate;
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.AbstractTlsKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        TlsUtils.generateGMServerKeyExchangeSignature(this.context, this.serverCredentials, digestInputBuffer).encode(this.context, digestInputBuffer);
        return digestInputBuffer.toByteArray();
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.AbstractTlsKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        TlsUtils.verifyGMServerKeyExchangeSignature(this.context, this.serverCertificate, this.verifier, new DigestInputBuffer(), parseSignature(inputStream));
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.AbstractTlsKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public short[] getClientCertificateTypes() {
        return new short[]{1, 64, 80};
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        if (!(tlsCredentials instanceof TlsCredentialedSigner)) {
            throw new TlsFatalAlert((short) 80);
        }
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        this.preMasterSecret = TlsRSAUtils.generateEncryptedPreMasterSecret(this.context, this.serverCertificate.getCertificateAt(1), outputStream);
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.AbstractTlsKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        this.preMasterSecret = this.serverCredentials.decrypt(new TlsCryptoParameters(this.context), TlsUtils.readOpaque16(inputStream));
    }

    @Override // com.bes.enterprise.cipher.gmssl.TlsECDHKeyExchange, com.bes.enterprise.cipher.gmssl.TlsKeyExchange
    public TlsSecret generatePreMasterSecret() throws IOException {
        if (this.preMasterSecret != null) {
            return this.preMasterSecret;
        }
        throw new TlsFatalAlert((short) 80);
    }
}
