package org.jitsi.impl.neomedia.transform.dtls;

import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;
import net.sf.cglib.asm.Opcodes;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsEncryptionCredentials;
import org.bouncycastle.crypto.tls.DefaultTlsServer;
import org.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.bouncycastle.crypto.tls.MaxFragmentLength;
import org.bouncycastle.crypto.tls.ProtocolVersion;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsContext;
import org.bouncycastle.crypto.tls.TlsECCUtils;
import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
import org.bouncycastle.crypto.tls.TlsExtensionsUtils;
import org.bouncycastle.crypto.tls.TlsFatalAlert;
import org.bouncycastle.crypto.tls.TlsSRTPUtils;
import org.bouncycastle.crypto.tls.TlsServerContext;
import org.bouncycastle.crypto.tls.TlsSignerCredentials;
import org.bouncycastle.crypto.tls.TlsUtils;
import org.bouncycastle.crypto.tls.UseSRTPData;
import org.jitsi.util.Logger;

/* loaded from: input_file:lib/libjitsi-1.0-20180710.185706-357.jar:org/jitsi/impl/neomedia/transform/dtls/TlsServerImpl.class */
public class TlsServerImpl extends DefaultTlsServer {
    private static final Logger logger = Logger.getLogger((Class<?>) TlsServerImpl.class);
    private final CertificateRequest certificateRequest = new CertificateRequest(new short[]{1}, (Vector) null, (Vector) null);
    private int chosenProtectionProfile;
    private final DtlsPacketTransformer packetTransformer;
    private TlsEncryptionCredentials rsaEncryptionCredentials;
    private TlsSignerCredentials rsaSignerCredentials;

    public TlsServerImpl(DtlsPacketTransformer dtlsPacketTransformer) {
        this.packetTransformer = dtlsPacketTransformer;
    }

    public CertificateRequest getCertificateRequest() {
        return this.certificateRequest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getChosenProtectionProfile() {
        return this.chosenProtectionProfile;
    }

    protected int[] getCipherSuites() {
        return new int[]{49200, 49199, 49192, 49191, 49172, 49171, Opcodes.IF_ICMPEQ, 158, 107, 103, 57, 51};
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsContext getContext() {
        return this.context;
    }

    private DtlsControlImpl getDtlsControl() {
        return this.packetTransformer.getDtlsControl();
    }

    protected ProtocolVersion getMaximumVersion() {
        return ProtocolVersion.DTLSv10;
    }

    protected ProtocolVersion getMinimumVersion() {
        return ProtocolVersion.DTLSv10;
    }

    private Properties getProperties() {
        return this.packetTransformer.getProperties();
    }

    protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException {
        if (this.rsaEncryptionCredentials == null) {
            CertificateInfo certificateInfo = getDtlsControl().getCertificateInfo();
            this.rsaEncryptionCredentials = new DefaultTlsEncryptionCredentials(this.context, certificateInfo.getCertificate(), certificateInfo.getKeyPair().getPrivate());
        }
        return this.rsaEncryptionCredentials;
    }

    protected TlsSignerCredentials getRSASignerCredentials() throws IOException {
        if (this.rsaSignerCredentials == null) {
            CertificateInfo certificateInfo = getDtlsControl().getCertificateInfo();
            this.rsaSignerCredentials = new DefaultTlsSignerCredentials(this.context, certificateInfo.getCertificate(), certificateInfo.getKeyPair().getPrivate(), new SignatureAndHashAlgorithm((short) 2, (short) 1));
        }
        return this.rsaSignerCredentials;
    }

    public Hashtable getServerExtensions() throws IOException {
        Hashtable serverExtensionsOverride = getServerExtensionsOverride();
        if (isSrtpDisabled()) {
            return serverExtensionsOverride;
        }
        if (TlsSRTPUtils.getUseSRTPExtension(serverExtensionsOverride) == null) {
            if (serverExtensionsOverride == null) {
                serverExtensionsOverride = new Hashtable();
            }
            UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(this.clientExtensions);
            int chooseSRTPProtectionProfile = DtlsControlImpl.chooseSRTPProtectionProfile(useSRTPExtension.getProtectionProfiles());
            if (chooseSRTPProtectionProfile == 0) {
                Throwable tlsFatalAlert = new TlsFatalAlert((short) 80);
                logger.error("No chosen SRTP protection profile!", tlsFatalAlert);
                throw tlsFatalAlert;
            }
            TlsSRTPUtils.addUseSRTPExtension(serverExtensionsOverride, new UseSRTPData(new int[]{chooseSRTPProtectionProfile}, useSRTPExtension.getMki()));
            this.chosenProtectionProfile = chooseSRTPProtectionProfile;
        }
        return serverExtensionsOverride;
    }

    private Hashtable getServerExtensionsOverride() throws IOException {
        if (this.encryptThenMACOffered && allowEncryptThenMAC() && TlsUtils.isBlockCipherSuite(this.selectedCipherSuite)) {
            TlsExtensionsUtils.addEncryptThenMACExtension(checkServerExtensions());
        }
        if (this.maxFragmentLengthOffered >= 0 && MaxFragmentLength.isValid(this.maxFragmentLengthOffered)) {
            TlsExtensionsUtils.addMaxFragmentLengthExtension(checkServerExtensions(), this.maxFragmentLengthOffered);
        }
        if (this.truncatedHMacOffered && allowTruncatedHMac()) {
            TlsExtensionsUtils.addTruncatedHMacExtension(checkServerExtensions());
        }
        if (TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) {
            this.serverECPointFormats = new short[]{0, 1, 2};
            TlsECCUtils.addSupportedPointFormatsExtension(checkServerExtensions(), this.serverECPointFormats);
        }
        return this.serverExtensions;
    }

    public void init(TlsServerContext tlsServerContext) {
        super.init(tlsServerContext);
    }

    private boolean isSrtpDisabled() {
        return getProperties().isSrtpDisabled();
    }

    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        this.packetTransformer.notifyAlertRaised(this, s, s2, str, th);
    }

    public void notifyClientCertificate(Certificate certificate) throws IOException {
        try {
            getDtlsControl().verifyAndValidateCertificate(certificate);
        } catch (Exception e) {
            logger.error("Failed to verify and/or validate client certificate!", e);
            if (!(e instanceof IOException)) {
                throw new IOException(e);
            }
            throw ((IOException) e);
        }
    }

    public void processClientExtensions(Hashtable hashtable) throws IOException {
        if (isSrtpDisabled()) {
            super.processClientExtensions(hashtable);
            return;
        }
        UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable);
        if (useSRTPExtension == null) {
            IOException iOException = new IOException("DTLS extended client hello does not include the use_srtp extension!");
            logger.error("DTLS extended client hello does not include the use_srtp extension!", iOException);
            throw iOException;
        }
        if (DtlsControlImpl.chooseSRTPProtectionProfile(useSRTPExtension.getProtectionProfiles()) != 0) {
            super.processClientExtensions(hashtable);
        } else {
            Throwable tlsFatalAlert = new TlsFatalAlert((short) 47);
            logger.error("No chosen SRTP protection profile!", tlsFatalAlert);
            throw tlsFatalAlert;
        }
    }
}
