package org.jitsi.nlj.dtls;

import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.time.Duration;
import java.util.Date;
import java.util.Map;
import java.util.NoSuchElementException;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcDefaultDigestProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCertificate;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: DtlsUtils.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��\f\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0004\u0018�� \u00032\u00020\u0001:\u0002\u0003\u0004B\u0005¢\u0006\u0002\u0010\u0002¨\u0006\u0005"}, d2 = {"Lorg/jitsi/nlj/dtls/DtlsUtils;", "", "()V", "Companion", "DtlsException", "jitsi-media-transform"})
/* loaded from: input_file:org/jitsi/nlj/dtls/DtlsUtils.class */
public final class DtlsUtils {
    private static final char[] HEX_CHARS;
    public static final Companion Companion = new Companion(null);

    /* compiled from: DtlsUtils.kt */
    @Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��n\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0019\n��\n\u0002\u0010\b\n��\n\u0002\u0010\u0015\n\u0002\b\u0002\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010$\n��\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\bJ0\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\b\u0010\u0010\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u0011\u001a\u00020\u00062\u0006\u0010\u0012\u001a\u00020\u0013J\u0018\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u000f2\u0006\u0010\u0017\u001a\u00020\u000fH\u0002J\u0018\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u00152\u0006\u0010\u001b\u001a\u00020\u001cH\u0002J\u0006\u0010\u001d\u001a\u00020\u001eJ\b\u0010\u001f\u001a\u00020\u001cH\u0002J$\u0010 \u001a\u00020!2\u0006\u0010\"\u001a\u00020\u00192\u0012\u0010#\u001a\u000e\u0012\u0004\u0012\u00020\u000f\u0012\u0004\u0012\u00020\u000f0$H\u0002J\"\u0010 \u001a\u00020!2\u0006\u0010%\u001a\u00020&2\u0012\u0010#\u001a\u000e\u0012\u0004\u0012\u00020\u000f\u0012\u0004\u0012\u00020\u000f0$J\u0014\u0010'\u001a\u00020\u000f*\u00020\u00192\u0006\u0010(\u001a\u00020\u000fH\u0002J\f\u0010)\u001a\u00020\u000f*\u00020\u0019H\u0002J\f\u0010*\u001a\u00020\u000f*\u00020\u000bH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006+"}, d2 = {"Lorg/jitsi/nlj/dtls/DtlsUtils$Companion;", "", "()V", "HEX_CHARS", "", "chooseSrtpProtectionProfile", "", "ours", "", "theirs", "exportKeyingMaterial", "", "context", "Lorg/bouncycastle/tls/TlsContext;", "asciiLabel", "", "context_value", "length", "masterSecret", "Lorg/bouncycastle/tls/crypto/TlsSecret;", "generateCN", "Lorg/bouncycastle/asn1/x500/X500Name;", "appName", "appVersion", "generateCertificate", "Lorg/bouncycastle/asn1/x509/Certificate;", "subject", "keyPair", "Ljava/security/KeyPair;", "generateCertificateInfo", "Lorg/jitsi/nlj/dtls/CertificateInfo;", "generateEcKeyPair", "verifyAndValidateCertificate", "", "certificate", "remoteFingerprints", "", "certificateInfo", "Lorg/bouncycastle/tls/Certificate;", "getFingerprint", "hashFunction", "getHashFunction", "toFingerprint", "jitsi-media-transform"})
    /* loaded from: input_file:org/jitsi/nlj/dtls/DtlsUtils$Companion.class */
    public static final class Companion {
        @NotNull
        public final CertificateInfo generateCertificateInfo() {
            X500Name generateCN = generateCN("TODO-APP-NAME", "TODO-APP-VERSION");
            KeyPair generateEcKeyPair = generateEcKeyPair();
            Certificate generateCertificate = generateCertificate(generateCN, generateEcKeyPair);
            String hashFunction = getHashFunction(generateCertificate);
            return new CertificateInfo(generateEcKeyPair, new org.bouncycastle.tls.Certificate(new BcTlsCertificate[]{new BcTlsCertificate(DtlsUtilsKt.getBC_TLS_CRYPTO(), generateCertificate)}), hashFunction, getFingerprint(generateCertificate, hashFunction), System.currentTimeMillis());
        }

