package org.jitsi.nlj.dtls;

import gov.nist.core.Separators;
import io.sentry.SentryEnvelopeItemHeader;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.time.Duration;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.NoSuchElementException;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.ArrayIteratorKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import net.lingala.zip4j.crypto.PBKDF2.BinTools;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcDefaultDigestProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.tls.SecurityParameters;
import org.bouncycastle.tls.TlsContext;
import org.bouncycastle.tls.TlsUtils;
import org.bouncycastle.tls.crypto.TlsCertificate;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCertificate;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: DtlsUtils.kt */
@Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��\f\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0005\u0018�� \u00042\u00020\u0001:\u0002\u0004\u0005B\u0007¢\u0006\u0004\b\u0002\u0010\u0003¨\u0006\u0006"}, d2 = {"Lorg/jitsi/nlj/dtls/DtlsUtils;", "", "<init>", "()V", "Companion", "DtlsException", "jitsi-media-transform"})
/* loaded from: input_file:classes/jvb/jitsi-videobridge-2.3-SNAPSHOT-jar-with-dependencies.jar:org/jitsi/nlj/dtls/DtlsUtils.class */
public final class DtlsUtils {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final DtlsConfig config;

    @NotNull
    private static final char[] HEX_CHARS;

    /* compiled from: DtlsUtils.kt */
    @Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��x\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\b\n��\n\u0002\u0010\u001c\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010$\n\u0002\u0010 \n\u0002\b\u0004\n\u0002\u0010\u0019\n��\n\u0002\u0010\u0012\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u0006\u0010\b\u001a\u00020\tJ\"\u0010\n\u001a\u00020\u000b2\f\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u000b0\r2\f\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u000b0\rJ\u0018\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u0014H\u0002J\b\u0010\u0015\u001a\u00020\u0014H\u0002J\u0018\u0010\u0016\u001a\u00020\u00122\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u0018H\u0002J(\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001d2\u0018\u0010\u001e\u001a\u0014\u0012\u0004\u0012\u00020\u0018\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00180 0\u001fJ*\u0010\u001a\u001a\u00020\u001b2\u0006\u0010!\u001a\u00020\u00102\u0018\u0010\u001e\u001a\u0014\u0012\u0004\u0012\u00020\u0018\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00180 0\u001fH\u0002J\u0014\u0010\"\u001a\u00020\u0018*\u00020\u00102\u0006\u0010#\u001a\u00020\u0018H\u0002J\f\u0010&\u001a\u00020\u0018*\u00020'H\u0002J0\u0010(\u001a\u00020'2\u0006\u0010)\u001a\u00020*2\u0006\u0010+\u001a\u00020\u00182\b\u0010,\u001a\u0004\u0018\u00010'2\u0006\u0010-\u001a\u00020\u000b2\u0006\u0010.\u001a\u00020/R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\u0006\u0010\u0007R\u000e\u0010$\u001a\u00020%X\u0082\u0004¢\u0006\u0002\n��¨\u00060"}, d2 = {"Lorg/jitsi/nlj/dtls/DtlsUtils$Companion;", "", "<init>", "()V", "config", "Lorg/jitsi/nlj/dtls/DtlsConfig;", "getConfig", "()Lorg/jitsi/nlj/dtls/DtlsConfig;", "generateCertificateInfo", "Lorg/jitsi/nlj/dtls/CertificateInfo;", "chooseSrtpProtectionProfile", "", "ours", "", "theirs", "generateCertificate", "Lorg/bouncycastle/asn1/x509/Certificate;", "subject", "Lorg/bouncycastle/asn1/x500/X500Name;", "keyPair", "Ljava/security/KeyPair;", "generateEcKeyPair", "generateCN", "appName", "", "appVersion", "verifyAndValidateCertificate", "", "certificateInfo", "Lorg/bouncycastle/tls/Certificate;", "remoteFingerprints", "", "", "certificate", "getFingerprint", "hashFunction", "HEX_CHARS", "", "toFingerprint", "", "exportKeyingMaterial", "context", "Lorg/bouncycastle/tls/TlsContext;", "asciiLabel", "context_value", SentryEnvelopeItemHeader.JsonKeys.LENGTH, "masterSecret", "Lorg/bouncycastle/tls/crypto/TlsSecret;", "jitsi-media-transform"})
    @SourceDebugExtension({"SMAP\nDtlsUtils.kt\nKotlin\n*S Kotlin\n*F\n+ 1 DtlsUtils.kt\norg/jitsi/nlj/dtls/DtlsUtils$Companion\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n*L\n1#1,326:1\n230#2,2:327\n1863#2:329\n2632#2,3:330\n1864#2:333\n*S KotlinDebug\n*F\n+ 1 DtlsUtils.kt\norg/jitsi/nlj/dtls/DtlsUtils$Companion\n*L\n89#1:327,2\n191#1:329\n196#1:330,3\n191#1:333\n*E\n"})
    /* loaded from: input_file:classes/jvb/jitsi-videobridge-2.3-SNAPSHOT-jar-with-dependencies.jar:org/jitsi/nlj/dtls/DtlsUtils$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        @NotNull
        public final DtlsConfig getConfig() {
            return DtlsUtils.config;
        }

