package com.claymoresystems.ptls;

import com.claymoresystems.crypto.Blindable;
import com.oscar.crypt.Sign;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import xjava.security.interfaces.CryptixRSAPublicKey;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/shentongjdbc-4.0.jar:com/claymoresystems/ptls/SSLCertificateVerify.class */
public class SSLCertificateVerify extends SSLPDU {
    SSLopaque signature = new SSLopaque(-65535);
    byte[] toBeSigned;

    private String getCVAlg(String str) {
        if (str.equals("DSA")) {
            return "RawDSA";
        }
        if (str.equals("RSA")) {
            return Sign.Claymore_RSA_Name;
        }
        throw new InternalError("Bogus algorithm");
    }

    public SSLCertificateVerify(SSLConn sSLConn, SSLHandshake sSLHandshake, boolean z) {
        switch (sSLConn.ssl_version) {
            case SSLHandshake.SSL_V3_VERSION /* 768 */:
                this.toBeSigned = SSLv3CertificateVerify.computeToBeSigned(sSLHandshake, z);
                return;
            case SSLHandshake.TLS_V1_VERSION /* 769 */:
                this.toBeSigned = TLSCertificateVerify.computeToBeSigned(sSLHandshake, z);
                return;
            default:
                throw new InternalError("Bogus version number");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.claymoresystems.ptls.SSLPDU, com.claymoresystems.ptls.SSLEncoded
    public int encode(SSLConn sSLConn, OutputStream outputStream) throws IOException {
        try {
            PrivateKey privateKey = sSLConn.ctx.getPrivateKey();
            String cVAlg = getCVAlg(privateKey.getAlgorithm());
            Signature signature = Signature.getInstance(cVAlg);
            signature.initSign(privateKey);
            if (cVAlg.equals(Sign.Claymore_RSA_Name)) {
                ((Blindable) signature).setBlindingInfo(sSLConn.hs.rng, (CryptixRSAPublicKey) sSLConn.ctx.getPublicKey());
            }
            SSLDebug.debug(8, "Certificate verify toBeSigned", this.toBeSigned);
            if (cVAlg.equals("RawDSA")) {
                signature.setParameter("SecureRandom", sSLConn.hs.rng);
                signature.update(this.toBeSigned, 16, 20);
            } else {
                signature.update(this.toBeSigned, 0, this.toBeSigned.length);
            }
            byte[] sign = signature.sign();
            SSLDebug.debug(8, "Certificate verify signature", sign);
            this.signature.value = sign;
            return this.signature.encode(sSLConn, outputStream);
        } catch (InvalidKeyException e) {
            throw new InternalError(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new InternalError(e2.toString());
        } catch (SignatureException e3) {
            throw new InternalError(e3.toString());
        }
    }

    @Override // com.claymoresystems.ptls.SSLPDU, com.claymoresystems.ptls.SSLEncoded
    public int decode(SSLConn sSLConn, InputStream inputStream) throws IOException {
        int i = 0;
        try {
            PublicKey publicKey = sSLConn.hs.peerSignatureKey;
            String cVAlg = getCVAlg(publicKey.getAlgorithm());
            Signature signature = Signature.getInstance(cVAlg);
            signature.initVerify(publicKey);
            i = this.signature.decode(sSLConn, inputStream);
            SSLDebug.debug(8, "Certificate verify toBeSigned", this.toBeSigned);
            if (cVAlg.equals("RawDSA")) {
                signature.update(this.toBeSigned, 16, 20);
            } else {
                signature.update(this.toBeSigned, 0, this.toBeSigned.length);
            }
            SSLDebug.debug(8, "Certificate verify signature", this.signature.value);
            if (!signature.verify(this.signature.value)) {
                sSLConn.alert(SSLAlertX.TLS_ALERT_DECRYPT_ERROR);
            }
        } catch (InvalidKeyException e) {
            sSLConn.alert(SSLAlertX.TLS_ALERT_DECRYPT_ERROR);
        } catch (NoSuchAlgorithmException e2) {
            throw new InternalError(e2.toString());
        } catch (SignatureException e3) {
            sSLConn.alert(SSLAlertX.TLS_ALERT_DECRYPT_ERROR);
        }
        return i;
    }
}
