package org.jitsi.nlj.dtls;

import java.nio.ByteBuffer;
import java.security.PrivateKey;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.text.StringsKt;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.SessionParameters;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsCredentialedDecryptor;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsSRTPUtils;
import org.bouncycastle.tls.TlsServerContext;
import org.bouncycastle.tls.TlsSession;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.UseSRTPData;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedDecryptor;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jitsi.nlj.dtls.DtlsUtils;
import org.jitsi.nlj.srtp.SrtpProfileInformation;
import org.jitsi.nlj.srtp.SrtpUtil;
import org.jitsi.nlj.util.Logger2Kt;
import org.jitsi.rtp.extensions.ByteBufferKt;
import org.jitsi.utils.logging2.Logger;

/* compiled from: TlsServerImpl.kt */
@Metadata(mv = {1, 1, 13}, bv = {1, 0, 3}, k = 1, d1 = {"��\u0080\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0006\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0005\n\u0002\u0010\u0015\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\n\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0003\n\u0002\b\t\u0018��2\u00020\u0001B+\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0014\u0010\u0004\u001a\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u0006\u0012\u0004\u0012\u00020\u00070\u0005\u0012\u0006\u0010\b\u001a\u00020\t¢\u0006\u0002\u0010\nJ\b\u0010\u001c\u001a\u00020\u001dH\u0016J\b\u0010\u001e\u001a\u00020\u001bH\u0014J\b\u0010\u001f\u001a\u00020 H\u0014J\b\u0010!\u001a\u00020\"H\u0014J\u0010\u0010#\u001a\n\u0012\u0002\b\u0003\u0012\u0002\b\u00030$H\u0016J\u0014\u0010%\u001a\u0004\u0018\u00010\u00132\b\u0010&\u001a\u0004\u0018\u00010\u0015H\u0016J\u0013\u0010'\u001a\b\u0012\u0004\u0012\u00020)0(H\u0016¢\u0006\u0002\u0010*J,\u0010+\u001a\u00020\u00072\u0006\u0010,\u001a\u00020-2\u0006\u0010.\u001a\u00020-2\b\u0010/\u001a\u0004\u0018\u0001002\b\u00101\u001a\u0004\u0018\u000102H\u0016J\u0018\u00103\u001a\u00020\u00072\u0006\u0010,\u001a\u00020-2\u0006\u0010.\u001a\u00020-H\u0016J\u0012\u00104\u001a\u00020\u00072\b\u00105\u001a\u0004\u0018\u00010\u0006H\u0016J\u0012\u00106\u001a\u00020\u00072\b\u00107\u001a\u0004\u0018\u00010)H\u0016J\b\u00108\u001a\u00020\u0007H\u0016J\u001a\u00109\u001a\u00020\u00072\u0010\u0010:\u001a\f\u0012\u0002\b\u0003\u0012\u0002\b\u0003\u0018\u00010$H\u0016R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\u000b\u001a\u00020\fX\u0086\u000e¢\u0006\u000e\n��\u001a\u0004\b\r\u0010\u000e\"\u0004\b\u000f\u0010\u0010R\u000e\u0010\u0011\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n��R\u001c\u0010\u0004\u001a\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u0006\u0012\u0004\u0012\u00020\u00070\u0005X\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u0012\u001a\u0004\u0018\u00010\u0013X\u0082\u000e¢\u0006\u0002\n��R\u001a\u0010\u0014\u001a\u00020\u0015X\u0086.¢\u0006\u000e\n��\u001a\u0004\b\u0016\u0010\u0017\"\u0004\b\u0018\u0010\u0019R\u000e\u0010\u001a\u001a\u00020\u001bX\u0082\u0004¢\u0006\u0002\n��¨\u0006;"}, d2 = {"Lorg/jitsi/nlj/dtls/TlsServerImpl;", "Lorg/bouncycastle/tls/DefaultTlsServer;", "certificateInfo", "Lorg/jitsi/nlj/dtls/CertificateInfo;", "notifyClientCertificateReceived", "Lkotlin/Function1;", "Lorg/bouncycastle/tls/Certificate;", "", "parentLogger", "Lorg/jitsi/utils/logging2/Logger;", "(Lorg/jitsi/nlj/dtls/CertificateInfo;Lkotlin/jvm/functions/Function1;Lorg/jitsi/utils/logging2/Logger;)V", "chosenSrtpProtectionProfile", "", "getChosenSrtpProtectionProfile", "()I", "setChosenSrtpProtectionProfile", "(I)V", "logger", "session", "Lorg/bouncycastle/tls/TlsSession;", "srtpKeyingMaterial", "", "getSrtpKeyingMaterial", "()[B", "setSrtpKeyingMaterial", "([B)V", "srtpProtectionProfiles", "", "getCertificateRequest", "Lorg/bouncycastle/tls/CertificateRequest;", "getCipherSuites", "getECDSASignerCredentials", "Lorg/bouncycastle/tls/TlsCredentialedSigner;", "getRSAEncryptionCredentials", "Lorg/bouncycastle/tls/TlsCredentialedDecryptor;", "getServerExtensions", "Ljava/util/Hashtable;", "getSessionToResume", "sessionID", "getSupportedVersions", "", "Lorg/bouncycastle/tls/ProtocolVersion;", "()[Lorg/bouncycastle/tls/ProtocolVersion;", "notifyAlertRaised", "alertLevel", "", "alertDescription", "message", "", "cause", "", "notifyAlertReceived", "notifyClientCertificate", "clientCertificate", "notifyClientVersion", "clientVersion", "notifyHandshakeComplete", "processClientExtensions", "clientExtensions", "jitsi-media-transform"})
/* loaded from: input_file:org/jitsi/nlj/dtls/TlsServerImpl.class */
public final class TlsServerImpl extends DefaultTlsServer {
    private final Logger logger;
    private TlsSession session;

