package fm.icelink;

import fm.BitAssistant;
import fm.DoubleAction;
import fm.IntegerHolder;
import fm.Log;
import fm.SingleAction;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DTLSTransport;
import org.bouncycastle.crypto.tls.DefaultTlsEncryptionCredentials;
import org.bouncycastle.crypto.tls.DefaultTlsServer;
import org.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.bouncycastle.crypto.tls.ExporterLabel;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
import org.bouncycastle.crypto.tls.TlsExtensionsUtils;
import org.bouncycastle.crypto.tls.TlsFatalAlert;
import org.bouncycastle.crypto.tls.TlsSRTPUtils;
import org.bouncycastle.crypto.tls.TlsSignerCredentials;
import org.bouncycastle.crypto.tls.TlsUtils;
import org.bouncycastle.crypto.tls.UseSRTPData;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class DTLSServer extends DefaultTlsServer {
    private Certificate certificate;
    private CipherSuite[] cipherSuites;
    private int[] clientSrtpProtectionProfiles;
    private boolean closed;
    private DTLSTransport connection;
    private ProtocolVersion maxVersion;
    private ProtocolVersion minVersion;
    private DTLSServerProtocol protocol;
    private byte[] receiveBuffer;
    public String remoteFingerprint;
    public String remoteFingerprintAlgorithm;
    private DoubleAction<byte[], IntegerHolder> sctpReceiveCallback;
    private StreamProtocol streamProtocol;
    private int[] supportedSrtpProtectionProfiles;
    private DTLSUdpTransport transport;
    private List<DTLSMessage> handshakeFlight = new ArrayList();
    private int selectedSrtpProtectionProfile = -1;
    private Object connectionLock = new Object();

    public DTLSServer(Certificate certificate, CipherSuite[] cipherSuiteArr, ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, String str, String str2, StreamProtocol streamProtocol) {
        this.certificate = certificate;
        this.cipherSuites = cipherSuiteArr;
        this.minVersion = protocolVersion;
        this.maxVersion = protocolVersion2;
        this.remoteFingerprintAlgorithm = str;
        this.remoteFingerprint = str2;
        this.streamProtocol = streamProtocol;
    }

    private static int convertCipherSuite(CipherSuite cipherSuite) {
        if (cipherSuite == CipherSuite.Aes128Sha) {
            return 47;
        }
        if (cipherSuite == CipherSuite.DhRsaAes128Sha) {
            return 49;
        }
        if (cipherSuite == CipherSuite.EcdhRsaAes128Sha) {
            return org.bouncycastle.crypto.tls.CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
        }
        if (cipherSuite == CipherSuite.DheRsaAes128Sha) {
            return 51;
        }
        if (cipherSuite == CipherSuite.EcdheRsaAes128Sha) {
            return org.bouncycastle.crypto.tls.CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
        }
        if (cipherSuite == CipherSuite.EcdheEcdsaAes128Sha) {
            return org.bouncycastle.crypto.tls.CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
        }
        return -1;
    }

    private void processReceived() {
        int i = 0;
        if (this.connection == null || this.receiveBuffer == null) {
            return;
        }
        while (i != -1) {
            try {
                i = this.connection.receive(this.receiveBuffer, 0, this.receiveBuffer.length, 0);
                if (i > 0) {
                    this.sctpReceiveCallback.invoke(this.receiveBuffer, new IntegerHolder(i));
                }
            } catch (Exception e) {
                Log.error("DTLS client could not process incoming message.", e);
                return;
            }
        }
    }

    private boolean selectSrtpProtectionProfile() {
        for (int i : this.supportedSrtpProtectionProfiles) {
            for (int i2 : this.clientSrtpProtectionProfiles) {
                if (i2 == i) {
                    this.selectedSrtpProtectionProfile = i2;
                    return true;
                }
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendHandshakeFlight(SingleAction<byte[]> singleAction) {
        Iterator<DTLSMessage> it = this.handshakeFlight.iterator();
        int i = 0;
        while (it.hasNext()) {
            i = it.next().getRaw().length + i;
        }
        byte[] bArr = new byte[i];
        Iterator<DTLSMessage> it2 = this.handshakeFlight.iterator();
        int i2 = 0;
        while (it2.hasNext()) {
            byte[] raw = it2.next().getRaw();
            BitAssistant.copy(raw, 0, bArr, i2, raw.length);
            i2 = raw.length + i2;
        }
        this.handshakeFlight.clear();
        singleAction.invoke(bArr);
    }

    public void close() {
        if (this.connection != null) {
            try {
                this.connection.close();
            } catch (Exception e) {
            }
            this.connection = null;
        }
        if (this.protocol != null) {
            try {
                this.protocol.cancel();
            } catch (Exception e2) {
            }
            this.protocol = null;
        }
        if (this.transport != null) {
            try {
                this.transport.close();
            } catch (Exception e3) {
            }
            this.transport = null;
        }
        this.closed = true;
    }

    public Certificate getCertificate() {
        return this.certificate;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer, org.bouncycastle.crypto.tls.TlsServer
    public CertificateRequest getCertificateRequest() {
        return new CertificateRequest(new short[]{1}, TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.serverVersion) ? TlsUtils.getDefaultSupportedSignatureAlgorithms() : null, null);
    }

