package org.bouncycastle.tls.crypto.impl.bc;

import java.io.IOException;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;
import org.bouncycastle.tls.DigitallySigned;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.SignatureScheme;

/* loaded from: input_file:org/bouncycastle/tls/crypto/impl/bc/BcTlsRSAPSSVerifier.class */
public class BcTlsRSAPSSVerifier extends BcTlsVerifier {
    private final int signatureScheme;

    public BcTlsRSAPSSVerifier(BcTlsCrypto bcTlsCrypto, RSAKeyParameters rSAKeyParameters, int i) {
        super(bcTlsCrypto, rSAKeyParameters);
        if (!SignatureScheme.isRSAPSS(i)) {
            throw new IllegalArgumentException("signatureScheme");
        }
        this.signatureScheme = i;
    }

    @Override // org.bouncycastle.tls.crypto.TlsVerifier
    public boolean verifyRawSignature(DigitallySigned digitallySigned, byte[] bArr) throws IOException {
        SignatureAndHashAlgorithm algorithm = digitallySigned.getAlgorithm();
        if (algorithm == null || SignatureScheme.from(algorithm) != this.signatureScheme) {
            throw new IllegalStateException(new StringBuffer().append("Invalid algorithm: ").append(algorithm).toString());
        }
        PSSSigner createRawSigner = PSSSigner.createRawSigner(new RSAEngine(), this.crypto.createDigest(SignatureScheme.getCryptoHashAlgorithm(this.signatureScheme)));
        createRawSigner.init(false, this.publicKey);
        createRawSigner.update(bArr, 0, bArr.length);
        return createRawSigner.verifySignature(digitallySigned.getSignature());
    }
}
