package org.jitsi.impl.neomedia.transform.dtls;

import java.io.IOException;
import java.util.Arrays;
import java.util.Hashtable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.operator.DefaultAlgorithmNameFinder;
import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsFatalAlert;
import org.bouncycastle.tls.TlsSRTPUtils;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.UseSRTPData;
import org.bouncycastle.tls.crypto.TlsCryptoParameters;
import org.bouncycastle.tls.crypto.impl.bc.BcDefaultTlsCredentialedSigner;
import org.jitsi.impl.neomedia.codec.video.VPX;
import org.jitsi.impl.neomedia.device.AudioSystem;
import org.jitsi.impl.neomedia.transform.SinglePacketTransformer;
import org.jitsi.service.neomedia.rtp.RTCPExtendedReport;
import org.jitsi.utils.logging.Logger;

/* loaded from: input_file:org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl.class */
public class TlsClientImpl extends DefaultTlsClient {
    private static final Logger logger = Logger.getLogger(TlsClientImpl.class);
    private final TlsAuthentication authentication;
    private int chosenProtectionProfile;
    private final byte[] mki;
    private final DtlsPacketTransformer packetTransformer;

    /* loaded from: input_file:org/jitsi/impl/neomedia/transform/dtls/TlsClientImpl$TlsAuthenticationImpl.class */
    private class TlsAuthenticationImpl implements TlsAuthentication {
        private TlsCredentials clientCredentials;

        private TlsAuthenticationImpl() {
        }

        public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) {
            SignatureAndHashAlgorithm signatureAndHashAlgorithm;
            if (this.clientCredentials == null) {
                CertificateInfo certificateInfo = TlsClientImpl.this.packetTransformer.getDtlsControl().getCertificateInfo();
                String algorithmName = new DefaultAlgorithmNameFinder().getAlgorithmName(new ASN1ObjectIdentifier(certificateInfo.getCertificate().getCertificateAt(0).getSigAlgOID()));
                boolean z = -1;
                switch (algorithmName.hashCode()) {
                    case -1920500558:
                        if (algorithmName.equals("SHA224WITHRSA")) {
                            z = true;
                            break;
                        }
                        break;
                    case -840266709:
                        if (algorithmName.equals("SHA384WITHECDSA")) {
                            z = 8;
                            break;
                        }
                        break;
                    case -495316636:
                        if (algorithmName.equals("SHA512WITHECDSA")) {
                            z = 9;
                            break;
                        }
                        break;
                    case -346202199:
                        if (algorithmName.equals("SHA1WITHECDSA")) {
                            z = 5;
                            break;
                        }
                        break;
                    case -266489657:
                        if (algorithmName.equals("SHA256WITHECDSA")) {
                            z = 7;
                            break;
                        }
                        break;
                    case -76838953:
                        if (algorithmName.equals("SHA384WITHRSA")) {
                            z = 3;
                            break;
                        }
                        break;
                    case -36101419:
                        if (algorithmName.equals("SHA1WITHRSA")) {
                            z = false;
                            break;
                        }
                        break;
                    case 106760016:
                        if (algorithmName.equals("SHA512WITHRSA")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 437724019:
                        if (algorithmName.equals("SHA256WITHRSA")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 1222424134:
                        if (algorithmName.equals("SHA224WITHECDSA")) {
                            z = 6;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 2, (short) 1);
                        break;
                    case true:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 3, (short) 1);
                        break;
                    case true:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 4, (short) 1);
                        break;
                    case true:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 5, (short) 1);
                        break;
                    case true:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 6, (short) 1);
                        break;
                    case true:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 2, (short) 3);
                        break;
                    case true:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 3, (short) 3);
                        break;
                    case RTCPExtendedReport.VoIPMetricsReportBlock.VOIP_METRICS_REPORT_BLOCK_TYPE /* 7 */:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 4, (short) 3);
                        break;
                    case AudioSystem.FEATURE_NOTIFY_AND_PLAYBACK_DEVICES /* 8 */:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 5, (short) 3);
                        break;
                    case VPX.CODEC_LIST_END /* 9 */:
                        signatureAndHashAlgorithm = SignatureAndHashAlgorithm.getInstance((short) 6, (short) 3);
                        break;
                    default:
                        TlsClientImpl.logger.warn("Unknown algOid in certificate: " + algorithmName);
                        return null;
                }
                this.clientCredentials = new BcDefaultTlsCredentialedSigner(new TlsCryptoParameters(TlsClientImpl.this.context), TlsClientImpl.this.context.getCrypto(), certificateInfo.getKeyPair().getPrivate(), certificateInfo.getCertificate(), signatureAndHashAlgorithm);
            }
            return this.clientCredentials;
        }

