package kl.ssl.gmvpn.crypto.impl.jcajce;

import com.alipay.mobile.common.logging.util.LoggingSPCache;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import kl.ssl.gmvpn.DigitallySigned;
import kl.ssl.gmvpn.TlsFatalAlert;
import kl.ssl.gmvpn.crypto.TlsStreamVerifier;
import kl.ssl.gmvpn.crypto.TlsVerifier;

/* loaded from: classes2.dex */
public class JcaTlsSM2Verifier implements TlsVerifier {
    public final JcaTlsCrypto crypto;
    public final PublicKey publicKey;

    public JcaTlsSM2Verifier(JcaTlsCrypto jcaTlsCrypto, ECPublicKey eCPublicKey) {
        if (jcaTlsCrypto == null) {
            throw new NullPointerException("crypto");
        }
        if (eCPublicKey == null) {
            throw new NullPointerException(LoggingSPCache.STORAGE_PUBLICKEY);
        }
        this.crypto = jcaTlsCrypto;
        this.publicKey = eCPublicKey;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsVerifier
    public TlsStreamVerifier getStreamVerifier(final DigitallySigned digitallySigned) throws IOException {
        try {
            final Signature createSignature = this.crypto.getHelper().createSignature("SM3WITHSM2");
            createSignature.initVerify(this.publicKey);
            return new TlsStreamVerifier() { // from class: kl.ssl.gmvpn.crypto.impl.jcajce.JcaTlsSM2Verifier.1
                @Override // kl.ssl.gmvpn.crypto.TlsStreamVerifier
                public OutputStream getOutputStream() {
                    return new SignatureOutputStream(createSignature);
                }

                @Override // kl.ssl.gmvpn.crypto.TlsStreamVerifier
                public boolean isVerified() throws IOException {
                    try {
                        return createSignature.verify(digitallySigned.getSignature());
                    } catch (SignatureException e2) {
                        throw new TlsFatalAlert((short) 80, e2);
                    }
                }
            };
        } catch (GeneralSecurityException e2) {
            throw new TlsFatalAlert((short) 80, e2);
        }
    }

    @Override // kl.ssl.gmvpn.crypto.TlsVerifier
    public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] bArr) throws IOException {
        throw new UnsupportedOperationException();
    }
}
