package kl.ssl.gmvpn.crypto.impl.jcajce;

import c.b.a.a.a;
import com.alipay.mobile.common.logging.util.LoggingSPCache;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.Signature;
import kl.ssl.gmvpn.DigitallySigned;
import kl.ssl.gmvpn.crypto.TlsStreamVerifier;
import kl.ssl.gmvpn.crypto.TlsVerifier;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;

/* loaded from: classes2.dex */
public class JcaTlsRSAVerifier implements TlsVerifier {
    public final JcaTlsCrypto crypto;
    public final PublicKey publicKey;
    public Signature rawVerifier = null;

    public JcaTlsRSAVerifier(JcaTlsCrypto jcaTlsCrypto, PublicKey publicKey) {
        if (jcaTlsCrypto == null) {
            throw new NullPointerException("crypto");
        }
        if (publicKey == null) {
            throw new NullPointerException(LoggingSPCache.STORAGE_PUBLICKEY);
        }
        this.crypto = jcaTlsCrypto;
        this.publicKey = publicKey;
    }

    public Signature getRawVerifier() throws GeneralSecurityException {
        if (this.rawVerifier == null) {
            Signature createSignature = this.crypto.getHelper().createSignature("NoneWithRSA");
            this.rawVerifier = createSignature;
            createSignature.initVerify(this.publicKey);
        }
        return this.rawVerifier;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsVerifier
    public TlsStreamVerifier getStreamVerifier(DigitallySigned digitallySigned) throws IOException {
        return null;
    }

    @Override // kl.ssl.gmvpn.crypto.TlsVerifier
    public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] bArr) throws IOException {
        try {
            Signature rawVerifier = getRawVerifier();
            byte[] encoded = new DigestInfo(new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sha512, DERNull.INSTANCE), bArr).getEncoded();
            rawVerifier.update(encoded, 0, encoded.length);
            return rawVerifier.verify(digitallySigned.getSignature());
        } catch (GeneralSecurityException e2) {
            StringBuilder l0 = a.l0("unable to process signature: ");
            l0.append(e2.getMessage());
            throw Exceptions.illegalStateException(l0.toString(), e2);
        }
    }
}
