package org.spongycastle.tls.crypto.impl.jcajce;

import a.b;
import a3.s;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPublicKey;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.DigestInfo;
import org.spongycastle.jcajce.util.JcaJceHelper;
import org.spongycastle.tls.DigitallySigned;
import org.spongycastle.tls.SignatureAndHashAlgorithm;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.TlsUtils;
import org.spongycastle.tls.crypto.TlsStreamVerifier;
import org.spongycastle.tls.crypto.TlsVerifier;

/* loaded from: classes3.dex */
public class JcaTlsRSAVerifier implements TlsVerifier {
    private final JcaJceHelper helper;
    public RSAPublicKey pubKeyRSA;
    private Signature rawVerifier = null;

    public JcaTlsRSAVerifier(RSAPublicKey rSAPublicKey, JcaJceHelper jcaJceHelper) {
        if (rSAPublicKey == null) {
            throw new IllegalArgumentException("'pubKeyRSA' cannot be null");
        }
        this.pubKeyRSA = rSAPublicKey;
        this.helper = jcaJceHelper;
    }

    public Signature getRawVerifier() throws GeneralSecurityException {
        if (this.rawVerifier == null) {
            Signature createSignature = this.helper.createSignature("NoneWithRSA");
            this.rawVerifier = createSignature;
            createSignature.initVerify(this.pubKeyRSA);
        }
        return this.rawVerifier;
    }

    @Override // org.spongycastle.tls.crypto.TlsVerifier
    public TlsStreamVerifier getStreamVerifier(final DigitallySigned digitallySigned) throws IOException {
        SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
        if (algorithm == null || algorithm.getSignature() != 1 || !JcaUtils.isSunMSCAPIProviderActive()) {
            return null;
        }
        try {
            if (!JcaUtils.isSunMSCAPIProvider(getRawVerifier().getProvider())) {
                return null;
            }
            final Signature createSignature = this.helper.createSignature(JcaUtils.getJcaAlgorithmName(algorithm));
            createSignature.initVerify(this.pubKeyRSA);
            return new TlsStreamVerifier() { // from class: org.spongycastle.tls.crypto.impl.jcajce.JcaTlsRSAVerifier.1
                @Override // org.spongycastle.tls.crypto.TlsStreamVerifier
                public OutputStream getOutputStream() {
                    return new SignatureOutputStream(createSignature);
                }

                @Override // org.spongycastle.tls.crypto.TlsStreamVerifier
                public boolean isVerified() throws IOException {
                    try {
                        return createSignature.verify(digitallySigned.getSignature());
                    } catch (SignatureException e8) {
                        throw new TlsFatalAlert((short) 80, e8);
                    }
                }
            };
        } catch (GeneralSecurityException e8) {
            throw new TlsFatalAlert((short) 80, e8);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsVerifier
    public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] bArr) throws IOException {
        SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
        try {
            Signature rawVerifier = getRawVerifier();
            if (algorithm == null) {
                rawVerifier.update(bArr, 0, bArr.length);
            } else {
                if (algorithm.getSignature() != 1) {
                    throw new IllegalStateException();
                }
                byte[] encoded = new DigestInfo(new AlgorithmIdentifier(TlsUtils.getOIDForHashAlgorithm(algorithm.getHash()), DERNull.INSTANCE), bArr).getEncoded();
                rawVerifier.update(encoded, 0, encoded.length);
            }
            return rawVerifier.verify(digitallySigned.getSignature());
        } catch (GeneralSecurityException e8) {
            throw new IllegalStateException(b.o(e8, s.t("unable to process signature: ")), e8);
        }
    }
}
