package ru.CryptoPro.ssl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPublicKeySpec;
import java.util.Collection;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public final class cl_51 extends cl_57 {
    cl_79 e;
    private int f;
    private byte[] g;
    private byte[] h;
    private ECPublicKey i;
    private cl_108 j;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_51(cl_25 cl_25Var, PrivateKey privateKey, byte[] bArr, byte[] bArr2, SecureRandom secureRandom, cl_108 cl_108Var, cl_79 cl_79Var) throws GeneralSecurityException {
        Signature a2;
        this.e = cl_79Var;
        ECPublicKey eCPublicKey = (ECPublicKey) cl_25Var.a();
        this.i = eCPublicKey;
        ECParameterSpec params = eCPublicKey.getParams();
        this.g = cl_68.a(this.i.getW(), params.getCurve());
        this.f = cl_111.a(params);
        if (privateKey == null) {
            return;
        }
        if (cl_79Var.k >= cl_79.f.k) {
            this.j = cl_108Var;
            a2 = cl_68.b(cl_108Var.c());
        } else {
            a2 = a(privateKey.getAlgorithm());
        }
        a2.initSign(privateKey);
        a(a2, bArr, bArr2);
        this.h = a2.sign();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_51(cl_42 cl_42Var, PublicKey publicKey, byte[] bArr, byte[] bArr2, Collection collection, cl_79 cl_79Var) throws IOException, GeneralSecurityException {
        this.e = cl_79Var;
        int b = cl_42Var.b();
        if (b != 3) {
            throw new SSLHandshakeException("Unsupported ECCurveType: " + b);
        }
        int c = cl_42Var.c();
        this.f = c;
        if (!cl_111.b(c)) {
            throw new SSLHandshakeException("Unsupported curveId: " + this.f);
        }
        String c2 = cl_111.c(this.f);
        if (c2 == null) {
            throw new SSLHandshakeException("Unknown named curve: " + this.f);
        }
        ECParameterSpec i = cl_68.i(c2);
        if (i == null) {
            throw new SSLHandshakeException("Unsupported curve: " + c2);
        }
        byte[] e = cl_42Var.e();
        this.g = e;
        this.i = (ECPublicKey) cl_68.g("EC").generatePublic(new ECPublicKeySpec(cl_68.a(e, i.getCurve()), i));
        if (publicKey == null) {
            return;
        }
        if (cl_79Var.k >= cl_79.f.k) {
            cl_108 a2 = cl_108.a(cl_42Var.b(), cl_42Var.b(), 0);
            this.j = a2;
            if (!collection.contains(a2)) {
                throw new SSLHandshakeException("Unsupported SignatureAndHashAlgorithm in ServerKeyExchange message");
            }
        }
        this.h = cl_42Var.f();
        Signature b2 = cl_79Var.k >= cl_79.f.k ? cl_68.b(this.j.c()) : a(publicKey.getAlgorithm());
        b2.initVerify(publicKey);
        a(b2, bArr, bArr2);
        if (!b2.verify(this.h)) {
            throw new SSLKeyException("Invalid signature on ECDH server key exchange message");
        }
    }

    private static Signature a(String str) throws NoSuchAlgorithmException {
        if (str.equals("EC")) {
            return cl_68.b("SHA1withECDSA");
        }
        if (str.equals("RSA")) {
            return cl_81.a();
        }
        throw new NoSuchAlgorithmException("neither an RSA or a EC key");
    }

    private void a(Signature signature, byte[] bArr, byte[] bArr2) throws SignatureException {
        signature.update(bArr);
        signature.update(bArr2);
        signature.update((byte) 3);
        signature.update((byte) (this.f >> 8));
        signature.update((byte) this.f);
        signature.update((byte) this.g.length);
        signature.update(this.g);
    }

    @Override // ru.CryptoPro.ssl.cl_43
    void a(cl_58 cl_58Var) throws IOException {
        cl_58Var.a(3);
        cl_58Var.b(this.f);
        cl_58Var.a(this.g);
        if (this.h != null) {
            if (this.e.k >= cl_79.f.k) {
                cl_58Var.a(this.j.a());
                cl_58Var.a(this.j.b());
            }
            cl_58Var.b(this.h);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ECPublicKey b() {
        return this.i;
    }

    @Override // ru.CryptoPro.ssl.cl_43
    int c() {
        int i;
        byte[] bArr = this.h;
        if (bArr != null) {
            i = bArr.length + 2;
            if (this.e.k >= cl_79.f.k) {
                i += cl_108.d();
            }
        } else {
            i = 0;
        }
        return this.g.length + 4 + i;
    }

    @Override // ru.CryptoPro.ssl.cl_43
    String d() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("*** ECDH ServerKeyExchange\n");
        if (this.h == null) {
            stringBuffer.append("Anonymous\n");
        } else if (this.e.k >= cl_79.f.k) {
            stringBuffer.append("Signature Algorithm ");
            stringBuffer.append(this.j.c());
            stringBuffer.append("\n");
        }
        stringBuffer.append("Server key: ");
        stringBuffer.append(this.i);
        stringBuffer.append("\n");
        return stringBuffer.toString();
    }
}
