package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.util.List;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.cipher.RandomManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public final class CertificateVerify extends HandshakeMessage {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CertificateVerify.class);
    private final SignatureAndHashAlgorithm signatureAndHashAlgorithm;
    private final byte[] signatureBytes;

    public CertificateVerify(SignatureAndHashAlgorithm signatureAndHashAlgorithm, PrivateKey privateKey, List<HandshakeMessage> list, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
        this.signatureBytes = sign(signatureAndHashAlgorithm, privateKey, list);
    }

    private CertificateVerify(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] bArr, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
        this.signatureBytes = bArr;
    }

    public static HandshakeMessage fromReader(DatagramReader datagramReader, InetSocketAddress inetSocketAddress) {
        return new CertificateVerify(new SignatureAndHashAlgorithm(datagramReader.read(8), datagramReader.read(8)), datagramReader.readBytes(datagramReader.read(16)), inetSocketAddress);
    }

    private static byte[] sign(SignatureAndHashAlgorithm signatureAndHashAlgorithm, PrivateKey privateKey, List<HandshakeMessage> list) {
        byte[] bArr = Bytes.EMPTY;
        try {
            Signature currentWithCause = signatureAndHashAlgorithm.getThreadLocalSignature().currentWithCause();
            currentWithCause.initSign(privateKey, RandomManager.currentSecureRandom());
            int i2 = 0;
            for (HandshakeMessage handshakeMessage : list) {
                currentWithCause.update(handshakeMessage.toByteArray());
                LOGGER.trace("  [{}] - {}", Integer.valueOf(i2), handshakeMessage.getMessageType());
                i2++;
            }
            return currentWithCause.sign();
        } catch (Exception e2) {
            LOGGER.error("Could not create signature.", (Throwable) e2);
            return bArr;
        }
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public byte[] fragmentToByteArray() {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.write(this.signatureAndHashAlgorithm.getHash().getCode(), 8);
        datagramWriter.write(this.signatureAndHashAlgorithm.getSignature().getCode(), 8);
        datagramWriter.write(this.signatureBytes.length, 16);
        datagramWriter.writeBytes(this.signatureBytes);
        return datagramWriter.toByteArray();
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public int getMessageLength() {
        return this.signatureBytes.length + 4;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public HandshakeType getMessageType() {
        return HandshakeType.CERTIFICATE_VERIFY;
    }

    public void verifySignature(PublicKey publicKey, List<HandshakeMessage> list) {
        try {
            Signature currentWithCause = this.signatureAndHashAlgorithm.getThreadLocalSignature().currentWithCause();
            currentWithCause.initVerify(publicKey);
            int i2 = 0;
            for (HandshakeMessage handshakeMessage : list) {
                currentWithCause.update(handshakeMessage.toByteArray());
                LOGGER.trace("  [{}] - {}", Integer.valueOf(i2), handshakeMessage.getMessageType());
                i2++;
            }
            if (currentWithCause.verify(this.signatureBytes)) {
                return;
            }
        } catch (GeneralSecurityException e2) {
            LOGGER.error("Could not verify the client's signature.", (Throwable) e2);
        }
        throw new HandshakeException("The client's CertificateVerify message could not be verified.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeer()));
    }
}
