package cn.com.bouncycastle.tls.crypto.impl.jcajce;

import cn.com.bouncycastle.tls.DigitallySigned;
import cn.com.bouncycastle.tls.SignatureAndHashAlgorithm;
import cn.com.bouncycastle.tls.SignatureScheme;
import cn.com.bouncycastle.tls.crypto.TlsStreamVerifier;
import cn.com.bouncycastle.tls.crypto.TlsVerifier;
import java.io.IOException;
import java.security.PublicKey;
import java.util.Objects;

/* loaded from: classes.dex */
public class JcaTlsRSAPSSVerifier implements TlsVerifier {
    private final JcaTlsCrypto crypto;
    private final PublicKey publicKey;
    private final int signatureScheme;

    public JcaTlsRSAPSSVerifier(JcaTlsCrypto jcaTlsCrypto, PublicKey publicKey, int i) {
        Objects.requireNonNull(jcaTlsCrypto, "crypto");
        Objects.requireNonNull(publicKey, "publicKey");
        if (!SignatureScheme.isRSAPSS(i)) {
            throw new IllegalArgumentException("signatureScheme");
        }
        this.crypto = jcaTlsCrypto;
        this.publicKey = publicKey;
        this.signatureScheme = i;
    }

    @Override // cn.com.bouncycastle.tls.crypto.TlsVerifier
    public TlsStreamVerifier getStreamVerifier(DigitallySigned digitallySigned) throws IOException {
        SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
        if (algorithm != null) {
            int from = SignatureScheme.from(algorithm);
            int i = this.signatureScheme;
            if (from == i) {
                int cryptoHashAlgorithm = SignatureScheme.getCryptoHashAlgorithm(i);
                String digestName = this.crypto.getDigestName(cryptoHashAlgorithm);
                return this.crypto.createStreamVerifier(RSAUtil.getDigestSigAlgName(digestName) + "WITHRSAANDMGF1", RSAUtil.getPSSParameterSpec(cryptoHashAlgorithm, digestName, this.crypto.getHelper()), digitallySigned.getSignature(), this.publicKey);
            }
        }
        throw new IllegalStateException("Invalid algorithm: " + algorithm);
    }

    @Override // cn.com.bouncycastle.tls.crypto.TlsVerifier
    public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] bArr) throws IOException {
        throw new UnsupportedOperationException();
    }
}