        public void notifyServerCertificate(TlsServerCertificate tlsServerCertificate) throws IOException {
            try {
                TlsClientImpl.this.packetTransformer.getDtlsControl().verifyAndValidateCertificate(tlsServerCertificate.getCertificate());
            } catch (Exception e) {
                TlsClientImpl.logger.error("Failed to verify and/or validate server certificate!", e);
                if (!(e instanceof IOException)) {
                    throw new IOException(e);
                }
                throw ((IOException) e);
            }
        }
    }

    public TlsClientImpl(DtlsPacketTransformer dtlsPacketTransformer) {
        super(DtlsUtils.BC_TLS_CRYPTO);
        this.authentication = new TlsAuthenticationImpl();
        this.mki = TlsUtils.EMPTY_BYTES;
        this.packetTransformer = dtlsPacketTransformer;
    }

    public synchronized TlsAuthentication getAuthentication() {
        return this.authentication;
    }

    protected ProtocolVersion[] getSupportedVersions() {
        return ProtocolVersion.DTLSv12.only();
    }

    public Hashtable getClientExtensions() throws IOException {
        Hashtable clientExtensions = super.getClientExtensions();
        if (!isSrtpDisabled() && TlsSRTPUtils.getUseSRTPExtension(clientExtensions) == null) {
            if (clientExtensions == null) {
                clientExtensions = new Hashtable();
            }
            TlsSRTPUtils.addUseSRTPExtension(clientExtensions, new UseSRTPData(DtlsControlImpl.SRTP_PROTECTION_PROFILES, this.mki));
        }
        return clientExtensions;
    }

    private boolean isSrtpDisabled() {
        return this.packetTransformer.getProperties().isSrtpDisabled();
    }

    public void notifyAlertRaised(short s, short s2, String str, Throwable th) {
        this.packetTransformer.notifyAlertRaised(this, s, s2, str, th);
    }

    public void notifyHandshakeComplete() {
        if (this.packetTransformer.getProperties().isSrtpDisabled()) {
            return;
        }
        SinglePacketTransformer initializeSRTPTransformer = this.packetTransformer.initializeSRTPTransformer(this.chosenProtectionProfile, this.context);
        synchronized (this.packetTransformer) {
            this.packetTransformer.setSrtpTransformer(initializeSRTPTransformer);
        }
    }

    public void processServerExtensions(Hashtable hashtable) throws IOException {
        if (isSrtpDisabled()) {
            super.processServerExtensions(hashtable);
            return;
        }
        UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable);
        if (useSRTPExtension == null) {
            IOException iOException = new IOException("DTLS extended server hello does not include the use_srtp extension!");
            logger.error("DTLS extended server hello does not include the use_srtp extension!", iOException);
            throw iOException;
        }
        int[] protectionProfiles = useSRTPExtension.getProtectionProfiles();
        int chooseSRTPProtectionProfile = protectionProfiles.length == 1 ? DtlsControlImpl.chooseSRTPProtectionProfile(protectionProfiles[0]) : 0;
        if (chooseSRTPProtectionProfile == 0) {
            TlsFatalAlert tlsFatalAlert = new TlsFatalAlert((short) 47);
            logger.error("No chosen SRTP protection profile!", tlsFatalAlert);
            throw tlsFatalAlert;
        }
        if (Arrays.equals(useSRTPExtension.getMki(), this.mki)) {
            super.processServerExtensions(hashtable);
            this.chosenProtectionProfile = chooseSRTPProtectionProfile;
        } else {
            TlsFatalAlert tlsFatalAlert2 = new TlsFatalAlert((short) 47);
            logger.error("Server's MKI does not match the one offered by this client!", tlsFatalAlert2);
            throw tlsFatalAlert2;
        }
    }
}