    @NotNull
    public byte[] srtpKeyingMaterial;
    private final int[] srtpProtectionProfiles;
    private int chosenSrtpProtectionProfile;
    private final CertificateInfo certificateInfo;
    private final Function1<Certificate, Unit> notifyClientCertificateReceived;

    @NotNull
    public final byte[] getSrtpKeyingMaterial() {
        byte[] bArr = this.srtpKeyingMaterial;
        if (bArr == null) {
            Intrinsics.throwUninitializedPropertyAccessException("srtpKeyingMaterial");
        }
        return bArr;
    }

    public final void setSrtpKeyingMaterial(@NotNull byte[] bArr) {
        Intrinsics.checkParameterIsNotNull(bArr, "<set-?>");
        this.srtpKeyingMaterial = bArr;
    }

    public final int getChosenSrtpProtectionProfile() {
        return this.chosenSrtpProtectionProfile;
    }

    public final void setChosenSrtpProtectionProfile(int i) {
        this.chosenSrtpProtectionProfile = i;
    }

    @Nullable
    public TlsSession getSessionToResume(@Nullable byte[] bArr) {
        return this.session;
    }

    @NotNull
    public Hashtable<?, ?> getServerExtensions() {
        Hashtable<?, ?> serverExtensions = super.getServerExtensions();
        if (serverExtensions == null) {
            serverExtensions = new Hashtable<>();
        }
        Hashtable<?, ?> hashtable = serverExtensions;
        if (TlsSRTPUtils.getUseSRTPExtension(hashtable) == null) {
            TlsSRTPUtils.addUseSRTPExtension(hashtable, new UseSRTPData(this.srtpProtectionProfiles, TlsUtils.EMPTY_BYTES));
        }
        return hashtable;
    }

    public void processClientExtensions(@Nullable Hashtable<?, ?> hashtable) {
        super.processClientExtensions(hashtable);
        UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable);
        Intrinsics.checkExpressionValueIsNotNull(useSRTPExtension, "useSRTPData");
        int[] protectionProfiles = useSRTPExtension.getProtectionProfiles();
        DtlsUtils.Companion companion = DtlsUtils.Companion;
        int[] iArr = this.srtpProtectionProfiles;
        Intrinsics.checkExpressionValueIsNotNull(protectionProfiles, "protectionProfiles");
        this.chosenSrtpProtectionProfile = companion.chooseSrtpProtectionProfile(iArr, protectionProfiles);
    }

    @NotNull
    protected int[] getCipherSuites() {
        return new int[]{49195, 49161};
    }

