package cn.com.suresec.tls.crypto.impl.bc;

import cn.com.suresec.crypto.Digest;
import cn.com.suresec.crypto.engines.RSAEngine;
import cn.com.suresec.crypto.io.SignerOutputStream;
import cn.com.suresec.crypto.params.RSAKeyParameters;
import cn.com.suresec.crypto.signers.PSSSigner;
import cn.com.suresec.tls.DigitallySigned;
import cn.com.suresec.tls.SignatureAlgorithm;
import cn.com.suresec.tls.SignatureAndHashAlgorithm;
import cn.com.suresec.tls.crypto.TlsStreamVerifier;
import java.io.IOException;
import java.io.OutputStream;

/* loaded from: classes.dex */
public class BcTlsRSAPSSVerifier extends BcTlsVerifier {
    private final short signatureAlgorithm;

    public BcTlsRSAPSSVerifier(BcTlsCrypto bcTlsCrypto, RSAKeyParameters rSAKeyParameters, short s) {
        super(bcTlsCrypto, rSAKeyParameters);
        if (!SignatureAlgorithm.isRSAPSS(s)) {
            throw new IllegalArgumentException("signatureAlgorithm");
        }
        this.signatureAlgorithm = s;
    }

    @Override // cn.com.suresec.tls.crypto.impl.bc.BcTlsVerifier, cn.com.suresec.tls.crypto.TlsVerifier
    public TlsStreamVerifier getStreamVerifier(DigitallySigned digitallySigned) {
        SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
        if (algorithm == null || algorithm.getSignature() != this.signatureAlgorithm || algorithm.getHash() != 8) {
            throw new IllegalStateException();
        }
        Digest createDigest = this.crypto.createDigest(SignatureAlgorithm.getRSAPSSHashAlgorithm(this.signatureAlgorithm));
        PSSSigner pSSSigner = new PSSSigner(new RSAEngine(), createDigest, createDigest.getDigestSize());
        pSSSigner.init(false, this.publicKey);
        final byte[] signature = digitallySigned.getSignature();
        final SignerOutputStream signerOutputStream = new SignerOutputStream(pSSSigner);
        return new TlsStreamVerifier() { // from class: cn.com.suresec.tls.crypto.impl.bc.BcTlsRSAPSSVerifier.1
            @Override // cn.com.suresec.tls.crypto.TlsStreamVerifier
            public OutputStream getOutputStream() {
                return signerOutputStream;
            }

            @Override // cn.com.suresec.tls.crypto.TlsStreamVerifier
            public boolean isVerified() throws IOException {
                return signerOutputStream.getSigner().verifySignature(signature);
            }
        };
    }

    @Override // cn.com.suresec.tls.crypto.TlsVerifier
    public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] bArr) throws IOException {
        throw new UnsupportedOperationException();
    }
}
