package ru.CryptoPro.ssl;

import java.io.IOException;
import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
import java.security.MessageDigestSpi;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Collection;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLHandshakeException;
import ru.CryptoPro.JCP.Digest.DigestForSign;
import ru.CryptoPro.JCP.Key.MasterSecretInterface;
import ru.CryptoPro.JCP.tools.Array;
import ru.CryptoPro.JCP.tools.Platform;
import ru.CryptoPro.ssl.util.ParamUtil;
import ru.CryptoPro.ssl.util.TLSSettings;

/* loaded from: classes4.dex */
public final class cl_46 extends cl_43 {
    private static final Class i;
    private static final Field j;
    private static final Object k;
    private static final Map l;
    cl_79 e;
    private byte[] f;
    private cl_108 g;
    private boolean h;

    static {
        if (Platform.isAndroid) {
            i = null;
            j = null;
        } else {
            try {
                Class<?> cls = Class.forName("java.security.MessageDigest$Delegate");
                i = cls;
                Field declaredField = cls.getDeclaredField("digestSpi");
                j = declaredField;
                a(declaredField);
            } catch (Exception e) {
                throw new RuntimeException("Reflection failed", e);
            }
        }
        k = new Object();
        l = new ConcurrentHashMap();
    }

    public cl_46(cl_42 cl_42Var, int i2, boolean z, Collection collection, cl_79 cl_79Var) throws IOException {
        this.g = null;
        this.e = cl_79Var;
        this.h = z;
        if (cl_79Var.k >= cl_79.f.k) {
            cl_108 a2 = cl_108.a(cl_42Var.b(), cl_42Var.b(), 0);
            this.g = a2;
            if (!collection.contains(a2)) {
                throw new SSLHandshakeException("Unsupported SignatureAndHashAlgorithm in CertificateVerify message");
            }
        }
        if (!z) {
            this.f = cl_42Var.f();
            return;
        }
        if (cl_79Var.k >= cl_79.f.k) {
            this.f = cl_42Var.f();
        } else {
            this.f = cl_42Var.b(i2);
        }
        Array.invByteOrder(this.f);
    }

    public cl_46(cl_79 cl_79Var, cl_41 cl_41Var, PrivateKey privateKey, SecretKey secretKey, SecureRandom secureRandom, cl_108 cl_108Var) throws GeneralSecurityException {
        Signature a2;
        this.g = null;
        this.h = false;
        this.e = cl_79Var;
        this.h = secretKey instanceof MasterSecretInterface;
        String resolveSignatureAlgorithmByKey = this.h ? ParamUtil.resolveSignatureAlgorithmByKey(privateKey) : privateKey.getAlgorithm();
        if (cl_79Var.k >= cl_79.f.k) {
            this.g = cl_108Var;
            a2 = cl_68.b(cl_108Var.c());
        } else {
            a2 = a(cl_79Var, resolveSignatureAlgorithmByKey);
        }
        a2.initSign(privateKey, secureRandom);
        a(a2, cl_79Var, cl_41Var, resolveSignatureAlgorithmByKey, secretKey, this.h, privateKey.getAlgorithm());
        byte[] sign = a2.sign();
        this.f = sign;
        if (this.h) {
            Array.invByteOrder(sign);
        }
    }

    private static Signature a(cl_79 cl_79Var, String str) throws GeneralSecurityException {
        String str2;
        if (str.equals("RSA")) {
            return cl_81.b();
        }
        if (str.equals("DSA")) {
            str2 = "RawDSA";
        } else {
            if (!str.equals("EC")) {
                if (str.contains("GOST3410")) {
                    return cl_68.b(str);
                }
                throw new SignatureException("Unrecognized algorithm: " + str);
            }
            str2 = "NONEwithECDSA";
        }
        return cl_68.b(str2);
    }

    private static void a(AccessibleObject accessibleObject) {
        AccessController.doPrivileged(new cl_47(accessibleObject));
    }

    private static void a(MessageDigest messageDigest, SecretKey secretKey) {
        Object obj;
        try {
            if (messageDigest.getClass() != i) {
                throw new Exception("Digest is not a MessageDigestSpi");
            }
            MessageDigestSpi messageDigestSpi = (MessageDigestSpi) j.get(messageDigest);
            Class<?> cls = messageDigestSpi.getClass();
            Object obj2 = l.get(cls);
            Object obj3 = obj2;
            if (obj2 == null) {
                try {
                    Method declaredMethod = cls.getDeclaredMethod("implUpdate", SecretKey.class);
                    Method method = declaredMethod;
                    a(declaredMethod);
                    obj = declaredMethod;
                } catch (NoSuchMethodException unused) {
                    obj = k;
                }
                l.put(cls, obj);
                obj3 = obj;
            }
            if (obj3 == k) {
                throw new Exception("Digest does not support implUpdate(SecretKey)");
            }
            ((Method) obj3).invoke(messageDigestSpi, secretKey);
        } catch (Exception e) {
            throw new RuntimeException("Could not obtain encoded key and MessageDigest cannot digest key", e);
        }
    }

