package org.spongycastle.tls.crypto.impl.jcajce;

import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.DigestInfo;
import org.spongycastle.tls.SignatureAndHashAlgorithm;
import org.spongycastle.tls.TlsFatalAlert;
import org.spongycastle.tls.TlsUtils;
import org.spongycastle.tls.crypto.TlsSigner;
import org.spongycastle.tls.crypto.TlsStreamSigner;

/* loaded from: classes2.dex */
public class JcaTlsRSASigner implements TlsSigner {
    public final PrivateKey a;
    public final JcaTlsCrypto b;
    public Signature c = null;

    public JcaTlsRSASigner(JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey) {
        this.b = jcaTlsCrypto;
        this.a = privateKey;
    }

    @Override // org.spongycastle.tls.crypto.TlsSigner
    public final byte[] a(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] bArr) {
        try {
            if (this.c == null) {
                JcaTlsCrypto jcaTlsCrypto = this.b;
                Signature f = jcaTlsCrypto.a.f("NoneWithRSA");
                this.c = f;
                f.initSign(this.a, jcaTlsCrypto.b);
            }
            Signature signature = this.c;
            if (signatureAndHashAlgorithm == null) {
                signature.update(bArr, 0, bArr.length);
            } else {
                if (signatureAndHashAlgorithm.b != 1) {
                    throw new IllegalStateException();
                }
                byte[] i = new DigestInfo(new AlgorithmIdentifier(TlsUtils.m(signatureAndHashAlgorithm.a), DERNull.t), bArr).i();
                signature.update(i, 0, i.length);
            }
            return signature.sign();
        } catch (GeneralSecurityException e) {
            throw new TlsFatalAlert((short) 80, e);
        }
    }

    @Override // org.spongycastle.tls.crypto.TlsSigner
    public final TlsStreamSigner b(SignatureAndHashAlgorithm signatureAndHashAlgorithm) {
        if (signatureAndHashAlgorithm == null || signatureAndHashAlgorithm.b != 1 || Security.getProvider("SunMSCAPI") == null) {
            return null;
        }
        try {
            Signature signature = this.c;
            PrivateKey privateKey = this.a;
            JcaTlsCrypto jcaTlsCrypto = this.b;
            if (signature == null) {
                Signature f = jcaTlsCrypto.a.f("NoneWithRSA");
                this.c = f;
                f.initSign(privateKey, jcaTlsCrypto.b);
            }
            Provider provider = this.c.getProvider();
            if (provider == null || !"SunMSCAPI".equals(provider.getName())) {
                return null;
            }
            final Signature f2 = jcaTlsCrypto.a.f(JcaUtils.a(signatureAndHashAlgorithm));
            f2.initSign(privateKey, jcaTlsCrypto.b);
            return new TlsStreamSigner() { // from class: org.spongycastle.tls.crypto.impl.jcajce.JcaTlsRSASigner.1
                @Override // org.spongycastle.tls.crypto.TlsStreamSigner
                public final OutputStream a() {
                    return new SignatureOutputStream(f2);
                }

                @Override // org.spongycastle.tls.crypto.TlsStreamSigner
                public final byte[] b() {
                    try {
                        return f2.sign();
                    } catch (SignatureException e) {
                        throw new TlsFatalAlert((short) 80, e);
                    }
                }
            };
        } catch (GeneralSecurityException e) {
            throw new TlsFatalAlert((short) 80, e);
        }
    }
}