        public final int chooseSrtpProtectionProfile(@NotNull int[] iArr, @NotNull int[] iArr2) {
            Intrinsics.checkParameterIsNotNull(iArr, "ours");
            Intrinsics.checkParameterIsNotNull(iArr2, "theirs");
            try {
                for (int i : iArr2) {
                    if (ArraysKt.contains(iArr, i)) {
                        return i;
                    }
                }
                throw new NoSuchElementException("Array contains no element matching the predicate.");
            } catch (NoSuchElementException e) {
                throw new DtlsException("No common SRTP protection profile found.  Ours: " + iArr + " Theirs: " + iArr2);
            }
        }

        private final Certificate generateCertificate(X500Name x500Name, KeyPair keyPair) {
            long currentTimeMillis = System.currentTimeMillis();
            Certificate aSN1Structure = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(currentTimeMillis), new Date(currentTimeMillis - Duration.ofDays(1L).toMillis()), new Date(currentTimeMillis + Duration.ofDays(7L).toMillis()), x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate())).toASN1Structure();
            Intrinsics.checkExpressionValueIsNotNull(aSN1Structure, "certBuilder.build(signer).toASN1Structure()");
            return aSN1Structure;
        }

        private final KeyPair generateEcKeyPair() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
            keyPairGenerator.initialize((AlgorithmParameterSpec) ECNamedCurveTable.getParameterSpec("secp256r1"));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "keyGen.generateKeyPair()");
            return generateKeyPair;
        }

        private final X500Name generateCN(String str, String str2) {
            X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            x500NameBuilder.addRDN(BCStyle.CN, str + ' ' + str2);
            X500Name build = x500NameBuilder.build();
            Intrinsics.checkExpressionValueIsNotNull(build, "builder.build()");
            return build;
        }

        public final void verifyAndValidateCertificate(@NotNull org.bouncycastle.tls.Certificate certificate, @NotNull Map<String, String> map) {
            Intrinsics.checkParameterIsNotNull(certificate, "certificateInfo");
            Intrinsics.checkParameterIsNotNull(map, "remoteFingerprints");
            TlsCertificate[] certificateList = certificate.getCertificateList();
            Intrinsics.checkExpressionValueIsNotNull(certificateList, "certificateInfo.certificateList");
            if (certificateList.length == 0) {
                throw new DtlsException("No remote fingerprints.");
            }
            for (TlsCertificate tlsCertificate : certificate.getCertificateList()) {
                Intrinsics.checkExpressionValueIsNotNull(tlsCertificate, "currCertificate");
                Certificate certificate2 = Certificate.getInstance(tlsCertificate.getEncoded());
                Intrinsics.checkExpressionValueIsNotNull(certificate2, "x509Cert");
                verifyAndValidateCertificate(certificate2, map);
            }
        }

        private final void verifyAndValidateCertificate(Certificate certificate, Map<String, String> map) {
            String hashFunction = getHashFunction(certificate);
            String str = map.get(hashFunction);
            if (str == null) {
                throw new DtlsException("No fingerprint declared over the signaling path with hash function: " + hashFunction);
            }
            String fingerprint = getFingerprint(certificate, hashFunction);
            if (!Intrinsics.areEqual(str, fingerprint)) {
                throw new DtlsException("Fingerprint " + str + " does not match the " + hashFunction + "-hashed certificate " + fingerprint);
            }
        }

        private final String getHashFunction(@NotNull Certificate certificate) {
            ExtendedDigest extendedDigest = BcDefaultDigestProvider.INSTANCE.get(new DefaultDigestAlgorithmIdentifierFinder().find(certificate.getSignatureAlgorithm()));
            Intrinsics.checkExpressionValueIsNotNull(extendedDigest, "BcDefaultDigestProvider.…           .get(digAlgId)");
            String algorithmName = extendedDigest.getAlgorithmName();
            Intrinsics.checkExpressionValueIsNotNull(algorithmName, "BcDefaultDigestProvider.…           .algorithmName");
            if (algorithmName == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            String lowerCase = algorithmName.toLowerCase();
            Intrinsics.checkExpressionValueIsNotNull(lowerCase, "(this as java.lang.String).toLowerCase()");
            return lowerCase;
        }

