package anon.crypto.tinytls.keyexchange;

import anon.crypto.IMyPrivateKey;
import anon.crypto.JAPCertificate;
import anon.crypto.MyDSAPrivateKey;
import anon.crypto.MyDSAPublicKey;
import anon.crypto.MyDSASignature;
import anon.crypto.tinytls.TLSException;
import anon.crypto.tinytls.util.PRF;
import anon.crypto.tinytls.util.hash;
import anon.util.ByteArrayUtil;
import java.math.BigInteger;
import java.security.SecureRandom;
import logging.LogHolder;
import logging.LogType;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.agreement.DHBasicAgreement;
import org.bouncycastle.crypto.generators.DHKeyPairGenerator;
import org.bouncycastle.crypto.params.DHKeyGenerationParameters;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;

/* loaded from: input_file:anon/crypto/tinytls/keyexchange/DHE_DSS_Key_Exchange.class */
public class DHE_DSS_Key_Exchange extends Key_Exchange {
    private static final int MAXKEYMATERIALLENGTH = 104;
    private static final byte[] CLIENTFINISHEDLABEL = "client finished".getBytes();
    private static final byte[] SERVERFINISHEDLABEL = "server finished".getBytes();
    private static final byte[] KEYEXPANSION = "key expansion".getBytes();
    private static final byte[] MASTERSECRET = "master secret".getBytes();
    private static final BigInteger SAFEPRIME = new BigInteger("00FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF", 16);
    private static final DHParameters DH_PARAMS = new DHParameters(SAFEPRIME, new BigInteger("2"));
    private DHParameters m_dhparams;
    private DHPublicKeyParameters m_dhserverpub;
    private byte[] m_premastersecret;
    private byte[] m_mastersecret;
    private byte[] m_clientrandom;
    private byte[] m_serverrandom;
    private DHBasicAgreement m_dhe = null;

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public byte[] generateServerKeyExchange(IMyPrivateKey iMyPrivateKey, byte[] bArr, byte[] bArr2) throws TLSException {
        if (!(iMyPrivateKey instanceof MyDSAPrivateKey)) {
            throw new TLSException("wrong key type (cannot cast to MyDSAPrivateKey)");
        }
        MyDSAPrivateKey myDSAPrivateKey = (MyDSAPrivateKey) iMyPrivateKey;
        this.m_clientrandom = bArr;
        this.m_serverrandom = bArr2;
        DHKeyGenerationParameters dHKeyGenerationParameters = new DHKeyGenerationParameters(new SecureRandom(), DH_PARAMS);
        DHKeyPairGenerator dHKeyPairGenerator = new DHKeyPairGenerator();
        dHKeyPairGenerator.init(dHKeyGenerationParameters);
        AsymmetricCipherKeyPair generateKeyPair = dHKeyPairGenerator.generateKeyPair();
        DHPublicKeyParameters dHPublicKeyParameters = (DHPublicKeyParameters) generateKeyPair.getPublic();
        DHPrivateKeyParameters dHPrivateKeyParameters = (DHPrivateKeyParameters) generateKeyPair.getPrivate();
        this.m_dhe = new DHBasicAgreement();
        this.m_dhe.init(dHPrivateKeyParameters);
        byte[] conc = ByteArrayUtil.conc(ByteArrayUtil.conc(ByteArrayUtil.inttobyte(r0.length, 2), dHPublicKeyParameters.getParameters().getP().toByteArray()), ByteArrayUtil.conc(ByteArrayUtil.inttobyte(r0.length, 2), dHPublicKeyParameters.getParameters().getG().toByteArray()), ByteArrayUtil.conc(ByteArrayUtil.inttobyte(r0.length, 2), dHPublicKeyParameters.getY().toByteArray()));
        byte[] conc2 = ByteArrayUtil.conc(bArr, bArr2, conc);
        MyDSASignature myDSASignature = new MyDSASignature();
        try {
            myDSASignature.initSign(myDSAPrivateKey);
            return ByteArrayUtil.conc(conc, ByteArrayUtil.inttobyte(r0.length, 2), myDSASignature.sign(conc2));
        } catch (Exception e) {
            throw new TLSException(new StringBuffer().append("wrong key type (cannot init signature algorithm (").append(e.getMessage()).append("))").toString());
        }
    }