    @Override // org.bouncycastle.crypto.tls.DefaultTlsServer, org.bouncycastle.crypto.tls.AbstractTlsServer
    protected int[] getCipherSuites() {
        int length = getPreferredCipherSuites().length;
        int[] iArr = new int[length];
        for (int i = 0; i < length; i++) {
            iArr[i] = convertCipherSuite(getPreferredCipherSuites()[i]);
        }
        return iArr;
    }

    public int[] getClientSrtpProtectionProfiles() {
        return this.clientSrtpProtectionProfiles;
    }

    public boolean getClosed() {
        return this.closed;
    }

    public byte[] getKeyingMaterial() {
        return this.context.exportKeyingMaterial(ExporterLabel.dtls_srtp, null, 60);
    }

    public ProtocolVersion getMaxVersion() {
        return this.maxVersion;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer
    protected org.bouncycastle.crypto.tls.ProtocolVersion getMaximumVersion() {
        return this.maxVersion == ProtocolVersion.Dtls10 ? org.bouncycastle.crypto.tls.ProtocolVersion.DTLSv10 : org.bouncycastle.crypto.tls.ProtocolVersion.DTLSv12;
    }

    public ProtocolVersion getMinVersion() {
        return this.minVersion;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer
    protected org.bouncycastle.crypto.tls.ProtocolVersion getMinimumVersion() {
        return this.minVersion == ProtocolVersion.Dtls12 ? org.bouncycastle.crypto.tls.ProtocolVersion.DTLSv12 : org.bouncycastle.crypto.tls.ProtocolVersion.DTLSv10;
    }

    public CipherSuite[] getPreferredCipherSuites() {
        return this.cipherSuites;
    }

    @Override // org.bouncycastle.crypto.tls.DefaultTlsServer
    protected TlsEncryptionCredentials getRSAEncryptionCredentials() {
        RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters = new RSAPrivateCrtKeyParameters(new BigInteger(1, this.certificate.getKey().getModulus()), new BigInteger(1, this.certificate.getKey().getPublicExponent()), new BigInteger(1, this.certificate.getKey().getPrivateExponent()), new BigInteger(1, this.certificate.getKey().getPrime1()), new BigInteger(1, this.certificate.getKey().getPrime2()), new BigInteger(1, this.certificate.getKey().getExponent1()), new BigInteger(1, this.certificate.getKey().getExponent2()), new BigInteger(1, this.certificate.getKey().getCoefficient()));
        try {
            byte[] bytes = this.certificate.getBytes();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int length = bytes.length;
            TlsUtils.writeUint24(length + 3, byteArrayOutputStream);
            TlsUtils.writeUint24(length, byteArrayOutputStream);
            byteArrayOutputStream.write(bytes, 0, bytes.length);
            return new DefaultTlsEncryptionCredentials(this.context, org.bouncycastle.crypto.tls.Certificate.parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), rSAPrivateCrtKeyParameters);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // org.bouncycastle.crypto.tls.DefaultTlsServer
    protected TlsSignerCredentials getRSASignerCredentials() {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm;
        SignatureAndHashAlgorithm signatureAndHashAlgorithm2;
        if (this.supportedSignatureAlgorithms != null) {
            Iterator it = this.supportedSignatureAlgorithms.iterator();
            while (true) {
                if (!it.hasNext()) {
                    signatureAndHashAlgorithm2 = null;
                    break;
                }
                signatureAndHashAlgorithm2 = (SignatureAndHashAlgorithm) it.next();
                if (signatureAndHashAlgorithm2.getSignature() == 1) {
                    break;
                }
            }
            if (signatureAndHashAlgorithm2 == null) {
                return null;
            }
            signatureAndHashAlgorithm = signatureAndHashAlgorithm2;
        } else {
            signatureAndHashAlgorithm = null;
        }
        RSAPrivateCrtKeyParameters rSAPrivateCrtKeyParameters = new RSAPrivateCrtKeyParameters(new BigInteger(1, this.certificate.getKey().getModulus()), new BigInteger(1, this.certificate.getKey().getPublicExponent()), new BigInteger(1, this.certificate.getKey().getPrivateExponent()), new BigInteger(1, this.certificate.getKey().getPrime1()), new BigInteger(1, this.certificate.getKey().getPrime2()), new BigInteger(1, this.certificate.getKey().getExponent1()), new BigInteger(1, this.certificate.getKey().getExponent2()), new BigInteger(1, this.certificate.getKey().getCoefficient()));
        try {
            byte[] bytes = this.certificate.getBytes();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int length = bytes.length;
            TlsUtils.writeUint24(length + 3, byteArrayOutputStream);
            TlsUtils.writeUint24(length, byteArrayOutputStream);
            byteArrayOutputStream.write(bytes, 0, bytes.length);
            return new DefaultTlsSignerCredentials(this.context, org.bouncycastle.crypto.tls.Certificate.parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), rSAPrivateCrtKeyParameters, signatureAndHashAlgorithm);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public String getRemoteFingerprint() {
        return this.remoteFingerprint;
    }

