package com.inet.cowork.calls.server.sfu.dtls;

import com.inet.config.ConfigValue;
import com.inet.cowork.calls.CoWorkCallsServerPlugin;
import com.inet.error.ErrorCode;
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Vector;
import javax.annotation.Nonnull;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DTLSClientProtocol;
import org.bouncycastle.tls.DTLSServerProtocol;
import org.bouncycastle.tls.DatagramTransport;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSRTPUtils;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.UseSRTPData;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaDefaultTlsCredentialedSigner;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto;
import org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCryptoProvider;

/* loaded from: input_file:com/inet/cowork/calls/server/sfu/dtls/b.class */
public class b {
    private static final PrivateKey aG;
    private static final Certificate aH;
    private static final ConfigValue<Integer> aK;
    private final DatagramSocket aL;
    private final String aD;
    private e ai;
    private static final ProtocolVersion[] aE = {ProtocolVersion.DTLSv12};
    private static final JcaTlsCrypto aF = new JcaTlsCryptoProvider().create(new SecureRandom());
    static final int[] aI = {1, 2};
    private static final byte[] aJ = TlsUtils.EMPTY_BYTES;

    /* loaded from: input_file:com/inet/cowork/calls/server/sfu/dtls/b$a.class */
    private class a extends DefaultTlsClient {
        private TlsCredentials aM;
        private int aN;

        a() {
            super(b.aF);
        }

        protected ProtocolVersion[] getSupportedVersions() {
            return b.aE;
        }

        public Hashtable<?, ?> getClientExtensions() throws IOException {
            Hashtable<?, ?> clientExtensions = super.getClientExtensions();
            TlsSRTPUtils.addUseSRTPExtension(clientExtensions, new UseSRTPData(b.aI, b.aJ));
            return clientExtensions;
        }

        public TlsAuthentication getAuthentication() throws IOException {
            return new TlsAuthentication() { // from class: com.inet.cowork.calls.server.sfu.dtls.b.a.1
                public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                    TlsCredentialedSigner tlsCredentialedSigner = a.this.aM;
                    if (tlsCredentialedSigner == null) {
                        a aVar = a.this;
                        TlsCredentialedSigner a = b.a((TlsContext) a.this.context);
                        tlsCredentialedSigner = a;
                        aVar.aM = a;
                    }
                    return tlsCredentialedSigner;
                }

                public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
                    b.this.a(tlsServerCertificate.getCertificate());
                }
            };
        }

        public void processServerExtensions(Hashtable hashtable) throws IOException {
            super.processServerExtensions(hashtable);
            UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable);
            if (useSRTPExtension == null) {
                throw new IOException("DTLS server hello has no extention 'use_srtp'");
            }
            int[] protectionProfiles = useSRTPExtension.getProtectionProfiles();
            if (protectionProfiles.length != 1) {
                throw new IOException("Bad chosen profile count: " + protectionProfiles.length);
            }
            if (!Arrays.equals(useSRTPExtension.getMki(), b.aJ)) {
                throw new IOException("The MKI of the server does not match the one offered by this client!");
            }
            this.aN = protectionProfiles[0];
        }

        public void notifyHandshakeComplete() throws IOException {
            b.this.ai = new e(this.aN, this.context, true);
        }
    }

    /* renamed from: com.inet.cowork.calls.server.sfu.dtls.b$b, reason: collision with other inner class name */
    /* loaded from: input_file:com/inet/cowork/calls/server/sfu/dtls/b$b.class */
    private class C0000b extends DefaultTlsServer {
        private int aN;

        C0000b() {
            super(b.aF);
            this.aN = 1;
        }

        protected ProtocolVersion[] getSupportedVersions() {
            return b.aE;
        }

        protected int[] getSupportedCipherSuites() {
            return new int[]{49195, 49161};
        }

        public void processClientExtensions(Hashtable hashtable) throws IOException {
            super.processClientExtensions(hashtable);
            UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable);
            if (useSRTPExtension == null) {
                throw new IOException("DTLS client hello has no extention 'use_srtp'");
            }
            int[] protectionProfiles = useSRTPExtension.getProtectionProfiles();
            for (int i : protectionProfiles) {
                switch (i) {
                    case 1:
                    case 2:
                        this.aN = i;
                        f.M.info("Client accepted SRTP protection profiles: " + Arrays.toString(protectionProfiles) + "; choose: " + this.aN);
                        return;
                    default:
                }
            }
            throw new IOException("No accepted SRTP protection profiles: " + Arrays.toString(protectionProfiles));
        }

        public Hashtable<?, ?> getServerExtensions() throws IOException {
            Hashtable<?, ?> serverExtensions = super.getServerExtensions();
            TlsSRTPUtils.addUseSRTPExtension(serverExtensions, new UseSRTPData(new int[]{this.aN}, b.aJ));
            return serverExtensions;
        }

        protected TlsCredentialedSigner getECDSASignerCredentials() throws IOException {
            return b.a((TlsContext) this.context);
        }

        public CertificateRequest getCertificateRequest() throws IOException {
            Vector vector = new Vector();
            vector.add(new SignatureAndHashAlgorithm((short) 4, (short) 3));
            vector.add(new SignatureAndHashAlgorithm((short) 2, (short) 1));
            return new CertificateRequest(new short[]{64}, vector, (Vector) null);
        }

        public void notifyClientCertificate(Certificate certificate) throws IOException {
            b.this.a(certificate);
        }

        public void notifyHandshakeComplete() throws IOException {
            b.this.ai = new e(this.aN, this.context, false);
        }
    }