    public static /* synthetic */ void a(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, SecretKey secretKey) {
        b(messageDigest, bArr, bArr2, secretKey);
    }

    private static void a(Signature signature, cl_79 cl_79Var, cl_41 cl_41Var, String str, SecretKey secretKey, boolean z, String str2) throws SignatureException {
        if (z) {
            try {
                MessageDigest a2 = cl_41Var.a(str2);
                String algorithm = signature.getAlgorithm();
                String algorithm2 = a2.getAlgorithm();
                SSLLogger.subTrace("Update signature: " + algorithm + " [" + algorithm2 + "]");
                if (!algorithm.contains(algorithm2)) {
                    throw new SignatureException("Digest object " + algorithm2 + " can not be set to signature object " + algorithm);
                }
                try {
                    signature.setParameter(new DigestForSign(a2));
                    return;
                } catch (InvalidAlgorithmParameterException e) {
                    throw new SignatureException(e);
                }
            } catch (InvalidAlgorithmParameterException e2) {
                throw new SignatureException(e2);
            }
        }
        if (!str.equals("RSA")) {
            if (cl_79Var.k >= cl_79.f.k) {
                signature.update(cl_41Var.e());
                return;
            }
            MessageDigest c = cl_41Var.c();
            if (cl_79Var.k < cl_79.d.k) {
                b(c, c, d, secretKey);
            }
            signature.update(c.digest());
            return;
        }
        if (cl_79Var.k >= cl_79.f.k) {
            signature.update(cl_41Var.e());
            return;
        }
        MessageDigest b = cl_41Var.b();
        MessageDigest c2 = cl_41Var.c();
        if (cl_79Var.k < cl_79.d.k) {
            b(b, f1881a, b, secretKey);
            b(c2, c, d, secretKey);
        }
        cl_81.a(signature, b, c2);
    }

    public static void b(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, SecretKey secretKey) {
        byte[] encoded = "RAW".equals(secretKey.getFormat()) ? secretKey.getEncoded() : null;
        if (encoded != null) {
            messageDigest.update(encoded);
        } else {
            a(messageDigest, secretKey);
        }
        messageDigest.update(bArr);
        byte[] digest = messageDigest.digest();
        if (encoded != null) {
            messageDigest.update(encoded);
        } else {
            a(messageDigest, secretKey);
        }
        messageDigest.update(bArr2);
        messageDigest.update(digest);
    }

    @Override // ru.CryptoPro.ssl.cl_43
    public int a() {
        return 15;
    }

    @Override // ru.CryptoPro.ssl.cl_43
    void a(cl_58 cl_58Var) throws IOException {
        if (this.e.k >= cl_79.f.k) {
            cl_58Var.a(this.g.a());
            cl_58Var.a(this.g.b());
        }
        if (!this.h) {
            cl_58Var.b(this.f);
        } else if (TLSSettings.getTlsClientStrictCertVerify() || this.e.k >= cl_79.f.k) {
            cl_58Var.b(this.f);
        } else {
            cl_58Var.write(this.f);
        }
    }

    public boolean a(cl_79 cl_79Var, cl_41 cl_41Var, PublicKey publicKey, SecretKey secretKey) throws GeneralSecurityException {
        String algorithm = publicKey.getAlgorithm();
        if (this.h) {
            algorithm = ParamUtil.resolveSignatureAlgorithmByKey(publicKey);
        }
        String str = algorithm;
        Signature b = cl_79Var.k >= cl_79.f.k ? cl_68.b(this.g.c()) : a(cl_79Var, str);
        b.initVerify(publicKey);
        a(b, cl_79Var, cl_41Var, str, secretKey, this.h, publicKey.getAlgorithm());
        return b.verify(this.f);
    }

    public cl_108 b() {
        return this.g;
    }

    @Override // ru.CryptoPro.ssl.cl_43
    int c() {
        int d = this.e.k >= cl_79.f.k ? 2 + cl_108.d() : 2;
        if (this.h && !TLSSettings.getTlsClientStrictCertVerify() && this.e.k < cl_79.f.k) {
            d -= 2;
        }
        return d + this.f.length;
    }

    @Override // ru.CryptoPro.ssl.cl_43
    String d() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("*** CertificateVerify\n");
        if (this.e.k >= cl_79.f.k) {
            stringBuffer.append("Signature Algorithm ");
            stringBuffer.append(this.g.c());
            stringBuffer.append("\n");
        }
        return stringBuffer.toString();
    }
}
