package com.amazon.coral.internal.org.bouncycastle.crypto.tls;

import com.amazon.coral.internal.org.bouncycastle.crypto.C$AsymmetricBlockCipher;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$CipherParameters;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$CryptoException;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$DataLengthException;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$Digest;
import com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer;
import com.amazon.coral.internal.org.bouncycastle.crypto.digests.C$NullDigest;
import com.amazon.coral.internal.org.bouncycastle.crypto.encodings.C$PKCS1Encoding;
import com.amazon.coral.internal.org.bouncycastle.crypto.engines.C$RSABlindedEngine;
import com.amazon.coral.internal.org.bouncycastle.crypto.params.C$AsymmetricKeyParameter;
import com.amazon.coral.internal.org.bouncycastle.crypto.params.C$ParametersWithRandom;
import com.amazon.coral.internal.org.bouncycastle.crypto.params.C$RSAKeyParameters;
import com.amazon.coral.internal.org.bouncycastle.crypto.signers.C$RSADigestSigner;
import com.amazon.coral.internal.org.bouncycastle.util.C$Arrays;

/* renamed from: com.amazon.coral.internal.org.bouncycastle.crypto.tls.$TlsRSASigner, reason: invalid class name */
/* loaded from: classes2.dex */
public class C$TlsRSASigner extends C$AbstractTlsSigner {
    protected C$AsymmetricBlockCipher createRSAImpl() {
        return new C$PKCS1Encoding(new C$RSABlindedEngine());
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsSigner
    public C$Signer createSigner(C$SignatureAndHashAlgorithm c$SignatureAndHashAlgorithm, C$AsymmetricKeyParameter c$AsymmetricKeyParameter) {
        return makeSigner(c$SignatureAndHashAlgorithm, false, true, new C$ParametersWithRandom(c$AsymmetricKeyParameter, this.context.getSecureRandom()));
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsSigner
    public C$Signer createVerifyer(C$SignatureAndHashAlgorithm c$SignatureAndHashAlgorithm, C$AsymmetricKeyParameter c$AsymmetricKeyParameter) {
        return makeSigner(c$SignatureAndHashAlgorithm, false, false, c$AsymmetricKeyParameter);
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsSigner
    public byte[] generateRawSignature(C$SignatureAndHashAlgorithm c$SignatureAndHashAlgorithm, C$AsymmetricKeyParameter c$AsymmetricKeyParameter, byte[] bArr) throws C$CryptoException {
        C$Signer makeSigner = makeSigner(c$SignatureAndHashAlgorithm, true, true, new C$ParametersWithRandom(c$AsymmetricKeyParameter, this.context.getSecureRandom()));
        makeSigner.update(bArr, 0, bArr.length);
        return makeSigner.generateSignature();
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsSigner
    public boolean isValidPublicKey(C$AsymmetricKeyParameter c$AsymmetricKeyParameter) {
        return (c$AsymmetricKeyParameter instanceof C$RSAKeyParameters) && !c$AsymmetricKeyParameter.isPrivate();
    }

    protected C$Signer makeSigner(C$SignatureAndHashAlgorithm c$SignatureAndHashAlgorithm, boolean z, boolean z2, C$CipherParameters c$CipherParameters) {
        C$Signer c$Signer;
        if ((c$SignatureAndHashAlgorithm != null) != C$TlsUtils.isTLSv12(this.context)) {
            throw new IllegalStateException();
        }
        if (c$SignatureAndHashAlgorithm != null && c$SignatureAndHashAlgorithm.getSignature() != 1) {
            throw new IllegalStateException();
        }
        final C$Digest c$NullDigest = z ? new C$NullDigest() : c$SignatureAndHashAlgorithm == null ? new C$CombinedHash() : C$TlsUtils.createHash(c$SignatureAndHashAlgorithm.getHash());
        if (c$SignatureAndHashAlgorithm != null) {
            c$Signer = new C$RSADigestSigner(c$NullDigest, C$TlsUtils.getOIDForHashAlgorithm(c$SignatureAndHashAlgorithm.getHash()));
        } else {
            final C$AsymmetricBlockCipher createRSAImpl = createRSAImpl();
            c$Signer = new C$Signer(createRSAImpl, c$NullDigest) { // from class: com.amazon.coral.internal.org.bouncycastle.crypto.signers.$GenericSigner
                private final C$Digest digest;
                private final C$AsymmetricBlockCipher engine;
                private boolean forSigning;