        @NotNull
        public final CertificateInfo generateCertificateInfo() {
            X500Name generateCN = generateCN("TODO-APP-NAME", "TODO-APP-VERSION");
            KeyPair generateEcKeyPair = generateEcKeyPair();
            Certificate generateCertificate = generateCertificate(generateCN, generateEcKeyPair);
            String localFingerprintHashFunction = getConfig().getLocalFingerprintHashFunction();
            return new CertificateInfo(generateEcKeyPair, new org.bouncycastle.tls.Certificate(new BcTlsCertificate[]{new BcTlsCertificate(DtlsUtilsKt.getBC_TLS_CRYPTO(), generateCertificate)}), localFingerprintHashFunction, getFingerprint(generateCertificate, localFingerprintHashFunction), System.currentTimeMillis());
        }

        public final int chooseSrtpProtectionProfile(@NotNull Iterable<Integer> ours, @NotNull Iterable<Integer> theirs) {
            Intrinsics.checkNotNullParameter(ours, "ours");
            Intrinsics.checkNotNullParameter(theirs, "theirs");
            try {
                for (Integer num : ours) {
                    if (CollectionsKt.contains(theirs, Integer.valueOf(num.intValue()))) {
                        return num.intValue();
                    }
                }
                throw new NoSuchElementException("Collection contains no element matching the predicate.");
            } catch (NoSuchElementException e) {
                throw new DtlsException("No common SRTP protection profile found.  Ours: " + CollectionsKt.joinToString$default(ours, null, null, null, 0, null, null, 63, null) + " Theirs: " + CollectionsKt.joinToString$default(theirs, null, null, null, 0, null, null, 63, null));
            }
        }

        private final Certificate generateCertificate(X500Name x500Name, KeyPair keyPair) {
            long currentTimeMillis = System.currentTimeMillis();
            Certificate aSN1Structure = new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(currentTimeMillis), new Date(currentTimeMillis - Duration.ofDays(1L).toMillis()), new Date(currentTimeMillis + Duration.ofDays(7L).toMillis()), x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate())).toASN1Structure();
            Intrinsics.checkNotNullExpressionValue(aSN1Structure, "toASN1Structure(...)");
            return aSN1Structure;
        }

        private final KeyPair generateEcKeyPair() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
            keyPairGenerator.initialize(ECNamedCurveTable.getParameterSpec("secp256r1"));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "generateKeyPair(...)");
            return generateKeyPair;
        }

        private final X500Name generateCN(String str, String str2) {
            X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            x500NameBuilder.addRDN(BCStyle.CN, str + " " + str2);
            X500Name build = x500NameBuilder.build();
            Intrinsics.checkNotNullExpressionValue(build, "build(...)");
            return build;
        }

        public final void verifyAndValidateCertificate(@NotNull org.bouncycastle.tls.Certificate certificateInfo, @NotNull Map<String, ? extends List<String>> remoteFingerprints) {
            Intrinsics.checkNotNullParameter(certificateInfo, "certificateInfo");
            Intrinsics.checkNotNullParameter(remoteFingerprints, "remoteFingerprints");
            TlsCertificate[] certificateList = certificateInfo.getCertificateList();
            Intrinsics.checkNotNullExpressionValue(certificateList, "getCertificateList(...)");
            if (certificateList.length == 0) {
                throw new DtlsException("No remote fingerprints.");
            }
            Iterator it = ArrayIteratorKt.iterator(certificateInfo.getCertificateList());
            while (it.hasNext()) {
                Certificate certificate = Certificate.getInstance(((TlsCertificate) it.next()).getEncoded());
                Intrinsics.checkNotNull(certificate);
                verifyAndValidateCertificate(certificate, remoteFingerprints);
            }
        }

        private final void verifyAndValidateCertificate(Certificate certificate, Map<String, ? extends List<String>> map) {
            boolean z;
            for (String str : getConfig().getAcceptedFingerprintHashFunctions()) {
                List<String> list = map.get(str);
                if (list != null) {
                    String fingerprint = DtlsUtils.Companion.getFingerprint(certificate, str);
                    List<String> list2 = list;
                    if (!(list2 instanceof Collection) || !list2.isEmpty()) {
                        Iterator<T> it = list2.iterator();
                        while (true) {
                            if (it.hasNext()) {
                                if (Intrinsics.areEqual((String) it.next(), fingerprint)) {
                                    z = false;
                                    break;
                                }
                            } else {
                                z = true;
                                break;
                            }
                        }
                    } else {
                        z = true;
                    }
                    if (z) {
                        throw new DtlsException("None of the fingerprints " + CollectionsKt.joinToString$default(list, null, null, null, 0, null, null, 63, null) + " match the " + str + "-hashed certificate " + fingerprint);
                    }
                    return;
                }
            }
            throw new DtlsException("No fingerprint declared over the signaling path with any of the accepted hash functions: " + CollectionsKt.joinToString$default(getConfig().getAcceptedFingerprintHashFunctions(), null, null, null, 0, null, null, 63, null));
        }

