package net.netca.pki.encoding.asn1.pki;

import net.netca.pki.Freeable;
import net.netca.pki.KeyPair;
import net.netca.pki.PkiException;
import net.netca.pki.Signature;

/* loaded from: classes3.dex */
public final class NetcaSigner implements Signable, Freeable, MultiStepSignable {
    private KeyPair keypair;
    private Signature signObj = null;

    public NetcaSigner(KeyPair keyPair) throws PkiException {
        KeyPair dup = keyPair.dup();
        this.keypair = dup;
        if (dup == null) {
            throw new PkiException("keypair dup fail");
        }
    }

    @Override // net.netca.pki.Freeable
    public void free() {
        Signature signature = this.signObj;
        if (signature != null) {
            signature.free();
        }
        this.keypair.free();
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepSignable
    public void init(AlgorithmIdentifier algorithmIdentifier) throws PkiException {
        Signature signature = this.signObj;
        if (signature != null) {
            signature.free();
            this.signObj = null;
        }
        String oid = algorithmIdentifier.getOid();
        int netcaSignAlgorithm = NetcaVerifier.getNetcaSignAlgorithm(oid);
        if (netcaSignAlgorithm < 0) {
            throw new PkiException("unknown signature algorithm " + oid);
        }
        if (netcaSignAlgorithm == 22) {
            this.signObj = new Signature(NetcaVerifier.toRSAPSSParam(algorithmIdentifier), this.keypair);
        } else {
            this.signObj = new Signature(netcaSignAlgorithm, this.keypair);
        }
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepSignable
    public byte[] sign() throws PkiException {
        Signature signature = this.signObj;
        if (signature == null) {
            throw new PkiException("init first");
        }
        byte[] sign = signature.sign();
        this.signObj.free();
        this.signObj = null;
        return sign;
    }

    @Override // net.netca.pki.encoding.asn1.pki.Signable
    public byte[] sign(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i2, int i3) throws PkiException {
        init(algorithmIdentifier);
        update(bArr, i2, i3);
        return sign();
    }

    @Override // net.netca.pki.encoding.asn1.pki.MultiStepSignable
    public void update(byte[] bArr, int i2, int i3) throws PkiException {
        Signature signature = this.signObj;
        if (signature == null) {
            throw new PkiException("init first");
        }
        signature.update(bArr, i2, i3);
    }
}