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public void processServerKeyExchange(byte[] bArr, int i, int i2, byte[] bArr2, byte[] bArr3, JAPCertificate jAPCertificate) throws TLSException {
        this.m_clientrandom = bArr2;
        this.m_serverrandom = bArr3;
        int i3 = ((bArr[i] & 255) << 8) | (bArr[i + 1] & 255);
        int i4 = i + 2;
        byte[] copy = ByteArrayUtil.copy(bArr, i4, i3);
        int i5 = i4 + i3;
        BigInteger bigInteger = new BigInteger(1, copy);
        LogHolder.log(7, LogType.MISC, new StringBuffer().append("[SERVER_KEY_EXCHANGE] DH_P = ").append(bigInteger.toString()).toString());
        int i6 = ((bArr[i5] & 255) << 8) | (bArr[i5 + 1] & 255);
        int i7 = i5 + 2;
        byte[] copy2 = ByteArrayUtil.copy(bArr, i7, i6);
        int i8 = i7 + i6;
        BigInteger bigInteger2 = new BigInteger(1, copy2);
        LogHolder.log(7, LogType.MISC, new StringBuffer().append("[SERVER_KEY_EXCHANGE] DH_G = ").append(bigInteger2.toString()).toString());
        int i9 = ((bArr[i8] & 255) << 8) | (bArr[i8 + 1] & 255);
        int i10 = i8 + 2;
        byte[] copy3 = ByteArrayUtil.copy(bArr, i10, i9);
        int i11 = i10 + i9;
        BigInteger bigInteger3 = new BigInteger(1, copy3);
        LogHolder.log(7, LogType.MISC, new StringBuffer().append("[SERVER_KEY_EXCHANGE] DH_Ys = ").append(bigInteger3.toString()).toString());
        this.m_dhparams = new DHParameters(bigInteger, bigInteger2);
        this.m_dhserverpub = new DHPublicKeyParameters(bigInteger3, this.m_dhparams);
        byte[] conc = ByteArrayUtil.conc(bArr2, bArr3, ByteArrayUtil.copy(bArr, i, i11 - i));
        int i12 = ((bArr[i11] & 255) << 8) | (bArr[i11 + 1] & 255);
        int i13 = i11 + 2;
        MyDSASignature myDSASignature = new MyDSASignature();
        if (!(jAPCertificate.getPublicKey() instanceof MyDSAPublicKey)) {
            throw new TLSException("cannot decode certificate");
        }
        try {
            myDSASignature.initVerify((MyDSAPublicKey) jAPCertificate.getPublicKey());
        } catch (Exception e) {
        }
        if (myDSASignature.verify(conc, 0, conc.length, bArr, i13, i12)) {
            LogHolder.log(7, LogType.MISC, "[SERVER_KEY_EXCHANGE] Signature ok");
        } else {
            LogHolder.log(7, LogType.MISC, "[SERVER_KEY_EXCHANGE] Signature wrong");
            throw new TLSException("wrong Signature", 2, 21);
        }
    }

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public byte[] calculateServerFinished(byte[] bArr) {
        return new PRF(this.m_mastersecret, SERVERFINISHEDLABEL, ByteArrayUtil.conc(hash.md5(bArr), hash.sha(bArr))).calculate(12);
    }

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public void processServerFinished(byte[] bArr, int i, byte[] bArr2) throws TLSException {
        byte[] calculate = new PRF(this.m_mastersecret, SERVERFINISHEDLABEL, ByteArrayUtil.conc(hash.md5(bArr2), hash.sha(bArr2))).calculate(12);
        if (bArr[0] != 20 || bArr[1] != 0 || bArr[2] != 0 || bArr[3] != 12) {
            throw new TLSException("wrong Server Finished message recieved", 2, 10);
        }
        for (int i2 = 0; i2 < calculate.length; i2++) {
            if (calculate[i2] != bArr[i2 + 4]) {
                throw new TLSException("wrong Server Finished message recieved", 2, 20);
            }
        }
    }

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public void processClientKeyExchange(BigInteger bigInteger) {
        this.m_premastersecret = this.m_dhe.calculateAgreement(new DHPublicKeyParameters(bigInteger, DH_PARAMS)).toByteArray();
        if (this.m_premastersecret[0] == 0) {
            this.m_premastersecret = ByteArrayUtil.copy(this.m_premastersecret, 1, this.m_premastersecret.length - 1);
        }
        this.m_mastersecret = new PRF(this.m_premastersecret, MASTERSECRET, ByteArrayUtil.conc(this.m_clientrandom, this.m_serverrandom)).calculate(48);
        this.m_premastersecret = null;
    }

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public byte[] calculateClientKeyExchange() throws TLSException {
        DHKeyGenerationParameters dHKeyGenerationParameters = new DHKeyGenerationParameters(new SecureRandom(), this.m_dhparams);
        DHKeyPairGenerator dHKeyPairGenerator = new DHKeyPairGenerator();
        dHKeyPairGenerator.init(dHKeyGenerationParameters);
        AsymmetricCipherKeyPair generateKeyPair = dHKeyPairGenerator.generateKeyPair();
        DHPublicKeyParameters dHPublicKeyParameters = (DHPublicKeyParameters) generateKeyPair.getPublic();
        DHPrivateKeyParameters dHPrivateKeyParameters = (DHPrivateKeyParameters) generateKeyPair.getPrivate();
        DHBasicAgreement dHBasicAgreement = new DHBasicAgreement();
        dHBasicAgreement.init(dHPrivateKeyParameters);
        this.m_premastersecret = dHBasicAgreement.calculateAgreement(this.m_dhserverpub).toByteArray();
        if (this.m_premastersecret[0] == 0) {
            this.m_premastersecret = ByteArrayUtil.copy(this.m_premastersecret, 1, this.m_premastersecret.length - 1);
        }
        this.m_mastersecret = new PRF(this.m_premastersecret, MASTERSECRET, ByteArrayUtil.conc(this.m_clientrandom, this.m_serverrandom)).calculate(48);
        this.m_premastersecret = null;
        return dHPublicKeyParameters.getY().toByteArray();
    }

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public void processClientFinished(byte[] bArr, byte[] bArr2) throws TLSException {
        new PRF(this.m_mastersecret, CLIENTFINISHEDLABEL, ByteArrayUtil.conc(hash.md5(bArr2), hash.sha(bArr2)));
    }

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public byte[] calculateClientFinished(byte[] bArr) throws TLSException {
        return new PRF(this.m_mastersecret, CLIENTFINISHEDLABEL, ByteArrayUtil.conc(hash.md5(bArr), hash.sha(bArr))).calculate(12);
    }

    @Override // anon.crypto.tinytls.keyexchange.Key_Exchange
    public byte[] calculateKeys() {
        return new PRF(this.m_mastersecret, KEYEXPANSION, ByteArrayUtil.conc(this.m_serverrandom, this.m_clientrandom)).calculate(104);
    }
}
