package org.spongycastle.tls.crypto.impl.jcajce;

import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.DigestInfo;
import org.spongycastle.tls.SignatureAndHashAlgorithm;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.TlsUtils;
import org.spongycastle.tls.crypto.TlsSigner;
import org.spongycastle.tls.crypto.TlsStreamSigner;

/* loaded from: classes2.dex */
public class JcaTlsRSASigner implements TlsSigner {
    public final JcaTlsCrypto crypto;
    public final PrivateKey privateKey;
    public Signature rawSigner = null;

    public JcaTlsRSASigner(JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey) {
        this.crypto = jcaTlsCrypto;
        if (privateKey == null) {
            throw new IllegalArgumentException("'privateKey' cannot be null");
        }
        this.privateKey = privateKey;
    }

    @Override // org.spongycastle.tls.crypto.TlsSigner
    public byte[] generateRawSignature(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] bArr) {
        try {
            Signature rawSigner = getRawSigner();
            if (signatureAndHashAlgorithm == null) {
                rawSigner.update(bArr, 0, bArr.length);
            } else {
                if (signatureAndHashAlgorithm.getSignature() != 1) {
                    throw new IllegalStateException();
                }
                byte[] encoded = new DigestInfo(new AlgorithmIdentifier(TlsUtils.getOIDForHashAlgorithm(signatureAndHashAlgorithm.getHash()), DERNull.INSTANCE), bArr).getEncoded();
                rawSigner.update(encoded, 0, encoded.length);
            }
            return rawSigner.sign();
        } catch (GeneralSecurityException e2) {
            throw new TlsFatalAlert((short) 80, e2);
        }
    }

    public Signature getRawSigner() {
        if (this.rawSigner == null) {
            Signature createSignature = this.crypto.getHelper().createSignature("NoneWithRSA");
            this.rawSigner = createSignature;
            createSignature.initSign(this.privateKey, this.crypto.getSecureRandom());
        }
        return this.rawSigner;
    }

    @Override // org.spongycastle.tls.crypto.TlsSigner
    public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        if (signatureAndHashAlgorithm == null || signatureAndHashAlgorithm.getSignature() != 1 || !JcaUtils.isSunMSCAPIProviderActive()) {
            return null;
        }
        try {
            if (!JcaUtils.isSunMSCAPIProvider(getRawSigner().getProvider())) {
                return null;
            }
            final Signature createSignature = this.crypto.getHelper().createSignature(JcaUtils.getJcaAlgorithmName(signatureAndHashAlgorithm));
            createSignature.initSign(this.privateKey, this.crypto.getSecureRandom());
            return new TlsStreamSigner() { // from class: org.spongycastle.tls.crypto.impl.jcajce.JcaTlsRSASigner.1
                @Override // org.spongycastle.tls.crypto.TlsStreamSigner
                public OutputStream getOutputStream() {
                    return new SignatureOutputStream(createSignature);
                }

                @Override // org.spongycastle.tls.crypto.TlsStreamSigner
                public byte[] getSignature() {
                    try {
                        return createSignature.sign();
                    } catch (SignatureException e2) {
                        throw new TlsFatalAlert((short) 80, e2);
                    }
                }
            };
        } catch (GeneralSecurityException e2) {
            throw new TlsFatalAlert((short) 80, e2);
        }
    }
}
