package kl.ssl.gmvpn.crypto.impl.jcajce;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Signature;
import kl.ssl.gmvpn.SignatureAndHashAlgorithm;
import kl.ssl.gmvpn.TlsFatalAlert;
import kl.ssl.gmvpn.crypto.TlsSigner;
import kl.ssl.gmvpn.crypto.TlsStreamSigner;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;

/* loaded from: classes2.dex */
public class JcaTlsRSASigner implements TlsSigner {
    public final JcaTlsCrypto crypto;
    public final PrivateKey privateKey;
    public Signature rawSigner = null;
    public MessageDigest rawDigest = null;

    public JcaTlsRSASigner(JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey) {
        if (jcaTlsCrypto == null) {
            throw new NullPointerException("crypto");
        }
        if (privateKey == null) {
            throw new NullPointerException("privateKey");
        }
        this.crypto = jcaTlsCrypto;
        this.privateKey = privateKey;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsSigner
    public byte[] generateRawSignature(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] bArr) throws IOException {
        try {
            Signature rawSigner = getRawSigner();
            byte[] encoded = new DigestInfo(new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sha512, DERNull.INSTANCE), getRawDigest().digest(bArr)).getEncoded();
            rawSigner.update(encoded, 0, encoded.length);
            return rawSigner.sign();
        } catch (GeneralSecurityException e2) {
            throw new TlsFatalAlert((short) 80, e2);
        }
    }

    public MessageDigest getRawDigest() throws GeneralSecurityException {
        if (this.rawDigest == null) {
            this.rawDigest = this.crypto.getHelper().createDigest("SM3");
        }
        return this.rawDigest;
    }

    public Signature getRawSigner() throws GeneralSecurityException {
        if (this.rawSigner == null) {
            Signature createSignature = this.crypto.getHelper().createSignature("NoneWithRSA");
            this.rawSigner = createSignature;
            createSignature.initSign(this.privateKey, this.crypto.getSecureRandom());
        }
        return this.rawSigner;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsSigner
    public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm signatureAndHashAlgorithm) throws IOException {
        return null;
    }
}