    public String getRemoteFingerprintAlgorithm() {
        return this.remoteFingerprintAlgorithm;
    }

    public int getSelectedSrtpProtectionProfile() {
        return this.selectedSrtpProtectionProfile;
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer, org.bouncycastle.crypto.tls.TlsServer
    public Hashtable getServerExtensions() {
        Hashtable ensureExtensionsInitialised = TlsExtensionsUtils.ensureExtensionsInitialised(super.getServerExtensions());
        if (this.selectedSrtpProtectionProfile >= 0 && this.streamProtocol == StreamProtocol.Rtp) {
            TlsSRTPUtils.addUseSRTPExtension(ensureExtensionsInitialised, new UseSRTPData(new int[]{this.selectedSrtpProtectionProfile}, new byte[0]));
        }
        return ensureExtensionsInitialised;
    }

    public int[] getSupportedSrtpProtectionProfiles() {
        return this.supportedSrtpProtectionProfiles;
    }

    public void notifyAlertRaised(byte b, byte b2, String str, Exception exc) {
        if (this.closed) {
            return;
        }
        String format = String.format(Locale.getDefault(), "DTLS server raised alert. (Level: %s, Description: %s, Message: '%s')", String.valueOf((int) b), String.valueOf((int) b2), str);
        if (b == 1) {
            if (b2 == 0) {
                if (exc == null) {
                    Log.debug("Local DTLS server closed connection.");
                    return;
                } else {
                    Log.debug("Local DTLS server closed connection.", exc);
                    return;
                }
            }
            if (exc == null) {
                Log.warn(format);
                return;
            } else {
                Log.warn(format, exc);
                return;
            }
        }
        if (b == 2) {
            if (exc == null) {
                Log.error(format);
                return;
            } else {
                Log.error(format, exc);
                return;
            }
        }
        if (exc == null) {
            Log.debug(format);
        } else {
            Log.debug(format, exc);
        }
    }

    public void notifyAlertReceived(byte b, byte b2) {
        if (this.closed) {
            return;
        }
        String format = String.format(Locale.getDefault(), "DTLS server received alert. (Level: %s, Description: %s)", String.valueOf((int) b), String.valueOf((int) b2));
        if (b == 1) {
            if (b2 == 0) {
                Log.debug("Remote DTLS client closed connection.");
                return;
            } else {
                Log.warn(format);
                return;
            }
        }
        if (b == 2) {
            Log.error(format);
        } else {
            Log.debug(format);
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer, org.bouncycastle.crypto.tls.TlsServer
    public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate certificate) {
        String hexString;
        if (certificate == null) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
        if (certificateList == null || certificateList.length == 0) {
            throw new TlsFatalAlert((short) 42);
        }
        org.bouncycastle.asn1.x509.Certificate certificate2 = certificateList[0];
        if (this.remoteFingerprintAlgorithm.toLowerCase().equals("sha2") || this.remoteFingerprintAlgorithm.toLowerCase().equals("sha256") || this.remoteFingerprintAlgorithm.toLowerCase().equals("sha-256")) {
            hexString = BitAssistant.getHexString(Crypto.getSha256Hash(certificate2.getEncoded()));
        } else {
            if (!this.remoteFingerprintAlgorithm.toLowerCase().equals("sha") && !this.remoteFingerprintAlgorithm.toLowerCase().equals("sha1") && !this.remoteFingerprintAlgorithm.toLowerCase().equals("sha-1")) {
                throw new TlsFatalAlert((short) 49);
            }
            hexString = BitAssistant.getHexString(Crypto.getSha1Hash(certificate2.getEncoded()));
        }
        if (!hexString.toLowerCase().equals(this.remoteFingerprint.replace(":", "").toLowerCase())) {
            throw new TlsFatalAlert((short) 49);
        }
    }