    @NotNull
    protected TlsCredentialedDecryptor getRSAEncryptionCredentials() {
        TlsServerContext tlsServerContext = this.context;
        Intrinsics.checkExpressionValueIsNotNull(tlsServerContext, "context");
        BcTlsCrypto crypto = tlsServerContext.getCrypto();
        if (crypto == null) {
            throw new TypeCastException("null cannot be cast to non-null type org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto");
        }
        Certificate certificate = this.certificateInfo.getCertificate();
        PrivateKey privateKey = this.certificateInfo.getKeyPair().getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "certificateInfo.keyPair.private");
        return new BcDefaultTlsCredentialedDecryptor(crypto, certificate, PrivateKeyFactory.createKey(privateKey.getEncoded()));
    }

    @NotNull
    protected TlsCredentialedSigner getECDSASignerCredentials() {
        TlsCryptoParameters tlsCryptoParameters = new TlsCryptoParameters(this.context);
        TlsServerContext tlsServerContext = this.context;
        Intrinsics.checkExpressionValueIsNotNull(tlsServerContext, "context");
        BcTlsCrypto crypto = tlsServerContext.getCrypto();
        if (crypto == null) {
            throw new TypeCastException("null cannot be cast to non-null type org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto");
        }
        PrivateKey privateKey = this.certificateInfo.getKeyPair().getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "certificateInfo.keyPair.private");
        return new BcDefaultTlsCredentialedSigner(tlsCryptoParameters, crypto, PrivateKeyFactory.createKey(privateKey.getEncoded()), this.certificateInfo.getCertificate(), new SignatureAndHashAlgorithm((short) 4, (short) 3));
    }

    @NotNull
    public CertificateRequest getCertificateRequest() {
        Vector vector = new Vector(1);
        vector.add(new SignatureAndHashAlgorithm((short) 4, (short) 3));
        vector.add(new SignatureAndHashAlgorithm((short) 2, (short) 1));
        TlsServerContext tlsServerContext = this.context;
        Intrinsics.checkExpressionValueIsNotNull(tlsServerContext, "context");
        ProtocolVersion clientVersion = tlsServerContext.getClientVersion();
        if (Intrinsics.areEqual(clientVersion, ProtocolVersion.DTLSv10)) {
            return new CertificateRequest(new short[]{1}, (Vector) null, (Vector) null);
        }
        if (Intrinsics.areEqual(clientVersion, ProtocolVersion.DTLSv12)) {
            return new CertificateRequest(new short[]{64}, vector, (Vector) null);
        }
        StringBuilder append = new StringBuilder().append("Unsupported version: ");
        TlsServerContext tlsServerContext2 = this.context;
        Intrinsics.checkExpressionValueIsNotNull(tlsServerContext2, "context");
        throw new DtlsUtils.DtlsException(append.append(tlsServerContext2.getClientVersion()).toString());
    }