        private final String getFingerprint(Certificate certificate, String str) {
            DefaultDigestAlgorithmIdentifierFinder defaultDigestAlgorithmIdentifierFinder = new DefaultDigestAlgorithmIdentifierFinder();
            String upperCase = str.toUpperCase(Locale.ROOT);
            Intrinsics.checkNotNullExpressionValue(upperCase, "toUpperCase(...)");
            ExtendedDigest extendedDigest = BcDefaultDigestProvider.INSTANCE.get(defaultDigestAlgorithmIdentifierFinder.find(upperCase));
            byte[] encoded = certificate.getEncoded(ASN1Encoding.DER);
            Intrinsics.checkNotNullExpressionValue(encoded, "getEncoded(...)");
            byte[] bArr = new byte[extendedDigest.getDigestSize()];
            extendedDigest.update(encoded, 0, encoded.length);
            extendedDigest.doFinal(bArr, 0);
            return toFingerprint(bArr);
        }

        private final String toFingerprint(byte[] bArr) {
            StringBuffer stringBuffer = new StringBuffer();
            int length = bArr.length;
            for (int i = 0; i < length; i++) {
                byte b = bArr[i];
                stringBuffer.append(DtlsUtils.HEX_CHARS[(b & 240) >>> 4]);
                stringBuffer.append(DtlsUtils.HEX_CHARS[b & 15]);
                if (i < bArr.length - 1) {
                    stringBuffer.append(Separators.COLON);
                }
            }
            String stringBuffer2 = stringBuffer.toString();
            Intrinsics.checkNotNullExpressionValue(stringBuffer2, "toString(...)");
            return stringBuffer2;
        }

        @NotNull
        public final byte[] exportKeyingMaterial(@NotNull TlsContext context, @NotNull String asciiLabel, @Nullable byte[] bArr, int i, @NotNull TlsSecret masterSecret) {
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(asciiLabel, "asciiLabel");
            Intrinsics.checkNotNullParameter(masterSecret, "masterSecret");
            if (bArr != null && !TlsUtils.isValidUint16(bArr.length)) {
                throw new IllegalArgumentException("'context_value' must have a length less than 2^16 (or be null)");
            }
            SecurityParameters securityParameters = context.getSecurityParameters();
            byte[] clientRandom = securityParameters.getClientRandom();
            byte[] serverRandom = securityParameters.getServerRandom();
            int length = clientRandom.length + serverRandom.length;
            if (bArr != null) {
                length += 2 + bArr.length;
            }
            byte[] bArr2 = new byte[length];
            System.arraycopy(clientRandom, 0, bArr2, 0, clientRandom.length);
            int length2 = 0 + clientRandom.length;
            System.arraycopy(serverRandom, 0, bArr2, length2, serverRandom.length);
            int length3 = length2 + serverRandom.length;
            if (bArr != null) {
                TlsUtils.writeUint16(bArr.length, bArr2, length3);
                int i2 = length3 + 2;
                System.arraycopy(bArr, 0, bArr2, i2, bArr.length);
                length3 = i2 + bArr.length;
            }
            if (length3 != length) {
                throw new IllegalStateException("error in calculation of seed for export");
            }
            byte[] extract = TlsUtils.PRF(securityParameters, masterSecret, asciiLabel, bArr2, i).extract();
            Intrinsics.checkNotNullExpressionValue(extract, "extract(...)");
            return extract;
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: DtlsUtils.kt */
    @Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��\u0016\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\u0018��2\u00060\u0002j\u0002`\u0001B\u000f\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0004\b\u0005\u0010\u0006¨\u0006\u0007"}, d2 = {"Lorg/jitsi/nlj/dtls/DtlsUtils$DtlsException;", "Lkotlin/Exception;", "Ljava/lang/Exception;", "msg", "", "<init>", "(Ljava/lang/String;)V", "jitsi-media-transform"})
    /* loaded from: input_file:classes/jvb/jitsi-videobridge-2.3-SNAPSHOT-jar-with-dependencies.jar:org/jitsi/nlj/dtls/DtlsUtils$DtlsException.class */
    public static final class DtlsException extends Exception {
        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public DtlsException(@NotNull String msg) {
            super(msg);
            Intrinsics.checkNotNullParameter(msg, "msg");
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        config = new DtlsConfig();
        char[] charArray = BinTools.hex.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
        HEX_CHARS = charArray;
    }
}