    public boolean open(final SingleAction<byte[]> singleAction) {
        try {
            this.protocol = new DTLSServerProtocol();
            this.transport = new DTLSUdpTransport(new SingleAction<byte[]>() { // from class: fm.icelink.DTLSServer.1
                @Override // fm.SingleAction
                public void invoke(byte[] bArr) {
                    if (DTLSServer.this.connection != null) {
                        singleAction.invoke(bArr);
                        return;
                    }
                    Log.debug(String.format(Locale.getDefault(), "Sending DTLS packet (%d bytes).", Integer.valueOf(bArr.length)));
                    DTLSMessage[] parseMultiple = DTLSMessage.parseMultiple(bArr);
                    if (parseMultiple != null) {
                        for (DTLSMessage dTLSMessage : parseMultiple) {
                            DTLSServer.this.handshakeFlight.add(dTLSMessage);
                        }
                    }
                    if (DTLSServer.this.handshakeFlight.size() >= 1) {
                        DTLSMessage dTLSMessage2 = (DTLSMessage) DTLSServer.this.handshakeFlight.get(DTLSServer.this.handshakeFlight.size() - 1);
                        if (dTLSMessage2.getContentType() == DTLSContentType.getHandshake() && (dTLSMessage2.getHandshakeType() == DTLSHandshakeType.getServerHelloDone() || dTLSMessage2.getHandshakeType() == DTLSHandshakeType.getHelloRequest() || dTLSMessage2.getHandshakeType() == DTLSHandshakeType.getHelloVerifyRequest())) {
                            DTLSServer.this.sendHandshakeFlight(singleAction);
                        } else if (DTLSServer.this.handshakeFlight.size() >= 2 && ((DTLSMessage) DTLSServer.this.handshakeFlight.get(DTLSServer.this.handshakeFlight.size() - 2)).getContentType() == DTLSContentType.getChangeCipherSpec() && dTLSMessage2.getContentType() == DTLSContentType.getHandshake()) {
                            DTLSServer.this.sendHandshakeFlight(singleAction);
                        }
                    }
                }
            });
            this.connection = this.protocol.accept(this, this.transport);
            synchronized (this.connectionLock) {
                this.receiveBuffer = new byte[this.connection.getReceiveLimit()];
                processReceived();
            }
            return !this.closed;
        } catch (Exception e) {
            Log.error("Could not open DTLS server.", e);
            return false;
        }
    }

    @Override // org.bouncycastle.crypto.tls.AbstractTlsServer, org.bouncycastle.crypto.tls.TlsServer
    public void processClientExtensions(Hashtable hashtable) {
        UseSRTPData useSRTPExtension;
        super.processClientExtensions(hashtable);
        if (hashtable == null || this.streamProtocol != StreamProtocol.Rtp || (useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable)) == null) {
            return;
        }
        if (useSRTPExtension.getProtectionProfiles() == null || useSRTPExtension.getProtectionProfiles().length == 0) {
            throw new TlsFatalAlert((short) 50);
        }
        this.clientSrtpProtectionProfiles = useSRTPExtension.getProtectionProfiles();
        if (selectSrtpProtectionProfile()) {
            return;
        }
        Log.error("DTLS server could not select an SRTP protection profile.");
    }

    public void receive(byte[] bArr) {
        if (this.connection == null) {
            Log.debug(String.format(Locale.getDefault(), "Received DTLS packet (%d bytes).", Integer.valueOf(bArr.length)));
        }
        synchronized (this.connectionLock) {
            if (this.transport != null) {
                this.transport.push(bArr);
            }
            processReceived();
        }
    }

    public void send(byte[] bArr) {
        if (this.connection != null) {
            try {
                this.connection.send(bArr, 0, bArr.length);
            } catch (Exception e) {
                Log.error("DTLS server could not process outgoing message.", e);
            }
        }
    }

    public void setClientSrtpProtectionProfiles(int[] iArr) {
        this.clientSrtpProtectionProfiles = iArr;
    }

    public void setSctpReceiveCallback(DoubleAction<byte[], IntegerHolder> doubleAction) {
        this.sctpReceiveCallback = doubleAction;
    }

    public void setSupportedSrtpProtectionProfiles(int[] iArr) {
        this.supportedSrtpProtectionProfiles = iArr;
    }
}
