package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import org.eclipse.californium.scandium.dtls.AlertMessage;

/* compiled from: CertificateVerify.java */
/* loaded from: classes4.dex */
public final class d extends r {

    /* renamed from: i, reason: collision with root package name */
    private static final org.slf4j.b f26970i = org.slf4j.c.i(d.class.getCanonicalName());

    /* renamed from: g, reason: collision with root package name */
    private byte[] f26971g;

    /* renamed from: h, reason: collision with root package name */
    private final SignatureAndHashAlgorithm f26972h;

    private d(SignatureAndHashAlgorithm signatureAndHashAlgorithm, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.f26972h = signatureAndHashAlgorithm;
    }

    public d(SignatureAndHashAlgorithm signatureAndHashAlgorithm, PrivateKey privateKey, byte[] bArr, InetSocketAddress inetSocketAddress) {
        this(signatureAndHashAlgorithm, inetSocketAddress);
        this.f26971g = p(privateKey, bArr);
    }

    private d(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] bArr, InetSocketAddress inetSocketAddress) {
        this(signatureAndHashAlgorithm, inetSocketAddress);
        this.f26971g = Arrays.copyOf(bArr, bArr.length);
    }

    public static r o(byte[] bArr, InetSocketAddress inetSocketAddress) {
        org.eclipse.californium.elements.s.b bVar = new org.eclipse.californium.elements.s.b(bArr);
        return new d(new SignatureAndHashAlgorithm(bVar.d(8), bVar.d(8)), bVar.e(bVar.d(16)), inetSocketAddress);
    }

    private byte[] p(PrivateKey privateKey, byte[] bArr) {
        this.f26971g = new byte[0];
        try {
            Signature signature = Signature.getInstance(this.f26972h.c());
            signature.initSign(privateKey);
            signature.update(bArr);
            this.f26971g = signature.sign();
        } catch (Exception e2) {
            f26970i.error("Could not create signature.", (Throwable) e2);
        }
        return this.f26971g;
    }

    @Override // org.eclipse.californium.scandium.dtls.r
    public byte[] b() {
        org.eclipse.californium.elements.s.c cVar = new org.eclipse.californium.elements.s.c();
        cVar.b(this.f26972h.a().getCode(), 8);
        cVar.b(this.f26972h.b().getCode(), 8);
        cVar.b(this.f26971g.length, 16);
        cVar.d(this.f26971g);
        return cVar.a();
    }

    @Override // org.eclipse.californium.scandium.dtls.r
    public int f() {
        return this.f26971g.length + 4;
    }

    @Override // org.eclipse.californium.scandium.dtls.r
    public HandshakeType h() {
        return HandshakeType.CERTIFICATE_VERIFY;
    }

    public void q(PublicKey publicKey, byte[] bArr) throws HandshakeException {
        boolean z;
        try {
            Signature signature = Signature.getInstance(this.f26972h.c());
            signature.initVerify(publicKey);
            signature.update(bArr);
            z = signature.verify(this.f26971g);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            f26970i.error("Could not verify the client's signature.", e2);
            z = false;
        }
        if (!z) {
            throw new HandshakeException("The client's CertificateVerify message could not be verified.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, a()));
        }
    }
}
