package cfca.sadk.tls.sun.security.ssl.message;

import cfca.sadk.org.bouncycastle.jce.interfaces.ECPublicKey;
import cfca.sadk.org.bouncycastle.jce.spec.ECParameterSpec;
import cfca.sadk.tls.pure.ISignature;
import cfca.sadk.tls.pure.impl.SM2Helper;
import cfca.sadk.tls.pure.impl.SM2Signature;
import cfca.sadk.tls.sun.security.ssl.HandshakeInStream;
import cfca.sadk.tls.sun.security.ssl.HandshakeOutStream;
import cfca.sadk.tls.sun.security.ssl.ProtocolVersion;
import cfca.sadk.tls.sun.security.ssl.RandomCookie;
import cfca.sadk.tls.sun.security.ssl.sec.ECDHCrypt;
import cfca.sadk.tls.sun.security.ssl.sec.ECDHParams;
import cfca.sadk.tls.sun.security.ssl.sec.ECNamedCurve;
import cfca.sadk.tls.sun.security.ssl.sec.SSLCredentials;
import cfca.sadk.tls.sun.security.ssl.sec.SignatureAndHashAlgorithm;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.Collection;
import javax.net.ssl.SSLKeyException;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/ServerKeyExchange.class */
public abstract class ServerKeyExchange extends HandshakeMessage {

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/ServerKeyExchange$SKEPKEA.class */
    public static final class SKEPKEA extends ServerKeyExchange {
        private ISignature signature = new SM2Signature();
        private byte[] signatureBytes;

        public SKEPKEA(String str, SSLCredentials sSLCredentials, RandomCookie randomCookie, RandomCookie randomCookie2, Certificate certificate) throws Exception {
            this.signature.initSign(sSLCredentials.privateKey);
            signatureUpdate(randomCookie, randomCookie2, certificate);
            this.signatureBytes = this.signature.sign();
        }

        public SKEPKEA(String str, HandshakeInStream handshakeInStream) throws Exception {
            this.signatureBytes = handshakeInStream.getBytes16();
        }

        final void signatureUpdate(RandomCookie randomCookie, RandomCookie randomCookie2, Certificate certificate) throws Exception {
            byte[] encoded = certificate.getEncoded();
            int length = encoded.length;
            this.signature.update(randomCookie.random);
            this.signature.update(randomCookie2.random);
            this.signature.update((byte) (length >> 16));
            this.signature.update((byte) (length >> 8));
            this.signature.update((byte) length);
            this.signature.update(encoded);
        }

        public final boolean verify(SSLCredentials sSLCredentials, RandomCookie randomCookie, RandomCookie randomCookie2, Certificate certificate) throws Exception {
            this.signature.initVerify(sSLCredentials.publicKey);
            signatureUpdate(randomCookie, randomCookie2, certificate);
            return this.signature.verify(this.signatureBytes);
        }

        @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
        int messageLength() {
            return 2 + this.signatureBytes.length;
        }

        @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.putBytes16(this.signatureBytes);
        }

        public String toString() {
            return "\n***  ServerKeyExchangePKEA SM2\n***";
        }
    }

    /* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/ServerKeyExchange$SKESM2DHE.class */
    public static final class SKESM2DHE extends ServerKeyExchange {
        private int curveType;
        private ISignature signature;
        private byte[] ecParametersBytes;
        private byte[] pointBytes;
        private byte[] signatureBytes;
        private ECParameterSpec ecParameters;
        private ECPublicKey publicKey;

        public SKESM2DHE(ECDHCrypt eCDHCrypt, PrivateKey privateKey, RandomCookie randomCookie, RandomCookie randomCookie2, SecureRandom secureRandom, SignatureAndHashAlgorithm signatureAndHashAlgorithm, ProtocolVersion protocolVersion) throws SecurityException {
            this.curveType = 3;
            this.curveType = 3;
            this.publicKey = eCDHCrypt.getPublicKey();
            this.ecParameters = this.publicKey.getParameters();
            this.ecParametersBytes = ECDHParams.getECParametersBytes(this.ecParameters, this.curveType);
            this.pointBytes = ECNamedCurve.encodePoint(this.publicKey.getQ(), this.ecParameters.getCurve());
            this.signature = new SM2Signature();
            this.signature.initSign(privateKey);
            signatureUpdate(randomCookie.random, randomCookie2.random);
            this.signatureBytes = this.signature.sign();
        }

        public SKESM2DHE(HandshakeInStream handshakeInStream, PublicKey publicKey, RandomCookie randomCookie, RandomCookie randomCookie2, Collection<SignatureAndHashAlgorithm> collection, ProtocolVersion protocolVersion) throws IOException, SecurityException {
            this.curveType = 3;
            this.curveType = handshakeInStream.getInt8();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.ecParameters = ECDHParams.readECParameters(byteArrayOutputStream, this.curveType, handshakeInStream);
            this.ecParametersBytes = byteArrayOutputStream.toByteArray();
            this.pointBytes = handshakeInStream.getBytes8();
            this.publicKey = SM2Helper.formPublicKey(this.pointBytes);
            this.signatureBytes = handshakeInStream.getBytes16();
            this.signature = new SM2Signature();
            this.signature.initVerify(publicKey);
            signatureUpdate(randomCookie.random, randomCookie2.random);
            if (!this.signature.verify(this.signatureBytes)) {
                throw new SSLKeyException("Invalid signature on ECDH server key exchange message");
            }
        }

        public ECPublicKey getEphemeralPublicKey() {
            return this.publicKey;
        }

        final void signatureUpdate(byte[] bArr, byte[] bArr2) throws SecurityException {
            this.signature.update(bArr);
            this.signature.update(bArr2);
            this.signature.update(this.ecParametersBytes);
            this.signature.update((byte) this.pointBytes.length);
            this.signature.update(this.pointBytes);
        }

        @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
        int messageLength() {
            int i = 0;
            if (this.signatureBytes != null) {
                i = 2 + this.signatureBytes.length;
            }
            return this.ecParametersBytes.length + 1 + this.pointBytes.length + i;
        }

        @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
        void send(HandshakeOutStream handshakeOutStream) throws IOException {
            handshakeOutStream.write(this.ecParametersBytes);
            handshakeOutStream.putBytes8(this.pointBytes);
            handshakeOutStream.putBytes16(this.signatureBytes);
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append('\n');
            sb.append("*** ECDH ServerKeyExchange");
            sb.append('\n');
            sb.append("Server key: ").append(this.publicKey);
            sb.append("\n***");
            return sb.toString();
        }
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    public final int messageType() {
        return 12;
    }
}
