package org.atalk.impl.neomedia.transform.dtls;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Vector;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.MaxFragmentLength;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsCredentialedDecryptor;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsECCUtils;
import org.bouncycastle.tls.TlsExtensionsUtils;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSRTPUtils;
import org.bouncycastle.tls.TlsServerContext;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.UseSRTPData;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedDecryptor;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import timber.log.Timber;

/* loaded from: classes17.dex */
public class TlsServerImpl extends DefaultTlsServer {
    private CertificateRequest certificateRequest;
    private int chosenProtectionProfile;
    private final DtlsPacketTransformer packetTransformer;
    private TlsCredentialedDecryptor rsaEncryptionCredentials;
    private TlsCredentialedSigner rsaSignerCredentials;
    private Vector serverCertReqSigAlgs;

    public TlsServerImpl(DtlsPacketTransformer dtlsPacketTransformer) {
        super(new BcTlsCrypto(new SecureRandom()));
        this.certificateRequest = null;
        this.serverCertReqSigAlgs = null;
        this.packetTransformer = dtlsPacketTransformer;
    }

    private int getChosenProtectionProfile() {
        return this.chosenProtectionProfile;
    }

    private DtlsControlImpl getDtlsControl() {
        return this.packetTransformer.getDtlsControl();
    }

    private Properties getProperties() {
        return this.packetTransformer.getProperties();
    }

    private Hashtable getServerExtensionsOverride() throws IOException {
        if (this.encryptThenMACOffered && allowEncryptThenMAC() && TlsUtils.isBlockCipherSuite(this.selectedCipherSuite)) {
            TlsExtensionsUtils.addEncryptThenMACExtension(checkServerExtensions());
        }
        if (this.maxFragmentLengthOffered >= 0 && MaxFragmentLength.isValid(this.maxFragmentLengthOffered)) {
            TlsExtensionsUtils.addMaxFragmentLengthExtension(checkServerExtensions(), this.maxFragmentLengthOffered);
        }
        if (this.truncatedHMacOffered && allowTruncatedHMac()) {
            TlsExtensionsUtils.addTruncatedHMacExtension(checkServerExtensions());
        }
        if (TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) {
            TlsExtensionsUtils.addSupportedPointFormatsExtension(checkServerExtensions(), new short[]{0, 1, 2});
        }
        return this.serverExtensions;
    }

    private boolean isSrtpDisabled() {
        return getProperties().isSrtpDisabled();
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public CertificateRequest getCertificateRequest() {
        if (this.certificateRequest == null) {
            short[] sArr = {1, 2, 64};
            Vector vector = null;
            if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.context.getServerVersion()) && (vector = this.serverCertReqSigAlgs) == null) {
                vector = TlsUtils.getDefaultSupportedSignatureAlgorithms(this.context);
            }
            Vector vector2 = new Vector();
            vector2.addElement(new X500Name("CN=atalk.org TLS CA"));
            this.certificateRequest = new CertificateRequest(sArr, vector, vector2);
        }
        return this.certificateRequest;
    }

    TlsContext getContext() {
        return this.context;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer
    protected TlsCredentialedDecryptor getRSAEncryptionCredentials() {
        if (this.rsaEncryptionCredentials == null) {
            TlsCrypto crypto = this.context.getCrypto();
            CertificateInfo certificateInfo = getDtlsControl().getCertificateInfo();
            this.rsaEncryptionCredentials = new BcDefaultTlsCredentialedDecryptor((BcTlsCrypto) crypto, certificateInfo.getCertificate(), certificateInfo.getKeyPair().getPrivate());
        }
        return this.rsaEncryptionCredentials;
    }

    @Override // org.bouncycastle.tls.DefaultTlsServer
    protected TlsCredentialedSigner getRSASignerCredentials() {
        if (this.rsaSignerCredentials == null) {
            TlsCrypto crypto = this.context.getCrypto();
            TlsCryptoParameters tlsCryptoParameters = new TlsCryptoParameters(this.context);
            CertificateInfo certificateInfo = getDtlsControl().getCertificateInfo();
            this.rsaSignerCredentials = new BcDefaultTlsCredentialedSigner(tlsCryptoParameters, (BcTlsCrypto) crypto, certificateInfo.getKeyPair().getPrivate(), certificateInfo.getCertificate(), new SignatureAndHashAlgorithm((short) 4, (short) 1));
        }
        return this.rsaSignerCredentials;
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public Hashtable getServerExtensions() throws IOException {
        Hashtable serverExtensionsOverride = getServerExtensionsOverride();
        if (isSrtpDisabled()) {
            return serverExtensionsOverride;
        }
        if (TlsSRTPUtils.getUseSRTPExtension(serverExtensionsOverride) == null) {
            if (serverExtensionsOverride == null) {
                serverExtensionsOverride = new Hashtable();
            }
            UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(this.clientExtensions);
            int chooseSRTPProtectionProfile = DtlsControlImpl.chooseSRTPProtectionProfile(useSRTPExtension.getProtectionProfiles());
            if (chooseSRTPProtectionProfile == 0) {
                TlsFatalAlert tlsFatalAlert = new TlsFatalAlert((short) 80);
                Timber.e(tlsFatalAlert, "%s", "No chosen SRTP protection profile!");
                throw tlsFatalAlert;
            }
            TlsSRTPUtils.addUseSRTPExtension(serverExtensionsOverride, new UseSRTPData(new int[]{chooseSRTPProtectionProfile}, useSRTPExtension.getMki()));
            this.chosenProtectionProfile = chooseSRTPProtectionProfile;
        }
        return serverExtensionsOverride;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.bouncycastle.tls.AbstractTlsPeer
    public ProtocolVersion[] getSupportedVersions() {
        return ProtocolVersion.DTLSv12.downTo(ProtocolVersion.DTLSv10);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void init(TlsServerContext tlsServerContext) {
        super.init(tlsServerContext);
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        this.packetTransformer.notifyAlertRaised(this, s, s2, str, th);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void notifyClientCertificate(Certificate certificate) throws IOException {
        try {
            getDtlsControl().verifyAndValidateCertificate(certificate);
        } catch (Exception e) {
            Timber.e(e, "Failed to verify and/or validate client certificate!", new Object[0]);
            if (!(e instanceof IOException)) {
                throw new IOException(e);
            }
            throw ((IOException) e);
        }
    }

    @Override // org.bouncycastle.tls.AbstractTlsPeer, org.bouncycastle.tls.TlsPeer
    public void notifyHandshakeComplete() throws IOException {
        super.notifyHandshakeComplete();
        this.packetTransformer.initializeSRTPTransformer(getChosenProtectionProfile(), this.context);
    }

    @Override // org.bouncycastle.tls.AbstractTlsServer, org.bouncycastle.tls.TlsServer
    public void processClientExtensions(Hashtable hashtable) throws IOException {
        if (isSrtpDisabled()) {
            super.processClientExtensions(hashtable);
            return;
        }
        UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable);
        if (useSRTPExtension == null) {
            IOException iOException = new IOException("DTLS extended client hello does not include the use_srtp extension!");
            Timber.e(iOException, "%s", "DTLS extended client hello does not include the use_srtp extension!");
            throw iOException;
        }
        if (DtlsControlImpl.chooseSRTPProtectionProfile(useSRTPExtension.getProtectionProfiles()) != 0) {
            super.processClientExtensions(hashtable);
        } else {
            TlsFatalAlert tlsFatalAlert = new TlsFatalAlert((short) 47);
            Timber.e(tlsFatalAlert, "%s", "No chosen SRTP protection profile!");
            throw tlsFatalAlert;
        }
    }
}
