package org.mobicents.media.server.impl.rtp.crypto;

import java.io.IOException;
import java.util.Hashtable;
import java.util.Vector;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsServer;
import org.bouncycastle.crypto.tls.ProtocolVersion;
import org.bouncycastle.crypto.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.crypto.tls.TlsECCUtils;
import org.bouncycastle.crypto.tls.TlsEncryptionCredentials;
import org.bouncycastle.crypto.tls.TlsFatalAlert;
import org.bouncycastle.crypto.tls.TlsSRTPUtils;
import org.bouncycastle.crypto.tls.TlsSignerCredentials;
import org.bouncycastle.crypto.tls.UseSRTPData;
import org.bouncycastle.util.Arrays;
import org.mobicents.media.server.impl.rtcp.RtcpSdesItem;

/* loaded from: input_file:org/mobicents/media/server/impl/rtp/crypto/DtlsSrtpServer.class */
public class DtlsSrtpServer extends DefaultTlsServer {
    private static final Logger LOGGER = Logger.getLogger(DtlsSrtpServer.class);
    private final String[] certificateResources;
    private final String keyResource;
    private final AlgorithmCertificate algorithmCertificate;
    private String hashFunction = "";
    private UseSRTPData serverSrtpData;
    private byte[] srtpMasterClientKey;
    private byte[] srtpMasterServerKey;
    private byte[] srtpMasterClientSalt;
    private byte[] srtpMasterServerSalt;
    private SRTPPolicy srtpPolicy;
    private SRTPPolicy srtcpPolicy;
    private final ProtocolVersion minVersion;
    private final ProtocolVersion maxVersion;
    private final CipherSuite[] cipherSuites;

    public DtlsSrtpServer(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, CipherSuite[] cipherSuiteArr, String[] strArr, String str, AlgorithmCertificate algorithmCertificate) {
        this.minVersion = protocolVersion;
        this.maxVersion = protocolVersion2;
        this.cipherSuites = cipherSuiteArr;
        this.certificateResources = strArr;
        this.keyResource = str;
        this.algorithmCertificate = algorithmCertificate;
    }

    public void notifyAlertRaised(short s, short s2, String str, Exception exc) {
        LOGGER.log(s == 2 ? Level.ERROR : Level.WARN, String.format("DTLS server raised alert (AlertLevel.%d, AlertDescription.%d, message='%s')", Short.valueOf(s), Short.valueOf(s2), str), exc);
    }

    public void notifyAlertReceived(short s, short s2) {
        LOGGER.log(s == 2 ? Level.ERROR : Level.WARN, String.format("DTLS server received alert (AlertLevel.%d, AlertDescription.%d)", Short.valueOf(s), Short.valueOf(s2)));
    }

    public int getSelectedCipherSuite() throws IOException {
        boolean supportsClientECCCapabilities = supportsClientECCCapabilities(this.namedCurves, this.clientECPointFormats);
        for (int i : getCipherSuites()) {
            if (Arrays.contains(this.offeredCipherSuites, i) && ((supportsClientECCCapabilities || !TlsECCUtils.isECCCipherSuite(i)) && org.bouncycastle.crypto.tls.TlsUtils.isValidCipherSuiteForVersion(i, this.serverVersion))) {
                this.selectedCipherSuite = i;
                return i;
            }
        }
        throw new TlsFatalAlert((short) 40);
    }

    public CertificateRequest getCertificateRequest() {
        Vector vector = null;
        if (org.bouncycastle.crypto.tls.TlsUtils.isSignatureAlgorithmsExtensionAllowed(this.serverVersion)) {
            short[] sArr = {this.algorithmCertificate.getSignatureAlgorithm(), 3};
            vector = new Vector();
            for (short s : new short[]{6, 5, 4, 3, 2}) {
                for (short s2 : sArr) {
                    vector.addElement(new SignatureAndHashAlgorithm(s, s2));
                }
            }
        }
        return new CertificateRequest(new short[]{this.algorithmCertificate.getClientCertificate()}, vector, (Vector) null);
    }

    public void notifyClientCertificate(Certificate certificate) throws IOException {
        org.bouncycastle.asn1.x509.Certificate[] certificateList = certificate.getCertificateList();
        LOGGER.info(String.format("Received client certificate chain of length %d", Integer.valueOf(certificateList.length)));
        for (int i = 0; i != certificateList.length; i++) {
            org.bouncycastle.asn1.x509.Certificate certificate2 = certificateList[i];
            LOGGER.info(String.format("WebRTC Client certificate fingerprint:%s (%s)", TlsUtils.fingerprint(this.hashFunction, certificate2), certificate2.getSubject()));
        }
    }

    protected ProtocolVersion getMaximumVersion() {
        return this.maxVersion;
    }

    protected ProtocolVersion getMinimumVersion() {
        return this.minVersion;
    }

    protected TlsSignerCredentials getECDSASignerCredentials() throws IOException {
        return TlsUtils.loadSignerCredentials(this.context, this.certificateResources, this.keyResource, new SignatureAndHashAlgorithm((short) 4, (short) 3));
    }

    protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException {
        return TlsUtils.loadEncryptionCredentials(this.context, this.certificateResources, this.keyResource);
    }

    protected TlsSignerCredentials getRSASignerCredentials() throws IOException {
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
        Vector vector = this.supportedSignatureAlgorithms;
        if (vector != null) {
            int i = 0;
            while (true) {
                if (i >= vector.size()) {
                    break;
                }
                SignatureAndHashAlgorithm signatureAndHashAlgorithm2 = (SignatureAndHashAlgorithm) vector.elementAt(i);
                if (signatureAndHashAlgorithm2.getSignature() == 1) {
                    signatureAndHashAlgorithm = signatureAndHashAlgorithm2;
                    break;
                }
                i++;
            }
            if (signatureAndHashAlgorithm == null) {
                return null;
            }
        }
        return TlsUtils.loadSignerCredentials(this.context, this.certificateResources, this.keyResource, signatureAndHashAlgorithm);
    }

    public Hashtable<Integer, byte[]> getServerExtensions() throws IOException {
        Hashtable<Integer, byte[]> serverExtensions = super.getServerExtensions();
        if (TlsSRTPUtils.getUseSRTPExtension(serverExtensions) == null) {
            if (serverExtensions == null) {
                serverExtensions = new Hashtable<>();
            }
            TlsSRTPUtils.addUseSRTPExtension(serverExtensions, this.serverSrtpData);
        }
        return serverExtensions;
    }

    public void processClientExtensions(Hashtable hashtable) throws IOException {
        super.processClientExtensions(hashtable);
        int i = 1;
        UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable);
        for (int i2 : useSRTPExtension.getProtectionProfiles()) {
            switch (i2) {
                case 1:
                case 2:
                case RtcpSdesItem.RTCP_SDES_LOC /* 5 */:
                case RtcpSdesItem.RTCP_SDES_TOOL /* 6 */:
                    i = i2;
                    break;
            }
        }
        this.serverSrtpData = new UseSRTPData(new int[]{i}, useSRTPExtension.getMki());
    }

    public byte[] getKeyingMaterial(int i) {
        return this.context.exportKeyingMaterial("EXTRACTOR-dtls_srtp", (byte[]) null, i);
    }

    public void prepareSrtpSharedSecret() {
        SRTPParameters srtpParametersForProfile = SRTPParameters.getSrtpParametersForProfile(this.serverSrtpData.getProtectionProfiles()[0]);
        int cipherKeyLength = srtpParametersForProfile.getCipherKeyLength();
        int cipherSaltLength = srtpParametersForProfile.getCipherSaltLength();
        this.srtpPolicy = srtpParametersForProfile.getSrtpPolicy();
        this.srtcpPolicy = srtpParametersForProfile.getSrtcpPolicy();
        this.srtpMasterClientKey = new byte[cipherKeyLength];
        this.srtpMasterServerKey = new byte[cipherKeyLength];
        this.srtpMasterClientSalt = new byte[cipherSaltLength];
        this.srtpMasterServerSalt = new byte[cipherSaltLength];
        byte[] keyingMaterial = getKeyingMaterial(2 * (cipherKeyLength + cipherSaltLength));
        System.arraycopy(keyingMaterial, 0, this.srtpMasterClientKey, 0, cipherKeyLength);
        System.arraycopy(keyingMaterial, cipherKeyLength, this.srtpMasterServerKey, 0, cipherKeyLength);
        System.arraycopy(keyingMaterial, 2 * cipherKeyLength, this.srtpMasterClientSalt, 0, cipherSaltLength);
        System.arraycopy(keyingMaterial, (2 * cipherKeyLength) + cipherSaltLength, this.srtpMasterServerSalt, 0, cipherSaltLength);
    }

    public SRTPPolicy getSrtpPolicy() {
        return this.srtpPolicy;
    }

    public SRTPPolicy getSrtcpPolicy() {
        return this.srtcpPolicy;
    }

    public byte[] getSrtpMasterServerKey() {
        return this.srtpMasterServerKey;
    }

    public byte[] getSrtpMasterServerSalt() {
        return this.srtpMasterServerSalt;
    }

    public byte[] getSrtpMasterClientKey() {
        return this.srtpMasterClientKey;
    }

    public byte[] getSrtpMasterClientSalt() {
        return this.srtpMasterClientSalt;
    }

    public String generateFingerprint(String str) {
        try {
            this.hashFunction = str;
            return TlsUtils.fingerprint(this.hashFunction, TlsUtils.loadCertificateChain(this.certificateResources).getCertificateAt(0));
        } catch (IOException e) {
            LOGGER.error("Could not get local fingerprint: " + e.getMessage());
            return "";
        }
    }

    public int[] getCipherSuites() {
        int[] iArr = new int[this.cipherSuites.length];
        for (int i = 0; i < this.cipherSuites.length; i++) {
            iArr[i] = this.cipherSuites[i].getValue();
        }
        return iArr;
    }
}
