package ru.CryptoPro.ssl;

import java.io.IOException;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collection;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;
import ru.CryptoPro.JCP.Key.MasterSecretInterface;
import ru.CryptoPro.JCP.tools.Array;
import ru.CryptoPro.ssl.util.ParamUtil;
import ru.CryptoPro.ssl.util.TLSSettings;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public final class cl_51 extends cl_48 {
    cl_84 q;
    private byte[] r;
    private cl_109 s;
    private boolean t;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_51(cl_47 cl_47Var, int i, boolean z, Collection collection, cl_84 cl_84Var) throws IOException {
        this.s = null;
        this.q = cl_84Var;
        this.t = z;
        if (cl_84Var.n >= cl_84.h.n) {
            cl_109 a = cl_109.a(cl_47Var.b(), cl_47Var.b(), 0);
            this.s = a;
            if (!collection.contains(a)) {
                throw new SSLHandshakeException("Unsupported SignatureAndHashAlgorithm in CertificateVerify message: " + this.s);
            }
        }
        if (!z) {
            this.r = cl_47Var.g();
            return;
        }
        if (cl_84Var.n >= cl_84.h.n) {
            this.r = cl_47Var.g();
        } else {
            this.r = cl_47Var.b(i);
        }
        Array.invByteOrder(this.r);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_51(cl_84 cl_84Var, cl_46 cl_46Var, PrivateKey privateKey, SecretKey secretKey, SecureRandom secureRandom, cl_109 cl_109Var) throws GeneralSecurityException {
        Signature a;
        this.s = null;
        this.t = false;
        this.q = cl_84Var;
        this.t = secretKey instanceof MasterSecretInterface;
        String resolveSignatureAlgorithmByKey = this.t ? ParamUtil.resolveSignatureAlgorithmByKey(privateKey) : privateKey.getAlgorithm();
        if (cl_84Var.n >= cl_84.h.n) {
            this.s = cl_109Var;
            a = cl_73.b(cl_109Var.c());
        } else {
            a = a(cl_84Var, resolveSignatureAlgorithmByKey);
        }
        a.initSign(privateKey, secureRandom);
        a(a, cl_84Var, cl_46Var, resolveSignatureAlgorithmByKey, secretKey, this.t, privateKey.getAlgorithm());
        byte[] sign = a.sign();
        this.r = sign;
        if (this.t) {
            Array.invByteOrder(sign);
        }
    }

    private static Signature a(cl_84 cl_84Var, String str) throws GeneralSecurityException {
        String str2;
        if (str.equals("RSA")) {
            return cl_86.b();
        }
        if (str.equals("DSA")) {
            str2 = "RawDSA";
        } else {
            if (!str.equals("EC")) {
                if (str.contains("GOST3410")) {
                    return cl_73.b(str);
                }
                throw new SignatureException("Unrecognized algorithm: " + str);
            }
            str2 = "NONEwithECDSA";
        }
        return cl_73.b(str2);
    }

    private static void a(Signature signature, cl_84 cl_84Var, cl_46 cl_46Var, String str, SecretKey secretKey, boolean z, String str2) throws SignatureException {
        if (z) {
            byte[] e = cl_46Var.e();
            signature.update(e, 0, e.length);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // ru.CryptoPro.ssl.cl_48
    public int a() {
        return 15;
    }

    @Override // ru.CryptoPro.ssl.cl_48
    void a(PrintStream printStream) throws IOException {
        printStream.println("*** CertificateVerify");
        if (this.q.n >= cl_84.h.n) {
            printStream.println("Signature Algorithm " + this.s.c());
        }
    }

    @Override // ru.CryptoPro.ssl.cl_48
    void a(cl_63 cl_63Var) throws IOException {
        if (this.q.n >= cl_84.h.n) {
            cl_63Var.a(this.s.a());
            cl_63Var.a(this.s.b());
        }
        if (!this.t) {
            cl_63Var.b(this.r);
        } else if (TLSSettings.getTlsClientStrictCertVerify() || this.q.n >= cl_84.h.n) {
            cl_63Var.b(this.r);
        } else {
            cl_63Var.write(this.r);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(cl_84 cl_84Var, cl_46 cl_46Var, PublicKey publicKey, SecretKey secretKey) throws GeneralSecurityException {
        String algorithm = publicKey.getAlgorithm();
        if (this.t) {
            algorithm = ParamUtil.resolveSignatureAlgorithmByKey(publicKey);
        }
        String str = algorithm;
        Signature b = cl_84Var.n >= cl_84.h.n ? cl_73.b(this.s.c()) : a(cl_84Var, str);
        b.initVerify(publicKey);
        a(b, cl_84Var, cl_46Var, str, secretKey, this.t, publicKey.getAlgorithm());
        return b.verify(this.r);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_109 b() {
        return this.s;
    }

    @Override // ru.CryptoPro.ssl.cl_48
    int c() {
        int d = this.q.n >= cl_84.h.n ? 2 + cl_109.d() : 2;
        if (this.t && !TLSSettings.getTlsClientStrictCertVerify() && this.q.n < cl_84.h.n) {
            d -= 2;
        }
        return d + this.r.length;
    }

    @Override // ru.CryptoPro.ssl.cl_48
    String d() {
        StringBuffer stringBuffer = new StringBuffer("*** CertificateVerify\n");
        if (this.q.n >= cl_84.h.n) {
            stringBuffer.append("Signature Algorithm ");
            stringBuffer.append(this.s.c());
            stringBuffer.append("\n");
        }
        return stringBuffer.toString();
    }
}
