package org.jitsi.impl.neomedia.transform.dtls;

import java.io.IOException;
import java.util.Arrays;
import java.util.Hashtable;
import org.jitsi.bouncycastle.crypto.tls.Certificate;
import org.jitsi.bouncycastle.crypto.tls.CertificateRequest;
import org.jitsi.bouncycastle.crypto.tls.DefaultTlsClient;
import org.jitsi.bouncycastle.crypto.tls.DefaultTlsSignerCredentials;
import org.jitsi.bouncycastle.crypto.tls.ProtocolVersion;
import org.jitsi.bouncycastle.crypto.tls.TlsAuthentication;
import org.jitsi.bouncycastle.crypto.tls.TlsClientContext;
import org.jitsi.bouncycastle.crypto.tls.TlsContext;
import org.jitsi.bouncycastle.crypto.tls.TlsCredentials;
import org.jitsi.bouncycastle.crypto.tls.TlsFatalAlert;
import org.jitsi.bouncycastle.crypto.tls.TlsSRTPUtils;
import org.jitsi.bouncycastle.crypto.tls.TlsUtils;
import org.jitsi.bouncycastle.crypto.tls.UseSRTPData;
import org.jitsi.util.Logger;

/* loaded from: classes.dex */
public class TlsClientImpl extends DefaultTlsClient {
    private static final Logger logger = Logger.getLogger((Class<?>) TlsClientImpl.class);
    private int chosenProtectionProfile;
    private final DtlsPacketTransformer packetTransformer;
    private final TlsAuthentication authentication = new TlsAuthenticationImpl();
    private final byte[] mki = TlsUtils.EMPTY_BYTES;

    /* loaded from: classes.dex */
    private class TlsAuthenticationImpl implements TlsAuthentication {
        private TlsCredentials clientCredentials;

        private TlsAuthenticationImpl() {
        }

        @Override // org.jitsi.bouncycastle.crypto.tls.TlsAuthentication
        public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
            if (this.clientCredentials == null) {
                DtlsControlImpl dtlsControl = TlsClientImpl.this.getDtlsControl();
                this.clientCredentials = new DefaultTlsSignerCredentials(TlsClientImpl.this.context, dtlsControl.getCertificate(), dtlsControl.getKeyPair().getPrivate());
            }
            return this.clientCredentials;
        }

        @Override // org.jitsi.bouncycastle.crypto.tls.TlsAuthentication
        public void notifyServerCertificate(Certificate certificate) throws IOException {
            try {
                TlsClientImpl.this.getDtlsControl().verifyAndValidateCertificate(certificate);
            } catch (Exception e) {
                TlsClientImpl.logger.error("Failed to verify and/or validate server certificate!", e);
                if (!(e instanceof IOException)) {
                    throw new IOException(e);
                }
                throw ((IOException) e);
            }
        }
    }

    public TlsClientImpl(DtlsPacketTransformer dtlsPacketTransformer) {
        this.packetTransformer = dtlsPacketTransformer;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public DtlsControlImpl getDtlsControl() {
        return this.packetTransformer.getDtlsControl();
    }

    @Override // org.jitsi.bouncycastle.crypto.tls.TlsClient
    public synchronized TlsAuthentication getAuthentication() throws IOException {
        return this.authentication;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getChosenProtectionProfile() {
        return this.chosenProtectionProfile;
    }

    @Override // org.jitsi.bouncycastle.crypto.tls.DefaultTlsClient, org.jitsi.bouncycastle.crypto.tls.AbstractTlsClient, org.jitsi.bouncycastle.crypto.tls.TlsClient
    public Hashtable getClientExtensions() throws IOException {
        Hashtable clientExtensions = super.getClientExtensions();
        if (TlsSRTPUtils.getUseSRTPExtension(clientExtensions) == null) {
            if (clientExtensions == null) {
                clientExtensions = new Hashtable();
            }
            TlsSRTPUtils.addUseSRTPExtension(clientExtensions, new UseSRTPData(DtlsControlImpl.SRTP_PROTECTION_PROFILES, this.mki));
        }
        return clientExtensions;
    }

    @Override // org.jitsi.bouncycastle.crypto.tls.AbstractTlsClient, org.jitsi.bouncycastle.crypto.tls.TlsClient
    public ProtocolVersion getClientVersion() {
        return ProtocolVersion.DTLSv10;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsContext getContext() {
        return this.context;
    }

    @Override // org.jitsi.bouncycastle.crypto.tls.AbstractTlsClient
    public ProtocolVersion getMinimumVersion() {
        return ProtocolVersion.DTLSv10;
    }

    @Override // org.jitsi.bouncycastle.crypto.tls.AbstractTlsClient, org.jitsi.bouncycastle.crypto.tls.TlsClient
    public void init(TlsClientContext tlsClientContext) {
        super.init(tlsClientContext);
    }

    @Override // org.jitsi.bouncycastle.crypto.tls.DefaultTlsClient, org.jitsi.bouncycastle.crypto.tls.AbstractTlsClient, org.jitsi.bouncycastle.crypto.tls.TlsClient
    public void processServerExtensions(Hashtable hashtable) throws IOException {
        UseSRTPData useSRTPExtension = TlsSRTPUtils.getUseSRTPExtension(hashtable);
        if (useSRTPExtension == null) {
            IOException iOException = new IOException("DTLS extended server hello does not include the use_srtp extension!");
            logger.error("DTLS extended server hello does not include the use_srtp extension!", iOException);
            throw iOException;
        }
        int[] protectionProfiles = useSRTPExtension.getProtectionProfiles();
        int chooseSRTPProtectionProfile = protectionProfiles.length == 1 ? DtlsControlImpl.chooseSRTPProtectionProfile(protectionProfiles[0]) : 0;
        if (chooseSRTPProtectionProfile == 0) {
            TlsFatalAlert tlsFatalAlert = new TlsFatalAlert((short) 47);
            logger.error("No chosen SRTP protection profile!", tlsFatalAlert);
            throw tlsFatalAlert;
        }
        if (Arrays.equals(useSRTPExtension.getMki(), this.mki)) {
            super.processServerExtensions(hashtable);
            this.chosenProtectionProfile = chooseSRTPProtectionProfile;
        } else {
            TlsFatalAlert tlsFatalAlert2 = new TlsFatalAlert((short) 47);
            logger.error("Server's MKI does not match the one offered by this client!", tlsFatalAlert2);
            throw tlsFatalAlert2;
        }
    }
}
