package crysec.SSL;

import crysec.MD5;
import crysec.PublicKey;
import crysec.RSAPublicKey;
import crysec.RSApkcs1;
import crysec.RandomBitsSource;
import crysec.SHA;
import crysec.Utils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:crysec/SSL/ServerKeyExchange.class */
public final class ServerKeyExchange {
    SSLState state;
    public BigInteger modulus;
    public BigInteger exponent;
    public byte[] paramBytes;
    public byte[] sigBytes;
    public RandomBitsSource rbs;

    public ServerKeyExchange(SSLState sSLState) {
        this.state = sSLState;
    }

    BigInteger getInt(InputStream inputStream, OutputStream outputStream) throws IOException {
        int inputShort = Utils.inputShort(inputStream);
        byte[] bArr = new byte[inputShort];
        Utils.inputByteArray(bArr, inputStream);
        outputStream.write((byte) (inputShort >> 8));
        outputStream.write((byte) inputShort);
        outputStream.write(bArr);
        return new BigInteger(1, bArr);
    }

    public RSAPublicKey getPublicKey() {
        return new RSAPublicKey(this.modulus, this.exponent);
    }

    public void input(InputStream inputStream) throws IOException {
        Utils.input24bit(inputStream);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.modulus = getInt(inputStream, byteArrayOutputStream);
        this.exponent = getInt(inputStream, byteArrayOutputStream);
        this.paramBytes = byteArrayOutputStream.toByteArray();
        if (this.state.serverCertType != 0) {
            this.sigBytes = new byte[Utils.inputShort(inputStream)];
            Utils.inputByteArray(this.sigBytes, inputStream);
            verifySignature();
        }
    }

    void verifySignature() throws IOException {
        PublicKey publicKey = this.state.serverCert.getPublicKey();
        if (this.state.serverCertType == 1) {
            RSApkcs1 rSApkcs1 = new RSApkcs1();
            rSApkcs1.decryptionKey = (RSAPublicKey) publicKey;
            byte[] decrypt = rSApkcs1.decrypt(this.sigBytes);
            if (decrypt == null) {
                this.state.socket.sendAlert(2, 40);
                this.state.socket.abort();
                throw new SSLException("Invalid signature");
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decrypt);
            byte[] bArr = new byte[16];
            byte[] bArr2 = new byte[20];
            Utils.inputByteArray(bArr, byteArrayInputStream);
            Utils.inputByteArray(bArr2, byteArrayInputStream);
            MD5 md5 = new MD5();
            md5.update(this.state.clientRandom);
            md5.update(this.state.serverRandom);
            md5.update(this.paramBytes);
            md5.computeCurrent();
            SHA sha = new SHA();
            sha.update(this.state.clientRandom);
            sha.update(this.state.serverRandom);
            sha.update(this.paramBytes);
            sha.computeCurrent();
            if (Utils.areEqual(md5.digestBits, bArr) && Utils.areEqual(sha.digestBits, bArr2)) {
                return;
            }
            this.state.socket.sendAlert(2, 40);
            this.state.socket.abort();
            throw new SSLException("Invalid signature");
        }
    }
}
