package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.ECDHServerKeyExchange;
import org.eclipse.californium.scandium.dtls.cipher.RandomManager;
import org.eclipse.californium.scandium.dtls.cipher.XECDHECryptography;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public final class EcdhEcdsaServerKeyExchange extends ECDHServerKeyExchange {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) EcdhEcdsaServerKeyExchange.class);
    private final SignatureAndHashAlgorithm signatureAndHashAlgorithm;
    private final byte[] signatureEncoded;

    private EcdhEcdsaServerKeyExchange(SignatureAndHashAlgorithm signatureAndHashAlgorithm, XECDHECryptography.SupportedGroup supportedGroup, byte[] bArr, byte[] bArr2, InetSocketAddress inetSocketAddress) {
        super(supportedGroup, bArr, inetSocketAddress);
        if (signatureAndHashAlgorithm == null && bArr2 != null) {
            throw new NullPointerException("signature and hash algorithm cannot be null");
        }
        if (signatureAndHashAlgorithm != null && bArr2 == null) {
            throw new NullPointerException("signature cannot be null");
        }
        this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
        this.signatureEncoded = bArr2;
    }

    public EcdhEcdsaServerKeyExchange(SignatureAndHashAlgorithm signatureAndHashAlgorithm, XECDHECryptography xECDHECryptography, PrivateKey privateKey, Random random, Random random2, InetSocketAddress inetSocketAddress) throws GeneralSecurityException {
        super(xECDHECryptography.getSupportedGroup(), xECDHECryptography.getEncodedPoint(), inetSocketAddress);
        if (signatureAndHashAlgorithm == null) {
            throw new NullPointerException("signature and hash algorithm cannot be null");
        }
        this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
        Signature currentWithCause = signatureAndHashAlgorithm.getThreadLocalSignature().currentWithCause();
        currentWithCause.initSign(privateKey, RandomManager.currentSecureRandom());
        updateSignature(currentWithCause, random, random2);
        this.signatureEncoded = currentWithCause.sign();
    }

    public static HandshakeMessage fromReader(DatagramReader datagramReader, InetSocketAddress inetSocketAddress) throws HandshakeException {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
        byte[] bArr;
        ECDHServerKeyExchange.EcdhData readNamedCurve = ECDHServerKeyExchange.readNamedCurve(datagramReader, inetSocketAddress);
        if (datagramReader.bytesAvailable()) {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = new SignatureAndHashAlgorithm(datagramReader.read(8), datagramReader.read(8));
            bArr = datagramReader.readBytes(datagramReader.read(16));
            signatureAndHashAlgorithm = signatureAndHashAlgorithm2;
        } else {
            signatureAndHashAlgorithm = null;
            bArr = null;
        }
        return new EcdhEcdsaServerKeyExchange(signatureAndHashAlgorithm, readNamedCurve.supportedGroup, readNamedCurve.encodedPoint, bArr, inetSocketAddress);
    }

    private void updateSignature(Signature signature, Random random, Random random2) throws SignatureException {
        signature.update(random.getBytes());
        signature.update(random2.getBytes());
        updateSignatureForNamedCurve(signature);
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public byte[] fragmentToByteArray() {
        DatagramWriter datagramWriter = new DatagramWriter();
        writeNamedCurve(datagramWriter);
        if (this.signatureEncoded != null) {
            datagramWriter.write(this.signatureAndHashAlgorithm.getHash().getCode(), 8);
            datagramWriter.write(this.signatureAndHashAlgorithm.getSignature().getCode(), 8);
            datagramWriter.write(this.signatureEncoded.length, 16);
            datagramWriter.writeBytes(this.signatureEncoded);
        }
        return datagramWriter.toByteArray();
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public int getMessageLength() {
        byte[] bArr = this.signatureEncoded;
        return getNamedCurveLength() + (bArr == null ? 0 : bArr.length + 4);
    }

    @Override // org.eclipse.californium.scandium.dtls.ECDHServerKeyExchange, org.eclipse.californium.scandium.dtls.HandshakeMessage
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString());
        if (this.signatureEncoded != null) {
            sb.append("\t\tSignature: ");
        }
        sb.append(this.signatureAndHashAlgorithm.toString());
        sb.append("-");
        sb.append(StringUtil.byteArray2HexString(this.signatureEncoded, (char) 0, 10));
        sb.append(StringUtil.lineSeparator());
        return sb.toString();
    }

    public void verifySignature(PublicKey publicKey, Random random, Random random2) throws HandshakeException {
        boolean z;
        if (this.signatureEncoded == null) {
            throw new HandshakeException("The server's ECDHE key exchange message has no signature.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeer()));
        }
        try {
            Signature currentWithCause = this.signatureAndHashAlgorithm.getThreadLocalSignature().currentWithCause();
            currentWithCause.initVerify(publicKey);
            updateSignature(currentWithCause, random, random2);
            z = currentWithCause.verify(this.signatureEncoded);
        } catch (GeneralSecurityException e) {
            LOGGER.error("Could not verify the server's signature.", (Throwable) e);
            z = false;
        }
        if (!z) {
            throw new HandshakeException("The server's ECDHE key exchange message's signature could not be verified.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeer()));
        }
    }
}
