package kl.ssl.gmvpn;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import kl.ssl.gmvpn.crypto.SM2CipherText;
import kl.ssl.gmvpn.crypto.TlsCertificate;
import kl.ssl.gmvpn.crypto.TlsCryptoParameters;
import kl.ssl.gmvpn.crypto.TlsSecret;
import org.bouncycastle.asn1.ASN1Primitive;

/* loaded from: classes2.dex */
public class TlsSM2KeyExchange extends AbstractTlsKeyExchange {
    public TlsSecret preMasterSecret;
    public TlsCertificate serverCertificate;
    public TlsCertificate serverCertificateEnc;
    public TlsCredentialedSignerAndDecryptor serverCredentials;

    public TlsSM2KeyExchange(int i2) {
        super(checkKeyExchange(i2));
        this.serverCredentials = null;
    }

    public static int checkKeyExchange(int i2) {
        if (i2 == 2) {
            return i2;
        }
        throw new IllegalArgumentException("unsupported key exchange algorithm");
    }

    @Override // kl.ssl.gmvpn.TlsKeyExchange
    public void generateClientKeyExchange(OutputStream outputStream) throws IOException {
        this.preMasterSecret = TlsSM2Utils.generateEncryptedPreMasterSecret(this.context, this.serverCertificateEnc, outputStream);
    }

    @Override // kl.ssl.gmvpn.TlsKeyExchange
    public TlsSecret generatePreMasterSecret() throws IOException {
        TlsSecret tlsSecret = this.preMasterSecret;
        this.preMasterSecret = null;
        return tlsSecret;
    }

    @Override // kl.ssl.gmvpn.AbstractTlsKeyExchange, kl.ssl.gmvpn.TlsKeyExchange
    public byte[] generateServerKeyExchange() throws IOException {
        if (!requiresServerKeyExchange()) {
            return null;
        }
        this.context.getSecurityParameters();
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        TlsUtils.generateServerKeyExchangeSignature(this.context, this.serverCredentials, digestInputBuffer);
        return digestInputBuffer.toByteArray();
    }

    @Override // kl.ssl.gmvpn.AbstractTlsKeyExchange, kl.ssl.gmvpn.TlsKeyExchange
    public short[] getClientCertificateTypes() {
        return new short[]{1, 64};
    }

    @Override // kl.ssl.gmvpn.TlsKeyExchange
    public void processClientCredentials(TlsCredentials tlsCredentials) throws IOException {
        TlsUtils.requireSignerCredentials(tlsCredentials);
    }

    @Override // kl.ssl.gmvpn.AbstractTlsKeyExchange, kl.ssl.gmvpn.TlsKeyExchange
    public void processClientKeyExchange(InputStream inputStream) throws IOException {
        SM2CipherText sM2CipherText = SM2CipherText.getInstance(ASN1Primitive.fromByteArray(TlsUtils.readOpaque16(inputStream)));
        byte[] bArr = new byte[sM2CipherText.getCipherText().length + 97];
        byte[] byteArray = sM2CipherText.getXCoordinate().toByteArray();
        byte[] byteArray2 = sM2CipherText.getYCoordinate().toByteArray();
        byte[] hash = sM2CipherText.getHash();
        byte[] cipherText = sM2CipherText.getCipherText();
        bArr[0] = 4;
        if (byteArray.length < 32) {
            System.arraycopy(byteArray, 0, bArr, (32 - byteArray.length) + 1, byteArray.length);
        } else {
            System.arraycopy(byteArray, byteArray.length - 32, bArr, 1, 32);
        }
        if (byteArray2.length < 32) {
            System.arraycopy(byteArray2, 0, bArr, (64 - byteArray2.length) + 1, byteArray2.length);
        } else {
            System.arraycopy(byteArray2, byteArray2.length - 32, bArr, 33, 32);
        }
        System.arraycopy(cipherText, 0, bArr, 65, cipherText.length);
        System.arraycopy(hash, 0, bArr, cipherText.length + 65, hash.length);
        this.preMasterSecret = this.serverCredentials.decrypt(new TlsCryptoParameters(this.context), bArr);
    }

    @Override // kl.ssl.gmvpn.AbstractTlsKeyExchange, kl.ssl.gmvpn.TlsKeyExchange
    public void processServerCertificate(Certificate certificate) throws IOException {
        this.serverCertificate = certificate.getCertificateAt(0).useInRole(0, 2);
        this.serverCertificateEnc = certificate.getCertificateAt(1).useInRole(0, 2);
    }

    @Override // kl.ssl.gmvpn.TlsKeyExchange
    public void processServerCredentials(TlsCredentials tlsCredentials) throws IOException {
        this.serverCredentials = TlsUtils.requireSignerAndDecryptorCredentials(tlsCredentials);
    }

    @Override // kl.ssl.gmvpn.AbstractTlsKeyExchange, kl.ssl.gmvpn.TlsKeyExchange
    public void processServerKeyExchange(InputStream inputStream) throws IOException {
        DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
        byte[] encoded = this.serverCertificateEnc.getEncoded();
        TlsUtils.writeUint24(encoded.length, digestInputBuffer);
        digestInputBuffer.write(encoded);
        TlsUtils.verifyServerKeyExchangeSignature(this.context, inputStream, this.serverCertificate, digestInputBuffer);
    }

    @Override // kl.ssl.gmvpn.AbstractTlsKeyExchange, kl.ssl.gmvpn.TlsKeyExchange
    public boolean requiresServerKeyExchange() {
        return true;
    }

    @Override // kl.ssl.gmvpn.TlsKeyExchange
    public void skipServerCredentials() throws IOException {
        throw new TlsFatalAlert((short) 80);
    }
}
