package org.jitsi.impl.neomedia.transform.dtls;

import java.io.IOException;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Map;
import org.jitsi.bouncycastle.asn1.ASN1Encoding;
import org.jitsi.bouncycastle.asn1.x500.X500Name;
import org.jitsi.bouncycastle.asn1.x500.X500NameBuilder;
import org.jitsi.bouncycastle.asn1.x500.style.BCStyle;
import org.jitsi.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.jitsi.bouncycastle.cert.X509v3CertificateBuilder;
import org.jitsi.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.jitsi.bouncycastle.crypto.ExtendedDigest;
import org.jitsi.bouncycastle.crypto.generators.RSAKeyPairGenerator;
import org.jitsi.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.jitsi.bouncycastle.crypto.tls.Certificate;
import org.jitsi.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
import org.jitsi.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.jitsi.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.jitsi.bouncycastle.operator.bc.BcDefaultDigestProvider;
import org.jitsi.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import org.jitsi.impl.neomedia.AbstractRTPConnector;
import org.jitsi.service.neomedia.AbstractSrtpControl;
import org.jitsi.service.neomedia.DtlsControl;
import org.jitsi.service.neomedia.MediaType;
import org.jitsi.service.neomedia.SrtpControlType;
import org.jitsi.service.neomedia.format.MediaFormat;
import org.jitsi.service.version.Version;
import org.jitsi.util.Logger;
import org.jitsi.util.StringUtils;

/* loaded from: classes.dex */
public class DtlsControlImpl extends AbstractSrtpControl<DtlsTransformEngine> implements DtlsControl {
    private static final long ONE_DAY = 86400000;
    private final Certificate certificate;
    private AbstractRTPConnector connector;
    private boolean disposed;
    private final AsymmetricCipherKeyPair keyPair;
    private final String localFingerprint;
    private final String localFingerprintHashFunction;
    private Map<String, String> remoteFingerprints;
    private DtlsControl.Setup setup;
    private static final char[] HEX_ENCODE_TABLE = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
    private static final Logger logger = Logger.getLogger((Class<?>) DtlsControlImpl.class);
    static final int[] SRTP_PROTECTION_PROFILES = {1, 2};

    public DtlsControlImpl() {
        super(SrtpControlType.DTLS_SRTP);
        this.disposed = false;
        this.keyPair = generateKeyPair();
        org.jitsi.bouncycastle.asn1.x509.Certificate generateX509Certificate = generateX509Certificate(generateCN(), this.keyPair);
        this.certificate = new Certificate(new org.jitsi.bouncycastle.asn1.x509.Certificate[]{generateX509Certificate});
        this.localFingerprintHashFunction = findHashFunction(generateX509Certificate);
        this.localFingerprint = computeFingerprint(generateX509Certificate, this.localFingerprintHashFunction);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int chooseSRTPProtectionProfile(int... iArr) {
        int[] iArr2 = SRTP_PROTECTION_PROFILES;
        if (iArr != null) {
            for (int i : iArr) {
                for (int i2 : iArr2) {
                    if (i == i2) {
                        return i;
                    }
                }
            }
        }
        return 0;
    }

    private static final String computeFingerprint(org.jitsi.bouncycastle.asn1.x509.Certificate certificate, String str) {
        try {
            ExtendedDigest extendedDigest = BcDefaultDigestProvider.INSTANCE.get(new DefaultDigestAlgorithmIdentifierFinder().find(str.toUpperCase()));
            byte[] encoded = certificate.getEncoded(ASN1Encoding.DER);
            byte[] bArr = new byte[extendedDigest.getDigestSize()];
            extendedDigest.update(encoded, 0, encoded.length);
            extendedDigest.doFinal(bArr, 0);
            return toHex(bArr);
        } catch (Throwable th) {
            if (th instanceof ThreadDeath) {
                throw ((ThreadDeath) th);
            }
            logger.error("Failed to generate certificate fingerprint!", th);
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            throw new RuntimeException(th);
        }
    }

