package org.bouncycastle.tls.crypto.impl.jcajce;

import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import org.bouncycastle.jcajce.io.OutputStreamFactory;
import org.bouncycastle.tls.SignatureAlgorithm;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.crypto.TlsCryptoException;
import org.bouncycastle.tls.crypto.TlsSigner;
import org.bouncycastle.tls.crypto.TlsStreamSigner;

/* loaded from: input_file:BOOT-INF/lib/jruby-stdlib-9.2.9.0.jar:META-INF/jruby.home/lib/ruby/stdlib/org/bouncycastle/bctls-jdk15on/1.61/bctls-jdk15on-1.61.jar:org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsRSAPSSSigner.class */
public class JcaTlsRSAPSSSigner implements TlsSigner {
    private final JcaTlsCrypto crypto;
    private final PrivateKey privateKey;
    private final short signatureAlgorithm;

    public JcaTlsRSAPSSSigner(JcaTlsCrypto jcaTlsCrypto, PrivateKey privateKey, short s) {
        if (null == jcaTlsCrypto) {
            throw new NullPointerException("crypto");
        }
        if (null == privateKey) {
            throw new NullPointerException("privateKey");
        }
        if (!SignatureAlgorithm.isRSAPSS(s)) {
            throw new IllegalArgumentException("signatureAlgorithm");
        }
        this.crypto = jcaTlsCrypto;
        this.privateKey = privateKey;
        this.signatureAlgorithm = s;
    }

    @Override // org.bouncycastle.tls.crypto.TlsSigner
    public byte[] generateRawSignature(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] bArr) throws IOException {
        throw new UnsupportedOperationException();
    }

    @Override // org.bouncycastle.tls.crypto.TlsSigner
    public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm signatureAndHashAlgorithm) throws IOException {
        if (signatureAndHashAlgorithm == null || signatureAndHashAlgorithm.getSignature() != this.signatureAlgorithm || signatureAndHashAlgorithm.getHash() != 8) {
            throw new IllegalStateException();
        }
        short rSAPSSHashAlgorithm = SignatureAlgorithm.getRSAPSSHashAlgorithm(this.signatureAlgorithm);
        String digestName = this.crypto.getDigestName(rSAPSSHashAlgorithm);
        String str = RSAUtil.getDigestSigAlgName(digestName) + "WITHRSAANDMGF1";
        try {
            AlgorithmParameterSpec pSSParameterSpec = RSAUtil.getPSSParameterSpec(rSAPSSHashAlgorithm, digestName, this.crypto.getHelper());
            final Signature createSignature = this.crypto.getHelper().createSignature(str);
            createSignature.setParameter(pSSParameterSpec);
            createSignature.initSign(this.privateKey, this.crypto.getSecureRandom());
            final OutputStream createStream = OutputStreamFactory.createStream(createSignature);
            return new TlsStreamSigner() { // from class: org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsRSAPSSSigner.1
                @Override // org.bouncycastle.tls.crypto.TlsStreamSigner
                public OutputStream getOutputStream() throws IOException {
                    return createStream;
                }

                @Override // org.bouncycastle.tls.crypto.TlsStreamSigner
                public byte[] getSignature() throws IOException {
                    try {
                        return createSignature.sign();
                    } catch (SignatureException e) {
                        throw new IOException(e.getMessage());
                    }
                }
            };
        } catch (GeneralSecurityException e) {
            throw new TlsCryptoException(str + " signature failed", e);
        }
    }
}
