package org.eclipse.californium.scandium.dtls;

import java.net.InetSocketAddress;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import org.eclipse.californium.elements.util.Bytes;
import org.eclipse.californium.elements.util.DatagramReader;
import org.eclipse.californium.elements.util.DatagramWriter;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/scandium/dtls/CertificateVerify.class */
public final class CertificateVerify extends HandshakeMessage {
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateVerify.class.getCanonicalName());
    private static final int HASH_ALGORITHM_BITS = 8;
    private static final int SIGNATURE_ALGORITHM_BITS = 8;
    private static final int SIGNATURE_LENGTH_BITS = 16;
    private byte[] signatureBytes;
    private final SignatureAndHashAlgorithm signatureAndHashAlgorithm;

    public CertificateVerify(SignatureAndHashAlgorithm signatureAndHashAlgorithm, PrivateKey privateKey, byte[] bArr, InetSocketAddress inetSocketAddress) {
        this(signatureAndHashAlgorithm, inetSocketAddress);
        this.signatureBytes = setSignature(privateKey, bArr);
    }

    private CertificateVerify(SignatureAndHashAlgorithm signatureAndHashAlgorithm, byte[] bArr, InetSocketAddress inetSocketAddress) {
        this(signatureAndHashAlgorithm, inetSocketAddress);
        this.signatureBytes = Arrays.copyOf(bArr, bArr.length);
    }

    private CertificateVerify(SignatureAndHashAlgorithm signatureAndHashAlgorithm, InetSocketAddress inetSocketAddress) {
        super(inetSocketAddress);
        this.signatureAndHashAlgorithm = signatureAndHashAlgorithm;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public HandshakeType getMessageType() {
        return HandshakeType.CERTIFICATE_VERIFY;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public int getMessageLength() {
        return 4 + this.signatureBytes.length;
    }

    @Override // org.eclipse.californium.scandium.dtls.HandshakeMessage
    public byte[] fragmentToByteArray() {
        DatagramWriter datagramWriter = new DatagramWriter();
        datagramWriter.write(this.signatureAndHashAlgorithm.getHash().getCode(), 8);
        datagramWriter.write(this.signatureAndHashAlgorithm.getSignature().getCode(), 8);
        datagramWriter.write(this.signatureBytes.length, 16);
        datagramWriter.writeBytes(this.signatureBytes);
        return datagramWriter.toByteArray();
    }

    public static HandshakeMessage fromByteArray(byte[] bArr, InetSocketAddress inetSocketAddress) {
        DatagramReader datagramReader = new DatagramReader(bArr);
        return new CertificateVerify(new SignatureAndHashAlgorithm(datagramReader.read(8), datagramReader.read(8)), datagramReader.readBytes(datagramReader.read(16)), inetSocketAddress);
    }

    private byte[] setSignature(PrivateKey privateKey, byte[] bArr) {
        this.signatureBytes = Bytes.EMPTY;
        try {
            Signature signature = Signature.getInstance(this.signatureAndHashAlgorithm.jcaName());
            signature.initSign(privateKey);
            signature.update(bArr);
            this.signatureBytes = signature.sign();
        } catch (Exception e) {
            LOGGER.error("Could not create signature.", e);
        }
        return this.signatureBytes;
    }

    public void verifySignature(PublicKey publicKey, byte[] bArr) throws HandshakeException {
        boolean z = false;
        try {
            Signature signature = Signature.getInstance(this.signatureAndHashAlgorithm.jcaName());
            signature.initVerify(publicKey);
            signature.update(bArr);
            z = signature.verify(this.signatureBytes);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            LOGGER.error("Could not verify the client's signature.", e);
        }
        if (!z) {
            throw new HandshakeException("The client's CertificateVerify message could not be verified.", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.HANDSHAKE_FAILURE, getPeer()));
        }
    }
}