    public void notifyHandshakeComplete() {
        TlsSecret masterSecret;
        super.notifyHandshakeComplete();
        TlsServerContext tlsServerContext = this.context;
        Intrinsics.checkExpressionValueIsNotNull(tlsServerContext, "context");
        TlsSession resumableSession = tlsServerContext.getResumableSession();
        if (resumableSession != null) {
            ByteBuffer wrap = ByteBuffer.wrap(resumableSession.getSessionID());
            Intrinsics.checkExpressionValueIsNotNull(wrap, "ByteBuffer.wrap(newSession.sessionID)");
            String hex = ByteBufferKt.toHex(wrap);
            TlsSession tlsSession = this.session;
            if (tlsSession != null) {
                byte[] sessionID = tlsSession.getSessionID();
                if (sessionID != null) {
                    byte[] sessionID2 = resumableSession.getSessionID();
                    Intrinsics.checkExpressionValueIsNotNull(sessionID2, "newSession.sessionID");
                    if (Arrays.equals(sessionID, sessionID2)) {
                        Logger logger = this.logger;
                        if (logger.isInfoEnabled()) {
                            logger.info("Resumed DTLS session " + hex);
                        }
                    }
                }
            } else {
                TlsServerImpl tlsServerImpl = this;
                Logger logger2 = tlsServerImpl.logger;
                if (logger2.isInfoEnabled()) {
                    logger2.info("Established DTLS session " + hex);
                }
                tlsServerImpl.session = resumableSession;
            }
        }
        SrtpProfileInformation srtpProfileInformationFromSrtpProtectionProfile = SrtpUtil.Companion.getSrtpProfileInformationFromSrtpProtectionProfile(this.chosenSrtpProtectionProfile);
        TlsServerContext tlsServerContext2 = this.context;
        Intrinsics.checkExpressionValueIsNotNull(tlsServerContext2, "context");
        SecurityParameters securityParameters = tlsServerContext2.getSecurityParameters();
        Intrinsics.checkExpressionValueIsNotNull(securityParameters, "context.securityParameters");
        if (securityParameters.isExtendedMasterSecret()) {
            byte[] exportKeyingMaterial = this.context.exportKeyingMaterial("EXTRACTOR-dtls_srtp", (byte[]) null, 2 * (srtpProfileInformationFromSrtpProtectionProfile.getCipherKeyLength() + srtpProfileInformationFromSrtpProtectionProfile.getCipherSaltLength()));
            Intrinsics.checkExpressionValueIsNotNull(exportKeyingMaterial, "context.exportKeyingMate…SaltLength)\n            )");
            this.srtpKeyingMaterial = exportKeyingMaterial;
            return;
        }
        TlsServerContext tlsServerContext3 = this.context;
        Intrinsics.checkExpressionValueIsNotNull(tlsServerContext3, "context");
        TlsSession session = tlsServerContext3.getSession();
        if (session != null) {
            SessionParameters exportSessionParameters = session.exportSessionParameters();
            if (exportSessionParameters == null || (masterSecret = exportSessionParameters.getMasterSecret()) == null) {
                return;
            }
            DtlsUtils.Companion companion = DtlsUtils.Companion;
            TlsServerContext tlsServerContext4 = this.context;
            Intrinsics.checkExpressionValueIsNotNull(tlsServerContext4, "context");
            this.srtpKeyingMaterial = companion.exportKeyingMaterial((TlsContext) tlsServerContext4, "EXTRACTOR-dtls_srtp", null, 2 * (srtpProfileInformationFromSrtpProtectionProfile.getCipherKeyLength() + srtpProfileInformationFromSrtpProtectionProfile.getCipherSaltLength()), masterSecret);
        }
    }

    public void notifyClientCertificate(@Nullable Certificate certificate) {
        this.notifyClientCertificateReceived.invoke(certificate);
    }

    public void notifyClientVersion(@Nullable ProtocolVersion protocolVersion) {
        super.notifyClientVersion(protocolVersion);
        Logger logger = this.logger;
        if (logger.isInfoEnabled()) {
            logger.info("Negotiated DTLS version " + protocolVersion);
        }
    }

    public void notifyAlertRaised(short s, short s2, @Nullable String str, @Nullable Throwable th) {
        StringBuffer stringBuffer = new StringBuffer();
        for (StackTraceElement stackTraceElement : new Exception().getStackTrace()) {
            Appendable append = stringBuffer.append((CharSequence) stackTraceElement.toString());
            Intrinsics.checkExpressionValueIsNotNull(append, "append(value)");
            StringsKt.appendln(append);
        }
        String stringBuffer2 = stringBuffer.toString();
        Intrinsics.checkExpressionValueIsNotNull(stringBuffer2, "with(StringBuffer()) {\n …     toString()\n        }");
        this.logger.info(stringBuffer2);
    }

    public void notifyAlertReceived(short s, short s2) {
        this.logger.error("TLS Server alert received: " + ((int) s) + ' ' + ((int) s2));
    }

    @NotNull
    public ProtocolVersion[] getSupportedVersions() {
        ProtocolVersion[] downTo = ProtocolVersion.DTLSv12.downTo(ProtocolVersion.DTLSv10);
        Intrinsics.checkExpressionValueIsNotNull(downTo, "ProtocolVersion.DTLSv12.…(ProtocolVersion.DTLSv10)");
        return downTo;
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public TlsServerImpl(@NotNull CertificateInfo certificateInfo, @NotNull Function1<? super Certificate, Unit> function1, @NotNull Logger logger) {
        super(DtlsUtilsKt.getBC_TLS_CRYPTO());
        Intrinsics.checkParameterIsNotNull(certificateInfo, "certificateInfo");
        Intrinsics.checkParameterIsNotNull(function1, "notifyClientCertificateReceived");
        Intrinsics.checkParameterIsNotNull(logger, "parentLogger");
        this.certificateInfo = certificateInfo;
        this.notifyClientCertificateReceived = function1;
        this.logger = Logger2Kt.createChildLogger$default(logger, Reflection.getOrCreateKotlinClass(TlsServerImpl.class), null, 2, null);
        this.srtpProtectionProfiles = new int[]{1};
    }
}
