package cfca.sadk.tls.sun.security.ssl.message;

import cfca.sadk.tls.pure.ISignature;
import cfca.sadk.tls.pure.impl.SM2Helper;
import cfca.sadk.tls.pure.impl.SM2Signature;
import cfca.sadk.tls.sun.security.ssl.Debugger;
import cfca.sadk.tls.sun.security.ssl.HandshakeInStream;
import cfca.sadk.tls.sun.security.ssl.HandshakeOutStream;
import cfca.sadk.tls.sun.security.ssl.ProtocolVersion;
import cfca.sadk.tls.sun.security.ssl.sec.HandshakeHash;
import cfca.sadk.tls.sun.security.ssl.sec.SignatureAndHashAlgorithm;
import cfca.sadk.tls.util.Hex;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.util.List;
import javax.crypto.SecretKey;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/message/CertificateVerify.class */
public final class CertificateVerify extends HandshakeMessage {
    private byte[] signatureBytes;
    private ProtocolVersion protocolVersion;
    private HandshakeHash handshakeHash;
    private ISignature signature;

    public CertificateVerify(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, PrivateKey privateKey, SecretKey secretKey, SignatureAndHashAlgorithm signatureAndHashAlgorithm, SecureRandom secureRandom) throws Exception {
        this.signature = null;
        this.protocolVersion = protocolVersion;
        this.handshakeHash = handshakeHash;
        this.signature = signatureFrom(protocolVersion, handshakeHash, privateKey);
        this.signature.initSign(privateKey);
        signatureUpdate(protocolVersion, handshakeHash, secretKey);
        this.signatureBytes = this.signature.sign();
    }

    public CertificateVerify(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, HandshakeInStream handshakeInStream, List<SignatureAndHashAlgorithm> list) throws IOException {
        this.signature = null;
        this.protocolVersion = protocolVersion;
        this.handshakeHash = handshakeHash;
        this.signatureBytes = handshakeInStream.getBytes16();
    }

    public boolean verify(PublicKey publicKey, SecretKey secretKey) throws Exception {
        this.signature = signatureFrom(this.protocolVersion, this.handshakeHash, publicKey);
        this.signature.initVerify(publicKey);
        signatureUpdate(this.protocolVersion, this.handshakeHash, secretKey);
        return this.signature.verify(this.signatureBytes);
    }

    private final ISignature signatureFrom(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, Key key) throws Exception {
        String upperCase = key.getAlgorithm().toUpperCase();
        if (SM2Helper.isSM2Type(upperCase)) {
            return new SM2Signature();
        }
        throw new SignatureException("Unrecognized algorithm: " + upperCase);
    }

    final void signatureUpdate(ProtocolVersion protocolVersion, HandshakeHash handshakeHash, SecretKey secretKey) throws Exception {
        if (!protocolVersion.isChinaTLS11()) {
            throw new GeneralSecurityException("Only GMTLS 1.1 supported");
        }
        byte[] finishedHash = handshakeHash.getFinishedHash();
        if (Debugger.handshaker.isDebugEnabled()) {
            Debugger.handshaker.debug("handshakeHash: 0x{}", Hex.hexify(finishedHash));
        }
        this.signature.update(finishedHash);
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    public final int messageType() {
        return 15;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    final int messageLength() {
        return 2 + this.signatureBytes.length;
    }

    @Override // cfca.sadk.tls.sun.security.ssl.message.HandshakeMessage
    final void send(HandshakeOutStream handshakeOutStream) throws IOException {
        handshakeOutStream.putBytes16(this.signatureBytes);
    }

    public final String toString() {
        return "\n*** CertificateVerify\n***";
    }
}
