package fm.icelink;

import fm.BitAssistant;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.util.Iterator;
import java.util.Vector;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsContext;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.crypto.tls.TlsFatalAlert;
import org.bouncycastle.crypto.tls.TlsUtils;
import org.bouncycastle.util.Arrays;

/* loaded from: classes.dex */
class DTLSClientAuthentication implements TlsAuthentication {
    private Certificate certificate;
    private TlsContext context;
    public String remoteFingerprint;
    public String remoteFingerprintAlgorithm;

    public DTLSClientAuthentication(TlsContext tlsContext, Certificate certificate, String str, String str2) {
        this.context = tlsContext;
        this.certificate = certificate;
        this.remoteFingerprintAlgorithm = str;
        this.remoteFingerprint = str2;
    }

    public Certificate getCertificate() {
        return this.certificate;
    }

    @Override // org.bouncycastle.crypto.tls.TlsAuthentication
    public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
        SignatureAndHashAlgorithm signatureAndHashAlgorithm2;
        short[] certificateTypes = certificateRequest.getCertificateTypes();
        if (certificateTypes == null || !Arrays.contains(certificateTypes, (short) 1)) {
            return null;
        }
        Vector supportedSignatureAlgorithms = certificateRequest.getSupportedSignatureAlgorithms();
        if (supportedSignatureAlgorithms != null) {
            Iterator it = supportedSignatureAlgorithms.iterator();
            while (true) {
                if (!it.hasNext()) {
                    signatureAndHashAlgorithm2 = null;
                    break;
                }
                signatureAndHashAlgorithm2 = (SignatureAndHashAlgorithm) it.next();
                if (signatureAndHashAlgorithm2.getSignature() == 1) {
                    break;
                }
            }
            if (signatureAndHashAlgorithm2 == null) {
                return null;
            }
            signatureAndHashAlgorithm = signatureAndHashAlgorithm2;
        } else {
            signatureAndHashAlgorithm = null;
        }
        RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters = new RSAPrivateCrtKeyParameters(new BigInteger(1, this.certificate.getKey().getModulus()), new BigInteger(1, this.certificate.getKey().getPublicExponent()), new BigInteger(1, this.certificate.getKey().getPrivateExponent()), new BigInteger(1, this.certificate.getKey().getPrime1()), new BigInteger(1, this.certificate.getKey().getPrime2()), new BigInteger(1, this.certificate.getKey().getExponent1()), new BigInteger(1, this.certificate.getKey().getExponent2()), new BigInteger(1, this.certificate.getKey().getCoefficient()));
        try {
            byte[] bytes = this.certificate.getBytes();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int length = bytes.length;
            TlsUtils.writeUint24(length + 3, byteArrayOutputStream);
            TlsUtils.writeUint24(length, byteArrayOutputStream);
            byteArrayOutputStream.write(bytes, 0, bytes.length);
            return new DefaultTlsSignerCredentials(this.context, org.bouncycastle.crypto.tls.Certificate.parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), rSAPrivateCrtKeyParameters, signatureAndHashAlgorithm);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public String getRemoteFingerprint() {
        return this.remoteFingerprint;
    }

    public String getRemoteFingerprintAlgorithm() {
        return this.remoteFingerprintAlgorithm;
    }

    @Override // org.bouncycastle.crypto.tls.TlsAuthentication
    public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate certificate) {
        String hexString;
        if (certificate == null) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
        if (certificateList == null || certificateList.length == 0) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate certificate2 = certificateList[0];
        if (this.remoteFingerprintAlgorithm.toLowerCase().equals("sha2") || this.remoteFingerprintAlgorithm.toLowerCase().equals("sha256") || this.remoteFingerprintAlgorithm.toLowerCase().equals("sha-256")) {
            hexString = BitAssistant.getHexString(Crypto.getSha256Hash(certificate2.getEncoded()));
        } else {
            if (!this.remoteFingerprintAlgorithm.toLowerCase().equals("sha") && !this.remoteFingerprintAlgorithm.toLowerCase().equals("sha1") && !this.remoteFingerprintAlgorithm.toLowerCase().equals("sha-1")) {
                throw new TlsFatalAlert((short) 49);
            }
            hexString = BitAssistant.getHexString(Crypto.getSha1Hash(certificate2.getEncoded()));
        }
        if (!hexString.toLowerCase().equals(this.remoteFingerprint.replace(":", "").toLowerCase())) {
            throw new TlsFatalAlert((short) 49);
        }
    }
}
