package de.authada.org.bouncycastle.tls.crypto.impl.bc;

import de.authada.org.bouncycastle.crypto.Digest;
import de.authada.org.bouncycastle.crypto.engines.RSAEngine;
import de.authada.org.bouncycastle.crypto.params.RSAKeyParameters;
import de.authada.org.bouncycastle.crypto.signers.PSSSigner;
import de.authada.org.bouncycastle.tls.DigitallySigned;
import de.authada.org.bouncycastle.tls.SignatureAndHashAlgorithm;
import de.authada.org.bouncycastle.tls.SignatureScheme;

/* loaded from: classes6.dex */
public class BcTlsRSAPSSVerifier extends BcTlsVerifier {
    private final int signatureScheme;

    public BcTlsRSAPSSVerifier(BcTlsCrypto bcTlsCrypto, RSAKeyParameters rSAKeyParameters, int i10) {
        super(bcTlsCrypto, rSAKeyParameters);
        if (!SignatureScheme.isRSAPSS(i10)) {
            throw new IllegalArgumentException("signatureScheme");
        }
        this.signatureScheme = i10;
    }

    @Override // de.authada.org.bouncycastle.tls.crypto.TlsVerifier
    public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] bArr) {
        SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
        if (algorithm != null) {
            int from = SignatureScheme.from(algorithm);
            int i10 = this.signatureScheme;
            if (from == i10) {
                Digest createDigest = this.crypto.createDigest(SignatureScheme.getCryptoHashAlgorithm(i10));
                PSSSigner createRawSigner = PSSSigner.createRawSigner(new RSAEngine(), createDigest, createDigest, createDigest.getDigestSize(), (byte) -68);
                createRawSigner.init(false, this.publicKey);
                createRawSigner.update(bArr, 0, bArr.length);
                return createRawSigner.verifySignature(digitallySigned.getSignature());
            }
        }
        throw new IllegalStateException("Invalid algorithm: " + algorithm);
    }
}