    private static String findHashFunction(org.jitsi.bouncycastle.asn1.x509.Certificate certificate) {
        try {
            return BcDefaultDigestProvider.INSTANCE.get(new DefaultDigestAlgorithmIdentifierFinder().find(certificate.getSignatureAlgorithm())).getAlgorithmName().toLowerCase();
        } catch (Throwable th) {
            if (th instanceof ThreadDeath) {
                throw ((ThreadDeath) th);
            }
            logger.warn("Failed to find the hash function of the signature algorithm of a certificate!", th);
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            throw new RuntimeException(th);
        }
    }

    private static X500Name generateCN() {
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        String property = System.getProperty(Version.PNAME_APPLICATION_NAME);
        String property2 = System.getProperty(Version.PNAME_APPLICATION_VERSION);
        StringBuilder sb = new StringBuilder();
        if (!StringUtils.isNullOrEmpty(property, true)) {
            sb.append(property);
        }
        if (!StringUtils.isNullOrEmpty(property2, true)) {
            if (sb.length() != 0) {
                sb.append(' ');
            }
            sb.append(property2);
        }
        if (sb.length() == 0) {
            sb.append(DtlsControlImpl.class.getName());
        }
        x500NameBuilder.addRDN(BCStyle.CN, sb.toString());
        return x500NameBuilder.build();
    }

    private static AsymmetricCipherKeyPair generateKeyPair() {
        RSAKeyPairGenerator rSAKeyPairGenerator = new RSAKeyPairGenerator();
        rSAKeyPairGenerator.init(new RSAKeyGenerationParameters(new BigInteger("10001", 16), new SecureRandom(), 1024, 80));
        return rSAKeyPairGenerator.generateKeyPair();
    }

    private static org.jitsi.bouncycastle.asn1.x509.Certificate generateX509Certificate(X500Name x500Name, AsymmetricCipherKeyPair asymmetricCipherKeyPair) {
        try {
            long currentTimeMillis = System.currentTimeMillis();
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(currentTimeMillis), new Date(currentTimeMillis - 86400000), new Date(518400000 + currentTimeMillis), x500Name, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(asymmetricCipherKeyPair.getPublic()));
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
            return x509v3CertificateBuilder.build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(asymmetricCipherKeyPair.getPrivate())).toASN1Structure();
        } catch (Throwable th) {
            if (th instanceof ThreadDeath) {
                throw ((ThreadDeath) th);
            }
            logger.error("Failed to generate self-signed X.509 certificate", th);
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            throw new RuntimeException(th);
        }
    }

    private static String toHex(byte[] bArr) {
        int i;
        if (bArr.length == 0) {
            throw new IllegalArgumentException("fingerprint");
        }
        char[] cArr = new char[(bArr.length * 3) - 1];
        int i2 = 0;
        int length = bArr.length - 1;
        int i3 = 0;
        while (i2 <= length) {
            int i4 = bArr[i2] & MediaFormat.RTP_PAYLOAD_TYPE_UNKNOWN;
            int i5 = i3 + 1;
            cArr[i3] = HEX_ENCODE_TABLE[i4 >>> 4];
            int i6 = i5 + 1;
            cArr[i5] = HEX_ENCODE_TABLE[i4 & 15];
            if (i2 != length) {
                i = i6 + 1;
                cArr[i6] = ':';
            } else {
                i = i6;
            }
            i2++;
            i3 = i;
        }
        return new String(cArr);
    }

    private void verifyAndValidateCertificate(org.jitsi.bouncycastle.asn1.x509.Certificate certificate) throws Exception {
        String str;
        String findHashFunction = findHashFunction(certificate);
        String computeFingerprint = computeFingerprint(certificate, findHashFunction);
        synchronized (this) {
            if (this.disposed) {
                throw new IllegalStateException("disposed");
            }
            Map<String, String> map = this.remoteFingerprints;
            if (map == null) {
                throw new IOException("No fingerprints declared over the signaling path!");
            }
            str = map.get(findHashFunction);
        }
        if (str == null) {
            throw new IOException("No fingerprint declared over the signaling path with hash function: " + findHashFunction + "!");
        }
        if (!str.equals(computeFingerprint)) {
            throw new IOException("Fingerprint " + str + " does not match the " + findHashFunction + "-hashed certificate " + computeFingerprint + "!");
        }
    }