    /* loaded from: input_file:com/inet/cowork/calls/server/sfu/dtls/b$c.class */
    private static class c implements DatagramTransport {
        protected final DatagramSocket aL;
        protected final int aQ;
        protected final int aR;

        public c(DatagramSocket datagramSocket, int i) {
            this.aL = datagramSocket;
            this.aQ = (i - 20) - 8;
            this.aR = (i - 84) - 8;
        }

        public int getReceiveLimit() {
            return this.aQ;
        }

        public int getSendLimit() {
            return this.aR;
        }

        public int receive(byte[] bArr, int i, int i2, int i3) throws IOException {
            this.aL.setSoTimeout(i3);
            DatagramPacket datagramPacket = new DatagramPacket(bArr, i, i2);
            this.aL.receive(datagramPacket);
            return datagramPacket.getLength();
        }

        public void send(byte[] bArr, int i, int i2) throws IOException {
            if (i2 > getSendLimit()) {
                throw new TlsFatalAlert((short) 80);
            }
            this.aL.send(new DatagramPacket(bArr, i, i2));
        }

        public void close() throws IOException {
            this.aL.close();
        }
    }

    public b(@Nonnull DatagramSocket datagramSocket, String str, boolean z) {
        this.aL = datagramSocket;
        this.aD = str;
        try {
            if (z) {
                new DTLSClientProtocol().connect(new a(), new c(datagramSocket, 1500));
            } else {
                new DTLSServerProtocol().accept(new C0000b(), new c(datagramSocket, 1500));
            }
            datagramSocket.setSoTimeout(Math.max(15000, ((Integer) aK.get()).intValue()));
        } catch (Exception e) {
            throw ((RuntimeException) ErrorCode.throwAny(e));
        }
    }

    public e E() {
        return this.ai;
    }

    public void F() throws IOException {
        this.aL.setSoTimeout(((Integer) aK.get()).intValue());
    }

    public void e(@Nonnull com.inet.cowork.calls.server.sfu.packets.d dVar) throws IOException {
        this.aL.receive(dVar.S());
        dVar.U();
    }

    public void b(@Nonnull com.inet.cowork.calls.server.sfu.packets.d dVar) throws IOException {
        this.aL.send(dVar.S());
    }

    @Nonnull
    private static TlsCredentialedSigner a(TlsContext tlsContext) {
        TlsCryptoParameters tlsCryptoParameters = new TlsCryptoParameters(tlsContext);
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
        if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(tlsContext.getServerVersion())) {
            signatureAndHashAlgorithm = new SignatureAndHashAlgorithm((short) 4, (short) 3);
        }
        return new JcaDefaultTlsCredentialedSigner(tlsCryptoParameters, aF, aG, aH, signatureAndHashAlgorithm);
    }

    private void a(@Nonnull Certificate certificate) throws IOException {
        if (certificate.getLength() != 1) {
            throw new IOException("Bad certificate count: " + certificate.getLength());
        }
        byte[] encoded = certificate.getCertificateAt(0).getEncoded();
        String str = this.aD;
        String fingerprint = DtlsCertificate.getFingerprint(encoded, str.substring(0, str.indexOf(32)));
        if (!fingerprint.equalsIgnoreCase(str)) {
            throw new IOException("Remote fingerprint '" + str + "' does not match the certificate fingerprint '" + fingerprint + "'");
        }
    }

    static {
        try {
            aG = DtlsCertificate.getPrivateKey();
            aH = new Certificate(new TlsCertificate[]{new JcaTlsCertificate(aF, DtlsCertificate.getCertificate().getEncoded())});
            aK = new ConfigValue<Integer>(CoWorkCallsServerPlugin.CALLS_TIMEOUT) { // from class: com.inet.cowork.calls.server.sfu.dtls.b.1
                /* JADX INFO: Access modifiers changed from: protected */
                /* renamed from: m, reason: merged with bridge method [inline-methods] */
                public Integer convert(@Nonnull String str) throws IllegalArgumentException {
                    Integer num = (Integer) super.convert(str);
                    if (num.intValue() < 1000) {
                        num = 1000;
                    }
                    return num;
                }
            };
        } catch (Exception e) {
            throw ((RuntimeException) ErrorCode.throwAny(e));
        }
    }
}
