package net.netca.pki.encoding.asn1.pki;

import net.netca.pki.Certificate;
import net.netca.pki.Freeable;
import net.netca.pki.GeneralDevice;
import net.netca.pki.ICertReq;
import net.netca.pki.ICertReqSignHash;
import net.netca.pki.ISignHash;
import net.netca.pki.PkiException;
import net.netca.pki.Signature;

/* loaded from: classes3.dex */
public class GeneralDeviceSigner implements Signable, Freeable {
    private final Certificate certObj;
    private final ICertReqSignHash certReqSignHashObj;
    private final ISignHash signHashObj;

    public GeneralDeviceSigner(GeneralDevice generalDevice, Certificate certificate) throws PkiException {
        this.signHashObj = generalDevice.getSignHashObject();
        this.certObj = certificate.dup();
        this.certReqSignHashObj = null;
    }

    public GeneralDeviceSigner(ICertReq iCertReq, String str) throws PkiException {
        this.certReqSignHashObj = iCertReq.getCertReqSignHashObject(str);
        this.signHashObj = null;
        this.certObj = null;
    }

    @Override // net.netca.pki.Freeable
    public void free() {
        ICertReqSignHash iCertReqSignHash = this.certReqSignHashObj;
        if (iCertReqSignHash instanceof Freeable) {
            ((Freeable) iCertReqSignHash).free();
        }
        ISignHash iSignHash = this.signHashObj;
        if (iSignHash instanceof Freeable) {
            ((Freeable) iSignHash).free();
        }
        Certificate certificate = this.certObj;
        if (certificate != null) {
            certificate.free();
        }
    }

    @Override // net.netca.pki.encoding.asn1.pki.Signable
    public byte[] sign(AlgorithmIdentifier algorithmIdentifier, byte[] bArr, int i2, int i3) throws PkiException {
        String oid = algorithmIdentifier.getOid();
        int netcaSignAlgorithm = NetcaVerifier.getNetcaSignAlgorithm(oid);
        if (netcaSignAlgorithm < 0) {
            throw new PkiException("unknown signature algorithm " + oid);
        }
        if (netcaSignAlgorithm == 22) {
            throw new PkiException("unsupported rsa pss signature algorithm");
        }
        Signature signature = null;
        try {
            signature = this.certReqSignHashObj != null ? new Signature(this.certReqSignHashObj, netcaSignAlgorithm, (Object) null) : new Signature(this.signHashObj, this.certObj, netcaSignAlgorithm, null);
            signature.update(bArr, i2, i3);
            byte[] sign = signature.sign();
            signature.free();
            return sign;
        } catch (Throwable th) {
            if (signature != null) {
                signature.free();
            }
            throw th;
        }
    }
}
