package com.tongweb.gmssl.jsse.security.ssl;

import java.io.PrintStream;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPublicKeySpec;
import java.util.Collection;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLKeyException;

/* loaded from: input_file:com/tongweb/gmssl/jsse/security/ssl/T.class */
public final class T extends AbstractC0001aa {
    private static final int a = 1;
    private static final int g = 2;
    private static final int h = 3;
    private int i;
    private byte[] j;
    private byte[] k;
    private ECPublicKey l;
    private C0016ap m;
    private aZ n;

    /* JADX INFO: Access modifiers changed from: package-private */
    public T(A a2, PrivateKey privateKey, byte[] bArr, byte[] bArr2, aZ aZVar, C0016ap c0016ap) {
        Signature a3;
        this.m = c0016ap;
        this.l = (ECPublicKey) a2.a();
        ECParameterSpec params = this.l.getParams();
        this.j = C0009ai.a(this.l.getW(), params.getCurve());
        this.i = bf.a(params);
        if (privateKey != null) {
            if (c0016ap.m >= C0016ap.f.m) {
                this.n = aZVar;
                a3 = C0009ai.b(aZVar.c());
            } else {
                a3 = a(privateKey.getAlgorithm());
            }
            a3.initSign(privateKey);
            a(a3, bArr, bArr2);
            this.k = a3.sign();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public T(K k, PublicKey publicKey, byte[] bArr, byte[] bArr2, Collection<aZ> collection, C0016ap c0016ap) {
        this.m = c0016ap;
        int read = k.read();
        if (read != 3) {
            throw new SSLHandshakeException("Unsupported ECCurveType: " + read);
        }
        this.i = k.c();
        if (!bf.b(this.i)) {
            throw new SSLHandshakeException("Unsupported curveId: " + this.i);
        }
        String c = bf.c(this.i);
        if (c == null) {
            throw new SSLHandshakeException("Unknown named curve: " + this.i);
        }
        ECParameterSpec i = C0009ai.i(c);
        if (i == null) {
            throw new SSLHandshakeException("Unsupported curve: " + c);
        }
        this.j = k.e();
        this.l = (ECPublicKey) C0009ai.g("EC").generatePublic(new ECPublicKeySpec(C0009ai.a(this.j, i.getCurve()), i));
        if (publicKey != null) {
            if (c0016ap.m >= C0016ap.f.m) {
                this.n = aZ.a(k.read(), k.read(), 0);
                if (!collection.contains(this.n)) {
                    throw new SSLHandshakeException("Unsupported SignatureAndHashAlgorithm in ServerKeyExchange message");
                }
            }
            this.k = k.f();
            Signature b = c0016ap.m >= C0016ap.f.m ? C0009ai.b(this.n.c()) : a(publicKey.getAlgorithm());
            b.initVerify(publicKey);
            a(b, bArr, bArr2);
            if (!b.verify(this.k)) {
                throw new SSLKeyException("Invalid signature on ECDH server key exchange message");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final ECPublicKey b() {
        return this.l;
    }

    private static Signature a(String str) {
        if (str.equals("EC")) {
            return C0009ai.b("SHA1withECDSA");
        }
        if (str.equals("RSA")) {
            return C0018ar.a();
        }
        throw new NoSuchAlgorithmException("neither an RSA or a EC key");
    }

    private void a(Signature signature, byte[] bArr, byte[] bArr2) {
        signature.update(bArr);
        signature.update(bArr2);
        signature.update((byte) 3);
        signature.update((byte) (this.i >> 8));
        signature.update((byte) this.i);
        signature.update((byte) this.j.length);
        signature.update(this.j);
    }

    @Override // com.tongweb.gmssl.jsse.security.ssl.L
    public final int c() {
        int i = 0;
        if (this.k != null) {
            i = 2 + this.k.length;
            if (this.m.m >= C0016ap.f.m) {
                i += aZ.d();
            }
        }
        return 4 + this.j.length + i;
    }

    @Override // com.tongweb.gmssl.jsse.security.ssl.L
    public final void a(C0002ab c0002ab) {
        c0002ab.a(3);
        c0002ab.b(this.i);
        c0002ab.a(this.j);
        if (this.k != null) {
            if (this.m.m >= C0016ap.f.m) {
                c0002ab.a(this.n.a());
                c0002ab.a(this.n.b());
            }
            c0002ab.b(this.k);
        }
    }

    @Override // com.tongweb.gmssl.jsse.security.ssl.L
    public final void a(PrintStream printStream) {
        printStream.println("*** ECDH ServerKeyExchange");
        if (b == null || !C0046u.b("verbose")) {
            return;
        }
        if (this.k == null) {
            printStream.println("Anonymous");
        } else if (this.m.m >= C0016ap.f.m) {
            printStream.println("Signature Algorithm " + this.n.c());
        }
        printStream.println("Server key: " + this.l);
    }

    @Override // com.tongweb.gmssl.jsse.security.ssl.AbstractC0001aa, com.tongweb.gmssl.jsse.security.ssl.L
    public final /* bridge */ /* synthetic */ int a() {
        return super.a();
    }
}