        private final String getFingerprint(@NotNull Certificate certificate, String str) {
            DefaultDigestAlgorithmIdentifierFinder defaultDigestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
            if (str == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            String upperCase = str.toUpperCase();
            Intrinsics.checkExpressionValueIsNotNull(upperCase, "(this as java.lang.String).toUpperCase()");
            ExtendedDigest extendedDigest = BcDefaultDigestProvider.INSTANCE.get(defaultDigestAlgorithmIdentifierFinder.find(upperCase));
            byte[] encoded = certificate.getEncoded("DER");
            Intrinsics.checkExpressionValueIsNotNull(encoded, "getEncoded(ASN1Encoding.DER)");
            Intrinsics.checkExpressionValueIsNotNull(extendedDigest, "digest");
            byte[] bArr = new byte[extendedDigest.getDigestSize()];
            extendedDigest.update(encoded, 0, encoded.length);
            extendedDigest.doFinal(bArr, 0);
            return toFingerprint(bArr);
        }

        private final String toFingerprint(@NotNull byte[] bArr) {
            StringBuffer stringBuffer = new StringBuffer();
            int length = bArr.length;
            for (int i = 0; i < length; i++) {
                byte b = bArr[i];
                stringBuffer.append(DtlsUtils.HEX_CHARS[(b & 240) >>> 4]);
                stringBuffer.append(DtlsUtils.HEX_CHARS[b & 15]);
                if (i < bArr.length - 1) {
                    stringBuffer.append(":");
                }
            }
            String stringBuffer2 = stringBuffer.toString();
            Intrinsics.checkExpressionValueIsNotNull(stringBuffer2, "buf.toString()");
            return stringBuffer2;
        }

        @NotNull
        public final byte[] exportKeyingMaterial(@NotNull TlsContext tlsContext, @NotNull String str, @Nullable byte[] bArr, int i, @NotNull TlsSecret tlsSecret) {
            Intrinsics.checkParameterIsNotNull(tlsContext, "context");
            Intrinsics.checkParameterIsNotNull(str, "asciiLabel");
            Intrinsics.checkParameterIsNotNull(tlsSecret, "masterSecret");
            if (bArr != null && !TlsUtils.isValidUint16(bArr.length)) {
                throw new IllegalArgumentException("'context_value' must have a length less than 2^16 (or be null)");
            }
            SecurityParameters securityParameters = tlsContext.getSecurityParameters();
            Intrinsics.checkExpressionValueIsNotNull(securityParameters, "sp");
            byte[] clientRandom = securityParameters.getClientRandom();
            byte[] serverRandom = securityParameters.getServerRandom();
            int length = clientRandom.length + serverRandom.length;
            if (bArr != null) {
                length += 2 + bArr.length;
            }
            byte[] bArr2 = new byte[length];
            System.arraycopy(clientRandom, 0, bArr2, 0, clientRandom.length);
            int length2 = 0 + clientRandom.length;
            System.arraycopy(serverRandom, 0, bArr2, length2, serverRandom.length);
            int length3 = length2 + serverRandom.length;
            if (bArr != null) {
                TlsUtils.writeUint16(bArr.length, bArr2, length3);
                int i2 = length3 + 2;
                System.arraycopy(bArr, 0, bArr2, i2, bArr.length);
                length3 = i2 + bArr.length;
            }
            if (length3 != length) {
                throw new IllegalStateException("error in calculation of seed for export");
            }
            byte[] extract = TlsUtils.PRF(tlsContext, tlsSecret, str, bArr2, i).extract();
            Intrinsics.checkExpressionValueIsNotNull(extract, "TlsUtils.PRF(context, ma…, seed, length).extract()");
            return extract;
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: DtlsUtils.kt */
    @Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\u0018��2\u00060\u0001j\u0002`\u0002B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005¨\u0006\u0006"}, d2 = {"Lorg/jitsi/nlj/dtls/DtlsUtils$DtlsException;", "Ljava/lang/Exception;", "Lkotlin/Exception;", "msg", "", "(Ljava/lang/String;)V", "jitsi-media-transform"})
    /* loaded from: input_file:org/jitsi/nlj/dtls/DtlsUtils$DtlsException.class */
    public static final class DtlsException extends Exception {
        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public DtlsException(@NotNull String str) {
            super(str);
            Intrinsics.checkParameterIsNotNull(str, "msg");
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        char[] charArray = "0123456789ABCDEF".toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        HEX_CHARS = charArray;
    }
}