    @Override // org.jitsi.service.neomedia.AbstractSrtpControl, org.jitsi.service.neomedia.SrtpControl
    public void cleanup() {
        super.cleanup();
        setConnector(null);
        synchronized (this) {
            this.disposed = true;
            notifyAll();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.jitsi.service.neomedia.AbstractSrtpControl
    public DtlsTransformEngine createTransformEngine() {
        DtlsTransformEngine dtlsTransformEngine = new DtlsTransformEngine(this);
        dtlsTransformEngine.setConnector(this.connector);
        dtlsTransformEngine.setSetup(this.setup);
        return dtlsTransformEngine;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate getCertificate() {
        return this.certificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AsymmetricCipherKeyPair getKeyPair() {
        return this.keyPair;
    }

    @Override // org.jitsi.service.neomedia.DtlsControl
    public String getLocalFingerprint() {
        return this.localFingerprint;
    }

    @Override // org.jitsi.service.neomedia.DtlsControl
    public String getLocalFingerprintHashFunction() {
        return this.localFingerprintHashFunction;
    }

    @Override // org.jitsi.service.neomedia.SrtpControl
    public boolean getSecureCommunicationStatus() {
        return false;
    }

    @Override // org.jitsi.service.neomedia.SrtpControl
    public boolean requiresSecureSignalingTransport() {
        return true;
    }

    @Override // org.jitsi.service.neomedia.SrtpControl
    public void setConnector(AbstractRTPConnector abstractRTPConnector) {
        if (this.connector != abstractRTPConnector) {
            this.connector = abstractRTPConnector;
            DtlsTransformEngine dtlsTransformEngine = (DtlsTransformEngine) this.transformEngine;
            if (dtlsTransformEngine != null) {
                dtlsTransformEngine.setConnector(this.connector);
            }
        }
    }

    @Override // org.jitsi.service.neomedia.DtlsControl
    public void setRemoteFingerprints(Map<String, String> map) {
        if (map == null) {
            throw new NullPointerException("remoteFingerprints");
        }
        synchronized (this) {
            this.remoteFingerprints = map;
            notifyAll();
        }
    }

    @Override // org.jitsi.service.neomedia.DtlsControl
    public void setSetup(DtlsControl.Setup setup) {
        if (this.setup != setup) {
            this.setup = setup;
            DtlsTransformEngine dtlsTransformEngine = (DtlsTransformEngine) this.transformEngine;
            if (dtlsTransformEngine != null) {
                dtlsTransformEngine.setSetup(this.setup);
            }
        }
    }

    @Override // org.jitsi.service.neomedia.SrtpControl
    public void start(MediaType mediaType) {
        DtlsTransformEngine transformEngine = getTransformEngine();
        if (transformEngine != null) {
            transformEngine.start(mediaType);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verifyAndValidateCertificate(Certificate certificate) throws Exception {
        try {
            org.jitsi.bouncycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
            if (certificateList.length == 0) {
                throw new IllegalArgumentException("certificate.certificateList");
            }
            for (org.jitsi.bouncycastle.asn1.x509.Certificate certificate2 : certificateList) {
                verifyAndValidateCertificate(certificate2);
            }
            return true;
        } catch (Exception e) {
            String message = e.getMessage();
            if (message == null || message.length() == 0) {
                logger.warn("Failed to verify and/or validate a certificate offered over the media path against fingerprints declared over the signaling path!", e);
                return false;
            }
            logger.warn("Failed to verify and/or validate a certificate offered over the media path against fingerprints declared over the signaling path! " + message);
            return false;
        }
    }
}