                {
                    this.engine = createRSAImpl;
                    this.digest = c$NullDigest;
                }

                @Override // com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer
                public byte[] generateSignature() throws C$CryptoException, C$DataLengthException {
                    if (!this.forSigning) {
                        throw new IllegalStateException("GenericSigner not initialised for signature generation.");
                    }
                    byte[] bArr = new byte[this.digest.getDigestSize()];
                    this.digest.doFinal(bArr, 0);
                    return this.engine.processBlock(bArr, 0, bArr.length);
                }

                @Override // com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer
                public void init(boolean z3, C$CipherParameters c$CipherParameters2) {
                    this.forSigning = z3;
                    C$AsymmetricKeyParameter c$AsymmetricKeyParameter = c$CipherParameters2 instanceof C$ParametersWithRandom ? (C$AsymmetricKeyParameter) ((C$ParametersWithRandom) c$CipherParameters2).getParameters() : (C$AsymmetricKeyParameter) c$CipherParameters2;
                    if (z3 && !c$AsymmetricKeyParameter.isPrivate()) {
                        throw new IllegalArgumentException("signing requires private key");
                    }
                    if (!z3 && c$AsymmetricKeyParameter.isPrivate()) {
                        throw new IllegalArgumentException("verification requires public key");
                    }
                    reset();
                    this.engine.init(z3, c$CipherParameters2);
                }

                @Override // com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer
                public void reset() {
                    this.digest.reset();
                }

                @Override // com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer
                public void update(byte b) {
                    this.digest.update(b);
                }

                @Override // com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer
                public void update(byte[] bArr, int i, int i2) {
                    this.digest.update(bArr, i, i2);
                }

                @Override // com.amazon.coral.internal.org.bouncycastle.crypto.C$Signer
                public boolean verifySignature(byte[] bArr) {
                    byte[] bArr2;
                    if (this.forSigning) {
                        throw new IllegalStateException("GenericSigner not initialised for verification");
                    }
                    byte[] bArr3 = new byte[this.digest.getDigestSize()];
                    this.digest.doFinal(bArr3, 0);
                    try {
                        byte[] processBlock = this.engine.processBlock(bArr, 0, bArr.length);
                        if (processBlock.length < bArr3.length) {
                            bArr2 = new byte[bArr3.length];
                            System.arraycopy(processBlock, 0, bArr2, bArr2.length - processBlock.length, processBlock.length);
                        } else {
                            bArr2 = processBlock;
                        }
                        return C$Arrays.constantTimeAreEqual(bArr2, bArr3);
                    } catch (Exception e) {
                        return false;
                    }
                }
            };
        }
        c$Signer.init(z2, c$CipherParameters);
        return c$Signer;
    }

    @Override // com.amazon.coral.internal.org.bouncycastle.crypto.tls.C$TlsSigner
    public boolean verifyRawSignature(C$SignatureAndHashAlgorithm c$SignatureAndHashAlgorithm, byte[] bArr, C$AsymmetricKeyParameter c$AsymmetricKeyParameter, byte[] bArr2) throws C$CryptoException {
        C$Signer makeSigner = makeSigner(c$SignatureAndHashAlgorithm, true, false, c$AsymmetricKeyParameter);
        makeSigner.update(bArr2, 0, bArr2.length);
        return makeSigner.verifySignature(bArr);
    }
}
